upstream: hold our collective noses and use the openssl-1.1.x API in

OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
author: djm@openbsd.org <djm@openbsd.org> 2018-09-13 02:08:33 +0000
committer: Damien Miller <djm@mindrot.org> 2018-09-13 12:12:33 +1000
commit: 482d23bcacdd3664f21cc82a5135f66fc598275f (patch)
tree: 362f697a94da0a765d1dabcfbf33370b2a4df121 /ssh-rsa.c
parent: d70d061828730a56636ab6f1f24fe4a8ccefcfc1 (diff)
1 files changed, 34 insertions, 13 deletions
diff --git a/ssh-rsa.c b/ssh-rsa.c
index 1756315b9..2788f3340 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -104,38 +104,55 @@ rsa_hash_alg_nid(int type)
 }
 int
-ssh_rsa_generate_additional_parameters(struct sshkey *key)
+ssh_rsa_complete_crt_parameters(struct sshkey *key, const BIGNUM *iqmp)
 {
-        BIGNUM *aux = NULL;
+        const BIGNUM *rsa_p, *rsa_q, *rsa_d;
+        BIGNUM *aux = NULL, *d_consttime = NULL;
+        BIGNUM *rsa_dmq1 = NULL, *rsa_dmp1 = NULL, *rsa_iqmp = NULL;
        BN_CTX *ctx = NULL;
-        BIGNUM d;
        int r;
        if (key == NULL || key->rsa == NULL ||
            sshkey_type_plain(key->type) != KEY_RSA)
                return SSH_ERR_INVALID_ARGUMENT;
+        RSA_get0_key(key->rsa, NULL, NULL, &rsa_d);
+        RSA_get0_factors(key->rsa, &rsa_p, &rsa_q);
        if ((ctx = BN_CTX_new()) == NULL)
                return SSH_ERR_ALLOC_FAIL;
-        if ((aux = BN_new()) == NULL) {
+        if ((aux = BN_new()) == NULL ||
+            (rsa_dmq1 = BN_new()) == NULL ||
+            (rsa_dmp1 = BN_new()) == NULL)
+                return SSH_ERR_ALLOC_FAIL;
+        if ((d_consttime = BN_dup(rsa_d)) == NULL ||
+            (rsa_iqmp = BN_dup(iqmp)) == NULL) {
                r = SSH_ERR_ALLOC_FAIL;
                goto out;
        }
        BN_set_flags(aux, BN_FLG_CONSTTIME);
+        BN_set_flags(d_consttime, BN_FLG_CONSTTIME);
-        BN_init(&d);
+        if ((BN_sub(aux, rsa_q, BN_value_one()) == 0) ||
-        BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME);
+            (BN_mod(rsa_dmq1, d_consttime, aux, ctx) == 0) ||
+            (BN_sub(aux, rsa_p, BN_value_one()) == 0) ||
-        if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) ||
+            (BN_mod(rsa_dmp1, d_consttime, aux, ctx) == 0)) {
-            (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) ||
+                r = SSH_ERR_LIBCRYPTO_ERROR;
-            (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) ||
+                goto out;
-            (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) {
+        }
+        if (!RSA_set0_crt_params(key->rsa, rsa_dmp1, rsa_dmq1, rsa_iqmp)) {
                r = SSH_ERR_LIBCRYPTO_ERROR;
                goto out;
        }
+        rsa_dmp1 = rsa_dmq1 = rsa_iqmp = NULL; /* transferred */
+        /* success */
        r = 0;
 out:
        BN_clear_free(aux);
+        BN_clear_free(d_consttime);
+        BN_clear_free(rsa_dmp1);
+        BN_clear_free(rsa_dmq1);
+        BN_clear_free(rsa_iqmp);
        BN_CTX_free(ctx);
        return r;
 }
@@ -145,6 +162,7 @@ int
 ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
    const u_char *data, size_t datalen, const char *alg_ident)
 {
+        const BIGNUM *rsa_n;
        u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL;
        size_t slen = 0;
        u_int dlen, len;
@@ -163,7 +181,8 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
        if (key == NULL || key->rsa == NULL || hash_alg == -1 ||
            sshkey_type_plain(key->type) != KEY_RSA)
                return SSH_ERR_INVALID_ARGUMENT;
-        if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
+        RSA_get0_key(key->rsa, &rsa_n, NULL, NULL);
+        if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
                return SSH_ERR_KEY_LENGTH;
        slen = RSA_size(key->rsa);
        if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
@@ -225,6 +244,7 @@ ssh_rsa_verify(const struct sshkey *key,
    const u_char *sig, size_t siglen, const u_char *data, size_t datalen,
    const char *alg)
 {
+        const BIGNUM *rsa_n;
        char *sigtype = NULL;
        int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR;
        size_t len = 0, diff, modlen, dlen;
@@ -235,7 +255,8 @@ ssh_rsa_verify(const struct sshkey *key,
            sshkey_type_plain(key->type) != KEY_RSA ||
            sig == NULL || siglen == 0)
                return SSH_ERR_INVALID_ARGUMENT;
-        if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
+        RSA_get0_key(key->rsa, &rsa_n, NULL, NULL);
+        if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
                return SSH_ERR_KEY_LENGTH;
        if ((b = sshbuf_from(sig, siglen)) == NULL)
author	djm@openbsd.org <djm@openbsd.org>	2018-09-13 02:08:33 +0000
committer	Damien Miller <djm@mindrot.org>	2018-09-13 12:12:33 +1000
commit	482d23bcacdd3664f21cc82a5135f66fc598275f (patch)
tree	362f697a94da0a765d1dabcfbf33370b2a4df121 /ssh-rsa.c
parent	d70d061828730a56636ab6f1f24fe4a8ccefcfc1 (diff)

diff --git a/ssh-rsa.c b/ssh-rsa.c index 1756315b9..2788f3340 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c
@@ -104,38 +104,55 @@ rsa_hash_alg_nid(int type)
104	}	104	}
105		105
106	int	106	int
107	ssh_rsa_generate_additional_parameters(struct sshkey *key)	107	ssh_rsa_complete_crt_parameters(struct sshkey key, const BIGNUM iqmp)
108	{	108	{
109	BIGNUM *aux = NULL;	109	const BIGNUM rsa_p, rsa_q, *rsa_d;
		110	BIGNUM aux = NULL, d_consttime = NULL;
		111	BIGNUM rsa_dmq1 = NULL, rsa_dmp1 = NULL, *rsa_iqmp = NULL;
110	BN_CTX *ctx = NULL;	112	BN_CTX *ctx = NULL;
111	BIGNUM d;
112	int r;	113	int r;
113		114
114	if (key == NULL \|\| key->rsa == NULL \|\|	115	if (key == NULL \|\| key->rsa == NULL \|\|
115	sshkey_type_plain(key->type) != KEY_RSA)	116	sshkey_type_plain(key->type) != KEY_RSA)
116	return SSH_ERR_INVALID_ARGUMENT;	117	return SSH_ERR_INVALID_ARGUMENT;
117		118
		119	RSA_get0_key(key->rsa, NULL, NULL, &rsa_d);
		120	RSA_get0_factors(key->rsa, &rsa_p, &rsa_q);
		121
118	if ((ctx = BN_CTX_new()) == NULL)	122	if ((ctx = BN_CTX_new()) == NULL)
119	return SSH_ERR_ALLOC_FAIL;	123	return SSH_ERR_ALLOC_FAIL;
120	if ((aux = BN_new()) == NULL) {	124	if ((aux = BN_new()) == NULL \|\|
		125	(rsa_dmq1 = BN_new()) == NULL \|\|
		126	(rsa_dmp1 = BN_new()) == NULL)
		127	return SSH_ERR_ALLOC_FAIL;
		128	if ((d_consttime = BN_dup(rsa_d)) == NULL \|\|
		129	(rsa_iqmp = BN_dup(iqmp)) == NULL) {
121	r = SSH_ERR_ALLOC_FAIL;	130	r = SSH_ERR_ALLOC_FAIL;
122	goto out;	131	goto out;
123	}	132	}
124	BN_set_flags(aux, BN_FLG_CONSTTIME);	133	BN_set_flags(aux, BN_FLG_CONSTTIME);
		134	BN_set_flags(d_consttime, BN_FLG_CONSTTIME);
125		135
126	BN_init(&d);	136	if ((BN_sub(aux, rsa_q, BN_value_one()) == 0) \|\|
127	BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME);	137	(BN_mod(rsa_dmq1, d_consttime, aux, ctx) == 0) \|\|
128		138	(BN_sub(aux, rsa_p, BN_value_one()) == 0) \|\|
129	if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) \|\|	139	(BN_mod(rsa_dmp1, d_consttime, aux, ctx) == 0)) {
130	(BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) \|\|	140	r = SSH_ERR_LIBCRYPTO_ERROR;
131	(BN_sub(aux, key->rsa->p, BN_value_one()) == 0) \|\|	141	goto out;
132	(BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) {	142	}
		143	if (!RSA_set0_crt_params(key->rsa, rsa_dmp1, rsa_dmq1, rsa_iqmp)) {
133	r = SSH_ERR_LIBCRYPTO_ERROR;	144	r = SSH_ERR_LIBCRYPTO_ERROR;
134	goto out;	145	goto out;
135	}	146	}
		147	rsa_dmp1 = rsa_dmq1 = rsa_iqmp = NULL; /* transferred */
		148	/* success */
136	r = 0;	149	r = 0;
137	out:	150	out:
138	BN_clear_free(aux);	151	BN_clear_free(aux);
		152	BN_clear_free(d_consttime);
		153	BN_clear_free(rsa_dmp1);
		154	BN_clear_free(rsa_dmq1);
		155	BN_clear_free(rsa_iqmp);
139	BN_CTX_free(ctx);	156	BN_CTX_free(ctx);
140	return r;	157	return r;
141	}	158	}
@@ -145,6 +162,7 @@ int
145	ssh_rsa_sign(const struct sshkey key, u_char sigp, size_t lenp,	162	ssh_rsa_sign(const struct sshkey key, u_char sigp, size_t lenp,
146	const u_char data, size_t datalen, const char alg_ident)	163	const u_char data, size_t datalen, const char alg_ident)
147	{	164	{
		165	const BIGNUM *rsa_n;
148	u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL;	166	u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL;
149	size_t slen = 0;	167	size_t slen = 0;
150	u_int dlen, len;	168	u_int dlen, len;
@@ -163,7 +181,8 @@ ssh_rsa_sign(const struct sshkey key, u_char sigp, size_t lenp,
163	if (key == NULL \|\| key->rsa == NULL \|\| hash_alg == -1 \|\|	181	if (key == NULL \|\| key->rsa == NULL \|\| hash_alg == -1 \|\|
164	sshkey_type_plain(key->type) != KEY_RSA)	182	sshkey_type_plain(key->type) != KEY_RSA)
165	return SSH_ERR_INVALID_ARGUMENT;	183	return SSH_ERR_INVALID_ARGUMENT;
166	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)	184	RSA_get0_key(key->rsa, &rsa_n, NULL, NULL);
		185	if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
167	return SSH_ERR_KEY_LENGTH;	186	return SSH_ERR_KEY_LENGTH;
168	slen = RSA_size(key->rsa);	187	slen = RSA_size(key->rsa);
169	if (slen <= 0 \|\| slen > SSHBUF_MAX_BIGNUM)	188	if (slen <= 0 \|\| slen > SSHBUF_MAX_BIGNUM)
@@ -225,6 +244,7 @@ ssh_rsa_verify(const struct sshkey *key,
225	const u_char sig, size_t siglen, const u_char data, size_t datalen,	244	const u_char sig, size_t siglen, const u_char data, size_t datalen,
226	const char *alg)	245	const char *alg)
227	{	246	{
		247	const BIGNUM *rsa_n;
228	char *sigtype = NULL;	248	char *sigtype = NULL;
229	int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR;	249	int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR;
230	size_t len = 0, diff, modlen, dlen;	250	size_t len = 0, diff, modlen, dlen;
@@ -235,7 +255,8 @@ ssh_rsa_verify(const struct sshkey *key,
235	sshkey_type_plain(key->type) != KEY_RSA \|\|	255	sshkey_type_plain(key->type) != KEY_RSA \|\|
236	sig == NULL \|\| siglen == 0)	256	sig == NULL \|\| siglen == 0)
237	return SSH_ERR_INVALID_ARGUMENT;	257	return SSH_ERR_INVALID_ARGUMENT;
238	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)	258	RSA_get0_key(key->rsa, &rsa_n, NULL, NULL);
		259	if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
239	return SSH_ERR_KEY_LENGTH;	260	return SSH_ERR_KEY_LENGTH;
240		261
241	if ((b = sshbuf_from(sig, siglen)) == NULL)	262	if ((b = sshbuf_from(sig, siglen)) == NULL)