diff options
Diffstat (limited to 'auth-rsa.c')
| -rw-r--r-- | auth-rsa.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/auth-rsa.c b/auth-rsa.c index 4624c1597..260ce2f98 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth-rsa.c,v 1.85 2013/07/12 00:19:58 djm Exp $ */ | 1 | /* $OpenBSD: auth-rsa.c,v 1.86 2014/01/27 19:18:54 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -20,7 +20,6 @@ | |||
| 20 | #include <sys/stat.h> | 20 | #include <sys/stat.h> |
| 21 | 21 | ||
| 22 | #include <openssl/rsa.h> | 22 | #include <openssl/rsa.h> |
| 23 | #include <openssl/md5.h> | ||
| 24 | 23 | ||
| 25 | #include <pwd.h> | 24 | #include <pwd.h> |
| 26 | #include <stdio.h> | 25 | #include <stdio.h> |
| @@ -48,6 +47,8 @@ | |||
| 48 | #include "ssh.h" | 47 | #include "ssh.h" |
| 49 | #include "misc.h" | 48 | #include "misc.h" |
| 50 | 49 | ||
| 50 | #include "digest.h" | ||
| 51 | |||
| 51 | /* import */ | 52 | /* import */ |
| 52 | extern ServerOptions options; | 53 | extern ServerOptions options; |
| 53 | 54 | ||
| @@ -91,12 +92,13 @@ int | |||
| 91 | auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) | 92 | auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) |
| 92 | { | 93 | { |
| 93 | u_char buf[32], mdbuf[16]; | 94 | u_char buf[32], mdbuf[16]; |
| 94 | MD5_CTX md; | 95 | struct ssh_digest_ctx *md; |
| 95 | int len; | 96 | int len; |
| 96 | 97 | ||
| 97 | /* don't allow short keys */ | 98 | /* don't allow short keys */ |
| 98 | if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { | 99 | if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { |
| 99 | error("auth_rsa_verify_response: RSA modulus too small: %d < minimum %d bits", | 100 | error("%s: RSA modulus too small: %d < minimum %d bits", |
| 101 | __func__, | ||
| 100 | BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); | 102 | BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); |
| 101 | return (0); | 103 | return (0); |
| 102 | } | 104 | } |
| @@ -104,13 +106,15 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) | |||
| 104 | /* The response is MD5 of decrypted challenge plus session id. */ | 106 | /* The response is MD5 of decrypted challenge plus session id. */ |
| 105 | len = BN_num_bytes(challenge); | 107 | len = BN_num_bytes(challenge); |
| 106 | if (len <= 0 || len > 32) | 108 | if (len <= 0 || len > 32) |
| 107 | fatal("auth_rsa_verify_response: bad challenge length %d", len); | 109 | fatal("%s: bad challenge length %d", __func__, len); |
| 108 | memset(buf, 0, 32); | 110 | memset(buf, 0, 32); |
| 109 | BN_bn2bin(challenge, buf + 32 - len); | 111 | BN_bn2bin(challenge, buf + 32 - len); |
| 110 | MD5_Init(&md); | 112 | if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || |
| 111 | MD5_Update(&md, buf, 32); | 113 | ssh_digest_update(md, buf, 32) < 0 || |
| 112 | MD5_Update(&md, session_id, 16); | 114 | ssh_digest_update(md, session_id, 16) < 0 || |
| 113 | MD5_Final(mdbuf, &md); | 115 | ssh_digest_final(md, mdbuf, sizeof(mdbuf)) < 0) |
| 116 | fatal("%s: md5 failed", __func__); | ||
| 117 | ssh_digest_free(md); | ||
| 114 | 118 | ||
| 115 | /* Verify that the response is the original challenge. */ | 119 | /* Verify that the response is the original challenge. */ |
| 116 | if (timingsafe_bcmp(response, mdbuf, 16) != 0) { | 120 | if (timingsafe_bcmp(response, mdbuf, 16) != 0) { |