summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog8
-rw-r--r--dh.c15
-rw-r--r--dh.h26
-rw-r--r--moduli.c49
4 files changed, 62 insertions, 36 deletions
diff --git a/ChangeLog b/ChangeLog
index ce856bc7c..70c06d785 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,12 @@
14 bits. Note that this only affects explicit setting of modes (e.g. via 14 bits. Note that this only affects explicit setting of modes (e.g. via
15 sftp(1)'s chmod command) and not file transfers. (bz#1310) 15 sftp(1)'s chmod command) and not file transfers. (bz#1310)
16 ok deraadt@ at c2k8 16 ok deraadt@ at c2k8
17 - djm@cvs.openbsd.org 2008/06/26 09:19:40
18 [dh.c dh.h moduli.c]
19 when loading moduli from /etc/moduli in sshd(8), check that they
20 are of the expected "safe prime" structure and have had
21 appropriate primality tests performed;
22 feedback and ok dtucker@
17 23
1820080628 2420080628
19 - (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec] 25 - (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec]
@@ -4434,4 +4440,4 @@
4434 OpenServer 6 and add osr5bigcrypt support so when someone migrates 4440 OpenServer 6 and add osr5bigcrypt support so when someone migrates
4435 passwords between UnixWare and OpenServer they will still work. OK dtucker@ 4441 passwords between UnixWare and OpenServer they will still work. OK dtucker@
4436 4442
4437$Id: ChangeLog,v 1.5027 2008/06/29 12:46:35 djm Exp $ 4443$Id: ChangeLog,v 1.5028 2008/06/29 12:47:04 djm Exp $
diff --git a/dh.c b/dh.c
index 0908fcf11..b76605325 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.c,v 1.46 2008/04/13 00:22:17 djm Exp $ */ 1/* $OpenBSD: dh.c,v 1.47 2008/06/26 09:19:39 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * 4 *
@@ -46,6 +46,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
46 char *cp, *arg; 46 char *cp, *arg;
47 char *strsize, *gen, *prime; 47 char *strsize, *gen, *prime;
48 const char *errstr = NULL; 48 const char *errstr = NULL;
49 long long n;
49 50
50 cp = line; 51 cp = line;
51 if ((arg = strdelim(&cp)) == NULL) 52 if ((arg = strdelim(&cp)) == NULL)
@@ -62,12 +63,24 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
62 arg = strsep(&cp, " "); /* type */ 63 arg = strsep(&cp, " "); /* type */
63 if (cp == NULL || *arg == '\0') 64 if (cp == NULL || *arg == '\0')
64 goto fail; 65 goto fail;
66 /* Ensure this is a safe prime */
67 n = strtonum(arg, 0, 5, &errstr);
68 if (errstr != NULL || n != MODULI_TYPE_SAFE)
69 goto fail;
65 arg = strsep(&cp, " "); /* tests */ 70 arg = strsep(&cp, " "); /* tests */
66 if (cp == NULL || *arg == '\0') 71 if (cp == NULL || *arg == '\0')
67 goto fail; 72 goto fail;
73 /* Ensure prime has been tested and is not composite */
74 n = strtonum(arg, 0, 0x1f, &errstr);
75 if (errstr != NULL ||
76 (n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE))
77 goto fail;
68 arg = strsep(&cp, " "); /* tries */ 78 arg = strsep(&cp, " "); /* tries */
69 if (cp == NULL || *arg == '\0') 79 if (cp == NULL || *arg == '\0')
70 goto fail; 80 goto fail;
81 n = strtonum(arg, 0, 1<<30, &errstr);
82 if (errstr != NULL || n == 0)
83 goto fail;
71 strsize = strsep(&cp, " "); /* size */ 84 strsize = strsep(&cp, " "); /* size */
72 if (cp == NULL || *strsize == '\0' || 85 if (cp == NULL || *strsize == '\0' ||
73 (dhg->size = (u_int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 || 86 (dhg->size = (u_int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 ||
diff --git a/dh.h b/dh.h
index 8e580ee87..dfc1480ea 100644
--- a/dh.h
+++ b/dh.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.h,v 1.9 2006/03/25 22:22:43 djm Exp $ */ 1/* $OpenBSD: dh.h,v 1.10 2008/06/26 09:19:40 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Niels Provos. All rights reserved. 4 * Copyright (c) 2000 Niels Provos. All rights reserved.
@@ -46,4 +46,28 @@ int dh_estimate(int);
46#define DH_GRP_MIN 1024 46#define DH_GRP_MIN 1024
47#define DH_GRP_MAX 8192 47#define DH_GRP_MAX 8192
48 48
49/*
50 * Values for "type" field of moduli(5)
51 * Specifies the internal structure of the prime modulus.
52 */
53#define MODULI_TYPE_UNKNOWN (0)
54#define MODULI_TYPE_UNSTRUCTURED (1)
55#define MODULI_TYPE_SAFE (2)
56#define MODULI_TYPE_SCHNORR (3)
57#define MODULI_TYPE_SOPHIE_GERMAIN (4)
58#define MODULI_TYPE_STRONG (5)
59
60/*
61 * Values for "tests" field of moduli(5)
62 * Specifies the methods used in checking for primality.
63 * Usually, more than one test is used.
64 */
65#define MODULI_TESTS_UNTESTED (0x00)
66#define MODULI_TESTS_COMPOSITE (0x01)
67#define MODULI_TESTS_SIEVE (0x02)
68#define MODULI_TESTS_MILLER_RABIN (0x04)
69#define MODULI_TESTS_JACOBI (0x08)
70#define MODULI_TESTS_ELLIPTIC (0x10)
71
72
49#endif 73#endif
diff --git a/moduli.c b/moduli.c
index 8fa545daf..f737cb3f5 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: moduli.c,v 1.20 2007/02/24 03:30:11 ray Exp $ */ 1/* $OpenBSD: moduli.c,v 1.21 2008/06/26 09:19:40 djm Exp $ */
2/* 2/*
3 * Copyright 1994 Phil Karn <karn@qualcomm.com> 3 * Copyright 1994 Phil Karn <karn@qualcomm.com>
4 * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> 4 * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -42,6 +42,7 @@
42#include <sys/types.h> 42#include <sys/types.h>
43 43
44#include <openssl/bn.h> 44#include <openssl/bn.h>
45#include <openssl/dh.h>
45 46
46#include <stdio.h> 47#include <stdio.h>
47#include <stdlib.h> 48#include <stdlib.h>
@@ -50,6 +51,7 @@
50#include <time.h> 51#include <time.h>
51 52
52#include "xmalloc.h" 53#include "xmalloc.h"
54#include "dh.h"
53#include "log.h" 55#include "log.h"
54 56
55/* 57/*
@@ -59,27 +61,6 @@
59/* need line long enough for largest moduli plus headers */ 61/* need line long enough for largest moduli plus headers */
60#define QLINESIZE (100+8192) 62#define QLINESIZE (100+8192)
61 63
62/* Type: decimal.
63 * Specifies the internal structure of the prime modulus.
64 */
65#define QTYPE_UNKNOWN (0)
66#define QTYPE_UNSTRUCTURED (1)
67#define QTYPE_SAFE (2)
68#define QTYPE_SCHNORR (3)
69#define QTYPE_SOPHIE_GERMAIN (4)
70#define QTYPE_STRONG (5)
71
72/* Tests: decimal (bit field).
73 * Specifies the methods used in checking for primality.
74 * Usually, more than one test is used.
75 */
76#define QTEST_UNTESTED (0x00)
77#define QTEST_COMPOSITE (0x01)
78#define QTEST_SIEVE (0x02)
79#define QTEST_MILLER_RABIN (0x04)
80#define QTEST_JACOBI (0x08)
81#define QTEST_ELLIPTIC (0x10)
82
83/* 64/*
84 * Size: decimal. 65 * Size: decimal.
85 * Specifies the number of the most significant bit (0 to M). 66 * Specifies the number of the most significant bit (0 to M).
@@ -434,8 +415,9 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
434 fatal("BN_set_word failed"); 415 fatal("BN_set_word failed");
435 if (BN_add(q, q, largebase) == 0) 416 if (BN_add(q, q, largebase) == 0)
436 fatal("BN_add failed"); 417 fatal("BN_add failed");
437 if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE, 418 if (qfileout(out, MODULI_TYPE_SOPHIE_GERMAIN,
438 largetries, (power - 1) /* MSB */, (0), q) == -1) { 419 MODULI_TESTS_SIEVE, largetries,
420 (power - 1) /* MSB */, (0), q) == -1) {
439 ret = -1; 421 ret = -1;
440 break; 422 break;
441 } 423 }
@@ -507,7 +489,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
507 /* tests */ 489 /* tests */
508 in_tests = strtoul(cp, &cp, 10); 490 in_tests = strtoul(cp, &cp, 10);
509 491
510 if (in_tests & QTEST_COMPOSITE) { 492 if (in_tests & MODULI_TESTS_COMPOSITE) {
511 debug2("%10u: known composite", count_in); 493 debug2("%10u: known composite", count_in);
512 continue; 494 continue;
513 } 495 }
@@ -526,7 +508,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
526 508
527 /* modulus (hex) */ 509 /* modulus (hex) */
528 switch (in_type) { 510 switch (in_type) {
529 case QTYPE_SOPHIE_GERMAIN: 511 case MODULI_TYPE_SOPHIE_GERMAIN:
530 debug2("%10u: (%u) Sophie-Germain", count_in, in_type); 512 debug2("%10u: (%u) Sophie-Germain", count_in, in_type);
531 a = q; 513 a = q;
532 if (BN_hex2bn(&a, cp) == 0) 514 if (BN_hex2bn(&a, cp) == 0)
@@ -539,11 +521,11 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
539 in_size += 1; 521 in_size += 1;
540 generator_known = 0; 522 generator_known = 0;
541 break; 523 break;
542 case QTYPE_UNSTRUCTURED: 524 case MODULI_TYPE_UNSTRUCTURED:
543 case QTYPE_SAFE: 525 case MODULI_TYPE_SAFE:
544 case QTYPE_SCHNORR: 526 case MODULI_TYPE_SCHNORR:
545 case QTYPE_STRONG: 527 case MODULI_TYPE_STRONG:
546 case QTYPE_UNKNOWN: 528 case MODULI_TYPE_UNKNOWN:
547 debug2("%10u: (%u)", count_in, in_type); 529 debug2("%10u: (%u)", count_in, in_type);
548 a = p; 530 a = p;
549 if (BN_hex2bn(&a, cp) == 0) 531 if (BN_hex2bn(&a, cp) == 0)
@@ -570,7 +552,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
570 continue; 552 continue;
571 } 553 }
572 554
573 if (in_tests & QTEST_MILLER_RABIN) 555 if (in_tests & MODULI_TESTS_MILLER_RABIN)
574 in_tries += trials; 556 in_tries += trials;
575 else 557 else
576 in_tries = trials; 558 in_tries = trials;
@@ -644,7 +626,8 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
644 } 626 }
645 debug("%10u: q is almost certainly prime", count_in); 627 debug("%10u: q is almost certainly prime", count_in);
646 628
647 if (qfileout(out, QTYPE_SAFE, (in_tests | QTEST_MILLER_RABIN), 629 if (qfileout(out, MODULI_TYPE_SAFE,
630 in_tests | MODULI_TESTS_MILLER_RABIN,
648 in_tries, in_size, generator_known, p)) { 631 in_tries, in_size, generator_known, p)) {
649 res = -1; 632 res = -1;
650 break; 633 break;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 07:39:22 +0000