diff options
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | auth-rsa.c | 10 | ||||
| -rw-r--r-- | bufbn.c | 12 | ||||
| -rw-r--r-- | dh.c | 6 | ||||
| -rw-r--r-- | kexdhc.c | 5 | ||||
| -rw-r--r-- | kexdhs.c | 5 | ||||
| -rw-r--r-- | kexgexc.c | 5 | ||||
| -rw-r--r-- | kexgexs.c | 5 | ||||
| -rw-r--r-- | key.c | 16 | ||||
| -rw-r--r-- | moduli.c | 52 | ||||
| -rw-r--r-- | rsa.c | 18 | ||||
| -rw-r--r-- | scard.c | 12 | ||||
| -rw-r--r-- | ssh-dss.c | 7 | ||||
| -rw-r--r-- | ssh-keygen.c | 5 | ||||
| -rw-r--r-- | sshconnect1.c | 22 | ||||
| -rw-r--r-- | sshd.c | 6 |
16 files changed, 120 insertions, 73 deletions
| @@ -1,6 +1,11 @@ | |||
| 1 | 20061107 | 1 | 20061107 |
| 2 | - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it | 2 | - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it |
| 3 | if we absolutely need it. Pointed out by Corinna, ok djm@ | 3 | if we absolutely need it. Pointed out by Corinna, ok djm@ |
| 4 | - (dtucker) OpenBSD CVS Sync | ||
| 5 | - markus@cvs.openbsd.org 2006/11/06 21:25:28 | ||
| 6 | [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c | ||
| 7 | ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] | ||
| 8 | add missing checks for openssl return codes; with & ok djm@ | ||
| 4 | 9 | ||
| 5 | 20061105 | 10 | 20061105 |
| 6 | - (djm) OpenBSD CVS Sync | 11 | - (djm) OpenBSD CVS Sync |
| @@ -2592,4 +2597,4 @@ | |||
| 2592 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 2597 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
| 2593 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 2598 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
| 2594 | 2599 | ||
| 2595 | $Id: ChangeLog,v 1.4584 2006/11/07 00:28:40 dtucker Exp $ | 2600 | $Id: ChangeLog,v 1.4585 2006/11/07 12:14:41 dtucker Exp $ |
diff --git a/auth-rsa.c b/auth-rsa.c index 8c43458b0..69f9a5896 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth-rsa.c,v 1.71 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth-rsa.c,v 1.72 2006/11/06 21:25:27 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -76,10 +76,12 @@ auth_rsa_generate_challenge(Key *key) | |||
| 76 | if ((challenge = BN_new()) == NULL) | 76 | if ((challenge = BN_new()) == NULL) |
| 77 | fatal("auth_rsa_generate_challenge: BN_new() failed"); | 77 | fatal("auth_rsa_generate_challenge: BN_new() failed"); |
| 78 | /* Generate a random challenge. */ | 78 | /* Generate a random challenge. */ |
| 79 | BN_rand(challenge, 256, 0, 0); | 79 | if (BN_rand(challenge, 256, 0, 0) == 0) |
| 80 | fatal("auth_rsa_generate_challenge: BN_rand failed"); | ||
| 80 | if ((ctx = BN_CTX_new()) == NULL) | 81 | if ((ctx = BN_CTX_new()) == NULL) |
| 81 | fatal("auth_rsa_generate_challenge: BN_CTX_new() failed"); | 82 | fatal("auth_rsa_generate_challenge: BN_CTX_new failed"); |
| 82 | BN_mod(challenge, challenge, key->rsa->n, ctx); | 83 | if (BN_mod(challenge, challenge, key->rsa->n, ctx) == 0) |
| 84 | fatal("auth_rsa_generate_challenge: BN_mod failed"); | ||
| 83 | BN_CTX_free(ctx); | 85 | BN_CTX_free(ctx); |
| 84 | 86 | ||
| 85 | return challenge; | 87 | return challenge; |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bufbn.c,v 1.3 2006/08/03 03:34:41 deraadt Exp $*/ | 1 | /* $OpenBSD: bufbn.c,v 1.4 2006/11/06 21:25:28 markus Exp $*/ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -118,7 +118,10 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value) | |||
| 118 | return (-1); | 118 | return (-1); |
| 119 | } | 119 | } |
| 120 | bin = buffer_ptr(buffer); | 120 | bin = buffer_ptr(buffer); |
| 121 | BN_bin2bn(bin, bytes, value); | 121 | if (BN_bin2bn(bin, bytes, value) == NULL) { |
| 122 | error("buffer_get_bignum_ret: BN_bin2bn failed"); | ||
| 123 | return (-1); | ||
| 124 | } | ||
| 122 | if (buffer_consume_ret(buffer, bytes) == -1) { | 125 | if (buffer_consume_ret(buffer, bytes) == -1) { |
| 123 | error("buffer_get_bignum_ret: buffer_consume failed"); | 126 | error("buffer_get_bignum_ret: buffer_consume failed"); |
| 124 | return (-1); | 127 | return (-1); |
| @@ -202,7 +205,10 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) | |||
| 202 | xfree(bin); | 205 | xfree(bin); |
| 203 | return (-1); | 206 | return (-1); |
| 204 | } | 207 | } |
| 205 | BN_bin2bn(bin, len, value); | 208 | if (BN_bin2bn(bin, len, value) == NULL) { |
| 209 | error("buffer_get_bignum2_ret: BN_bin2bn failed"); | ||
| 210 | return (-1); | ||
| 211 | } | ||
| 206 | xfree(bin); | 212 | xfree(bin); |
| 207 | return (0); | 213 | return (0); |
| 208 | } | 214 | } |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dh.c,v 1.42 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: dh.c,v 1.43 2006/11/06 21:25:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
| 4 | * | 4 | * |
| @@ -254,9 +254,9 @@ dh_new_group_asc(const char *gen, const char *modulus) | |||
| 254 | if ((dh = DH_new()) == NULL) | 254 | if ((dh = DH_new()) == NULL) |
| 255 | fatal("dh_new_group_asc: DH_new"); | 255 | fatal("dh_new_group_asc: DH_new"); |
| 256 | 256 | ||
| 257 | if (BN_hex2bn(&dh->p, modulus) == 0) | 257 | if (BN_hex2bn(&dh->p, modulus) == NULL) |
| 258 | fatal("BN_hex2bn p"); | 258 | fatal("BN_hex2bn p"); |
| 259 | if (BN_hex2bn(&dh->g, gen) == 0) | 259 | if (BN_hex2bn(&dh->g, gen) == NULL) |
| 260 | fatal("BN_hex2bn g"); | 260 | fatal("BN_hex2bn g"); |
| 261 | 261 | ||
| 262 | return (dh); | 262 | return (dh); |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexdhc.c,v 1.10 2006/10/31 16:33:12 markus Exp $ */ | 1 | /* $OpenBSD: kexdhc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -120,7 +120,8 @@ kexdh_client(Kex *kex) | |||
| 120 | #endif | 120 | #endif |
| 121 | if ((shared_secret = BN_new()) == NULL) | 121 | if ((shared_secret = BN_new()) == NULL) |
| 122 | fatal("kexdh_client: BN_new failed"); | 122 | fatal("kexdh_client: BN_new failed"); |
| 123 | BN_bin2bn(kbuf, kout, shared_secret); | 123 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
| 124 | fatal("kexdh_client: BN_bin2bn failed"); | ||
| 124 | memset(kbuf, 0, klen); | 125 | memset(kbuf, 0, klen); |
| 125 | xfree(kbuf); | 126 | xfree(kbuf); |
| 126 | 127 | ||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexdhs.c,v 1.8 2006/10/31 16:33:12 markus Exp $ */ | 1 | /* $OpenBSD: kexdhs.c,v 1.9 2006/11/06 21:25:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -108,7 +108,8 @@ kexdh_server(Kex *kex) | |||
| 108 | #endif | 108 | #endif |
| 109 | if ((shared_secret = BN_new()) == NULL) | 109 | if ((shared_secret = BN_new()) == NULL) |
| 110 | fatal("kexdh_server: BN_new failed"); | 110 | fatal("kexdh_server: BN_new failed"); |
| 111 | BN_bin2bn(kbuf, kout, shared_secret); | 111 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
| 112 | fatal("kexdh_server: BN_bin2bn failed"); | ||
| 112 | memset(kbuf, 0, klen); | 113 | memset(kbuf, 0, klen); |
| 113 | xfree(kbuf); | 114 | xfree(kbuf); |
| 114 | 115 | ||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexgexc.c,v 1.10 2006/10/31 16:33:12 markus Exp $ */ | 1 | /* $OpenBSD: kexgexc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
| 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| @@ -158,7 +158,8 @@ kexgex_client(Kex *kex) | |||
| 158 | #endif | 158 | #endif |
| 159 | if ((shared_secret = BN_new()) == NULL) | 159 | if ((shared_secret = BN_new()) == NULL) |
| 160 | fatal("kexgex_client: BN_new failed"); | 160 | fatal("kexgex_client: BN_new failed"); |
| 161 | BN_bin2bn(kbuf, kout, shared_secret); | 161 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
| 162 | fatal("kexgex_client: BN_bin2bn failed"); | ||
| 162 | memset(kbuf, 0, klen); | 163 | memset(kbuf, 0, klen); |
| 163 | xfree(kbuf); | 164 | xfree(kbuf); |
| 164 | 165 | ||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexgexs.c,v 1.9 2006/10/31 16:33:12 markus Exp $ */ | 1 | /* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
| 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| @@ -141,7 +141,8 @@ kexgex_server(Kex *kex) | |||
| 141 | #endif | 141 | #endif |
| 142 | if ((shared_secret = BN_new()) == NULL) | 142 | if ((shared_secret = BN_new()) == NULL) |
| 143 | fatal("kexgex_server: BN_new failed"); | 143 | fatal("kexgex_server: BN_new failed"); |
| 144 | BN_bin2bn(kbuf, kout, shared_secret); | 144 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
| 145 | fatal("kexgex_server: BN_bin2bn failed"); | ||
| 145 | memset(kbuf, 0, klen); | 146 | memset(kbuf, 0, klen); |
| 146 | xfree(kbuf); | 147 | xfree(kbuf); |
| 147 | 148 | ||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: key.c,v 1.67 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.68 2006/11/06 21:25:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * read_bignum(): | 3 | * read_bignum(): |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -617,16 +617,18 @@ key_from_private(const Key *k) | |||
| 617 | switch (k->type) { | 617 | switch (k->type) { |
| 618 | case KEY_DSA: | 618 | case KEY_DSA: |
| 619 | n = key_new(k->type); | 619 | n = key_new(k->type); |
| 620 | BN_copy(n->dsa->p, k->dsa->p); | 620 | if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || |
| 621 | BN_copy(n->dsa->q, k->dsa->q); | 621 | (BN_copy(n->dsa->q, k->dsa->q) == NULL) || |
| 622 | BN_copy(n->dsa->g, k->dsa->g); | 622 | (BN_copy(n->dsa->g, k->dsa->g) == NULL) || |
| 623 | BN_copy(n->dsa->pub_key, k->dsa->pub_key); | 623 | (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) |
| 624 | fatal("key_from_private: BN_copy failed"); | ||
| 624 | break; | 625 | break; |
| 625 | case KEY_RSA: | 626 | case KEY_RSA: |
| 626 | case KEY_RSA1: | 627 | case KEY_RSA1: |
| 627 | n = key_new(k->type); | 628 | n = key_new(k->type); |
| 628 | BN_copy(n->rsa->n, k->rsa->n); | 629 | if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || |
| 629 | BN_copy(n->rsa->e, k->rsa->e); | 630 | (BN_copy(n->rsa->e, k->rsa->e) == NULL)) |
| 631 | fatal("key_from_private: BN_copy failed"); | ||
| 630 | break; | 632 | break; |
| 631 | default: | 633 | default: |
| 632 | fatal("key_from_private: unknown type %d", k->type); | 634 | fatal("key_from_private: unknown type %d", k->type); |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: moduli.c,v 1.18 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: moduli.c,v 1.19 2006/11/06 21:25:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 1994 Phil Karn <karn@qualcomm.com> | 3 | * Copyright 1994 Phil Karn <karn@qualcomm.com> |
| 4 | * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> | 4 | * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> |
| @@ -327,20 +327,26 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) | |||
| 327 | 327 | ||
| 328 | /* validation check: count the number of primes tried */ | 328 | /* validation check: count the number of primes tried */ |
| 329 | largetries = 0; | 329 | largetries = 0; |
| 330 | q = BN_new(); | 330 | if ((q = BN_new()) == NULL) |
| 331 | fatal("BN_new failed"); | ||
| 331 | 332 | ||
| 332 | /* | 333 | /* |
| 333 | * Generate random starting point for subprime search, or use | 334 | * Generate random starting point for subprime search, or use |
| 334 | * specified parameter. | 335 | * specified parameter. |
| 335 | */ | 336 | */ |
| 336 | largebase = BN_new(); | 337 | if ((largebase = BN_new()) == NULL) |
| 337 | if (start == NULL) | 338 | fatal("BN_new failed"); |
| 338 | BN_rand(largebase, power, 1, 1); | 339 | if (start == NULL) { |
| 339 | else | 340 | if (BN_rand(largebase, power, 1, 1) == 0) |
| 340 | BN_copy(largebase, start); | 341 | fatal("BN_rand failed"); |
| 342 | } else { | ||
| 343 | if (BN_copy(largebase, start) == NULL) | ||
| 344 | fatal("BN_copy: failed"); | ||
| 345 | } | ||
| 341 | 346 | ||
| 342 | /* ensure odd */ | 347 | /* ensure odd */ |
| 343 | BN_set_bit(largebase, 0); | 348 | if (BN_set_bit(largebase, 0) == 0) |
| 349 | fatal("BN_set_bit: failed"); | ||
| 344 | 350 | ||
| 345 | time(&time_start); | 351 | time(&time_start); |
| 346 | 352 | ||
| @@ -424,8 +430,10 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) | |||
| 424 | continue; /* Definitely composite, skip */ | 430 | continue; /* Definitely composite, skip */ |
| 425 | 431 | ||
| 426 | debug2("test q = largebase+%u", 2 * j); | 432 | debug2("test q = largebase+%u", 2 * j); |
| 427 | BN_set_word(q, 2 * j); | 433 | if (BN_set_word(q, 2 * j) == 0) |
| 428 | BN_add(q, q, largebase); | 434 | fatal("BN_set_word failed"); |
| 435 | if (BN_add(q, q, largebase) == 0) | ||
| 436 | fatal("BN_add failed"); | ||
| 429 | if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE, | 437 | if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE, |
| 430 | largetries, (power - 1) /* MSB */, (0), q) == -1) { | 438 | largetries, (power - 1) /* MSB */, (0), q) == -1) { |
| 431 | ret = -1; | 439 | ret = -1; |
| @@ -470,9 +478,12 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) | |||
| 470 | 478 | ||
| 471 | time(&time_start); | 479 | time(&time_start); |
| 472 | 480 | ||
| 473 | p = BN_new(); | 481 | if ((p = BN_new()) == NULL) |
| 474 | q = BN_new(); | 482 | fatal("BN_new failed"); |
| 475 | ctx = BN_CTX_new(); | 483 | if ((q = BN_new()) == NULL) |
| 484 | fatal("BN_new failed"); | ||
| 485 | if ((ctx = BN_CTX_new()) == NULL) | ||
| 486 | fatal("BN_CTX_new failed"); | ||
| 476 | 487 | ||
| 477 | debug2("%.24s Final %u Miller-Rabin trials (%x generator)", | 488 | debug2("%.24s Final %u Miller-Rabin trials (%x generator)", |
| 478 | ctime(&time_start), trials, generator_wanted); | 489 | ctime(&time_start), trials, generator_wanted); |
| @@ -520,10 +531,13 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) | |||
| 520 | case QTYPE_SOPHIE_GERMAIN: | 531 | case QTYPE_SOPHIE_GERMAIN: |
| 521 | debug2("%10u: (%u) Sophie-Germain", count_in, in_type); | 532 | debug2("%10u: (%u) Sophie-Germain", count_in, in_type); |
| 522 | a = q; | 533 | a = q; |
| 523 | BN_hex2bn(&a, cp); | 534 | if (BN_hex2bn(&a, cp) == 0) |
| 535 | fatal("BN_hex2bn failed"); | ||
| 524 | /* p = 2*q + 1 */ | 536 | /* p = 2*q + 1 */ |
| 525 | BN_lshift(p, q, 1); | 537 | if (BN_lshift(p, q, 1) == 0) |
| 526 | BN_add_word(p, 1); | 538 | fatal("BN_lshift failed"); |
| 539 | if (BN_add_word(p, 1) == 0) | ||
| 540 | fatal("BN_add_word failed"); | ||
| 527 | in_size += 1; | 541 | in_size += 1; |
| 528 | generator_known = 0; | 542 | generator_known = 0; |
| 529 | break; | 543 | break; |
| @@ -534,9 +548,11 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) | |||
| 534 | case QTYPE_UNKNOWN: | 548 | case QTYPE_UNKNOWN: |
| 535 | debug2("%10u: (%u)", count_in, in_type); | 549 | debug2("%10u: (%u)", count_in, in_type); |
| 536 | a = p; | 550 | a = p; |
| 537 | BN_hex2bn(&a, cp); | 551 | if (BN_hex2bn(&a, cp) == 0) |
| 552 | fatal("BN_hex2bn failed"); | ||
| 538 | /* q = (p-1) / 2 */ | 553 | /* q = (p-1) / 2 */ |
| 539 | BN_rshift(q, p, 1); | 554 | if (BN_rshift(q, p, 1) == 0) |
| 555 | fatal("BN_rshift failed"); | ||
| 540 | break; | 556 | break; |
| 541 | default: | 557 | default: |
| 542 | debug2("Unknown prime type"); | 558 | debug2("Unknown prime type"); |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa.c,v 1.28 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: rsa.c,v 1.29 2006/11/06 21:25:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -91,7 +91,8 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) | |||
| 91 | RSA_PKCS1_PADDING)) <= 0) | 91 | RSA_PKCS1_PADDING)) <= 0) |
| 92 | fatal("rsa_public_encrypt() failed"); | 92 | fatal("rsa_public_encrypt() failed"); |
| 93 | 93 | ||
| 94 | BN_bin2bn(outbuf, len, out); | 94 | if (BN_bin2bn(outbuf, len, out) == NULL) |
| 95 | fatal("rsa_public_encrypt: BN_bin2bn failed"); | ||
| 95 | 96 | ||
| 96 | memset(outbuf, 0, olen); | 97 | memset(outbuf, 0, olen); |
| 97 | memset(inbuf, 0, ilen); | 98 | memset(inbuf, 0, ilen); |
| @@ -116,7 +117,8 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) | |||
| 116 | RSA_PKCS1_PADDING)) <= 0) { | 117 | RSA_PKCS1_PADDING)) <= 0) { |
| 117 | error("rsa_private_decrypt() failed"); | 118 | error("rsa_private_decrypt() failed"); |
| 118 | } else { | 119 | } else { |
| 119 | BN_bin2bn(outbuf, len, out); | 120 | if (BN_bin2bn(outbuf, len, out) == NULL) |
| 121 | fatal("rsa_private_decrypt: BN_bin2bn failed"); | ||
| 120 | } | 122 | } |
| 121 | memset(outbuf, 0, olen); | 123 | memset(outbuf, 0, olen); |
| 122 | memset(inbuf, 0, ilen); | 124 | memset(inbuf, 0, ilen); |
| @@ -137,11 +139,11 @@ rsa_generate_additional_parameters(RSA *rsa) | |||
| 137 | if ((ctx = BN_CTX_new()) == NULL) | 139 | if ((ctx = BN_CTX_new()) == NULL) |
| 138 | fatal("rsa_generate_additional_parameters: BN_CTX_new failed"); | 140 | fatal("rsa_generate_additional_parameters: BN_CTX_new failed"); |
| 139 | 141 | ||
| 140 | BN_sub(aux, rsa->q, BN_value_one()); | 142 | if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) || |
| 141 | BN_mod(rsa->dmq1, rsa->d, aux, ctx); | 143 | (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) || |
| 142 | 144 | (BN_sub(aux, rsa->p, BN_value_one()) == 0) || | |
| 143 | BN_sub(aux, rsa->p, BN_value_one()); | 145 | (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) |
| 144 | BN_mod(rsa->dmp1, rsa->d, aux, ctx); | 146 | fatal("rsa_generate_additional_parameters: BN_sub/mod failed"); |
| 145 | 147 | ||
| 146 | BN_clear_free(aux); | 148 | BN_clear_free(aux); |
| 147 | BN_CTX_free(ctx); | 149 | BN_CTX_free(ctx); |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: scard.c,v 1.35 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: scard.c,v 1.36 2006/11/06 21:25:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -391,15 +391,17 @@ sc_get_keys(const char *id, const char *pin) | |||
| 391 | keys = xcalloc((nkeys+1), sizeof(Key *)); | 391 | keys = xcalloc((nkeys+1), sizeof(Key *)); |
| 392 | 392 | ||
| 393 | n = key_new(KEY_RSA1); | 393 | n = key_new(KEY_RSA1); |
| 394 | BN_copy(n->rsa->n, k->rsa->n); | 394 | if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || |
| 395 | BN_copy(n->rsa->e, k->rsa->e); | 395 | (BN_copy(n->rsa->e, k->rsa->e) == NULL)) |
| 396 | fatal("sc_get_keys: BN_copy failed"); | ||
| 396 | RSA_set_method(n->rsa, sc_get_rsa()); | 397 | RSA_set_method(n->rsa, sc_get_rsa()); |
| 397 | n->flags |= KEY_FLAG_EXT; | 398 | n->flags |= KEY_FLAG_EXT; |
| 398 | keys[0] = n; | 399 | keys[0] = n; |
| 399 | 400 | ||
| 400 | n = key_new(KEY_RSA); | 401 | n = key_new(KEY_RSA); |
| 401 | BN_copy(n->rsa->n, k->rsa->n); | 402 | if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || |
| 402 | BN_copy(n->rsa->e, k->rsa->e); | 403 | (BN_copy(n->rsa->e, k->rsa->e) == NULL)) |
| 404 | fatal("sc_get_keys: BN_copy failed"); | ||
| 403 | RSA_set_method(n->rsa, sc_get_rsa()); | 405 | RSA_set_method(n->rsa, sc_get_rsa()); |
| 404 | n->flags |= KEY_FLAG_EXT; | 406 | n->flags |= KEY_FLAG_EXT; |
| 405 | keys[1] = n; | 407 | keys[1] = n; |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-dss.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: ssh-dss.c,v 1.24 2006/11/06 21:25:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -161,8 +161,9 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
| 161 | fatal("ssh_dss_verify: BN_new failed"); | 161 | fatal("ssh_dss_verify: BN_new failed"); |
| 162 | if ((sig->s = BN_new()) == NULL) | 162 | if ((sig->s = BN_new()) == NULL) |
| 163 | fatal("ssh_dss_verify: BN_new failed"); | 163 | fatal("ssh_dss_verify: BN_new failed"); |
| 164 | BN_bin2bn(sigblob, INTBLOB_LEN, sig->r); | 164 | if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || |
| 165 | BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s); | 165 | (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) |
| 166 | fatal("ssh_dss_verify: BN_bin2bn failed"); | ||
| 166 | 167 | ||
| 167 | /* clean up */ | 168 | /* clean up */ |
| 168 | memset(sigblob, 0, len); | 169 | memset(sigblob, 0, len); |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 969bd2359..1f42b9358 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keygen.c,v 1.154 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.155 2006/11/06 21:25:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -222,7 +222,8 @@ buffer_get_bignum_bits(Buffer *b, BIGNUM *value) | |||
| 222 | if (buffer_len(b) < bytes) | 222 | if (buffer_len(b) < bytes) |
| 223 | fatal("buffer_get_bignum_bits: input buffer too small: " | 223 | fatal("buffer_get_bignum_bits: input buffer too small: " |
| 224 | "need %d have %d", bytes, buffer_len(b)); | 224 | "need %d have %d", bytes, buffer_len(b)); |
| 225 | BN_bin2bn(buffer_ptr(b), bytes, value); | 225 | if (BN_bin2bn(buffer_ptr(b), bytes, value) == NULL) |
| 226 | fatal("buffer_get_bignum_bits: BN_bin2bn failed"); | ||
| 226 | buffer_consume(b, bytes); | 227 | buffer_consume(b, bytes); |
| 227 | } | 228 | } |
| 228 | 229 | ||
diff --git a/sshconnect1.c b/sshconnect1.c index 90fcb344f..fd07bbf74 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect1.c,v 1.69 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: sshconnect1.c,v 1.70 2006/11/06 21:25:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -563,14 +563,20 @@ ssh_kex(char *host, struct sockaddr *hostaddr) | |||
| 563 | * the first 16 bytes of the session id. | 563 | * the first 16 bytes of the session id. |
| 564 | */ | 564 | */ |
| 565 | if ((key = BN_new()) == NULL) | 565 | if ((key = BN_new()) == NULL) |
| 566 | fatal("respond_to_rsa_challenge: BN_new failed"); | 566 | fatal("ssh_kex: BN_new failed"); |
| 567 | BN_set_word(key, 0); | 567 | if (BN_set_word(key, 0) == 0) |
| 568 | fatal("ssh_kex: BN_set_word failed"); | ||
| 568 | for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { | 569 | for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { |
| 569 | BN_lshift(key, key, 8); | 570 | if (BN_lshift(key, key, 8) == 0) |
| 570 | if (i < 16) | 571 | fatal("ssh_kex: BN_lshift failed"); |
| 571 | BN_add_word(key, session_key[i] ^ session_id[i]); | 572 | if (i < 16) { |
| 572 | else | 573 | if (BN_add_word(key, session_key[i] ^ session_id[i]) |
| 573 | BN_add_word(key, session_key[i]); | 574 | == 0) |
| 575 | fatal("ssh_kex: BN_add_word failed"); | ||
| 576 | } else { | ||
| 577 | if (BN_add_word(key, session_key[i]) == 0) | ||
| 578 | fatal("ssh_kex: BN_add_word failed"); | ||
| 579 | } | ||
| 574 | } | 580 | } |
| 575 | 581 | ||
| 576 | /* | 582 | /* |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshd.c,v 1.347 2006/08/18 09:15:20 markus Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.348 2006/11/06 21:25:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -2013,10 +2013,10 @@ do_ssh1_kex(void) | |||
| 2013 | * key is in the highest bits. | 2013 | * key is in the highest bits. |
| 2014 | */ | 2014 | */ |
| 2015 | if (!rsafail) { | 2015 | if (!rsafail) { |
| 2016 | BN_mask_bits(session_key_int, sizeof(session_key) * 8); | 2016 | (void) BN_mask_bits(session_key_int, sizeof(session_key) * 8); |
| 2017 | len = BN_num_bytes(session_key_int); | 2017 | len = BN_num_bytes(session_key_int); |
| 2018 | if (len < 0 || (u_int)len > sizeof(session_key)) { | 2018 | if (len < 0 || (u_int)len > sizeof(session_key)) { |
| 2019 | error("do_connection: bad session key len from %s: " | 2019 | error("do_ssh1_kex: bad session key len from %s: " |
| 2020 | "session_key_int %d > sizeof(session_key) %lu", | 2020 | "session_key_int %d > sizeof(session_key) %lu", |
| 2021 | get_remote_ipaddr(), len, (u_long)sizeof(session_key)); | 2021 | get_remote_ipaddr(), len, (u_long)sizeof(session_key)); |
| 2022 | rsafail++; | 2022 | rsafail++; |