summaryrefslogtreecommitdiff
path: root/auth-rsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth-rsa.c')
-rw-r--r--auth-rsa.c37
1 files changed, 15 insertions, 22 deletions
diff --git a/auth-rsa.c b/auth-rsa.c
index ef7a2274e..22ac09c45 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -16,7 +16,7 @@
16 */ 16 */
17 17
18#include "includes.h" 18#include "includes.h"
19RCSID("$Id: auth-rsa.c,v 1.13 2000/03/09 10:27:50 damien Exp $"); 19RCSID("$Id: auth-rsa.c,v 1.14 2000/03/26 03:04:52 damien Exp $");
20 20
21#include "rsa.h" 21#include "rsa.h"
22#include "packet.h" 22#include "packet.h"
@@ -24,6 +24,7 @@ RCSID("$Id: auth-rsa.c,v 1.13 2000/03/09 10:27:50 damien Exp $");
24#include "ssh.h" 24#include "ssh.h"
25#include "mpaux.h" 25#include "mpaux.h"
26#include "uidswap.h" 26#include "uidswap.h"
27#include "match.h"
27#include "servconf.h" 28#include "servconf.h"
28 29
29#ifdef HAVE_OPENSSL 30#ifdef HAVE_OPENSSL
@@ -66,10 +67,9 @@ extern unsigned char session_id[16];
66 */ 67 */
67 68
68int 69int
69auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) 70auth_rsa_challenge_dialog(RSA *pk)
70{ 71{
71 BIGNUM *challenge, *encrypted_challenge; 72 BIGNUM *challenge, *encrypted_challenge;
72 RSA *pk;
73 BN_CTX *ctx; 73 BN_CTX *ctx;
74 unsigned char buf[32], mdbuf[16], response[16]; 74 unsigned char buf[32], mdbuf[16], response[16];
75 MD5_CTX md; 75 MD5_CTX md;
@@ -82,19 +82,11 @@ auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n)
82 /* Generate a random challenge. */ 82 /* Generate a random challenge. */
83 BN_rand(challenge, 256, 0, 0); 83 BN_rand(challenge, 256, 0, 0);
84 ctx = BN_CTX_new(); 84 ctx = BN_CTX_new();
85 BN_mod(challenge, challenge, n, ctx); 85 BN_mod(challenge, challenge, pk->n, ctx);
86 BN_CTX_free(ctx); 86 BN_CTX_free(ctx);
87 87
88 /* Create the public key data structure. */
89 pk = RSA_new();
90 pk->e = BN_new();
91 BN_copy(pk->e, e);
92 pk->n = BN_new();
93 BN_copy(pk->n, n);
94
95 /* Encrypt the challenge with the public key. */ 88 /* Encrypt the challenge with the public key. */
96 rsa_public_encrypt(encrypted_challenge, challenge, pk); 89 rsa_public_encrypt(encrypted_challenge, challenge, pk);
97 RSA_free(pk);
98 90
99 /* Send the encrypted challenge to the client. */ 91 /* Send the encrypted challenge to the client. */
100 packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); 92 packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE);
@@ -146,7 +138,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
146 FILE *f; 138 FILE *f;
147 unsigned long linenum = 0; 139 unsigned long linenum = 0;
148 struct stat st; 140 struct stat st;
149 BIGNUM *e, *n; 141 RSA *pk;
150 142
151 /* Temporarily use the user's uid. */ 143 /* Temporarily use the user's uid. */
152 temporarily_use_uid(pw->pw_uid); 144 temporarily_use_uid(pw->pw_uid);
@@ -208,8 +200,9 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
208 /* Flag indicating whether authentication has succeeded. */ 200 /* Flag indicating whether authentication has succeeded. */
209 authenticated = 0; 201 authenticated = 0;
210 202
211 e = BN_new(); 203 pk = RSA_new();
212 n = BN_new(); 204 pk->e = BN_new();
205 pk->n = BN_new();
213 206
214 /* 207 /*
215 * Go though the accepted keys, looking for the current key. If 208 * Go though the accepted keys, looking for the current key. If
@@ -247,7 +240,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
247 options = NULL; 240 options = NULL;
248 241
249 /* Parse the key from the line. */ 242 /* Parse the key from the line. */
250 if (!auth_rsa_read_key(&cp, &bits, e, n)) { 243 if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) {
251 debug("%.100s, line %lu: bad key syntax", 244 debug("%.100s, line %lu: bad key syntax",
252 SSH_USER_PERMITTED_KEYS, linenum); 245 SSH_USER_PERMITTED_KEYS, linenum);
253 packet_send_debug("%.100s, line %lu: bad key syntax", 246 packet_send_debug("%.100s, line %lu: bad key syntax",
@@ -257,19 +250,20 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
257 /* cp now points to the comment part. */ 250 /* cp now points to the comment part. */
258 251
259 /* Check if the we have found the desired key (identified by its modulus). */ 252 /* Check if the we have found the desired key (identified by its modulus). */
260 if (BN_cmp(n, client_n) != 0) 253 if (BN_cmp(pk->n, client_n) != 0)
261 continue; 254 continue;
262 255
263 /* check the real bits */ 256 /* check the real bits */
264 if (bits != BN_num_bits(n)) 257 if (bits != BN_num_bits(pk->n))
265 log("Warning: %s, line %ld: keysize mismatch: " 258 log("Warning: %s, line %ld: keysize mismatch: "
266 "actual %d vs. announced %d.", 259 "actual %d vs. announced %d.",
267 file, linenum, BN_num_bits(n), bits); 260 file, linenum, BN_num_bits(pk->n), bits);
268 261
269 /* We have found the desired key. */ 262 /* We have found the desired key. */
270 263
264
271 /* Perform the challenge-response dialog for this key. */ 265 /* Perform the challenge-response dialog for this key. */
272 if (!auth_rsa_challenge_dialog(e, n)) { 266 if (!auth_rsa_challenge_dialog(pk)) {
273 /* Wrong response. */ 267 /* Wrong response. */
274 verbose("Wrong response to RSA authentication challenge."); 268 verbose("Wrong response to RSA authentication challenge.");
275 packet_send_debug("Wrong response to RSA authentication challenge."); 269 packet_send_debug("Wrong response to RSA authentication challenge.");
@@ -472,8 +466,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
472 /* Close the file. */ 466 /* Close the file. */
473 fclose(f); 467 fclose(f);
474 468
475 BN_clear_free(n); 469 RSA_free(pk);
476 BN_clear_free(e);
477 470
478 if (authenticated) 471 if (authenticated)
479 packet_send_debug("RSA authentication accepted."); 472 packet_send_debug("RSA authentication accepted.");
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-29 00:43:50 +0000