diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-09-13 02:08:33 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-09-13 12:12:33 +1000 |
commit | 482d23bcacdd3664f21cc82a5135f66fc598275f (patch) | |
tree | 362f697a94da0a765d1dabcfbf33370b2a4df121 /ssh-rsa.c | |
parent | d70d061828730a56636ab6f1f24fe4a8ccefcfc1 (diff) |
upstream: hold our collective noses and use the openssl-1.1.x API in
OpenSSH; feedback and ok tb@ jsing@ markus@
OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
Diffstat (limited to 'ssh-rsa.c')
-rw-r--r-- | ssh-rsa.c | 47 |
1 files changed, 34 insertions, 13 deletions
@@ -104,38 +104,55 @@ rsa_hash_alg_nid(int type) | |||
104 | } | 104 | } |
105 | 105 | ||
106 | int | 106 | int |
107 | ssh_rsa_generate_additional_parameters(struct sshkey *key) | 107 | ssh_rsa_complete_crt_parameters(struct sshkey *key, const BIGNUM *iqmp) |
108 | { | 108 | { |
109 | BIGNUM *aux = NULL; | 109 | const BIGNUM *rsa_p, *rsa_q, *rsa_d; |
110 | BIGNUM *aux = NULL, *d_consttime = NULL; | ||
111 | BIGNUM *rsa_dmq1 = NULL, *rsa_dmp1 = NULL, *rsa_iqmp = NULL; | ||
110 | BN_CTX *ctx = NULL; | 112 | BN_CTX *ctx = NULL; |
111 | BIGNUM d; | ||
112 | int r; | 113 | int r; |
113 | 114 | ||
114 | if (key == NULL || key->rsa == NULL || | 115 | if (key == NULL || key->rsa == NULL || |
115 | sshkey_type_plain(key->type) != KEY_RSA) | 116 | sshkey_type_plain(key->type) != KEY_RSA) |
116 | return SSH_ERR_INVALID_ARGUMENT; | 117 | return SSH_ERR_INVALID_ARGUMENT; |
117 | 118 | ||
119 | RSA_get0_key(key->rsa, NULL, NULL, &rsa_d); | ||
120 | RSA_get0_factors(key->rsa, &rsa_p, &rsa_q); | ||
121 | |||
118 | if ((ctx = BN_CTX_new()) == NULL) | 122 | if ((ctx = BN_CTX_new()) == NULL) |
119 | return SSH_ERR_ALLOC_FAIL; | 123 | return SSH_ERR_ALLOC_FAIL; |
120 | if ((aux = BN_new()) == NULL) { | 124 | if ((aux = BN_new()) == NULL || |
125 | (rsa_dmq1 = BN_new()) == NULL || | ||
126 | (rsa_dmp1 = BN_new()) == NULL) | ||
127 | return SSH_ERR_ALLOC_FAIL; | ||
128 | if ((d_consttime = BN_dup(rsa_d)) == NULL || | ||
129 | (rsa_iqmp = BN_dup(iqmp)) == NULL) { | ||
121 | r = SSH_ERR_ALLOC_FAIL; | 130 | r = SSH_ERR_ALLOC_FAIL; |
122 | goto out; | 131 | goto out; |
123 | } | 132 | } |
124 | BN_set_flags(aux, BN_FLG_CONSTTIME); | 133 | BN_set_flags(aux, BN_FLG_CONSTTIME); |
134 | BN_set_flags(d_consttime, BN_FLG_CONSTTIME); | ||
125 | 135 | ||
126 | BN_init(&d); | 136 | if ((BN_sub(aux, rsa_q, BN_value_one()) == 0) || |
127 | BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME); | 137 | (BN_mod(rsa_dmq1, d_consttime, aux, ctx) == 0) || |
128 | 138 | (BN_sub(aux, rsa_p, BN_value_one()) == 0) || | |
129 | if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) || | 139 | (BN_mod(rsa_dmp1, d_consttime, aux, ctx) == 0)) { |
130 | (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) || | 140 | r = SSH_ERR_LIBCRYPTO_ERROR; |
131 | (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) || | 141 | goto out; |
132 | (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) { | 142 | } |
143 | if (!RSA_set0_crt_params(key->rsa, rsa_dmp1, rsa_dmq1, rsa_iqmp)) { | ||
133 | r = SSH_ERR_LIBCRYPTO_ERROR; | 144 | r = SSH_ERR_LIBCRYPTO_ERROR; |
134 | goto out; | 145 | goto out; |
135 | } | 146 | } |
147 | rsa_dmp1 = rsa_dmq1 = rsa_iqmp = NULL; /* transferred */ | ||
148 | /* success */ | ||
136 | r = 0; | 149 | r = 0; |
137 | out: | 150 | out: |
138 | BN_clear_free(aux); | 151 | BN_clear_free(aux); |
152 | BN_clear_free(d_consttime); | ||
153 | BN_clear_free(rsa_dmp1); | ||
154 | BN_clear_free(rsa_dmq1); | ||
155 | BN_clear_free(rsa_iqmp); | ||
139 | BN_CTX_free(ctx); | 156 | BN_CTX_free(ctx); |
140 | return r; | 157 | return r; |
141 | } | 158 | } |
@@ -145,6 +162,7 @@ int | |||
145 | ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | 162 | ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, |
146 | const u_char *data, size_t datalen, const char *alg_ident) | 163 | const u_char *data, size_t datalen, const char *alg_ident) |
147 | { | 164 | { |
165 | const BIGNUM *rsa_n; | ||
148 | u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL; | 166 | u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL; |
149 | size_t slen = 0; | 167 | size_t slen = 0; |
150 | u_int dlen, len; | 168 | u_int dlen, len; |
@@ -163,7 +181,8 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
163 | if (key == NULL || key->rsa == NULL || hash_alg == -1 || | 181 | if (key == NULL || key->rsa == NULL || hash_alg == -1 || |
164 | sshkey_type_plain(key->type) != KEY_RSA) | 182 | sshkey_type_plain(key->type) != KEY_RSA) |
165 | return SSH_ERR_INVALID_ARGUMENT; | 183 | return SSH_ERR_INVALID_ARGUMENT; |
166 | if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) | 184 | RSA_get0_key(key->rsa, &rsa_n, NULL, NULL); |
185 | if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE) | ||
167 | return SSH_ERR_KEY_LENGTH; | 186 | return SSH_ERR_KEY_LENGTH; |
168 | slen = RSA_size(key->rsa); | 187 | slen = RSA_size(key->rsa); |
169 | if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) | 188 | if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) |
@@ -225,6 +244,7 @@ ssh_rsa_verify(const struct sshkey *key, | |||
225 | const u_char *sig, size_t siglen, const u_char *data, size_t datalen, | 244 | const u_char *sig, size_t siglen, const u_char *data, size_t datalen, |
226 | const char *alg) | 245 | const char *alg) |
227 | { | 246 | { |
247 | const BIGNUM *rsa_n; | ||
228 | char *sigtype = NULL; | 248 | char *sigtype = NULL; |
229 | int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR; | 249 | int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR; |
230 | size_t len = 0, diff, modlen, dlen; | 250 | size_t len = 0, diff, modlen, dlen; |
@@ -235,7 +255,8 @@ ssh_rsa_verify(const struct sshkey *key, | |||
235 | sshkey_type_plain(key->type) != KEY_RSA || | 255 | sshkey_type_plain(key->type) != KEY_RSA || |
236 | sig == NULL || siglen == 0) | 256 | sig == NULL || siglen == 0) |
237 | return SSH_ERR_INVALID_ARGUMENT; | 257 | return SSH_ERR_INVALID_ARGUMENT; |
238 | if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) | 258 | RSA_get0_key(key->rsa, &rsa_n, NULL, NULL); |
259 | if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE) | ||
239 | return SSH_ERR_KEY_LENGTH; | 260 | return SSH_ERR_KEY_LENGTH; |
240 | 261 | ||
241 | if ((b = sshbuf_from(sig, siglen)) == NULL) | 262 | if ((b = sshbuf_from(sig, siglen)) == NULL) |