diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | ssh-rsa.c | 34 | ||||
-rw-r--r-- | sshd.c | 3 |
3 files changed, 28 insertions, 14 deletions
@@ -9,6 +9,9 @@ | |||
9 | - markus@cvs.openbsd.org 2001/03/26 23:23:24 | 9 | - markus@cvs.openbsd.org 2001/03/26 23:23:24 |
10 | [rsa.c rsa.h ssh-agent.c ssh-keygen.c] | 10 | [rsa.c rsa.h ssh-agent.c ssh-keygen.c] |
11 | try to read private f-secure ssh v2 rsa keys. | 11 | try to read private f-secure ssh v2 rsa keys. |
12 | - markus@cvs.openbsd.org 2001/03/27 10:34:08 | ||
13 | [ssh-rsa.c sshd.c] | ||
14 | use EVP_get_digestbynid, reorder some calls and fix missing free. | ||
12 | 15 | ||
13 | 20010328 | 16 | 20010328 |
14 | - (djm) Reorder tests and library inclusion for Krb4/AFS to try to | 17 | - (djm) Reorder tests and library inclusion for Krb4/AFS to try to |
@@ -4747,4 +4750,4 @@ | |||
4747 | - Wrote replacements for strlcpy and mkdtemp | 4750 | - Wrote replacements for strlcpy and mkdtemp |
4748 | - Released 1.0pre1 | 4751 | - Released 1.0pre1 |
4749 | 4752 | ||
4750 | $Id: ChangeLog,v 1.1028 2001/03/29 00:29:54 mouring Exp $ | 4753 | $Id: ChangeLog,v 1.1029 2001/03/29 00:31:20 mouring Exp $ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.6 2001/02/08 19:30:52 itojun Exp $"); | 26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.7 2001/03/27 10:34:08 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
29 | #include <openssl/err.h> | 29 | #include <openssl/err.h> |
@@ -42,27 +42,32 @@ ssh_rsa_sign( | |||
42 | u_char **sigp, int *lenp, | 42 | u_char **sigp, int *lenp, |
43 | u_char *data, int datalen) | 43 | u_char *data, int datalen) |
44 | { | 44 | { |
45 | EVP_MD *evp_md = EVP_sha1(); | 45 | const EVP_MD *evp_md; |
46 | EVP_MD_CTX md; | 46 | EVP_MD_CTX md; |
47 | u_char *digest, *sig, *ret; | 47 | u_char *digest, *sig, *ret; |
48 | u_int slen, dlen, len; | 48 | u_int slen, dlen, len; |
49 | int ok; | 49 | int ok, nid; |
50 | Buffer b; | 50 | Buffer b; |
51 | 51 | ||
52 | if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) { | 52 | if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) { |
53 | error("ssh_rsa_sign: no RSA key"); | 53 | error("ssh_rsa_sign: no RSA key"); |
54 | return -1; | 54 | return -1; |
55 | } | 55 | } |
56 | slen = RSA_size(key->rsa); | 56 | nid = NID_sha1; |
57 | sig = xmalloc(slen); | 57 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
58 | 58 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); | |
59 | return -1; | ||
60 | } | ||
59 | dlen = evp_md->md_size; | 61 | dlen = evp_md->md_size; |
60 | digest = xmalloc(dlen); | 62 | digest = xmalloc(dlen); |
61 | EVP_DigestInit(&md, evp_md); | 63 | EVP_DigestInit(&md, evp_md); |
62 | EVP_DigestUpdate(&md, data, datalen); | 64 | EVP_DigestUpdate(&md, data, datalen); |
63 | EVP_DigestFinal(&md, digest, NULL); | 65 | EVP_DigestFinal(&md, digest, NULL); |
64 | 66 | ||
65 | ok = RSA_sign(NID_sha1, digest, dlen, sig, &len, key->rsa); | 67 | slen = RSA_size(key->rsa); |
68 | sig = xmalloc(slen); | ||
69 | |||
70 | ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); | ||
66 | memset(digest, 'd', dlen); | 71 | memset(digest, 'd', dlen); |
67 | xfree(digest); | 72 | xfree(digest); |
68 | 73 | ||
@@ -108,13 +113,12 @@ ssh_rsa_verify( | |||
108 | u_char *data, int datalen) | 113 | u_char *data, int datalen) |
109 | { | 114 | { |
110 | Buffer b; | 115 | Buffer b; |
111 | EVP_MD *evp_md = EVP_sha1(); | 116 | const EVP_MD *evp_md; |
112 | EVP_MD_CTX md; | 117 | EVP_MD_CTX md; |
113 | char *ktype; | 118 | char *ktype; |
114 | u_char *sigblob, *digest; | 119 | u_char *sigblob, *digest; |
115 | u_int len, dlen; | 120 | u_int len, dlen; |
116 | int rlen; | 121 | int rlen, ret, nid; |
117 | int ret; | ||
118 | 122 | ||
119 | if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) { | 123 | if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) { |
120 | error("ssh_rsa_verify: no RSA key"); | 124 | error("ssh_rsa_verify: no RSA key"); |
@@ -139,17 +143,23 @@ ssh_rsa_verify( | |||
139 | rlen = buffer_len(&b); | 143 | rlen = buffer_len(&b); |
140 | buffer_free(&b); | 144 | buffer_free(&b); |
141 | if(rlen != 0) { | 145 | if(rlen != 0) { |
146 | xfree(sigblob); | ||
142 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); | 147 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); |
143 | return -1; | 148 | return -1; |
144 | } | 149 | } |
145 | 150 | nid = NID_sha1; | |
151 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { | ||
152 | xfree(sigblob); | ||
153 | error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); | ||
154 | return -1; | ||
155 | } | ||
146 | dlen = evp_md->md_size; | 156 | dlen = evp_md->md_size; |
147 | digest = xmalloc(dlen); | 157 | digest = xmalloc(dlen); |
148 | EVP_DigestInit(&md, evp_md); | 158 | EVP_DigestInit(&md, evp_md); |
149 | EVP_DigestUpdate(&md, data, datalen); | 159 | EVP_DigestUpdate(&md, data, datalen); |
150 | EVP_DigestFinal(&md, digest, NULL); | 160 | EVP_DigestFinal(&md, digest, NULL); |
151 | 161 | ||
152 | ret = RSA_verify(NID_sha1, digest, dlen, sigblob, len, key->rsa); | 162 | ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
153 | memset(digest, 'd', dlen); | 163 | memset(digest, 'd', dlen); |
154 | xfree(digest); | 164 | xfree(digest); |
155 | memset(sigblob, 's', len); | 165 | memset(sigblob, 's', len); |
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: sshd.c,v 1.179 2001/03/26 08:07:09 markus Exp $"); | 43 | RCSID("$OpenBSD: sshd.c,v 1.180 2001/03/27 10:34:08 markus Exp $"); |
44 | 44 | ||
45 | #include <openssl/dh.h> | 45 | #include <openssl/dh.h> |
46 | #include <openssl/bn.h> | 46 | #include <openssl/bn.h> |
@@ -648,6 +648,7 @@ main(int ac, char **av) | |||
648 | exit(1); | 648 | exit(1); |
649 | } | 649 | } |
650 | } | 650 | } |
651 | SSLeay_add_all_algorithms(); | ||
651 | 652 | ||
652 | /* | 653 | /* |
653 | * Force logging to stderr until we have loaded the private host | 654 | * Force logging to stderr until we have loaded the private host |