13 files changed, 52 insertions, 236 deletions
diff --git a/Makefile.in b/Makefile.in
index 29d539a73..ac3907b1e 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -81,7 +81,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
        cipher-ctr.o cleanup.o \
        compat.o crc32.o fatal.o hostfile.o \
        log.o match.o moduli.o nchan.o packet.o opacket.o \
-        readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
+        readpass.o ttymodes.o xmalloc.o addrmatch.o \
        atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \
        monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
        msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
diff --git a/authfd.c b/authfd.c
index 6c9843c87..a460fa350 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.104 2017/06/28 01:09:22 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.105 2017/07/01 13:50:45 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -51,7 +51,6 @@
 #include "xmalloc.h"
 #include "ssh.h"
-#include "rsa.h"
 #include "sshbuf.h"
 #include "sshkey.h"
 #include "authfd.h"
diff --git a/authfile.c b/authfile.c
index 3481e0b04..d09b700d2 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.126 2017/05/31 09:15:42 deraadt Exp $ */
+/* $OpenBSD: authfile.c,v 1.127 2017/07/01 13:50:45 djm Exp $ */
 /*
 * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
 *
@@ -42,7 +42,6 @@
 #include "ssh.h"
 #include "log.h"
 #include "authfile.h"
-#include "rsa.h"
 #include "misc.h"
 #include "atomicio.h"
 #include "sshkey.h"
diff --git a/rsa.c b/rsa.c
deleted file mode 100644
index 5ecacef90..000000000
--- a/rsa.c
+++ /dev/null
@@ -1,188 +0,0 @@
-/* $OpenBSD: rsa.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */
-/*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- *
- *
- * Copyright (c) 1999 Niels Provos.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- *
- * Description of the RSA algorithm can be found e.g. from the following
- * sources:
- *
- *   Bruce Schneier: Applied Cryptography.  John Wiley & Sons, 1994.
- *
- *   Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to
- *   Computer Security.  Prentice-Hall, 1989.
- *
- *   Man Young Rhee: Cryptography and Secure Data Communications.  McGraw-Hill,
- *   1994.
- *
- *   R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications
- *   System and Method.  US Patent 4,405,829, 1983.
- *
- *   Hans Riesel: Prime Numbers and Computer Methods for Factorization.
- *   Birkhauser, 1994.
- *
- *   The RSA Frequently Asked Questions document by RSA Data Security,
- *   Inc., 1995.
- *
- *   RSA in 3 lines of perl by Adam Back <aba@atlax.ex.ac.uk>, 1995, as
- * included below:
- *
- *     [gone - had to be deleted - what a pity]
- */
-#include "includes.h"
-#include <sys/types.h>
-#include <stdarg.h>
-#include <string.h>
-#include "rsa.h"
-#include "log.h"
-#include "ssherr.h"
-int
-rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
-{
-        u_char *inbuf = NULL, *outbuf = NULL;
-        int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR;
-        if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
-                return SSH_ERR_INVALID_ARGUMENT;
-        olen = BN_num_bytes(key->n);
-        if ((outbuf = malloc(olen)) == NULL) {
-                r = SSH_ERR_ALLOC_FAIL;
-                goto out;
-        }
-        ilen = BN_num_bytes(in);
-        if ((inbuf = malloc(ilen)) == NULL) {
-                r = SSH_ERR_ALLOC_FAIL;
-                goto out;
-        }
-        BN_bn2bin(in, inbuf);
-        if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key,
-            RSA_PKCS1_PADDING)) <= 0) {
-                r = SSH_ERR_LIBCRYPTO_ERROR;
-                goto out;
-        }
-        if (BN_bin2bn(outbuf, len, out) == NULL) {
-                r = SSH_ERR_LIBCRYPTO_ERROR;
-                goto out;
-        }
-        r = 0;
- out:
-        if (outbuf != NULL) {
-                explicit_bzero(outbuf, olen);
-                free(outbuf);
-        }
-        if (inbuf != NULL) {
-                explicit_bzero(inbuf, ilen);
-                free(inbuf);
-        }
-        return r;
-}
-int
-rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
-{
-        u_char *inbuf = NULL, *outbuf = NULL;
-        int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR;
-        olen = BN_num_bytes(key->n);
-        if ((outbuf = malloc(olen)) == NULL) {
-                r = SSH_ERR_ALLOC_FAIL;
-                goto out;
-        }
-        ilen = BN_num_bytes(in);
-        if ((inbuf = malloc(ilen)) == NULL) {
-                r = SSH_ERR_ALLOC_FAIL;
-                goto out;
-        }
-        BN_bn2bin(in, inbuf);
-        if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
-            RSA_PKCS1_PADDING)) <= 0) {
-                r = SSH_ERR_LIBCRYPTO_ERROR;
-                goto out;
-        } else if (BN_bin2bn(outbuf, len, out) == NULL) {
-                r = SSH_ERR_LIBCRYPTO_ERROR;
-                goto out;
-        }
-        r = 0;
- out:
-        if (outbuf != NULL) {
-                explicit_bzero(outbuf, olen);
-                free(outbuf);
-        }
-        if (inbuf != NULL) {
-                explicit_bzero(inbuf, ilen);
-                free(inbuf);
-        }
-        return r;
-}
-/* calculate p-1 and q-1 */
-int
-rsa_generate_additional_parameters(RSA *rsa)
-{
-        BIGNUM *aux = NULL;
-        BN_CTX *ctx = NULL;
-        int r;
-        if ((ctx = BN_CTX_new()) == NULL)
-                return SSH_ERR_ALLOC_FAIL;
-        if ((aux = BN_new()) == NULL) {
-                r = SSH_ERR_ALLOC_FAIL;
-                goto out;
-        }
-        if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
-            (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
-            (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
-            (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
-                r = SSH_ERR_LIBCRYPTO_ERROR;
-                goto out;
-        }
-        r = 0;
- out:
-        BN_clear_free(aux);
-        BN_CTX_free(ctx);
-        return r;
-}
diff --git a/rsa.h b/rsa.h
deleted file mode 100644
index c476707d5..000000000
--- a/rsa.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/* $OpenBSD: rsa.h,v 1.17 2014/06/24 01:13:21 djm Exp $ */
-/*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- * RSA key generation, encryption and decryption.
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- */
-#ifndef RSA_H
-#define RSA_H
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-int      rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *);
-int      rsa_private_decrypt(BIGNUM *, BIGNUM *, RSA *);
-int      rsa_generate_additional_parameters(RSA *);
-#endif                          /* RSA_H */
diff --git a/ssh-add.c b/ssh-add.c
index 438c1c25a..72d89db4a 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.132 2017/05/30 14:16:41 markus Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.133 2017/07/01 13:50:45 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -55,7 +55,6 @@
 #include "xmalloc.h"
 #include "ssh.h"
-#include "rsa.h"
 #include "log.h"
 #include "sshkey.h"
 #include "sshbuf.h"
diff --git a/ssh-agent.c b/ssh-agent.c
index 2ef8367b9..eb8c2043d 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.221 2017/04/30 23:29:10 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.222 2017/07/01 13:50:45 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -73,7 +73,6 @@
 #include "xmalloc.h"
 #include "ssh.h"
-#include "rsa.h"
 #include "sshbuf.h"
 #include "sshkey.h"
 #include "authfd.h"
diff --git a/ssh-keygen.c b/ssh-keygen.c
index b6b690051..d8f942f5a 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.305 2017/06/28 01:09:22 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.306 2017/07/01 13:50:45 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -41,7 +41,6 @@
 #include "xmalloc.h"
 #include "sshkey.h"
-#include "rsa.h"
 #include "authfile.h"
 #include "uuencode.h"
 #include "sshbuf.h"
@@ -528,7 +527,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
                buffer_get_bignum_bits(b, key->rsa->iqmp);
                buffer_get_bignum_bits(b, key->rsa->q);
                buffer_get_bignum_bits(b, key->rsa->p);
-                if ((r = rsa_generate_additional_parameters(key->rsa)) != 0)
+                if ((r = ssh_rsa_generate_additional_parameters(key)) != 0)
                        fatal("generate RSA parameters failed: %s", ssh_err(r));
                break;
        }
diff --git a/ssh-rsa.c b/ssh-rsa.c
index e8acc01fa..f570ae6d4 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-rsa.c,v 1.61 2017/05/07 23:15:59 djm Exp $ */
+/* $OpenBSD: ssh-rsa.c,v 1.62 2017/07/01 13:50:45 djm Exp $ */
 /*
 * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
 *
@@ -78,6 +78,41 @@ rsa_hash_alg_nid(int type)
        }
 }
+/* calculate p-1 and q-1 */
+int
+ssh_rsa_generate_additional_parameters(struct sshkey *key)
+{
+        RSA *rsa;
+        BIGNUM *aux = NULL;
+        BN_CTX *ctx = NULL;
+        int r;
+        if (key == NULL || key->rsa == NULL ||
+            sshkey_type_plain(key->type) != KEY_RSA)
+                return SSH_ERR_INVALID_ARGUMENT;
+        if ((ctx = BN_CTX_new()) == NULL)
+                return SSH_ERR_ALLOC_FAIL;
+        if ((aux = BN_new()) == NULL) {
+                r = SSH_ERR_ALLOC_FAIL;
+                goto out;
+        }
+        rsa = key->rsa;
+        if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
+            (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
+            (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
+            (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
+                r = SSH_ERR_LIBCRYPTO_ERROR;
+                goto out;
+        }
+        r = 0;
+ out:
+        BN_clear_free(aux);
+        BN_CTX_free(ctx);
+        return r;
+}
 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
 int
 ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
diff --git a/sshconnect.c b/sshconnect.c
index 8f527aa43..aaae5fc9f 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.282 2017/06/24 05:37:44 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.283 2017/07/01 13:50:45 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -48,7 +48,6 @@
 #include "key.h"
 #include "hostfile.h"
 #include "ssh.h"
-#include "rsa.h"
 #include "buffer.h"
 #include "packet.h"
 #include "uidswap.h"
diff --git a/sshd.c b/sshd.c
index 06cb81f27..1d19ce679 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.490 2017/05/31 08:09:45 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.491 2017/07/01 13:50:45 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -88,7 +88,6 @@
 #include "xmalloc.h"
 #include "ssh.h"
 #include "ssh2.h"
-#include "rsa.h"
 #include "sshpty.h"
 #include "packet.h"
 #include "log.h"
diff --git a/sshkey.c b/sshkey.c
index acc6e3f2d..acc396321 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.53 2017/06/28 01:09:22 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.54 2017/07/01 13:50:45 djm Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -51,7 +51,6 @@
 #include "ssherr.h"
 #include "misc.h"
 #include "sshbuf.h"
-#include "rsa.h"
 #include "cipher.h"
 #include "digest.h"
 #define SSHKEY_INTERNAL
@@ -2667,7 +2666,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
                    (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 ||
                    (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 ||
                    (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 ||
-                    (r = rsa_generate_additional_parameters(k->rsa)) != 0)
+                    (r = ssh_rsa_generate_additional_parameters(k)) != 0)
                        goto out;
                if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
                        r = SSH_ERR_KEY_LENGTH;
@@ -2681,7 +2680,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
                    (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 ||
                    (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 ||
                    (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 ||
-                    (r = rsa_generate_additional_parameters(k->rsa)) != 0)
+                    (r = ssh_rsa_generate_additional_parameters(k)) != 0)
                        goto out;
                if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
                        r = SSH_ERR_KEY_LENGTH;
diff --git a/sshkey.h b/sshkey.h
index d8346a57b..9093eac51 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.h,v 1.20 2017/06/28 01:09:22 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.21 2017/07/01 13:50:45 djm Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -196,6 +196,9 @@ int	sshkey_parse_private_fileblob(struct sshbuf *buffer,
 int     sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
    const char *passphrase, struct sshkey **keyp, char **commentp);
+/* XXX should be internal, but used by ssh-keygen */
+int ssh_rsa_generate_additional_parameters(struct sshkey *);
 #ifdef SSHKEY_INTERNAL
 int ssh_rsa_sign(const struct sshkey *key,
    u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,

diff --git a/Makefile.in b/Makefile.in index 29d539a73..ac3907b1e 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -81,7 +81,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
81	cipher-ctr.o cleanup.o \	81	cipher-ctr.o cleanup.o \
82	compat.o crc32.o fatal.o hostfile.o \	82	compat.o crc32.o fatal.o hostfile.o \
83	log.o match.o moduli.o nchan.o packet.o opacket.o \	83	log.o match.o moduli.o nchan.o packet.o opacket.o \
84	readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \	84	readpass.o ttymodes.o xmalloc.o addrmatch.o \
85	atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \	85	atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \
86	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \	86	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
87	msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \	87	msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \


diff --git a/authfd.c b/authfd.c index 6c9843c87..a460fa350 100644 --- a/authfd.c +++ b/authfd.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: authfd.c,v 1.104 2017/06/28 01:09:22 djm Exp $ */	1	/* $OpenBSD: authfd.c,v 1.105 2017/07/01 13:50:45 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -51,7 +51,6 @@
51		51
52	#include "xmalloc.h"	52	#include "xmalloc.h"
53	#include "ssh.h"	53	#include "ssh.h"
54	#include "rsa.h"
55	#include "sshbuf.h"	54	#include "sshbuf.h"
56	#include "sshkey.h"	55	#include "sshkey.h"
57	#include "authfd.h"	56	#include "authfd.h"


diff --git a/authfile.c b/authfile.c index 3481e0b04..d09b700d2 100644 --- a/authfile.c +++ b/authfile.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: authfile.c,v 1.126 2017/05/31 09:15:42 deraadt Exp $ */	1	/* $OpenBSD: authfile.c,v 1.127 2017/07/01 13:50:45 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
4	*	4	*
@@ -42,7 +42,6 @@
42	#include "ssh.h"	42	#include "ssh.h"
43	#include "log.h"	43	#include "log.h"
44	#include "authfile.h"	44	#include "authfile.h"
45	#include "rsa.h"
46	#include "misc.h"	45	#include "misc.h"
47	#include "atomicio.h"	46	#include "atomicio.h"
48	#include "sshkey.h"	47	#include "sshkey.h"


diff --git a/rsa.c b/rsa.c deleted file mode 100644 index 5ecacef90..000000000 --- a/rsa.c +++ /dev/null
@@ -1,188 +0,0 @@
1	/* $OpenBSD: rsa.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */
2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5	* All rights reserved
6	*
7	* As far as I am concerned, the code I have written for this software
8	* can be used freely for any purpose. Any derived versions of this
9	* software must be clearly marked as such, and if the derived work is
10	* incompatible with the protocol description in the RFC file, it must be
11	* called by a name other than "ssh" or "Secure Shell".
12	*
13	*
14	* Copyright (c) 1999 Niels Provos. All rights reserved.
15	*
16	* Redistribution and use in source and binary forms, with or without
17	* modification, are permitted provided that the following conditions
18	* are met:
19	* 1. Redistributions of source code must retain the above copyright
20	* notice, this list of conditions and the following disclaimer.
21	* 2. Redistributions in binary form must reproduce the above copyright
22	* notice, this list of conditions and the following disclaimer in the
23	* documentation and/or other materials provided with the distribution.
24	*
25	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	*
36	*
37	* Description of the RSA algorithm can be found e.g. from the following
38	* sources:
39	*
40	* Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1994.
41	*
42	* Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to
43	* Computer Security. Prentice-Hall, 1989.
44	*
45	* Man Young Rhee: Cryptography and Secure Data Communications. McGraw-Hill,
46	* 1994.
47	*
48	* R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications
49	* System and Method. US Patent 4,405,829, 1983.
50	*
51	* Hans Riesel: Prime Numbers and Computer Methods for Factorization.
52	* Birkhauser, 1994.
53	*
54	* The RSA Frequently Asked Questions document by RSA Data Security,
55	* Inc., 1995.
56	*
57	* RSA in 3 lines of perl by Adam Back <aba@atlax.ex.ac.uk>, 1995, as
58	* included below:
59	*
60	* [gone - had to be deleted - what a pity]
61	*/
62
63	#include "includes.h"
64
65	#include <sys/types.h>
66
67	#include <stdarg.h>
68	#include <string.h>
69
70	#include "rsa.h"
71	#include "log.h"
72	#include "ssherr.h"
73
74	int
75	rsa_public_encrypt(BIGNUM out, BIGNUM in, RSA *key)
76	{
77	u_char inbuf = NULL, outbuf = NULL;
78	int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR;
79
80	if (BN_num_bits(key->e) < 2 \|\| !BN_is_odd(key->e))
81	return SSH_ERR_INVALID_ARGUMENT;
82
83	olen = BN_num_bytes(key->n);
84	if ((outbuf = malloc(olen)) == NULL) {
85	r = SSH_ERR_ALLOC_FAIL;
86	goto out;
87	}
88
89	ilen = BN_num_bytes(in);
90	if ((inbuf = malloc(ilen)) == NULL) {
91	r = SSH_ERR_ALLOC_FAIL;
92	goto out;
93	}
94	BN_bn2bin(in, inbuf);
95
96	if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key,
97	RSA_PKCS1_PADDING)) <= 0) {
98	r = SSH_ERR_LIBCRYPTO_ERROR;
99	goto out;
100	}
101
102	if (BN_bin2bn(outbuf, len, out) == NULL) {
103	r = SSH_ERR_LIBCRYPTO_ERROR;
104	goto out;
105	}
106	r = 0;
107
108	out:
109	if (outbuf != NULL) {
110	explicit_bzero(outbuf, olen);
111	free(outbuf);
112	}
113	if (inbuf != NULL) {
114	explicit_bzero(inbuf, ilen);
115	free(inbuf);
116	}
117	return r;
118	}
119
120	int
121	rsa_private_decrypt(BIGNUM out, BIGNUM in, RSA *key)
122	{
123	u_char inbuf = NULL, outbuf = NULL;
124	int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR;
125
126	olen = BN_num_bytes(key->n);
127	if ((outbuf = malloc(olen)) == NULL) {
128	r = SSH_ERR_ALLOC_FAIL;
129	goto out;
130	}
131
132	ilen = BN_num_bytes(in);
133	if ((inbuf = malloc(ilen)) == NULL) {
134	r = SSH_ERR_ALLOC_FAIL;
135	goto out;
136	}
137	BN_bn2bin(in, inbuf);
138
139	if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
140	RSA_PKCS1_PADDING)) <= 0) {
141	r = SSH_ERR_LIBCRYPTO_ERROR;
142	goto out;
143	} else if (BN_bin2bn(outbuf, len, out) == NULL) {
144	r = SSH_ERR_LIBCRYPTO_ERROR;
145	goto out;
146	}
147	r = 0;
148	out:
149	if (outbuf != NULL) {
150	explicit_bzero(outbuf, olen);
151	free(outbuf);
152	}
153	if (inbuf != NULL) {
154	explicit_bzero(inbuf, ilen);
155	free(inbuf);
156	}
157	return r;
158	}
159
160	/* calculate p-1 and q-1 */
161	int
162	rsa_generate_additional_parameters(RSA *rsa)
163	{
164	BIGNUM *aux = NULL;
165	BN_CTX *ctx = NULL;
166	int r;
167
168	if ((ctx = BN_CTX_new()) == NULL)
169	return SSH_ERR_ALLOC_FAIL;
170	if ((aux = BN_new()) == NULL) {
171	r = SSH_ERR_ALLOC_FAIL;
172	goto out;
173	}
174
175	if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) \|\|
176	(BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) \|\|
177	(BN_sub(aux, rsa->p, BN_value_one()) == 0) \|\|
178	(BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
179	r = SSH_ERR_LIBCRYPTO_ERROR;
180	goto out;
181	}
182	r = 0;
183	out:
184	BN_clear_free(aux);
185	BN_CTX_free(ctx);
186	return r;
187	}
188


diff --git a/rsa.h b/rsa.h deleted file mode 100644 index c476707d5..000000000 --- a/rsa.h +++ /dev/null
@@ -1,26 +0,0 @@
1	/* $OpenBSD: rsa.h,v 1.17 2014/06/24 01:13:21 djm Exp $ */
2
3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
5	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6	* All rights reserved
7	* RSA key generation, encryption and decryption.
8	*
9	* As far as I am concerned, the code I have written for this software
10	* can be used freely for any purpose. Any derived versions of this
11	* software must be clearly marked as such, and if the derived work is
12	* incompatible with the protocol description in the RFC file, it must be
13	* called by a name other than "ssh" or "Secure Shell".
14	*/
15
16	#ifndef RSA_H
17	#define RSA_H
18
19	#include <openssl/bn.h>
20	#include <openssl/rsa.h>
21
22	int rsa_public_encrypt(BIGNUM , BIGNUM , RSA *);
23	int rsa_private_decrypt(BIGNUM , BIGNUM , RSA *);
24	int rsa_generate_additional_parameters(RSA *);
25
26	#endif /* RSA_H */


diff --git a/ssh-add.c b/ssh-add.c index 438c1c25a..72d89db4a 100644 --- a/ssh-add.c +++ b/ssh-add.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-add.c,v 1.132 2017/05/30 14:16:41 markus Exp $ */	1	/* $OpenBSD: ssh-add.c,v 1.133 2017/07/01 13:50:45 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -55,7 +55,6 @@
55		55
56	#include "xmalloc.h"	56	#include "xmalloc.h"
57	#include "ssh.h"	57	#include "ssh.h"
58	#include "rsa.h"
59	#include "log.h"	58	#include "log.h"
60	#include "sshkey.h"	59	#include "sshkey.h"
61	#include "sshbuf.h"	60	#include "sshbuf.h"


diff --git a/ssh-agent.c b/ssh-agent.c index 2ef8367b9..eb8c2043d 100644 --- a/ssh-agent.c +++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-agent.c,v 1.221 2017/04/30 23:29:10 djm Exp $ */	1	/* $OpenBSD: ssh-agent.c,v 1.222 2017/07/01 13:50:45 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -73,7 +73,6 @@
73		73
74	#include "xmalloc.h"	74	#include "xmalloc.h"
75	#include "ssh.h"	75	#include "ssh.h"
76	#include "rsa.h"
77	#include "sshbuf.h"	76	#include "sshbuf.h"
78	#include "sshkey.h"	77	#include "sshkey.h"
79	#include "authfd.h"	78	#include "authfd.h"


diff --git a/ssh-keygen.c b/ssh-keygen.c index b6b690051..d8f942f5a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-keygen.c,v 1.305 2017/06/28 01:09:22 djm Exp $ */	1	/* $OpenBSD: ssh-keygen.c,v 1.306 2017/07/01 13:50:45 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -41,7 +41,6 @@
41		41
42	#include "xmalloc.h"	42	#include "xmalloc.h"
43	#include "sshkey.h"	43	#include "sshkey.h"
44	#include "rsa.h"
45	#include "authfile.h"	44	#include "authfile.h"
46	#include "uuencode.h"	45	#include "uuencode.h"
47	#include "sshbuf.h"	46	#include "sshbuf.h"
@@ -528,7 +527,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
528	buffer_get_bignum_bits(b, key->rsa->iqmp);	527	buffer_get_bignum_bits(b, key->rsa->iqmp);
529	buffer_get_bignum_bits(b, key->rsa->q);	528	buffer_get_bignum_bits(b, key->rsa->q);
530	buffer_get_bignum_bits(b, key->rsa->p);	529	buffer_get_bignum_bits(b, key->rsa->p);
531	if ((r = rsa_generate_additional_parameters(key->rsa)) != 0)	530	if ((r = ssh_rsa_generate_additional_parameters(key)) != 0)
532	fatal("generate RSA parameters failed: %s", ssh_err(r));	531	fatal("generate RSA parameters failed: %s", ssh_err(r));
533	break;	532	break;
534	}	533	}


diff --git a/ssh-rsa.c b/ssh-rsa.c index e8acc01fa..f570ae6d4 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-rsa.c,v 1.61 2017/05/07 23:15:59 djm Exp $ */	1	/* $OpenBSD: ssh-rsa.c,v 1.62 2017/07/01 13:50:45 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>	3	* Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
4	*	4	*
@@ -78,6 +78,41 @@ rsa_hash_alg_nid(int type)
78	}	78	}
79	}	79	}
80		80
		81	/* calculate p-1 and q-1 */
		82	int
		83	ssh_rsa_generate_additional_parameters(struct sshkey *key)
		84	{
		85	RSA *rsa;
		86	BIGNUM *aux = NULL;
		87	BN_CTX *ctx = NULL;
		88	int r;
		89
		90	if (key == NULL \|\| key->rsa == NULL \|\|
		91	sshkey_type_plain(key->type) != KEY_RSA)
		92	return SSH_ERR_INVALID_ARGUMENT;
		93
		94	if ((ctx = BN_CTX_new()) == NULL)
		95	return SSH_ERR_ALLOC_FAIL;
		96	if ((aux = BN_new()) == NULL) {
		97	r = SSH_ERR_ALLOC_FAIL;
		98	goto out;
		99	}
		100	rsa = key->rsa;
		101
		102	if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) \|\|
		103	(BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) \|\|
		104	(BN_sub(aux, rsa->p, BN_value_one()) == 0) \|\|
		105	(BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
		106	r = SSH_ERR_LIBCRYPTO_ERROR;
		107	goto out;
		108	}
		109	r = 0;
		110	out:
		111	BN_clear_free(aux);
		112	BN_CTX_free(ctx);
		113	return r;
		114	}
		115
81	/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */	116	/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
82	int	117	int
83	ssh_rsa_sign(const struct sshkey key, u_char sigp, size_t lenp,	118	ssh_rsa_sign(const struct sshkey key, u_char sigp, size_t lenp,


diff --git a/sshconnect.c b/sshconnect.c index 8f527aa43..aaae5fc9f 100644 --- a/sshconnect.c +++ b/sshconnect.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshconnect.c,v 1.282 2017/06/24 05:37:44 djm Exp $ */	1	/* $OpenBSD: sshconnect.c,v 1.283 2017/07/01 13:50:45 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -48,7 +48,6 @@
48	#include "key.h"	48	#include "key.h"
49	#include "hostfile.h"	49	#include "hostfile.h"
50	#include "ssh.h"	50	#include "ssh.h"
51	#include "rsa.h"
52	#include "buffer.h"	51	#include "buffer.h"
53	#include "packet.h"	52	#include "packet.h"
54	#include "uidswap.h"	53	#include "uidswap.h"


diff --git a/sshd.c b/sshd.c index 06cb81f27..1d19ce679 100644 --- a/sshd.c +++ b/sshd.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshd.c,v 1.490 2017/05/31 08:09:45 markus Exp $ */	1	/* $OpenBSD: sshd.c,v 1.491 2017/07/01 13:50:45 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -88,7 +88,6 @@
88	#include "xmalloc.h"	88	#include "xmalloc.h"
89	#include "ssh.h"	89	#include "ssh.h"
90	#include "ssh2.h"	90	#include "ssh2.h"
91	#include "rsa.h"
92	#include "sshpty.h"	91	#include "sshpty.h"
93	#include "packet.h"	92	#include "packet.h"
94	#include "log.h"	93	#include "log.h"


diff --git a/sshkey.c b/sshkey.c index acc6e3f2d..acc396321 100644 --- a/sshkey.c +++ b/sshkey.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshkey.c,v 1.53 2017/06/28 01:09:22 djm Exp $ */	1	/* $OpenBSD: sshkey.c,v 1.54 2017/07/01 13:50:45 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4	* Copyright (c) 2008 Alexander von Gernler. All rights reserved.	4	* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -51,7 +51,6 @@
51	#include "ssherr.h"	51	#include "ssherr.h"
52	#include "misc.h"	52	#include "misc.h"
53	#include "sshbuf.h"	53	#include "sshbuf.h"
54	#include "rsa.h"
55	#include "cipher.h"	54	#include "cipher.h"
56	#include "digest.h"	55	#include "digest.h"
57	#define SSHKEY_INTERNAL	56	#define SSHKEY_INTERNAL
@@ -2667,7 +2666,7 @@ sshkey_private_deserialize(struct sshbuf buf, struct sshkey *kp)
2667	(r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 \|\|	2666	(r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 \|\|
2668	(r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 \|\|	2667	(r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 \|\|
2669	(r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 \|\|	2668	(r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 \|\|
2670	(r = rsa_generate_additional_parameters(k->rsa)) != 0)	2669	(r = ssh_rsa_generate_additional_parameters(k)) != 0)
2671	goto out;	2670	goto out;
2672	if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {	2671	if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
2673	r = SSH_ERR_KEY_LENGTH;	2672	r = SSH_ERR_KEY_LENGTH;
@@ -2681,7 +2680,7 @@ sshkey_private_deserialize(struct sshbuf buf, struct sshkey *kp)
2681	(r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 \|\|	2680	(r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 \|\|
2682	(r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 \|\|	2681	(r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 \|\|
2683	(r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 \|\|	2682	(r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 \|\|
2684	(r = rsa_generate_additional_parameters(k->rsa)) != 0)	2683	(r = ssh_rsa_generate_additional_parameters(k)) != 0)
2685	goto out;	2684	goto out;
2686	if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {	2685	if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
2687	r = SSH_ERR_KEY_LENGTH;	2686	r = SSH_ERR_KEY_LENGTH;


diff --git a/sshkey.h b/sshkey.h index d8346a57b..9093eac51 100644 --- a/sshkey.h +++ b/sshkey.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshkey.h,v 1.20 2017/06/28 01:09:22 djm Exp $ */	1	/* $OpenBSD: sshkey.h,v 1.21 2017/07/01 13:50:45 djm Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.	4	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -196,6 +196,9 @@ int sshkey_parse_private_fileblob(struct sshbuf *buffer,
196	int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,	196	int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
197	const char passphrase, struct sshkey keyp, char *commentp);	197	const char passphrase, struct sshkey keyp, char *commentp);
198		198
		199	/* XXX should be internal, but used by ssh-keygen */
		200	int ssh_rsa_generate_additional_parameters(struct sshkey *);
		201
199	#ifdef SSHKEY_INTERNAL	202	#ifdef SSHKEY_INTERNAL
200	int ssh_rsa_sign(const struct sshkey *key,	203	int ssh_rsa_sign(const struct sshkey *key,
201	u_char *sigp, size_t lenp, const u_char *data, size_t datalen,	204	u_char *sigp, size_t lenp, const u_char *data, size_t datalen,