1 files changed, 41 insertions, 4 deletions
diff --git a/ssh-rsa.c b/ssh-rsa.c
index cde05df10..f570ae6d4 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-rsa.c,v 1.60 2016/09/12 23:39:34 djm Exp $ */
+/* $OpenBSD: ssh-rsa.c,v 1.62 2017/07/01 13:50:45 djm Exp $ */
 /*
 * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
 *
@@ -78,6 +78,41 @@ rsa_hash_alg_nid(int type)
        }
 }
+/* calculate p-1 and q-1 */
+int
+ssh_rsa_generate_additional_parameters(struct sshkey *key)
+{
+        RSA *rsa;
+        BIGNUM *aux = NULL;
+        BN_CTX *ctx = NULL;
+        int r;
+        if (key == NULL || key->rsa == NULL ||
+            sshkey_type_plain(key->type) != KEY_RSA)
+                return SSH_ERR_INVALID_ARGUMENT;
+        if ((ctx = BN_CTX_new()) == NULL)
+                return SSH_ERR_ALLOC_FAIL;
+        if ((aux = BN_new()) == NULL) {
+                r = SSH_ERR_ALLOC_FAIL;
+                goto out;
+        }
+        rsa = key->rsa;
+        if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
+            (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
+            (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
+            (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
+                r = SSH_ERR_LIBCRYPTO_ERROR;
+                goto out;
+        }
+        r = 0;
+ out:
+        BN_clear_free(aux);
+        BN_CTX_free(ctx);
+        return r;
+}
 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
 int
 ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
@@ -99,9 +134,10 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
        else
                hash_alg = rsa_hash_alg_from_ident(alg_ident);
        if (key == NULL || key->rsa == NULL || hash_alg == -1 ||
-            sshkey_type_plain(key->type) != KEY_RSA ||
+            sshkey_type_plain(key->type) != KEY_RSA)
-            BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
                return SSH_ERR_INVALID_ARGUMENT;
+        if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
+                return SSH_ERR_KEY_LENGTH;
        slen = RSA_size(key->rsa);
        if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
                return SSH_ERR_INVALID_ARGUMENT;
@@ -172,9 +208,10 @@ ssh_rsa_verify(const struct sshkey *key,
        if (key == NULL || key->rsa == NULL ||
            sshkey_type_plain(key->type) != KEY_RSA ||
-            BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE ||
            sig == NULL || siglen == 0)
                return SSH_ERR_INVALID_ARGUMENT;
+        if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
+                return SSH_ERR_KEY_LENGTH;
        if ((b = sshbuf_from(sig, siglen)) == NULL)
                return SSH_ERR_ALLOC_FAIL;

diff --git a/ssh-rsa.c b/ssh-rsa.c index cde05df10..f570ae6d4 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-rsa.c,v 1.60 2016/09/12 23:39:34 djm Exp $ */	1	/* $OpenBSD: ssh-rsa.c,v 1.62 2017/07/01 13:50:45 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>	3	* Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
4	*	4	*
@@ -78,6 +78,41 @@ rsa_hash_alg_nid(int type)
78	}	78	}
79	}	79	}
80		80
		81	/* calculate p-1 and q-1 */
		82	int
		83	ssh_rsa_generate_additional_parameters(struct sshkey *key)
		84	{
		85	RSA *rsa;
		86	BIGNUM *aux = NULL;
		87	BN_CTX *ctx = NULL;
		88	int r;
		89
		90	if (key == NULL \|\| key->rsa == NULL \|\|
		91	sshkey_type_plain(key->type) != KEY_RSA)
		92	return SSH_ERR_INVALID_ARGUMENT;
		93
		94	if ((ctx = BN_CTX_new()) == NULL)
		95	return SSH_ERR_ALLOC_FAIL;
		96	if ((aux = BN_new()) == NULL) {
		97	r = SSH_ERR_ALLOC_FAIL;
		98	goto out;
		99	}
		100	rsa = key->rsa;
		101
		102	if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) \|\|
		103	(BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) \|\|
		104	(BN_sub(aux, rsa->p, BN_value_one()) == 0) \|\|
		105	(BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
		106	r = SSH_ERR_LIBCRYPTO_ERROR;
		107	goto out;
		108	}
		109	r = 0;
		110	out:
		111	BN_clear_free(aux);
		112	BN_CTX_free(ctx);
		113	return r;
		114	}
		115
81	/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */	116	/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
82	int	117	int
83	ssh_rsa_sign(const struct sshkey key, u_char sigp, size_t lenp,	118	ssh_rsa_sign(const struct sshkey key, u_char sigp, size_t lenp,
@@ -99,9 +134,10 @@ ssh_rsa_sign(const struct sshkey key, u_char sigp, size_t lenp,
99	else	134	else
100	hash_alg = rsa_hash_alg_from_ident(alg_ident);	135	hash_alg = rsa_hash_alg_from_ident(alg_ident);
101	if (key == NULL \|\| key->rsa == NULL \|\| hash_alg == -1 \|\|	136	if (key == NULL \|\| key->rsa == NULL \|\| hash_alg == -1 \|\|
102	sshkey_type_plain(key->type) != KEY_RSA \|\|	137	sshkey_type_plain(key->type) != KEY_RSA)
103	BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
104	return SSH_ERR_INVALID_ARGUMENT;	138	return SSH_ERR_INVALID_ARGUMENT;
		139	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
		140	return SSH_ERR_KEY_LENGTH;
105	slen = RSA_size(key->rsa);	141	slen = RSA_size(key->rsa);
106	if (slen <= 0 \|\| slen > SSHBUF_MAX_BIGNUM)	142	if (slen <= 0 \|\| slen > SSHBUF_MAX_BIGNUM)
107	return SSH_ERR_INVALID_ARGUMENT;	143	return SSH_ERR_INVALID_ARGUMENT;
@@ -172,9 +208,10 @@ ssh_rsa_verify(const struct sshkey *key,
172		208
173	if (key == NULL \|\| key->rsa == NULL \|\|	209	if (key == NULL \|\| key->rsa == NULL \|\|
174	sshkey_type_plain(key->type) != KEY_RSA \|\|	210	sshkey_type_plain(key->type) != KEY_RSA \|\|
175	BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE \|\|
176	sig == NULL \|\| siglen == 0)	211	sig == NULL \|\| siglen == 0)
177	return SSH_ERR_INVALID_ARGUMENT;	212	return SSH_ERR_INVALID_ARGUMENT;
		213	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
		214	return SSH_ERR_KEY_LENGTH;
178		215
179	if ((b = sshbuf_from(sig, siglen)) == NULL)	216	if ((b = sshbuf_from(sig, siglen)) == NULL)
180	return SSH_ERR_ALLOC_FAIL;	217	return SSH_ERR_ALLOC_FAIL;