1 files changed, 40 insertions, 45 deletions
diff --git a/sshconnect1.c b/sshconnect1.c
index 2829ca5a7..166e392e7 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.42 2001/12/19 07:18:56 deraadt Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.43 2001/12/27 18:22:16 markus Exp $");
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@@ -76,8 +76,8 @@ try_agent_authentication(void)
        if (!auth)
                return 0;
-        challenge = BN_new();
+        if ((challenge = BN_new()) == NULL)
+                fatal("try_agent_authentication: BN_new failed");
        /* Loop through identities served by the agent. */
        for (key = ssh_get_first_identity(auth, &comment, 1);
            key != NULL;
@@ -241,7 +241,8 @@ try_rsa_authentication(int idx)
                packet_disconnect("Protocol error during RSA authentication: %d", type);
        /* Get the challenge from the packet. */
-        challenge = BN_new();
+        if ((challenge = BN_new()) == NULL)
+                fatal("try_rsa_authentication: BN_new failed");
        packet_get_bignum(challenge, &clen);
        packet_integrity_check(plen, clen, type);
@@ -355,7 +356,8 @@ try_rhosts_rsa_authentication(const char *local_user, Key * host_key)
                packet_disconnect("Protocol error during RSA authentication: %d", type);
        /* Get the challenge from the packet. */
-        challenge = BN_new();
+        if ((challenge = BN_new()) == NULL)
+                fatal("try_rhosts_rsa_authentication: BN_new failed");
        packet_get_bignum(challenge, &clen);
        packet_integrity_check(plen, clen, type);
@@ -912,9 +914,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
 {
        int i;
        BIGNUM *key;
-        RSA *host_key;
+        Key *host_key, *server_key;
-        RSA *public_key;
-        Key k;
        int bits, rbits;
        int ssh_cipher_default = SSH_CIPHER_3DES;
        u_char session_key[SSH_SESSION_KEY_LENGTH];
@@ -934,32 +934,28 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
                cookie[i] = packet_get_char();
        /* Get the public key. */
-        public_key = RSA_new();
+        server_key = key_new(KEY_RSA1);
-        bits = packet_get_int();/* bits */
+        bits = packet_get_int();
-        public_key->e = BN_new();
+        packet_get_bignum(server_key->rsa->e, &clen);
-        packet_get_bignum(public_key->e, &clen);
        sum_len += clen;
-        public_key->n = BN_new();
+        packet_get_bignum(server_key->rsa->n, &clen);
-        packet_get_bignum(public_key->n, &clen);
        sum_len += clen;
-        rbits = BN_num_bits(public_key->n);
+        rbits = BN_num_bits(server_key->rsa->n);
        if (bits != rbits) {
                log("Warning: Server lies about size of server public key: "
                    "actual size is %d bits vs. announced %d.", rbits, bits);
                log("Warning: This may be due to an old implementation of ssh.");
        }
        /* Get the host key. */
-        host_key = RSA_new();
+        host_key = key_new(KEY_RSA1);
-        bits = packet_get_int();/* bits */
+        bits = packet_get_int();
-        host_key->e = BN_new();
+        packet_get_bignum(host_key->rsa->e, &clen);
-        packet_get_bignum(host_key->e, &clen);
        sum_len += clen;
-        host_key->n = BN_new();
+        packet_get_bignum(host_key->rsa->n, &clen);
-        packet_get_bignum(host_key->n, &clen);
        sum_len += clen;
-        rbits = BN_num_bits(host_key->n);
+        rbits = BN_num_bits(host_key->rsa->n);
        if (bits != rbits) {
                log("Warning: Server lies about size of server host key: "
                    "actual size is %d bits vs. announced %d.", rbits, bits);
@@ -974,19 +970,17 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
        supported_authentications = packet_get_int();
        debug("Received server public key (%d bits) and host key (%d bits).",
-            BN_num_bits(public_key->n), BN_num_bits(host_key->n));
+            BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n));
        packet_integrity_check(payload_len,
            8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
            SSH_SMSG_PUBLIC_KEY);
-        k.type = KEY_RSA1;
+        if (verify_host_key(host, hostaddr, host_key) == -1)
-        k.rsa = host_key;
-        if (verify_host_key(host, hostaddr, &k) == -1)
                fatal("Host key verification failed.");
        client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
-        compute_session_id(session_id, cookie, host_key->n, public_key->n);
+        compute_session_id(session_id, cookie, host_key->rsa->n, server_key->rsa->n);
        /* Generate a session key. */
        arc4random_stir();
@@ -1008,7 +1002,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
         * is the highest byte of the integer.  The session key is xored with
         * the first 16 bytes of the session id.
         */
-        key = BN_new();
+        if ((key = BN_new()) == NULL)
+                fatal("respond_to_rsa_challenge: BN_new failed");
        BN_set_word(key, 0);
        for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
                BN_lshift(key, key, 8);
@@ -1022,35 +1017,35 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
         * Encrypt the integer using the public key and host key of the
         * server (key with smaller modulus first).
         */
-        if (BN_cmp(public_key->n, host_key->n) < 0) {
+        if (BN_cmp(server_key->rsa->n, host_key->rsa->n) < 0) {
                /* Public key has smaller modulus. */
-                if (BN_num_bits(host_key->n) <
+                if (BN_num_bits(host_key->rsa->n) <
-                    BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
+                    BN_num_bits(server_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
-                        fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
+                        fatal("respond_to_rsa_challenge: host_key %d < server_key %d + "
                            "SSH_KEY_BITS_RESERVED %d",
-                            BN_num_bits(host_key->n),
+                            BN_num_bits(host_key->rsa->n),
-                            BN_num_bits(public_key->n),
+                            BN_num_bits(server_key->rsa->n),
                            SSH_KEY_BITS_RESERVED);
                }
-                rsa_public_encrypt(key, key, public_key);
+                rsa_public_encrypt(key, key, server_key->rsa);
-                rsa_public_encrypt(key, key, host_key);
+                rsa_public_encrypt(key, key, host_key->rsa);
        } else {
                /* Host key has smaller modulus (or they are equal). */
-                if (BN_num_bits(public_key->n) <
+                if (BN_num_bits(server_key->rsa->n) <
-                    BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
+                    BN_num_bits(host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
-                        fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
+                        fatal("respond_to_rsa_challenge: server_key %d < host_key %d + "
                            "SSH_KEY_BITS_RESERVED %d",
-                            BN_num_bits(public_key->n),
+                            BN_num_bits(server_key->rsa->n),
-                            BN_num_bits(host_key->n),
+                            BN_num_bits(host_key->rsa->n),
                            SSH_KEY_BITS_RESERVED);
                }
-                rsa_public_encrypt(key, key, host_key);
+                rsa_public_encrypt(key, key, host_key->rsa);
-                rsa_public_encrypt(key, key, public_key);
+                rsa_public_encrypt(key, key, server_key->rsa);
        }
        /* Destroy the public keys since we no longer need them. */
-        RSA_free(public_key);
+        key_free(server_key);
-        RSA_free(host_key);
+        key_free(host_key);
        if (options.cipher == SSH_CIPHER_NOT_SET) {
                if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))

diff --git a/sshconnect1.c b/sshconnect1.c index 2829ca5a7..166e392e7 100644 --- a/sshconnect1.c +++ b/sshconnect1.c
@@ -13,7 +13,7 @@
13	*/	13	*/
14		14
15	#include "includes.h"	15	#include "includes.h"
16	RCSID("$OpenBSD: sshconnect1.c,v 1.42 2001/12/19 07:18:56 deraadt Exp $");	16	RCSID("$OpenBSD: sshconnect1.c,v 1.43 2001/12/27 18:22:16 markus Exp $");
17		17
18	#include <openssl/bn.h>	18	#include <openssl/bn.h>
19	#include <openssl/evp.h>	19	#include <openssl/evp.h>
@@ -76,8 +76,8 @@ try_agent_authentication(void)
76	if (!auth)	76	if (!auth)
77	return 0;	77	return 0;
78		78
79	challenge = BN_new();	79	if ((challenge = BN_new()) == NULL)
80		80	fatal("try_agent_authentication: BN_new failed");
81	/* Loop through identities served by the agent. */	81	/* Loop through identities served by the agent. */
82	for (key = ssh_get_first_identity(auth, &comment, 1);	82	for (key = ssh_get_first_identity(auth, &comment, 1);
83	key != NULL;	83	key != NULL;
@@ -241,7 +241,8 @@ try_rsa_authentication(int idx)
241	packet_disconnect("Protocol error during RSA authentication: %d", type);	241	packet_disconnect("Protocol error during RSA authentication: %d", type);
242		242
243	/* Get the challenge from the packet. */	243	/* Get the challenge from the packet. */
244	challenge = BN_new();	244	if ((challenge = BN_new()) == NULL)
		245	fatal("try_rsa_authentication: BN_new failed");
245	packet_get_bignum(challenge, &clen);	246	packet_get_bignum(challenge, &clen);
246		247
247	packet_integrity_check(plen, clen, type);	248	packet_integrity_check(plen, clen, type);
@@ -355,7 +356,8 @@ try_rhosts_rsa_authentication(const char local_user, Key host_key)
355	packet_disconnect("Protocol error during RSA authentication: %d", type);	356	packet_disconnect("Protocol error during RSA authentication: %d", type);
356		357
357	/* Get the challenge from the packet. */	358	/* Get the challenge from the packet. */
358	challenge = BN_new();	359	if ((challenge = BN_new()) == NULL)
		360	fatal("try_rhosts_rsa_authentication: BN_new failed");
359	packet_get_bignum(challenge, &clen);	361	packet_get_bignum(challenge, &clen);
360		362
361	packet_integrity_check(plen, clen, type);	363	packet_integrity_check(plen, clen, type);
@@ -912,9 +914,7 @@ ssh_kex(char host, struct sockaddr hostaddr)
912	{	914	{
913	int i;	915	int i;
914	BIGNUM *key;	916	BIGNUM *key;
915	RSA *host_key;	917	Key host_key, server_key;
916	RSA *public_key;
917	Key k;
918	int bits, rbits;	918	int bits, rbits;
919	int ssh_cipher_default = SSH_CIPHER_3DES;	919	int ssh_cipher_default = SSH_CIPHER_3DES;
920	u_char session_key[SSH_SESSION_KEY_LENGTH];	920	u_char session_key[SSH_SESSION_KEY_LENGTH];
@@ -934,32 +934,28 @@ ssh_kex(char host, struct sockaddr hostaddr)
934	cookie[i] = packet_get_char();	934	cookie[i] = packet_get_char();
935		935
936	/* Get the public key. */	936	/* Get the public key. */
937	public_key = RSA_new();	937	server_key = key_new(KEY_RSA1);
938	bits = packet_get_int();/* bits */	938	bits = packet_get_int();
939	public_key->e = BN_new();	939	packet_get_bignum(server_key->rsa->e, &clen);
940	packet_get_bignum(public_key->e, &clen);
941	sum_len += clen;	940	sum_len += clen;
942	public_key->n = BN_new();	941	packet_get_bignum(server_key->rsa->n, &clen);
943	packet_get_bignum(public_key->n, &clen);
944	sum_len += clen;	942	sum_len += clen;
945		943
946	rbits = BN_num_bits(public_key->n);	944	rbits = BN_num_bits(server_key->rsa->n);
947	if (bits != rbits) {	945	if (bits != rbits) {
948	log("Warning: Server lies about size of server public key: "	946	log("Warning: Server lies about size of server public key: "
949	"actual size is %d bits vs. announced %d.", rbits, bits);	947	"actual size is %d bits vs. announced %d.", rbits, bits);
950	log("Warning: This may be due to an old implementation of ssh.");	948	log("Warning: This may be due to an old implementation of ssh.");
951	}	949	}
952	/* Get the host key. */	950	/* Get the host key. */
953	host_key = RSA_new();	951	host_key = key_new(KEY_RSA1);
954	bits = packet_get_int();/* bits */	952	bits = packet_get_int();
955	host_key->e = BN_new();	953	packet_get_bignum(host_key->rsa->e, &clen);
956	packet_get_bignum(host_key->e, &clen);
957	sum_len += clen;	954	sum_len += clen;
958	host_key->n = BN_new();	955	packet_get_bignum(host_key->rsa->n, &clen);
959	packet_get_bignum(host_key->n, &clen);
960	sum_len += clen;	956	sum_len += clen;
961		957
962	rbits = BN_num_bits(host_key->n);	958	rbits = BN_num_bits(host_key->rsa->n);
963	if (bits != rbits) {	959	if (bits != rbits) {
964	log("Warning: Server lies about size of server host key: "	960	log("Warning: Server lies about size of server host key: "
965	"actual size is %d bits vs. announced %d.", rbits, bits);	961	"actual size is %d bits vs. announced %d.", rbits, bits);
@@ -974,19 +970,17 @@ ssh_kex(char host, struct sockaddr hostaddr)
974	supported_authentications = packet_get_int();	970	supported_authentications = packet_get_int();
975		971
976	debug("Received server public key (%d bits) and host key (%d bits).",	972	debug("Received server public key (%d bits) and host key (%d bits).",
977	BN_num_bits(public_key->n), BN_num_bits(host_key->n));	973	BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n));
978		974
979	packet_integrity_check(payload_len,	975	packet_integrity_check(payload_len,
980	8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,	976	8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
981	SSH_SMSG_PUBLIC_KEY);	977	SSH_SMSG_PUBLIC_KEY);
982	k.type = KEY_RSA1;	978	if (verify_host_key(host, hostaddr, host_key) == -1)
983	k.rsa = host_key;
984	if (verify_host_key(host, hostaddr, &k) == -1)
985	fatal("Host key verification failed.");	979	fatal("Host key verification failed.");
986		980
987	client_flags = SSH_PROTOFLAG_SCREEN_NUMBER \| SSH_PROTOFLAG_HOST_IN_FWD_OPEN;	981	client_flags = SSH_PROTOFLAG_SCREEN_NUMBER \| SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
988		982
989	compute_session_id(session_id, cookie, host_key->n, public_key->n);	983	compute_session_id(session_id, cookie, host_key->rsa->n, server_key->rsa->n);
990		984
991	/* Generate a session key. */	985	/* Generate a session key. */
992	arc4random_stir();	986	arc4random_stir();
@@ -1008,7 +1002,8 @@ ssh_kex(char host, struct sockaddr hostaddr)
1008	* is the highest byte of the integer. The session key is xored with	1002	* is the highest byte of the integer. The session key is xored with
1009	* the first 16 bytes of the session id.	1003	* the first 16 bytes of the session id.
1010	*/	1004	*/
1011	key = BN_new();	1005	if ((key = BN_new()) == NULL)
		1006	fatal("respond_to_rsa_challenge: BN_new failed");
1012	BN_set_word(key, 0);	1007	BN_set_word(key, 0);
1013	for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {	1008	for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
1014	BN_lshift(key, key, 8);	1009	BN_lshift(key, key, 8);
@@ -1022,35 +1017,35 @@ ssh_kex(char host, struct sockaddr hostaddr)
1022	* Encrypt the integer using the public key and host key of the	1017	* Encrypt the integer using the public key and host key of the
1023	* server (key with smaller modulus first).	1018	* server (key with smaller modulus first).
1024	*/	1019	*/
1025	if (BN_cmp(public_key->n, host_key->n) < 0) {	1020	if (BN_cmp(server_key->rsa->n, host_key->rsa->n) < 0) {
1026	/* Public key has smaller modulus. */	1021	/* Public key has smaller modulus. */
1027	if (BN_num_bits(host_key->n) <	1022	if (BN_num_bits(host_key->rsa->n) <
1028	BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {	1023	BN_num_bits(server_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
1029	fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "	1024	fatal("respond_to_rsa_challenge: host_key %d < server_key %d + "
1030	"SSH_KEY_BITS_RESERVED %d",	1025	"SSH_KEY_BITS_RESERVED %d",
1031	BN_num_bits(host_key->n),	1026	BN_num_bits(host_key->rsa->n),
1032	BN_num_bits(public_key->n),	1027	BN_num_bits(server_key->rsa->n),
1033	SSH_KEY_BITS_RESERVED);	1028	SSH_KEY_BITS_RESERVED);
1034	}	1029	}
1035	rsa_public_encrypt(key, key, public_key);	1030	rsa_public_encrypt(key, key, server_key->rsa);
1036	rsa_public_encrypt(key, key, host_key);	1031	rsa_public_encrypt(key, key, host_key->rsa);
1037	} else {	1032	} else {
1038	/* Host key has smaller modulus (or they are equal). */	1033	/* Host key has smaller modulus (or they are equal). */
1039	if (BN_num_bits(public_key->n) <	1034	if (BN_num_bits(server_key->rsa->n) <
1040	BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {	1035	BN_num_bits(host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
1041	fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "	1036	fatal("respond_to_rsa_challenge: server_key %d < host_key %d + "
1042	"SSH_KEY_BITS_RESERVED %d",	1037	"SSH_KEY_BITS_RESERVED %d",
1043	BN_num_bits(public_key->n),	1038	BN_num_bits(server_key->rsa->n),
1044	BN_num_bits(host_key->n),	1039	BN_num_bits(host_key->rsa->n),
1045	SSH_KEY_BITS_RESERVED);	1040	SSH_KEY_BITS_RESERVED);
1046	}	1041	}
1047	rsa_public_encrypt(key, key, host_key);	1042	rsa_public_encrypt(key, key, host_key->rsa);
1048	rsa_public_encrypt(key, key, public_key);	1043	rsa_public_encrypt(key, key, server_key->rsa);
1049	}	1044	}
1050		1045
1051	/* Destroy the public keys since we no longer need them. */	1046	/* Destroy the public keys since we no longer need them. */
1052	RSA_free(public_key);	1047	key_free(server_key);
1053	RSA_free(host_key);	1048	key_free(host_key);
1054		1049
1055	if (options.cipher == SSH_CIPHER_NOT_SET) {	1050	if (options.cipher == SSH_CIPHER_NOT_SET) {
1056	if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))	1051	if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))