diff options
| author | Damien Miller <djm@mindrot.org> | 1999-11-08 16:15:55 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 1999-11-08 16:15:55 +1100 |
| commit | fd7c911f090749774cf1869420523c4811beeeb0 (patch) | |
| tree | cd57567ddb3371c0c805a8bd8ace0c66df02fa53 /sshconnect.c | |
| parent | 5ac5f1ca6b5270e1a755d75120f8217f5850c9b2 (diff) | |
Merged OpenBSD CVS changes that go away
Diffstat (limited to 'sshconnect.c')
| -rw-r--r-- | sshconnect.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/sshconnect.c b/sshconnect.c index 4222646d9..a6f3788f5 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
| @@ -16,7 +16,7 @@ login (authentication) dialog. | |||
| 16 | 16 | ||
| 17 | #include "config.h" | 17 | #include "config.h" |
| 18 | #include "includes.h" | 18 | #include "includes.h" |
| 19 | RCSID("$Id: sshconnect.c,v 1.3 1999/10/28 05:23:30 damien Exp $"); | 19 | RCSID("$Id: sshconnect.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); |
| 20 | 20 | ||
| 21 | #ifdef HAVE_OPENSSL | 21 | #ifdef HAVE_OPENSSL |
| 22 | #include <openssl/bn.h> | 22 | #include <openssl/bn.h> |
| @@ -457,7 +457,10 @@ respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv) | |||
| 457 | /* Compute the response. */ | 457 | /* Compute the response. */ |
| 458 | /* The response is MD5 of decrypted challenge plus session id. */ | 458 | /* The response is MD5 of decrypted challenge plus session id. */ |
| 459 | len = BN_num_bytes(challenge); | 459 | len = BN_num_bytes(challenge); |
| 460 | assert(len <= sizeof(buf) && len); | 460 | if (len <= 0 || len > sizeof(buf)) |
| 461 | packet_disconnect("respond_to_rsa_challenge: bad challenge length %d", | ||
| 462 | len); | ||
| 463 | |||
| 461 | memset(buf, 0, sizeof(buf)); | 464 | memset(buf, 0, sizeof(buf)); |
| 462 | BN_bn2bin(challenge, buf + sizeof(buf) - len); | 465 | BN_bn2bin(challenge, buf + sizeof(buf) - len); |
| 463 | MD5_Init(&md); | 466 | MD5_Init(&md); |
| @@ -1298,8 +1301,14 @@ void ssh_login(int host_key_valid, | |||
| 1298 | if (BN_cmp(public_key->n, host_key->n) < 0) | 1301 | if (BN_cmp(public_key->n, host_key->n) < 0) |
| 1299 | { | 1302 | { |
| 1300 | /* Public key has smaller modulus. */ | 1303 | /* Public key has smaller modulus. */ |
| 1301 | assert(BN_num_bits(host_key->n) >= | 1304 | if (BN_num_bits(host_key->n) < |
| 1302 | BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED); | 1305 | BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) { |
| 1306 | fatal("respond_to_rsa_challenge: host_key %d < public_key %d + " | ||
| 1307 | "SSH_KEY_BITS_RESERVED %d", | ||
| 1308 | BN_num_bits(host_key->n), | ||
| 1309 | BN_num_bits(public_key->n), | ||
| 1310 | SSH_KEY_BITS_RESERVED); | ||
| 1311 | } | ||
| 1303 | 1312 | ||
| 1304 | rsa_public_encrypt(key, key, public_key); | 1313 | rsa_public_encrypt(key, key, public_key); |
| 1305 | rsa_public_encrypt(key, key, host_key); | 1314 | rsa_public_encrypt(key, key, host_key); |
| @@ -1307,8 +1316,14 @@ void ssh_login(int host_key_valid, | |||
| 1307 | else | 1316 | else |
| 1308 | { | 1317 | { |
| 1309 | /* Host key has smaller modulus (or they are equal). */ | 1318 | /* Host key has smaller modulus (or they are equal). */ |
| 1310 | assert(BN_num_bits(public_key->n) >= | 1319 | if (BN_num_bits(public_key->n) < |
| 1311 | BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED); | 1320 | BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) { |
| 1321 | fatal("respond_to_rsa_challenge: public_key %d < host_key %d + " | ||
| 1322 | "SSH_KEY_BITS_RESERVED %d", | ||
| 1323 | BN_num_bits(public_key->n), | ||
| 1324 | BN_num_bits(host_key->n), | ||
| 1325 | SSH_KEY_BITS_RESERVED); | ||
| 1326 | } | ||
| 1312 | 1327 | ||
| 1313 | rsa_public_encrypt(key, key, host_key); | 1328 | rsa_public_encrypt(key, key, host_key); |
| 1314 | rsa_public_encrypt(key, key, public_key); | 1329 | rsa_public_encrypt(key, key, public_key); |