diff options
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | auth-rsa.c | 6 | ||||
-rw-r--r-- | bufaux.c | 6 | ||||
-rw-r--r-- | channels.c | 18 | ||||
-rw-r--r-- | cipher.c | 10 | ||||
-rw-r--r-- | deattack.c | 9 | ||||
-rw-r--r-- | hostfile.c | 14 | ||||
-rw-r--r-- | packet.c | 12 | ||||
-rw-r--r-- | ssh-add.c | 20 | ||||
-rw-r--r-- | ssh-agent.c | 9 | ||||
-rw-r--r-- | ssh.h | 4 | ||||
-rw-r--r-- | sshconnect.c | 27 | ||||
-rw-r--r-- | sshd.c | 2 |
13 files changed, 96 insertions, 43 deletions
@@ -19,9 +19,9 @@ | |||
19 | - Added support for PAM_TEXT_INFO messages | 19 | - Added support for PAM_TEXT_INFO messages |
20 | - Disable internal /etc/nologin support if PAM enabled | 20 | - Disable internal /etc/nologin support if PAM enabled |
21 | - Merged latest OpenBSD CVS changes: | 21 | - Merged latest OpenBSD CVS changes: |
22 | - [all] replace assert() with error, fatal or packet_disconnect | ||
22 | - [sshd.c] don't send fail-msg but disconnect if too many authentication | 23 | - [sshd.c] don't send fail-msg but disconnect if too many authentication |
23 | failures | 24 | failures |
24 | - [sshd.c] replace assert() with error, fatal or packet_disconnect | ||
25 | - [sshd.c] remove unused argument. ok dugsong | 25 | - [sshd.c] remove unused argument. ok dugsong |
26 | - [sshd.c] typo | 26 | - [sshd.c] typo |
27 | - [rsa.c] clear buffers used for encryption. ok: niels | 27 | - [rsa.c] clear buffers used for encryption. ok: niels |
diff --git a/auth-rsa.c b/auth-rsa.c index 3be37ffcb..dc1ad81a2 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -17,7 +17,7 @@ validity of the host key. | |||
17 | 17 | ||
18 | #include "config.h" | 18 | #include "config.h" |
19 | #include "includes.h" | 19 | #include "includes.h" |
20 | RCSID("$Id: auth-rsa.c,v 1.3 1999/10/28 05:23:30 damien Exp $"); | 20 | RCSID("$Id: auth-rsa.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); |
21 | 21 | ||
22 | #include "rsa.h" | 22 | #include "rsa.h" |
23 | #include "packet.h" | 23 | #include "packet.h" |
@@ -98,7 +98,9 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n) | |||
98 | 98 | ||
99 | /* The response is MD5 of decrypted challenge plus session id. */ | 99 | /* The response is MD5 of decrypted challenge plus session id. */ |
100 | len = BN_num_bytes(challenge); | 100 | len = BN_num_bytes(challenge); |
101 | assert(len <= 32 && len); | 101 | if (len <= 0 || len > 32) |
102 | fatal("auth_rsa_challenge_dialog: bad challenge length %d", len); | ||
103 | |||
102 | memset(buf, 0, 32); | 104 | memset(buf, 0, 32); |
103 | BN_bn2bin(challenge, buf + 32 - len); | 105 | BN_bn2bin(challenge, buf + 32 - len); |
104 | MD5_Init(&md); | 106 | MD5_Init(&md); |
@@ -16,7 +16,7 @@ Buffers. | |||
16 | 16 | ||
17 | #include "config.h" | 17 | #include "config.h" |
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | RCSID("$Id: bufaux.c,v 1.2 1999/10/28 03:25:17 damien Exp $"); | 19 | RCSID("$Id: bufaux.c,v 1.3 1999/11/08 05:15:55 damien Exp $"); |
20 | 20 | ||
21 | #include "ssh.h" | 21 | #include "ssh.h" |
22 | 22 | ||
@@ -45,7 +45,9 @@ buffer_put_bignum(Buffer *buffer, BIGNUM *value) | |||
45 | 45 | ||
46 | /* Get the value of in binary */ | 46 | /* Get the value of in binary */ |
47 | oi = BN_bn2bin(value, buf); | 47 | oi = BN_bn2bin(value, buf); |
48 | assert(oi == bin_size); | 48 | if (oi != bin_size) |
49 | fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d", | ||
50 | oi, bin_size); | ||
49 | 51 | ||
50 | /* Store the number of bits in the buffer in two bytes, msb first. */ | 52 | /* Store the number of bits in the buffer in two bytes, msb first. */ |
51 | PUT_16BIT(msg, bits); | 53 | PUT_16BIT(msg, bits); |
diff --git a/channels.c b/channels.c index 79a02c88b..032e8f2af 100644 --- a/channels.c +++ b/channels.c | |||
@@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection. | |||
16 | */ | 16 | */ |
17 | 17 | ||
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | RCSID("$Id: channels.c,v 1.3 1999/10/30 01:39:56 damien Exp $"); | 19 | RCSID("$Id: channels.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); |
20 | 20 | ||
21 | #include "ssh.h" | 21 | #include "ssh.h" |
22 | #include "packet.h" | 22 | #include "packet.h" |
@@ -166,8 +166,10 @@ int channel_allocate(int type, int sock, char *remote_name) | |||
166 | 166 | ||
167 | void channel_free(int channel) | 167 | void channel_free(int channel) |
168 | { | 168 | { |
169 | assert(channel >= 0 && channel < channels_alloc && | 169 | if (channel < 0 || channel >= channels_alloc || |
170 | channels[channel].type != SSH_CHANNEL_FREE); | 170 | channels[channel].type == SSH_CHANNEL_FREE) |
171 | packet_disconnect("channel free: bad local channel %d", channel); | ||
172 | |||
171 | if(compat13) | 173 | if(compat13) |
172 | shutdown(channels[channel].sock, SHUT_RDWR); | 174 | shutdown(channels[channel].sock, SHUT_RDWR); |
173 | close(channels[channel].sock); | 175 | close(channels[channel].sock); |
@@ -307,9 +309,17 @@ void channel_prepare_select(fd_set *readset, fd_set *writeset) | |||
307 | goto reject; | 309 | goto reject; |
308 | } | 310 | } |
309 | 311 | ||
312 | /* Check fake data length */ | ||
313 | if (x11_fake_data_len != x11_saved_data_len) | ||
314 | { | ||
315 | error("X11 fake_data_len %d != saved_data_len %d", | ||
316 | x11_fake_data_len, x11_saved_data_len); | ||
317 | ch->type = SSH_CHANNEL_OPEN; | ||
318 | goto reject; | ||
319 | } | ||
320 | |||
310 | /* Received authentication protocol and data match our fake data. | 321 | /* Received authentication protocol and data match our fake data. |
311 | Substitute the fake data with real data. */ | 322 | Substitute the fake data with real data. */ |
312 | assert(x11_fake_data_len == x11_saved_data_len); | ||
313 | memcpy(ucp + 12 + ((proto_len + 3) & ~3), | 323 | memcpy(ucp + 12 + ((proto_len + 3) & ~3), |
314 | x11_saved_data, x11_saved_data_len); | 324 | x11_saved_data, x11_saved_data_len); |
315 | 325 | ||
@@ -13,7 +13,7 @@ Created: Wed Apr 19 17:41:39 1995 ylo | |||
13 | 13 | ||
14 | #include "config.h" | 14 | #include "config.h" |
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$Id: cipher.c,v 1.3 1999/10/28 05:23:30 damien Exp $"); | 16 | RCSID("$Id: cipher.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); |
17 | 17 | ||
18 | #include "ssh.h" | 18 | #include "ssh.h" |
19 | #include "cipher.h" | 19 | #include "cipher.h" |
@@ -93,8 +93,6 @@ swap_bytes(const unsigned char *src, unsigned char *dst_, int n) | |||
93 | char c[4]; | 93 | char c[4]; |
94 | } t; | 94 | } t; |
95 | 95 | ||
96 | /* assert((n & 7) == 0); */ | ||
97 | |||
98 | /* Process 8 bytes every lap. */ | 96 | /* Process 8 bytes every lap. */ |
99 | for (n = n / 8; n > 0; n--) | 97 | for (n = n / 8; n > 0; n--) |
100 | { | 98 | { |
@@ -248,7 +246,8 @@ void cipher_set_key(CipherContext *context, int cipher, | |||
248 | void cipher_encrypt(CipherContext *context, unsigned char *dest, | 246 | void cipher_encrypt(CipherContext *context, unsigned char *dest, |
249 | const unsigned char *src, unsigned int len) | 247 | const unsigned char *src, unsigned int len) |
250 | { | 248 | { |
251 | assert((len & 7) == 0); | 249 | if ((len & 7) != 0) |
250 | fatal("cipher_encrypt: bad plaintext length %d", len); | ||
252 | 251 | ||
253 | switch (context->type) | 252 | switch (context->type) |
254 | { | 253 | { |
@@ -280,7 +279,8 @@ void cipher_encrypt(CipherContext *context, unsigned char *dest, | |||
280 | void cipher_decrypt(CipherContext *context, unsigned char *dest, | 279 | void cipher_decrypt(CipherContext *context, unsigned char *dest, |
281 | const unsigned char *src, unsigned int len) | 280 | const unsigned char *src, unsigned int len) |
282 | { | 281 | { |
283 | assert((len & 7) == 0); | 282 | if ((len & 7) != 0) |
283 | fatal("cipher_decrypt: bad ciphertext length %d", len); | ||
284 | 284 | ||
285 | switch (context->type) | 285 | switch (context->type) |
286 | { | 286 | { |
diff --git a/deattack.c b/deattack.c index d5f8608ca..afd96e4e4 100644 --- a/deattack.c +++ b/deattack.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * $Id: deattack.c,v 1.1 1999/10/27 03:42:44 damien Exp $ | 2 | * $Id: deattack.c,v 1.2 1999/11/08 05:15:55 damien Exp $ |
3 | * Cryptographic attack detector for ssh - source code | 3 | * Cryptographic attack detector for ssh - source code |
4 | * | 4 | * |
5 | * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. | 5 | * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. |
@@ -100,9 +100,10 @@ detect_attack(unsigned char *buf, u_int32_t len, unsigned char *IV) | |||
100 | register unsigned char *c; | 100 | register unsigned char *c; |
101 | unsigned char *d; | 101 | unsigned char *d; |
102 | 102 | ||
103 | 103 | if (len > (SSH_MAXBLOCKS * SSH_BLOCKSIZE) || | |
104 | assert(len <= (SSH_MAXBLOCKS * SSH_BLOCKSIZE)); | 104 | len % SSH_BLOCKSIZE != 0) { |
105 | assert(len % SSH_BLOCKSIZE == 0); | 105 | fatal("detect_attack: bad length %d", len); |
106 | } | ||
106 | 107 | ||
107 | for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2); | 108 | for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2); |
108 | 109 | ||
diff --git a/hostfile.c b/hostfile.c index ca0fe88a2..0e65bfe5f 100644 --- a/hostfile.c +++ b/hostfile.c | |||
@@ -14,7 +14,7 @@ Functions for manipulating the known hosts files. | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$Id: hostfile.c,v 1.1 1999/10/27 03:42:44 damien Exp $"); | 17 | RCSID("$Id: hostfile.c,v 1.2 1999/11/08 05:15:55 damien Exp $"); |
18 | 18 | ||
19 | #include "packet.h" | 19 | #include "packet.h" |
20 | #include "ssh.h" | 20 | #include "ssh.h" |
@@ -265,11 +265,19 @@ add_host_to_hostfile(const char *filename, const char *host, | |||
265 | /* Print the host name and key to the file. */ | 265 | /* Print the host name and key to the file. */ |
266 | fprintf(f, "%s %u ", host, bits); | 266 | fprintf(f, "%s %u ", host, bits); |
267 | buf = BN_bn2dec(e); | 267 | buf = BN_bn2dec(e); |
268 | assert(buf != NULL); | 268 | if (buf == NULL) { |
269 | error("add_host_to_hostfile: BN_bn2dec #1 failed"); | ||
270 | fclose(f); | ||
271 | return 0; | ||
272 | } | ||
269 | fprintf(f, "%s ", buf); | 273 | fprintf(f, "%s ", buf); |
270 | free (buf); | 274 | free (buf); |
271 | buf = BN_bn2dec(n); | 275 | buf = BN_bn2dec(n); |
272 | assert(buf != NULL); | 276 | if (buf == NULL) { |
277 | error("add_host_to_hostfile: BN_bn2dec #2 failed"); | ||
278 | fclose(f); | ||
279 | return 0; | ||
280 | } | ||
273 | fprintf(f, "%s\n", buf); | 281 | fprintf(f, "%s\n", buf); |
274 | free (buf); | 282 | free (buf); |
275 | 283 | ||
@@ -15,7 +15,7 @@ with the other side. This same code is used both on client and server side. | |||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "includes.h" | 17 | #include "includes.h" |
18 | RCSID("$Id: packet.c,v 1.1 1999/10/27 03:42:44 damien Exp $"); | 18 | RCSID("$Id: packet.c,v 1.2 1999/11/08 05:15:55 damien Exp $"); |
19 | 19 | ||
20 | #include "xmalloc.h" | 20 | #include "xmalloc.h" |
21 | #include "buffer.h" | 21 | #include "buffer.h" |
@@ -194,7 +194,6 @@ void | |||
194 | packet_encrypt(CipherContext *cc, void *dest, void *src, | 194 | packet_encrypt(CipherContext *cc, void *dest, void *src, |
195 | unsigned int bytes) | 195 | unsigned int bytes) |
196 | { | 196 | { |
197 | assert((bytes % 8) == 0); | ||
198 | cipher_encrypt(cc, dest, src, bytes); | 197 | cipher_encrypt(cc, dest, src, bytes); |
199 | } | 198 | } |
200 | 199 | ||
@@ -207,7 +206,8 @@ packet_decrypt(CipherContext *cc, void *dest, void *src, | |||
207 | { | 206 | { |
208 | int i; | 207 | int i; |
209 | 208 | ||
210 | assert((bytes % 8) == 0); | 209 | if ((bytes % 8) != 0) |
210 | fatal("packet_decrypt: bad ciphertext length %d", bytes); | ||
211 | 211 | ||
212 | /* | 212 | /* |
213 | Cryptographic attack detector for ssh - Modifications for packet.c | 213 | Cryptographic attack detector for ssh - Modifications for packet.c |
@@ -500,7 +500,11 @@ packet_read_poll(int *payload_len_ptr) | |||
500 | buffer_consume(&incoming_packet, 8 - len % 8); | 500 | buffer_consume(&incoming_packet, 8 - len % 8); |
501 | 501 | ||
502 | /* Test check bytes. */ | 502 | /* Test check bytes. */ |
503 | assert(len == buffer_len(&incoming_packet)); | 503 | |
504 | if (len != buffer_len(&incoming_packet)) | ||
505 | packet_disconnect("packet_read_poll: len %d != buffer_len %d.", | ||
506 | len, buffer_len(&incoming_packet)); | ||
507 | |||
504 | ucp = (unsigned char *)buffer_ptr(&incoming_packet) + len - 4; | 508 | ucp = (unsigned char *)buffer_ptr(&incoming_packet) + len - 4; |
505 | stored_checksum = GET_32BIT(ucp); | 509 | stored_checksum = GET_32BIT(ucp); |
506 | if (checksum != stored_checksum) | 510 | if (checksum != stored_checksum) |
@@ -14,7 +14,7 @@ Adds an identity to the authentication server, or removes an identity. | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$Id: ssh-add.c,v 1.3 1999/11/08 04:30:59 damien Exp $"); | 17 | RCSID("$Id: ssh-add.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); |
18 | 18 | ||
19 | #include "rsa.h" | 19 | #include "rsa.h" |
20 | #include "ssh.h" | 20 | #include "ssh.h" |
@@ -201,13 +201,19 @@ list_identities(AuthenticationConnection *ac) | |||
201 | had_identities = 1; | 201 | had_identities = 1; |
202 | printf("%d ", bits); | 202 | printf("%d ", bits); |
203 | buf = BN_bn2dec(e); | 203 | buf = BN_bn2dec(e); |
204 | assert(buf != NULL); | 204 | if (buf != NULL) { |
205 | printf("%s ", buf); | 205 | printf("%s ", buf); |
206 | free (buf); | 206 | free (buf); |
207 | } else { | ||
208 | error("list_identities: BN_bn2dec #1 failed."); | ||
209 | } | ||
207 | buf = BN_bn2dec(n); | 210 | buf = BN_bn2dec(n); |
208 | assert(buf != NULL); | 211 | if (buf != NULL) { |
209 | printf("%s %s\n", buf, comment); | 212 | printf("%s %s\n", buf, comment); |
210 | free (buf); | 213 | free (buf); |
214 | } else { | ||
215 | error("list_identities: BN_bn2dec #2 failed."); | ||
216 | } | ||
211 | xfree(comment); | 217 | xfree(comment); |
212 | } | 218 | } |
213 | BN_clear_free(e); | 219 | BN_clear_free(e); |
diff --git a/ssh-agent.c b/ssh-agent.c index 4f7f57f03..96bd021eb 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -16,7 +16,7 @@ The authentication agent program. | |||
16 | */ | 16 | */ |
17 | 17 | ||
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | RCSID("$OpenBSD: ssh-agent.c,v 1.16 1999/10/28 20:41:23 markus Exp $"); | 19 | RCSID("$OpenBSD: ssh-agent.c,v 1.17 1999/11/02 19:42:36 markus Exp $"); |
20 | 20 | ||
21 | #include "ssh.h" | 21 | #include "ssh.h" |
22 | #include "rsa.h" | 22 | #include "rsa.h" |
@@ -136,7 +136,12 @@ process_authentication_challenge(SocketEntry *e) | |||
136 | case 1: /* As of protocol 1.1 */ | 136 | case 1: /* As of protocol 1.1 */ |
137 | /* The response is MD5 of decrypted challenge plus session id. */ | 137 | /* The response is MD5 of decrypted challenge plus session id. */ |
138 | len = BN_num_bytes(challenge); | 138 | len = BN_num_bytes(challenge); |
139 | assert(len <= 32 && len); | 139 | |
140 | if (len <= 0 || len > 32) { | ||
141 | fatal("process_authentication_challenge: " | ||
142 | "bad challenge length %d", len); | ||
143 | } | ||
144 | |||
140 | memset(buf, 0, 32); | 145 | memset(buf, 0, 32); |
141 | BN_bn2bin(challenge, buf + 32 - len); | 146 | BN_bn2bin(challenge, buf + 32 - len); |
142 | MD5_Init(&md); | 147 | MD5_Init(&md); |
@@ -13,7 +13,7 @@ Generic header file for ssh. | |||
13 | 13 | ||
14 | */ | 14 | */ |
15 | 15 | ||
16 | /* RCSID("$Id: ssh.h,v 1.6 1999/11/08 04:30:59 damien Exp $"); */ | 16 | /* RCSID("$Id: ssh.h,v 1.7 1999/11/08 05:15:55 damien Exp $"); */ |
17 | 17 | ||
18 | #ifndef SSH_H | 18 | #ifndef SSH_H |
19 | #define SSH_H | 19 | #define SSH_H |
@@ -597,7 +597,7 @@ int ssh_tf_init(uid_t uid); | |||
597 | 597 | ||
598 | /* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */ | 598 | /* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */ |
599 | int auth_kerberos_tgt(struct passwd *pw, const char *string); | 599 | int auth_kerberos_tgt(struct passwd *pw, const char *string); |
600 | int auth_afs_token(char *server_user, uid_t uid, const char *string); | 600 | int auth_afs_token(struct passwd *pw, const char *token_string); |
601 | 601 | ||
602 | int creds_to_radix(CREDENTIALS *creds, unsigned char *buf); | 602 | int creds_to_radix(CREDENTIALS *creds, unsigned char *buf); |
603 | int radix_to_creds(const char *buf, CREDENTIALS *creds); | 603 | int radix_to_creds(const char *buf, CREDENTIALS *creds); |
diff --git a/sshconnect.c b/sshconnect.c index 4222646d9..a6f3788f5 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -16,7 +16,7 @@ login (authentication) dialog. | |||
16 | 16 | ||
17 | #include "config.h" | 17 | #include "config.h" |
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | RCSID("$Id: sshconnect.c,v 1.3 1999/10/28 05:23:30 damien Exp $"); | 19 | RCSID("$Id: sshconnect.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); |
20 | 20 | ||
21 | #ifdef HAVE_OPENSSL | 21 | #ifdef HAVE_OPENSSL |
22 | #include <openssl/bn.h> | 22 | #include <openssl/bn.h> |
@@ -457,7 +457,10 @@ respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv) | |||
457 | /* Compute the response. */ | 457 | /* Compute the response. */ |
458 | /* The response is MD5 of decrypted challenge plus session id. */ | 458 | /* The response is MD5 of decrypted challenge plus session id. */ |
459 | len = BN_num_bytes(challenge); | 459 | len = BN_num_bytes(challenge); |
460 | assert(len <= sizeof(buf) && len); | 460 | if (len <= 0 || len > sizeof(buf)) |
461 | packet_disconnect("respond_to_rsa_challenge: bad challenge length %d", | ||
462 | len); | ||
463 | |||
461 | memset(buf, 0, sizeof(buf)); | 464 | memset(buf, 0, sizeof(buf)); |
462 | BN_bn2bin(challenge, buf + sizeof(buf) - len); | 465 | BN_bn2bin(challenge, buf + sizeof(buf) - len); |
463 | MD5_Init(&md); | 466 | MD5_Init(&md); |
@@ -1298,8 +1301,14 @@ void ssh_login(int host_key_valid, | |||
1298 | if (BN_cmp(public_key->n, host_key->n) < 0) | 1301 | if (BN_cmp(public_key->n, host_key->n) < 0) |
1299 | { | 1302 | { |
1300 | /* Public key has smaller modulus. */ | 1303 | /* Public key has smaller modulus. */ |
1301 | assert(BN_num_bits(host_key->n) >= | 1304 | if (BN_num_bits(host_key->n) < |
1302 | BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED); | 1305 | BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) { |
1306 | fatal("respond_to_rsa_challenge: host_key %d < public_key %d + " | ||
1307 | "SSH_KEY_BITS_RESERVED %d", | ||
1308 | BN_num_bits(host_key->n), | ||
1309 | BN_num_bits(public_key->n), | ||
1310 | SSH_KEY_BITS_RESERVED); | ||
1311 | } | ||
1303 | 1312 | ||
1304 | rsa_public_encrypt(key, key, public_key); | 1313 | rsa_public_encrypt(key, key, public_key); |
1305 | rsa_public_encrypt(key, key, host_key); | 1314 | rsa_public_encrypt(key, key, host_key); |
@@ -1307,8 +1316,14 @@ void ssh_login(int host_key_valid, | |||
1307 | else | 1316 | else |
1308 | { | 1317 | { |
1309 | /* Host key has smaller modulus (or they are equal). */ | 1318 | /* Host key has smaller modulus (or they are equal). */ |
1310 | assert(BN_num_bits(public_key->n) >= | 1319 | if (BN_num_bits(public_key->n) < |
1311 | BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED); | 1320 | BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) { |
1321 | fatal("respond_to_rsa_challenge: public_key %d < host_key %d + " | ||
1322 | "SSH_KEY_BITS_RESERVED %d", | ||
1323 | BN_num_bits(public_key->n), | ||
1324 | BN_num_bits(host_key->n), | ||
1325 | SSH_KEY_BITS_RESERVED); | ||
1326 | } | ||
1312 | 1327 | ||
1313 | rsa_public_encrypt(key, key, host_key); | 1328 | rsa_public_encrypt(key, key, host_key); |
1314 | rsa_public_encrypt(key, key, public_key); | 1329 | rsa_public_encrypt(key, key, public_key); |
@@ -18,7 +18,7 @@ agent connections. | |||
18 | */ | 18 | */ |
19 | 19 | ||
20 | #include "includes.h" | 20 | #include "includes.h" |
21 | RCSID("$Id: sshd.c,v 1.11 1999/11/08 04:30:59 damien Exp $"); | 21 | RCSID("$Id: sshd.c,v 1.12 1999/11/08 05:15:55 damien Exp $"); |
22 | 22 | ||
23 | #include "xmalloc.h" | 23 | #include "xmalloc.h" |
24 | #include "rsa.h" | 24 | #include "rsa.h" |