diff options
Diffstat (limited to 'auth-rsa.c')
-rw-r--r-- | auth-rsa.c | 37 |
1 files changed, 15 insertions, 22 deletions
diff --git a/auth-rsa.c b/auth-rsa.c index ef7a2274e..22ac09c45 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -16,7 +16,7 @@ | |||
16 | */ | 16 | */ |
17 | 17 | ||
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | RCSID("$Id: auth-rsa.c,v 1.13 2000/03/09 10:27:50 damien Exp $"); | 19 | RCSID("$Id: auth-rsa.c,v 1.14 2000/03/26 03:04:52 damien Exp $"); |
20 | 20 | ||
21 | #include "rsa.h" | 21 | #include "rsa.h" |
22 | #include "packet.h" | 22 | #include "packet.h" |
@@ -24,6 +24,7 @@ RCSID("$Id: auth-rsa.c,v 1.13 2000/03/09 10:27:50 damien Exp $"); | |||
24 | #include "ssh.h" | 24 | #include "ssh.h" |
25 | #include "mpaux.h" | 25 | #include "mpaux.h" |
26 | #include "uidswap.h" | 26 | #include "uidswap.h" |
27 | #include "match.h" | ||
27 | #include "servconf.h" | 28 | #include "servconf.h" |
28 | 29 | ||
29 | #ifdef HAVE_OPENSSL | 30 | #ifdef HAVE_OPENSSL |
@@ -66,10 +67,9 @@ extern unsigned char session_id[16]; | |||
66 | */ | 67 | */ |
67 | 68 | ||
68 | int | 69 | int |
69 | auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) | 70 | auth_rsa_challenge_dialog(RSA *pk) |
70 | { | 71 | { |
71 | BIGNUM *challenge, *encrypted_challenge; | 72 | BIGNUM *challenge, *encrypted_challenge; |
72 | RSA *pk; | ||
73 | BN_CTX *ctx; | 73 | BN_CTX *ctx; |
74 | unsigned char buf[32], mdbuf[16], response[16]; | 74 | unsigned char buf[32], mdbuf[16], response[16]; |
75 | MD5_CTX md; | 75 | MD5_CTX md; |
@@ -82,19 +82,11 @@ auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) | |||
82 | /* Generate a random challenge. */ | 82 | /* Generate a random challenge. */ |
83 | BN_rand(challenge, 256, 0, 0); | 83 | BN_rand(challenge, 256, 0, 0); |
84 | ctx = BN_CTX_new(); | 84 | ctx = BN_CTX_new(); |
85 | BN_mod(challenge, challenge, n, ctx); | 85 | BN_mod(challenge, challenge, pk->n, ctx); |
86 | BN_CTX_free(ctx); | 86 | BN_CTX_free(ctx); |
87 | 87 | ||
88 | /* Create the public key data structure. */ | ||
89 | pk = RSA_new(); | ||
90 | pk->e = BN_new(); | ||
91 | BN_copy(pk->e, e); | ||
92 | pk->n = BN_new(); | ||
93 | BN_copy(pk->n, n); | ||
94 | |||
95 | /* Encrypt the challenge with the public key. */ | 88 | /* Encrypt the challenge with the public key. */ |
96 | rsa_public_encrypt(encrypted_challenge, challenge, pk); | 89 | rsa_public_encrypt(encrypted_challenge, challenge, pk); |
97 | RSA_free(pk); | ||
98 | 90 | ||
99 | /* Send the encrypted challenge to the client. */ | 91 | /* Send the encrypted challenge to the client. */ |
100 | packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); | 92 | packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); |
@@ -146,7 +138,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) | |||
146 | FILE *f; | 138 | FILE *f; |
147 | unsigned long linenum = 0; | 139 | unsigned long linenum = 0; |
148 | struct stat st; | 140 | struct stat st; |
149 | BIGNUM *e, *n; | 141 | RSA *pk; |
150 | 142 | ||
151 | /* Temporarily use the user's uid. */ | 143 | /* Temporarily use the user's uid. */ |
152 | temporarily_use_uid(pw->pw_uid); | 144 | temporarily_use_uid(pw->pw_uid); |
@@ -208,8 +200,9 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) | |||
208 | /* Flag indicating whether authentication has succeeded. */ | 200 | /* Flag indicating whether authentication has succeeded. */ |
209 | authenticated = 0; | 201 | authenticated = 0; |
210 | 202 | ||
211 | e = BN_new(); | 203 | pk = RSA_new(); |
212 | n = BN_new(); | 204 | pk->e = BN_new(); |
205 | pk->n = BN_new(); | ||
213 | 206 | ||
214 | /* | 207 | /* |
215 | * Go though the accepted keys, looking for the current key. If | 208 | * Go though the accepted keys, looking for the current key. If |
@@ -247,7 +240,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) | |||
247 | options = NULL; | 240 | options = NULL; |
248 | 241 | ||
249 | /* Parse the key from the line. */ | 242 | /* Parse the key from the line. */ |
250 | if (!auth_rsa_read_key(&cp, &bits, e, n)) { | 243 | if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { |
251 | debug("%.100s, line %lu: bad key syntax", | 244 | debug("%.100s, line %lu: bad key syntax", |
252 | SSH_USER_PERMITTED_KEYS, linenum); | 245 | SSH_USER_PERMITTED_KEYS, linenum); |
253 | packet_send_debug("%.100s, line %lu: bad key syntax", | 246 | packet_send_debug("%.100s, line %lu: bad key syntax", |
@@ -257,19 +250,20 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) | |||
257 | /* cp now points to the comment part. */ | 250 | /* cp now points to the comment part. */ |
258 | 251 | ||
259 | /* Check if the we have found the desired key (identified by its modulus). */ | 252 | /* Check if the we have found the desired key (identified by its modulus). */ |
260 | if (BN_cmp(n, client_n) != 0) | 253 | if (BN_cmp(pk->n, client_n) != 0) |
261 | continue; | 254 | continue; |
262 | 255 | ||
263 | /* check the real bits */ | 256 | /* check the real bits */ |
264 | if (bits != BN_num_bits(n)) | 257 | if (bits != BN_num_bits(pk->n)) |
265 | log("Warning: %s, line %ld: keysize mismatch: " | 258 | log("Warning: %s, line %ld: keysize mismatch: " |
266 | "actual %d vs. announced %d.", | 259 | "actual %d vs. announced %d.", |
267 | file, linenum, BN_num_bits(n), bits); | 260 | file, linenum, BN_num_bits(pk->n), bits); |
268 | 261 | ||
269 | /* We have found the desired key. */ | 262 | /* We have found the desired key. */ |
270 | 263 | ||
264 | |||
271 | /* Perform the challenge-response dialog for this key. */ | 265 | /* Perform the challenge-response dialog for this key. */ |
272 | if (!auth_rsa_challenge_dialog(e, n)) { | 266 | if (!auth_rsa_challenge_dialog(pk)) { |
273 | /* Wrong response. */ | 267 | /* Wrong response. */ |
274 | verbose("Wrong response to RSA authentication challenge."); | 268 | verbose("Wrong response to RSA authentication challenge."); |
275 | packet_send_debug("Wrong response to RSA authentication challenge."); | 269 | packet_send_debug("Wrong response to RSA authentication challenge."); |
@@ -472,8 +466,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) | |||
472 | /* Close the file. */ | 466 | /* Close the file. */ |
473 | fclose(f); | 467 | fclose(f); |
474 | 468 | ||
475 | BN_clear_free(n); | 469 | RSA_free(pk); |
476 | BN_clear_free(e); | ||
477 | 470 | ||
478 | if (authenticated) | 471 | if (authenticated) |
479 | packet_send_debug("RSA authentication accepted."); | 472 | packet_send_debug("RSA authentication accepted."); |