From 8fed0a5fe7b4e78a6810b133d8e91be9742ee0a1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 29 Mar 2017 10:16:15 +1100 Subject: Remove compat code for OpenSSL < 0.9.7. Resyncs that code with OpenBSD upstream. --- sshkey.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'sshkey.c') diff --git a/sshkey.c b/sshkey.c index 53a7674b5..3c487849e 100644 --- a/sshkey.c +++ b/sshkey.c @@ -3513,11 +3513,7 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob, int success, r; int blen, len = strlen(_passphrase); u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL; -#if (OPENSSL_VERSION_NUMBER < 0x00907000L) - const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL; -#else - const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; -#endif + const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; const u_char *bptr; BIO *bio = NULL; -- cgit v1.2.3 From 56912dea6ef63dae4eb1194e5d88973a7c6c5740 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 30 Apr 2017 23:10:43 +0000 Subject: upstream commit unifdef WITH_SSH1 ok markus@ Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7 --- authfd.c | 123 +------------------ authfile.c | 56 +-------- cipher.c | 22 +--- compat.c | 7 +- hostfile.c | 15 +-- kex.c | 43 +------ opacket.c | 20 ---- packet.c | 43 +------ readconf.c | 11 +- ssh-add.c | 9 +- ssh-agent.c | 173 +------------------------- ssh-keygen.c | 9 +- ssh-keyscan.c | 59 +-------- ssh.c | 10 +- sshconnect.c | 7 +- sshkey.c | 380 +--------------------------------------------------------- 16 files changed, 15 insertions(+), 972 deletions(-) (limited to 'sshkey.c') diff --git a/authfd.c b/authfd.c index a634bcb81..915a6da48 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.100 2015/12/04 16:41:28 markus Exp $ */ +/* $OpenBSD: authfd.c,v 1.101 2017/04/30 23:10:43 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -199,43 +199,6 @@ ssh_lock_agent(int sock, int lock, const char *password) return r; } -#ifdef WITH_SSH1 -static int -deserialise_identity1(struct sshbuf *ids, struct sshkey **keyp, char **commentp) -{ - struct sshkey *key; - int r, keybits; - u_int32_t bits; - char *comment = NULL; - - if ((key = sshkey_new(KEY_RSA1)) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_get_u32(ids, &bits)) != 0 || - (r = sshbuf_get_bignum1(ids, key->rsa->e)) != 0 || - (r = sshbuf_get_bignum1(ids, key->rsa->n)) != 0 || - (r = sshbuf_get_cstring(ids, &comment, NULL)) != 0) - goto out; - keybits = BN_num_bits(key->rsa->n); - /* XXX previously we just warned here. I think we should be strict */ - if (keybits < 0 || bits != (u_int)keybits) { - r = SSH_ERR_KEY_BITS_MISMATCH; - goto out; - } - if (keyp != NULL) { - *keyp = key; - key = NULL; - } - if (commentp != NULL) { - *commentp = comment; - comment = NULL; - } - r = 0; - out: - sshkey_free(key); - free(comment); - return r; -} -#endif static int deserialise_identity2(struct sshbuf *ids, struct sshkey **keyp, char **commentp) @@ -331,11 +294,6 @@ ssh_fetch_identitylist(int sock, int version, struct ssh_identitylist **idlp) for (i = 0; i < num;) { switch (version) { case 1: -#ifdef WITH_SSH1 - if ((r = deserialise_identity1(msg, - &(idl->keys[i]), &(idl->comments[i]))) != 0) - goto out; -#endif break; case 2: if ((r = deserialise_identity2(msg, @@ -385,46 +343,6 @@ ssh_free_identitylist(struct ssh_identitylist *idl) * otherwise. */ -#ifdef WITH_SSH1 -int -ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge, - u_char session_id[16], u_char response[16]) -{ - struct sshbuf *msg; - int r; - u_char type; - - if (key->type != KEY_RSA1) - return SSH_ERR_INVALID_ARGUMENT; - if ((msg = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_u8(msg, SSH_AGENTC_RSA_CHALLENGE)) != 0 || - (r = sshbuf_put_u32(msg, BN_num_bits(key->rsa->n))) != 0 || - (r = sshbuf_put_bignum1(msg, key->rsa->e)) != 0 || - (r = sshbuf_put_bignum1(msg, key->rsa->n)) != 0 || - (r = sshbuf_put_bignum1(msg, challenge)) != 0 || - (r = sshbuf_put(msg, session_id, 16)) != 0 || - (r = sshbuf_put_u32(msg, 1)) != 0) /* Response type for proto 1.1 */ - goto out; - if ((r = ssh_request_reply(sock, msg, msg)) != 0) - goto out; - if ((r = sshbuf_get_u8(msg, &type)) != 0) - goto out; - if (agent_failed(type)) { - r = SSH_ERR_AGENT_FAILURE; - goto out; - } else if (type != SSH_AGENT_RSA_RESPONSE) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - if ((r = sshbuf_get(msg, response, 16)) != 0) - goto out; - r = 0; - out: - sshbuf_free(msg); - return r; -} -#endif /* encode signature algoritm in flag bits, so we can keep the msg format */ static u_int @@ -494,25 +412,6 @@ ssh_agent_sign(int sock, struct sshkey *key, /* Encode key for a message to the agent. */ -#ifdef WITH_SSH1 -static int -ssh_encode_identity_rsa1(struct sshbuf *b, RSA *key, const char *comment) -{ - int r; - - /* To keep within the protocol: p < q for ssh. in SSL p > q */ - if ((r = sshbuf_put_u32(b, BN_num_bits(key->n))) != 0 || - (r = sshbuf_put_bignum1(b, key->n)) != 0 || - (r = sshbuf_put_bignum1(b, key->e)) != 0 || - (r = sshbuf_put_bignum1(b, key->d)) != 0 || - (r = sshbuf_put_bignum1(b, key->iqmp)) != 0 || - (r = sshbuf_put_bignum1(b, key->q)) != 0 || - (r = sshbuf_put_bignum1(b, key->p)) != 0 || - (r = sshbuf_put_cstring(b, comment)) != 0) - return r; - return 0; -} -#endif static int ssh_encode_identity_ssh2(struct sshbuf *b, struct sshkey *key, @@ -561,16 +460,6 @@ ssh_add_identity_constrained(int sock, struct sshkey *key, const char *comment, return SSH_ERR_ALLOC_FAIL; switch (key->type) { -#ifdef WITH_SSH1 - case KEY_RSA1: - type = constrained ? - SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : - SSH_AGENTC_ADD_RSA_IDENTITY; - if ((r = sshbuf_put_u8(msg, type)) != 0 || - (r = ssh_encode_identity_rsa1(msg, key->rsa, comment)) != 0) - goto out; - break; -#endif #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: @@ -620,16 +509,6 @@ ssh_remove_identity(int sock, struct sshkey *key) if ((msg = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; -#ifdef WITH_SSH1 - if (key->type == KEY_RSA1) { - if ((r = sshbuf_put_u8(msg, - SSH_AGENTC_REMOVE_RSA_IDENTITY)) != 0 || - (r = sshbuf_put_u32(msg, BN_num_bits(key->rsa->n))) != 0 || - (r = sshbuf_put_bignum1(msg, key->rsa->e)) != 0 || - (r = sshbuf_put_bignum1(msg, key->rsa->n)) != 0) - goto out; - } else -#endif if (key->type != KEY_UNSPEC) { if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) goto out; diff --git a/authfile.c b/authfile.c index 0869e5d0d..d28ae0d38 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.123 2017/03/26 00:18:52 deraadt Exp $ */ +/* $OpenBSD: authfile.c,v 1.124 2017/04/30 23:10:43 djm Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -147,35 +147,6 @@ sshkey_load_file(int fd, struct sshbuf *blob) return r; } -#ifdef WITH_SSH1 -/* - * Loads the public part of the ssh v1 key file. Returns NULL if an error was - * encountered (the file does not exist or is not readable), and the key - * otherwise. - */ -static int -sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp) -{ - struct sshbuf *b = NULL; - int r; - - if (keyp != NULL) - *keyp = NULL; - if (commentp != NULL) - *commentp = NULL; - - if ((b = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshkey_load_file(fd, b)) != 0) - goto out; - if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0) - goto out; - r = 0; - out: - sshbuf_free(b); - return r; -} -#endif /* WITH_SSH1 */ /* XXX remove error() calls from here? */ int @@ -362,21 +333,7 @@ sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) if ((fd = open(filename, O_RDONLY)) < 0) goto skip; -#ifdef WITH_SSH1 - /* try rsa1 private key */ - r = sshkey_load_public_rsa1(fd, keyp, commentp); - close(fd); - switch (r) { - case SSH_ERR_INTERNAL_ERROR: - case SSH_ERR_ALLOC_FAIL: - case SSH_ERR_INVALID_ARGUMENT: - case SSH_ERR_SYSTEM_ERROR: - case 0: - return r; - } -#else /* WITH_SSH1 */ close(fd); -#endif /* WITH_SSH1 */ /* try ssh2 public key */ if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) @@ -388,17 +345,6 @@ sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) } sshkey_free(pub); -#ifdef WITH_SSH1 - /* try rsa1 public key */ - if ((pub = sshkey_new(KEY_RSA1)) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { - if (keyp != NULL) - *keyp = pub; - return 0; - } - sshkey_free(pub); -#endif /* WITH_SSH1 */ skip: /* try .pub suffix */ diff --git a/cipher.c b/cipher.c index 2def333b1..2df2b84bc 100644 --- a/cipher.c +++ b/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.102 2016/08/03 05:41:57 djm Exp $ */ +/* $OpenBSD: cipher.c,v 1.103 2017/04/30 23:10:43 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -51,11 +51,6 @@ #include "openbsd-compat/openssl-compat.h" -#ifdef WITH_SSH1 -extern const EVP_CIPHER *evp_ssh1_bf(void); -extern const EVP_CIPHER *evp_ssh1_3des(void); -extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); -#endif struct sshcipher_ctx { int plaintext; @@ -87,13 +82,6 @@ struct sshcipher { }; static const struct sshcipher ciphers[] = { -#ifdef WITH_SSH1 - { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, - { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, -# ifndef OPENSSL_NO_BF - { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, -# endif /* OPENSSL_NO_BF */ -#endif /* WITH_SSH1 */ #ifdef WITH_OPENSSL { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, @@ -627,10 +615,6 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) } else memcpy(iv, cc->evp->iv, len); break; -#endif -#ifdef WITH_SSH1 - case SSH_CIPHER_3DES: - return ssh1_3des_iv(cc->evp, 0, iv, 24); #endif default: return SSH_ERR_INVALID_ARGUMENT; @@ -673,10 +657,6 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) } else memcpy(cc->evp->iv, iv, evplen); break; -#endif -#ifdef WITH_SSH1 - case SSH_CIPHER_3DES: - return ssh1_3des_iv(cc->evp, 1, (u_char *)iv, 24); #endif default: return SSH_ERR_INVALID_ARGUMENT; diff --git a/compat.c b/compat.c index 1e80cfa9a..aa50d2ce8 100644 --- a/compat.c +++ b/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.100 2017/02/03 23:01:19 djm Exp $ */ +/* $OpenBSD: compat.c,v 1.101 2017/04/30 23:10:43 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -233,11 +233,6 @@ proto_spec(const char *spec) for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) { switch (atoi(p)) { case 1: -#ifdef WITH_SSH1 - if (ret == SSH_PROTO_UNKNOWN) - ret |= SSH_PROTO_1_PREFERRED; - ret |= SSH_PROTO_1; -#endif break; case 2: ret |= SSH_PROTO_2; diff --git a/hostfile.c b/hostfile.c index e23faa969..b8f9cd143 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.68 2017/03/10 04:26:06 djm Exp $ */ +/* $OpenBSD: hostfile.c,v 1.69 2017/04/30 23:10:43 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -789,20 +789,7 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, break; } if (!hostfile_read_key(&cp, &kbits, lineinfo.key)) { -#ifdef WITH_SSH1 - sshkey_free(lineinfo.key); - lineinfo.key = sshkey_new(KEY_RSA1); - if (lineinfo.key == NULL) { - error("%s: sshkey_new fail", __func__); - r = SSH_ERR_ALLOC_FAIL; - break; - } - if (!hostfile_read_key(&cp, &kbits, - lineinfo.key)) - goto bad; -#else goto bad; -#endif } lineinfo.keytype = lineinfo.key->type; lineinfo.comment = cp; diff --git a/kex.c b/kex.c index 98c0597a9..9a40759c1 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.131 2017/03/15 07:07:39 markus Exp $ */ +/* $OpenBSD: kex.c,v 1.132 2017/04/30 23:10:43 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -980,47 +980,6 @@ kex_derive_keys_bn(struct ssh *ssh, u_char *hash, u_int hashlen, } #endif -#ifdef WITH_SSH1 -int -derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, - u_int8_t cookie[8], u_int8_t id[16]) -{ - u_int8_t hbuf[2048], sbuf[2048], obuf[SSH_DIGEST_MAX_LENGTH]; - struct ssh_digest_ctx *hashctx = NULL; - size_t hlen, slen; - int r; - - hlen = BN_num_bytes(host_modulus); - slen = BN_num_bytes(server_modulus); - if (hlen < (512 / 8) || (u_int)hlen > sizeof(hbuf) || - slen < (512 / 8) || (u_int)slen > sizeof(sbuf)) - return SSH_ERR_KEY_BITS_MISMATCH; - if (BN_bn2bin(host_modulus, hbuf) <= 0 || - BN_bn2bin(server_modulus, sbuf) <= 0) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if ((hashctx = ssh_digest_start(SSH_DIGEST_MD5)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if (ssh_digest_update(hashctx, hbuf, hlen) != 0 || - ssh_digest_update(hashctx, sbuf, slen) != 0 || - ssh_digest_update(hashctx, cookie, 8) != 0 || - ssh_digest_final(hashctx, obuf, sizeof(obuf)) != 0) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - memcpy(id, obuf, ssh_digest_bytes(SSH_DIGEST_MD5)); - r = 0; - out: - ssh_digest_free(hashctx); - explicit_bzero(hbuf, sizeof(hbuf)); - explicit_bzero(sbuf, sizeof(sbuf)); - explicit_bzero(obuf, sizeof(obuf)); - return r; -} -#endif #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) void diff --git a/opacket.c b/opacket.c index 5970dd377..ad244b452 100644 --- a/opacket.c +++ b/opacket.c @@ -74,16 +74,6 @@ ssh_packet_put_raw(struct ssh *ssh, const void *buf, u_int len) fatal("%s: %s", __func__, ssh_err(r)); } -#ifdef WITH_SSH1 -void -ssh_packet_put_bignum(struct ssh *ssh, BIGNUM * value) -{ - int r; - - if ((r = sshpkt_put_bignum1(ssh, value)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} -#endif #ifdef WITH_OPENSSL void @@ -150,16 +140,6 @@ ssh_packet_get_int64(struct ssh *ssh) return val; } -#ifdef WITH_SSH1 -void -ssh_packet_get_bignum(struct ssh *ssh, BIGNUM * value) -{ - int r; - - if ((r = sshpkt_get_bignum1(ssh, value)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); -} -#endif #ifdef WITH_OPENSSL void diff --git a/packet.c b/packet.c index 2f3a2ec70..5d25ae61d 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.247 2017/03/11 13:07:35 markus Exp $ */ +/* $OpenBSD: packet.c,v 1.248 2017/04/30 23:10:43 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -811,34 +811,7 @@ uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) void ssh_packet_set_encryption_key(struct ssh *ssh, const u_char *key, u_int keylen, int number) { -#ifndef WITH_SSH1 fatal("no SSH protocol 1 support"); -#else /* WITH_SSH1 */ - struct session_state *state = ssh->state; - const struct sshcipher *cipher = cipher_by_number(number); - int r; - const char *wmsg; - - if (cipher == NULL) - fatal("%s: unknown cipher number %d", __func__, number); - if (keylen < 20) - fatal("%s: keylen too small: %d", __func__, keylen); - if (keylen > SSH_SESSION_KEY_LENGTH) - fatal("%s: keylen too big: %d", __func__, keylen); - memcpy(state->ssh1_key, key, keylen); - state->ssh1_keylen = keylen; - if ((r = cipher_init(&state->send_context, cipher, key, keylen, - NULL, 0, CIPHER_ENCRYPT)) != 0 || - (r = cipher_init(&state->receive_context, cipher, key, keylen, - NULL, 0, CIPHER_DECRYPT) != 0)) - fatal("%s: cipher_init failed: %s", __func__, ssh_err(r)); - if (!state->cipher_warning_done && - ((wmsg = cipher_warning_message(state->send_context)) != NULL || - (wmsg = cipher_warning_message(state->send_context)) != NULL)) { - error("Warning: %s", wmsg); - state->cipher_warning_done = 1; - } -#endif /* WITH_SSH1 */ } /* @@ -2862,13 +2835,6 @@ sshpkt_put_ec(struct ssh *ssh, const EC_POINT *v, const EC_GROUP *g) } #endif /* OPENSSL_HAS_ECC */ -#ifdef WITH_SSH1 -int -sshpkt_put_bignum1(struct ssh *ssh, const BIGNUM *v) -{ - return sshbuf_put_bignum1(ssh->state->outgoing_packet, v); -} -#endif /* WITH_SSH1 */ int sshpkt_put_bignum2(struct ssh *ssh, const BIGNUM *v) @@ -2930,13 +2896,6 @@ sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g) } #endif /* OPENSSL_HAS_ECC */ -#ifdef WITH_SSH1 -int -sshpkt_get_bignum1(struct ssh *ssh, BIGNUM *v) -{ - return sshbuf_get_bignum1(ssh->state->incoming_packet, v); -} -#endif /* WITH_SSH1 */ int sshpkt_get_bignum2(struct ssh *ssh, BIGNUM *v) diff --git a/readconf.c b/readconf.c index 013c19f59..975f00ff4 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.271 2017/04/28 03:20:27 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.272 2017/04/30 23:10:43 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -208,15 +208,9 @@ static struct { { "smartcarddevice", oUnsupported }, { "pkcs11provider", oUnsupported }, #endif -#ifdef WITH_SSH1 - { "rsaauthentication", oRSAAuthentication }, - { "rhostsrsaauthentication", oRhostsRSAAuthentication }, - { "compressionlevel", oCompressionLevel }, -# else { "rsaauthentication", oUnsupported }, { "rhostsrsaauthentication", oUnsupported }, { "compressionlevel", oUnsupported }, -#endif { "forwardagent", oForwardAgent }, { "forwardx11", oForwardX11 }, @@ -2575,9 +2569,6 @@ dump_client_config(Options *o, const char *host) /* Integer options */ dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); -#ifdef WITH_SSH1 - dump_cfg_int(oCompressionLevel, o->compression_level); -#endif dump_cfg_int(oConnectionAttempts, o->connection_attempts); dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout); dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts); diff --git a/ssh-add.c b/ssh-add.c index fb9a53e64..37ce56dfd 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.128 2016/02/15 09:47:49 dtucker Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.129 2017/04/30 23:10:43 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -79,9 +79,6 @@ static char *default_files[] = { #endif #endif /* WITH_OPENSSL */ _PATH_SSH_CLIENT_ID_ED25519, -#ifdef WITH_SSH1 - _PATH_SSH_CLIENT_IDENTITY, -#endif NULL }; @@ -363,11 +360,7 @@ list_identities(int agent_fd, int do_fp) int r, had_identities = 0; struct ssh_identitylist *idlist; size_t i; -#ifdef WITH_SSH1 - int version = 1; -#else int version = 2; -#endif for (; version <= 2; version++) { if ((r = ssh_fetch_identitylist(agent_fd, version, diff --git a/ssh-agent.c b/ssh-agent.c index b987562b9..6788287b7 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.218 2017/03/15 03:52:30 deraadt Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.219 2017/04/30 23:10:43 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -257,16 +257,6 @@ process_request_identities(SocketEntry *e, int version) fatal("%s: buffer error: %s", __func__, ssh_err(r)); TAILQ_FOREACH(id, &tab->idlist, next) { if (id->key->type == KEY_RSA1) { -#ifdef WITH_SSH1 - if ((r = sshbuf_put_u32(msg, - BN_num_bits(id->key->rsa->n))) != 0 || - (r = sshbuf_put_bignum1(msg, - id->key->rsa->e)) != 0 || - (r = sshbuf_put_bignum1(msg, - id->key->rsa->n)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); -#endif } else { u_char *blob; size_t blen; @@ -289,87 +279,6 @@ process_request_identities(SocketEntry *e, int version) sshbuf_free(msg); } -#ifdef WITH_SSH1 -/* ssh1 only */ -static void -process_authentication_challenge1(SocketEntry *e) -{ - u_char buf[32], mdbuf[16], session_id[16]; - u_int response_type; - BIGNUM *challenge; - Identity *id; - int r, len; - struct sshbuf *msg; - struct ssh_digest_ctx *md; - struct sshkey *key; - - if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); - if ((key = sshkey_new(KEY_RSA1)) == NULL) - fatal("%s: sshkey_new failed", __func__); - if ((challenge = BN_new()) == NULL) - fatal("%s: BN_new failed", __func__); - - if ((r = sshbuf_get_u32(e->request, NULL)) != 0 || /* ignored */ - (r = sshbuf_get_bignum1(e->request, key->rsa->e)) != 0 || - (r = sshbuf_get_bignum1(e->request, key->rsa->n)) != 0 || - (r = sshbuf_get_bignum1(e->request, challenge))) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - - /* Only protocol 1.1 is supported */ - if (sshbuf_len(e->request) == 0) - goto failure; - if ((r = sshbuf_get(e->request, session_id, sizeof(session_id))) != 0 || - (r = sshbuf_get_u32(e->request, &response_type)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if (response_type != 1) - goto failure; - - id = lookup_identity(key, 1); - if (id != NULL && (!id->confirm || confirm_key(id) == 0)) { - struct sshkey *private = id->key; - /* Decrypt the challenge using the private key. */ - if ((r = rsa_private_decrypt(challenge, challenge, - private->rsa) != 0)) { - fatal("%s: rsa_public_encrypt: %s", __func__, - ssh_err(r)); - goto failure; /* XXX ? */ - } - - /* The response is MD5 of decrypted challenge plus session id */ - len = BN_num_bytes(challenge); - if (len <= 0 || len > 32) { - logit("%s: bad challenge length %d", __func__, len); - goto failure; - } - memset(buf, 0, 32); - BN_bn2bin(challenge, buf + 32 - len); - if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL || - ssh_digest_update(md, buf, 32) < 0 || - ssh_digest_update(md, session_id, 16) < 0 || - ssh_digest_final(md, mdbuf, sizeof(mdbuf)) < 0) - fatal("%s: md5 failed", __func__); - ssh_digest_free(md); - - /* Send the response. */ - if ((r = sshbuf_put_u8(msg, SSH_AGENT_RSA_RESPONSE)) != 0 || - (r = sshbuf_put(msg, mdbuf, sizeof(mdbuf))) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - goto send; - } - - failure: - /* Unknown identity or protocol error. Send failure. */ - if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - send: - if ((r = sshbuf_put_stringb(e->output, msg)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - sshkey_free(key); - BN_clear_free(challenge); - sshbuf_free(msg); -} -#endif static char * agent_decode_alg(struct sshkey *key, u_int flags) @@ -448,28 +357,8 @@ process_remove_identity(SocketEntry *e, int version) int r, success = 0; struct sshkey *key = NULL; u_char *blob; -#ifdef WITH_SSH1 - u_int bits; -#endif /* WITH_SSH1 */ switch (version) { -#ifdef WITH_SSH1 - case 1: - if ((key = sshkey_new(KEY_RSA1)) == NULL) { - error("%s: sshkey_new failed", __func__); - return; - } - if ((r = sshbuf_get_u32(e->request, &bits)) != 0 || - (r = sshbuf_get_bignum1(e->request, key->rsa->e)) != 0 || - (r = sshbuf_get_bignum1(e->request, key->rsa->n)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - - if (bits != sshkey_size(key)) - logit("Warning: identity keysize mismatch: " - "actual %u, announced %u", - sshkey_size(key), bits); - break; -#endif /* WITH_SSH1 */ case 2: if ((r = sshbuf_get_string(e->request, &blob, &blen)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); @@ -559,45 +448,6 @@ reaper(void) * XXX this and the corresponding serialisation function probably belongs * in key.c */ -#ifdef WITH_SSH1 -static int -agent_decode_rsa1(struct sshbuf *m, struct sshkey **kp) -{ - struct sshkey *k = NULL; - int r = SSH_ERR_INTERNAL_ERROR; - - *kp = NULL; - if ((k = sshkey_new_private(KEY_RSA1)) == NULL) - return SSH_ERR_ALLOC_FAIL; - - if ((r = sshbuf_get_u32(m, NULL)) != 0 || /* ignored */ - (r = sshbuf_get_bignum1(m, k->rsa->n)) != 0 || - (r = sshbuf_get_bignum1(m, k->rsa->e)) != 0 || - (r = sshbuf_get_bignum1(m, k->rsa->d)) != 0 || - (r = sshbuf_get_bignum1(m, k->rsa->iqmp)) != 0 || - /* SSH1 and SSL have p and q swapped */ - (r = sshbuf_get_bignum1(m, k->rsa->q)) != 0 || /* p */ - (r = sshbuf_get_bignum1(m, k->rsa->p)) != 0) /* q */ - goto out; - - /* Generate additional parameters */ - if ((r = rsa_generate_additional_parameters(k->rsa)) != 0) - goto out; - /* enable blinding */ - if (RSA_blinding_on(k->rsa, NULL) != 1) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - - r = 0; /* success */ - out: - if (r == 0) - *kp = k; - else - sshkey_free(k); - return r; -} -#endif /* WITH_SSH1 */ static void process_add_identity(SocketEntry *e, int version) @@ -613,11 +463,6 @@ process_add_identity(SocketEntry *e, int version) int r = SSH_ERR_INTERNAL_ERROR; switch (version) { -#ifdef WITH_SSH1 - case 1: - r = agent_decode_rsa1(e->request, &k); - break; -#endif /* WITH_SSH1 */ case 2: r = sshkey_private_deserialize(e->request, &k); break; @@ -912,22 +757,6 @@ process_message(SocketEntry *e) case SSH_AGENTC_UNLOCK: process_lock_agent(e, type == SSH_AGENTC_LOCK); break; -#ifdef WITH_SSH1 - /* ssh1 */ - case SSH_AGENTC_RSA_CHALLENGE: - process_authentication_challenge1(e); - break; - case SSH_AGENTC_REQUEST_RSA_IDENTITIES: - process_request_identities(e, 1); - break; - case SSH_AGENTC_ADD_RSA_IDENTITY: - case SSH_AGENTC_ADD_RSA_ID_CONSTRAINED: - process_add_identity(e, 1); - break; - case SSH_AGENTC_REMOVE_RSA_IDENTITY: - process_remove_identity(e, 1); - break; -#endif case SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES: process_remove_all_identities(e, 1); /* safe for !WITH_SSH1 */ break; diff --git a/ssh-keygen.c b/ssh-keygen.c index c0d2d5942..70d421844 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.300 2017/04/29 04:12:25 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.301 2017/04/30 23:10:43 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -987,9 +987,6 @@ do_gen_all_hostkeys(struct passwd *pw) char *path; } key_types[] = { #ifdef WITH_OPENSSL -#ifdef WITH_SSH1 - { "rsa1", "RSA1", _PATH_HOST_KEY_FILE }, -#endif /* WITH_SSH1 */ { "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE }, { "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE }, #ifdef OPENSSL_HAS_ECC @@ -2244,11 +2241,7 @@ do_check_krl(struct passwd *pw, int argc, char **argv) exit(ret); } -#ifdef WITH_SSH1 -# define RSA1_USAGE " | rsa1" -#else # define RSA1_USAGE "" -#endif static void usage(void) diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 1f95239a3..3231ee342 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.109 2017/03/10 04:26:06 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.110 2017/04/30 23:10:43 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -187,52 +187,6 @@ strnnsep(char **stringp, char *delim) return (tok); } -#ifdef WITH_SSH1 -static struct sshkey * -keygrab_ssh1(con *c) -{ - static struct sshkey *rsa; - static struct sshbuf *msg; - int r; - u_char type; - - if (rsa == NULL) { - if ((rsa = sshkey_new(KEY_RSA1)) == NULL) { - error("%s: sshkey_new failed", __func__); - return NULL; - } - if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); - } - if ((r = sshbuf_put(msg, c->c_data, c->c_plen)) != 0 || - (r = sshbuf_consume(msg, 8 - (c->c_plen & 7))) != 0 || /* padding */ - (r = sshbuf_get_u8(msg, &type)) != 0) - goto buf_err; - if (type != (int) SSH_SMSG_PUBLIC_KEY) { - error("%s: invalid packet type", c->c_name); - sshbuf_reset(msg); - return NULL; - } - if ((r = sshbuf_consume(msg, 8)) != 0 || /* cookie */ - /* server key */ - (r = sshbuf_get_u32(msg, NULL)) != 0 || - (r = sshbuf_get_bignum1(msg, NULL)) != 0 || - (r = sshbuf_get_bignum1(msg, NULL)) != 0 || - /* host key */ - (r = sshbuf_get_u32(msg, NULL)) != 0 || - (r = sshbuf_get_bignum1(msg, rsa->rsa->e)) != 0 || - (r = sshbuf_get_bignum1(msg, rsa->rsa->n)) != 0) { - buf_err: - error("%s: buffer error: %s", __func__, ssh_err(r)); - sshbuf_reset(msg); - return NULL; - } - - sshbuf_reset(msg); - - return (rsa); -} -#endif static int key_print_wrapper(struct sshkey *hostkey, struct ssh *ssh) @@ -585,12 +539,6 @@ conread(int s) c->c_data = xmalloc(c->c_len); c->c_status = CS_KEYS; break; -#ifdef WITH_SSH1 - case CS_KEYS: - keyprint(c, keygrab_ssh1(c)); - confree(s); - return; -#endif default: fatal("conread: invalid status %d", c->c_status); break; @@ -756,11 +704,6 @@ main(int argc, char **argv) int type = sshkey_type_from_name(tname); switch (type) { -#ifdef WITH_SSH1 - case KEY_RSA1: - get_keytypes |= KT_RSA1; - break; -#endif case KEY_DSA: get_keytypes |= KT_DSA; break; diff --git a/ssh.c b/ssh.c index 5db6ff25e..38c8e837f 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.452 2017/04/28 03:20:27 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.453 2017/04/30 23:10:43 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -690,11 +690,7 @@ main(int ac, char **av) else if (strcmp(optarg, "key-plain") == 0) cp = sshkey_alg_list(0, 1, 0, '\n'); else if (strcmp(optarg, "protocol-version") == 0) { -#ifdef WITH_SSH1 - cp = xstrdup("1\n2"); -#else cp = xstrdup("2"); -#endif } if (cp == NULL) fatal("Unsupported query \"%s\"", optarg); @@ -1304,10 +1300,6 @@ main(int ac, char **av) sensitive_data.keys[i] = NULL; PRIV_START; -#if WITH_SSH1 - sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, - _PATH_HOST_KEY_FILE, "", NULL, NULL); -#endif #ifdef OPENSSL_HAS_ECC sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, "", NULL); diff --git a/sshconnect.c b/sshconnect.c index 948b638ad..26ffbc802 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.273 2017/03/10 03:22:40 dtucker Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.274 2017/04/30 23:10:43 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1382,12 +1382,7 @@ ssh_login(Sensitive *sensitive, const char *orighost, ssh_kex2(host, hostaddr, port); ssh_userauth2(local_user, server_user, host, sensitive); } else { -#ifdef WITH_SSH1 - ssh_kex(host, hostaddr); - ssh_userauth1(local_user, server_user, host, sensitive); -#else fatal("ssh1 is not supported"); -#endif } free(local_user); } diff --git a/sshkey.c b/sshkey.c index 3c487849e..045f1284f 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.45 2017/03/10 04:07:20 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.46 2017/04/30 23:10:43 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -89,9 +89,6 @@ static const struct keytype keytypes[] = { { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", KEY_ED25519_CERT, 0, 1, 0 }, #ifdef WITH_OPENSSL -# ifdef WITH_SSH1 - { NULL, "RSA1", KEY_RSA1, 0, 0, 0 }, -# endif { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 }, { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 }, { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 }, @@ -1194,39 +1191,6 @@ sshkey_fingerprint(const struct sshkey *k, int dgst_alg, return retval; } -#ifdef WITH_SSH1 -/* - * Reads a multiple-precision integer in decimal from the buffer, and advances - * the pointer. The integer must already be initialized. This function is - * permitted to modify the buffer. This leaves *cpp to point just beyond the - * last processed character. - */ -static int -read_decimal_bignum(char **cpp, BIGNUM *v) -{ - char *cp; - size_t e; - int skip = 1; /* skip white space */ - - cp = *cpp; - while (*cp == ' ' || *cp == '\t') - cp++; - e = strspn(cp, "0123456789"); - if (e == 0) - return SSH_ERR_INVALID_FORMAT; - if (e > SSHBUF_MAX_BIGNUM * 3) - return SSH_ERR_BIGNUM_TOO_LARGE; - if (cp[e] == '\0') - skip = 0; - else if (strchr(" \t\r\n", cp[e]) == NULL) - return SSH_ERR_INVALID_FORMAT; - cp[e] = '\0'; - if (BN_dec2bn(&v, cp) <= 0) - return SSH_ERR_INVALID_FORMAT; - *cpp = cp + e + skip; - return 0; -} -#endif /* WITH_SSH1 */ /* returns 0 ok, and < 0 error */ int @@ -1237,9 +1201,6 @@ sshkey_read(struct sshkey *ret, char **cpp) char *ep, *cp, *space; int r, type, curve_nid = -1; struct sshbuf *blob; -#ifdef WITH_SSH1 - u_long bits; -#endif /* WITH_SSH1 */ if (ret == NULL) return SSH_ERR_INVALID_ARGUMENT; @@ -1248,23 +1209,6 @@ sshkey_read(struct sshkey *ret, char **cpp) switch (ret->type) { case KEY_RSA1: -#ifdef WITH_SSH1 - /* Get number of bits. */ - bits = strtoul(cp, &ep, 10); - if (*cp == '\0' || strchr(" \t\r\n", *ep) == NULL || - bits == 0 || bits > SSHBUF_MAX_BIGNUM * 8) - return SSH_ERR_INVALID_FORMAT; /* Bad bit count... */ - /* Get public exponent, public modulus. */ - if ((r = read_decimal_bignum(&ep, ret->rsa->e)) < 0) - return r; - if ((r = read_decimal_bignum(&ep, ret->rsa->n)) < 0) - return r; - /* validate the claimed number of bits */ - if (BN_num_bits(ret->rsa->n) != (int)bits) - return SSH_ERR_KEY_BITS_MISMATCH; - *cpp = ep; - retval = 0; -#endif /* WITH_SSH1 */ break; case KEY_UNSPEC: case KEY_RSA: @@ -1422,36 +1366,6 @@ static int sshkey_format_rsa1(const struct sshkey *key, struct sshbuf *b) { int r = SSH_ERR_INTERNAL_ERROR; -#ifdef WITH_SSH1 - u_int bits = 0; - char *dec_e = NULL, *dec_n = NULL; - - if (key->rsa == NULL || key->rsa->e == NULL || - key->rsa->n == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((dec_e = BN_bn2dec(key->rsa->e)) == NULL || - (dec_n = BN_bn2dec(key->rsa->n)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - /* size of modulus 'n' */ - if ((bits = BN_num_bits(key->rsa->n)) <= 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if ((r = sshbuf_putf(b, "%u %s %s", bits, dec_e, dec_n)) != 0) - goto out; - - /* Success */ - r = 0; - out: - if (dec_e != NULL) - OPENSSL_free(dec_e); - if (dec_n != NULL) - OPENSSL_free(dec_n); -#endif /* WITH_SSH1 */ return r; } @@ -3404,105 +3318,6 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, return r; } -#if WITH_SSH1 -/* - * Serialises the authentication (private) key to a blob, encrypting it with - * passphrase. The identification of the blob (lowest 64 bits of n) will - * precede the key to provide identification of the key without needing a - * passphrase. - */ -static int -sshkey_private_rsa1_to_blob(struct sshkey *key, struct sshbuf *blob, - const char *passphrase, const char *comment) -{ - struct sshbuf *buffer = NULL, *encrypted = NULL; - u_char buf[8]; - int r, cipher_num; - struct sshcipher_ctx *ciphercontext = NULL; - const struct sshcipher *cipher; - u_char *cp; - - /* - * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting - * to another cipher; otherwise use SSH_AUTHFILE_CIPHER. - */ - cipher_num = (strcmp(passphrase, "") == 0) ? - SSH_CIPHER_NONE : SSH_CIPHER_3DES; - if ((cipher = cipher_by_number(cipher_num)) == NULL) - return SSH_ERR_INTERNAL_ERROR; - - /* This buffer is used to build the secret part of the private key. */ - if ((buffer = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - - /* Put checkbytes for checking passphrase validity. */ - if ((r = sshbuf_reserve(buffer, 4, &cp)) != 0) - goto out; - arc4random_buf(cp, 2); - memcpy(cp + 2, cp, 2); - - /* - * Store the private key (n and e will not be stored because they - * will be stored in plain text, and storing them also in encrypted - * format would just give known plaintext). - * Note: q and p are stored in reverse order to SSL. - */ - if ((r = sshbuf_put_bignum1(buffer, key->rsa->d)) != 0 || - (r = sshbuf_put_bignum1(buffer, key->rsa->iqmp)) != 0 || - (r = sshbuf_put_bignum1(buffer, key->rsa->q)) != 0 || - (r = sshbuf_put_bignum1(buffer, key->rsa->p)) != 0) - goto out; - - /* Pad the part to be encrypted to a size that is a multiple of 8. */ - explicit_bzero(buf, 8); - if ((r = sshbuf_put(buffer, buf, 8 - (sshbuf_len(buffer) % 8))) != 0) - goto out; - - /* This buffer will be used to contain the data in the file. */ - if ((encrypted = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - - /* First store keyfile id string. */ - if ((r = sshbuf_put(encrypted, LEGACY_BEGIN, - sizeof(LEGACY_BEGIN))) != 0) - goto out; - - /* Store cipher type and "reserved" field. */ - if ((r = sshbuf_put_u8(encrypted, cipher_num)) != 0 || - (r = sshbuf_put_u32(encrypted, 0)) != 0) - goto out; - - /* Store public key. This will be in plain text. */ - if ((r = sshbuf_put_u32(encrypted, BN_num_bits(key->rsa->n))) != 0 || - (r = sshbuf_put_bignum1(encrypted, key->rsa->n)) != 0 || - (r = sshbuf_put_bignum1(encrypted, key->rsa->e)) != 0 || - (r = sshbuf_put_cstring(encrypted, comment)) != 0) - goto out; - - /* Allocate space for the private part of the key in the buffer. */ - if ((r = sshbuf_reserve(encrypted, sshbuf_len(buffer), &cp)) != 0) - goto out; - - if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase, - CIPHER_ENCRYPT)) != 0) - goto out; - if ((r = cipher_crypt(ciphercontext, 0, cp, - sshbuf_ptr(buffer), sshbuf_len(buffer), 0, 0)) != 0) - goto out; - - r = sshbuf_putb(blob, encrypted); - - out: - cipher_free(ciphercontext); - explicit_bzero(buf, sizeof(buf)); - sshbuf_free(buffer); - sshbuf_free(encrypted); - - return r; -} -#endif /* WITH_SSH1 */ #ifdef WITH_OPENSSL /* convert SSH v2 key in OpenSSL PEM format */ @@ -3565,11 +3380,6 @@ sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, int force_new_format, const char *new_format_cipher, int new_format_rounds) { switch (key->type) { -#ifdef WITH_SSH1 - case KEY_RSA1: - return sshkey_private_rsa1_to_blob(key, blob, - passphrase, comment); -#endif /* WITH_SSH1 */ #ifdef WITH_OPENSSL case KEY_DSA: case KEY_ECDSA: @@ -3589,182 +3399,6 @@ sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, } } -#ifdef WITH_SSH1 -/* - * Parse the public, unencrypted portion of a RSA1 key. - */ -int -sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob, - struct sshkey **keyp, char **commentp) -{ - int r; - struct sshkey *pub = NULL; - struct sshbuf *copy = NULL; - - if (keyp != NULL) - *keyp = NULL; - if (commentp != NULL) - *commentp = NULL; - - /* Check that it is at least big enough to contain the ID string. */ - if (sshbuf_len(blob) < sizeof(LEGACY_BEGIN)) - return SSH_ERR_INVALID_FORMAT; - - /* - * Make sure it begins with the id string. Consume the id string - * from the buffer. - */ - if (memcmp(sshbuf_ptr(blob), LEGACY_BEGIN, sizeof(LEGACY_BEGIN)) != 0) - return SSH_ERR_INVALID_FORMAT; - /* Make a working copy of the keyblob and skip past the magic */ - if ((copy = sshbuf_fromb(blob)) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_consume(copy, sizeof(LEGACY_BEGIN))) != 0) - goto out; - - /* Skip cipher type, reserved data and key bits. */ - if ((r = sshbuf_get_u8(copy, NULL)) != 0 || /* cipher type */ - (r = sshbuf_get_u32(copy, NULL)) != 0 || /* reserved */ - (r = sshbuf_get_u32(copy, NULL)) != 0) /* key bits */ - goto out; - - /* Read the public key from the buffer. */ - if ((pub = sshkey_new(KEY_RSA1)) == NULL || - (r = sshbuf_get_bignum1(copy, pub->rsa->n)) != 0 || - (r = sshbuf_get_bignum1(copy, pub->rsa->e)) != 0) - goto out; - - /* Finally, the comment */ - if ((r = sshbuf_get_string(copy, (u_char**)commentp, NULL)) != 0) - goto out; - - /* The encrypted private part is not parsed by this function. */ - - r = 0; - if (keyp != NULL) { - *keyp = pub; - pub = NULL; - } - out: - sshbuf_free(copy); - sshkey_free(pub); - return r; -} - -static int -sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase, - struct sshkey **keyp, char **commentp) -{ - int r; - u_int16_t check1, check2; - u_int8_t cipher_type; - struct sshbuf *decrypted = NULL, *copy = NULL; - u_char *cp; - char *comment = NULL; - struct sshcipher_ctx *ciphercontext = NULL; - const struct sshcipher *cipher; - struct sshkey *prv = NULL; - - if (keyp != NULL) - *keyp = NULL; - if (commentp != NULL) - *commentp = NULL; - - /* Check that it is at least big enough to contain the ID string. */ - if (sshbuf_len(blob) < sizeof(LEGACY_BEGIN)) - return SSH_ERR_INVALID_FORMAT; - - /* - * Make sure it begins with the id string. Consume the id string - * from the buffer. - */ - if (memcmp(sshbuf_ptr(blob), LEGACY_BEGIN, sizeof(LEGACY_BEGIN)) != 0) - return SSH_ERR_INVALID_FORMAT; - - if ((prv = sshkey_new_private(KEY_RSA1)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((copy = sshbuf_fromb(blob)) == NULL || - (decrypted = sshbuf_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshbuf_consume(copy, sizeof(LEGACY_BEGIN))) != 0) - goto out; - - /* Read cipher type. */ - if ((r = sshbuf_get_u8(copy, &cipher_type)) != 0 || - (r = sshbuf_get_u32(copy, NULL)) != 0) /* reserved */ - goto out; - - /* Read the public key and comment from the buffer. */ - if ((r = sshbuf_get_u32(copy, NULL)) != 0 || /* key bits */ - (r = sshbuf_get_bignum1(copy, prv->rsa->n)) != 0 || - (r = sshbuf_get_bignum1(copy, prv->rsa->e)) != 0 || - (r = sshbuf_get_cstring(copy, &comment, NULL)) != 0) - goto out; - - /* Check that it is a supported cipher. */ - cipher = cipher_by_number(cipher_type); - if (cipher == NULL) { - r = SSH_ERR_KEY_UNKNOWN_CIPHER; - goto out; - } - /* Initialize space for decrypted data. */ - if ((r = sshbuf_reserve(decrypted, sshbuf_len(copy), &cp)) != 0) - goto out; - - /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ - if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase, - CIPHER_DECRYPT)) != 0) - goto out; - if ((r = cipher_crypt(ciphercontext, 0, cp, - sshbuf_ptr(copy), sshbuf_len(copy), 0, 0)) != 0) - goto out; - - if ((r = sshbuf_get_u16(decrypted, &check1)) != 0 || - (r = sshbuf_get_u16(decrypted, &check2)) != 0) - goto out; - if (check1 != check2) { - r = SSH_ERR_KEY_WRONG_PASSPHRASE; - goto out; - } - - /* Read the rest of the private key. */ - if ((r = sshbuf_get_bignum1(decrypted, prv->rsa->d)) != 0 || - (r = sshbuf_get_bignum1(decrypted, prv->rsa->iqmp)) != 0 || - (r = sshbuf_get_bignum1(decrypted, prv->rsa->q)) != 0 || - (r = sshbuf_get_bignum1(decrypted, prv->rsa->p)) != 0) - goto out; - - /* calculate p-1 and q-1 */ - if ((r = rsa_generate_additional_parameters(prv->rsa)) != 0) - goto out; - - /* enable blinding */ - if (RSA_blinding_on(prv->rsa, NULL) != 1) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - r = 0; - if (keyp != NULL) { - *keyp = prv; - prv = NULL; - } - if (commentp != NULL) { - *commentp = comment; - comment = NULL; - } - out: - cipher_free(ciphercontext); - free(comment); - sshkey_free(prv); - sshbuf_free(copy); - sshbuf_free(decrypted); - return r; -} -#endif /* WITH_SSH1 */ #ifdef WITH_OPENSSL static int @@ -3910,11 +3544,6 @@ sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, *commentp = NULL; switch (type) { -#ifdef WITH_SSH1 - case KEY_RSA1: - return sshkey_parse_private_rsa1(blob, passphrase, - keyp, commentp); -#endif /* WITH_SSH1 */ #ifdef WITH_OPENSSL case KEY_DSA: case KEY_ECDSA: @@ -3951,13 +3580,6 @@ sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, if (commentp != NULL) *commentp = NULL; -#ifdef WITH_SSH1 - /* it's a SSH v1 key if the public key part is readable */ - if (sshkey_parse_public_rsa1_fileblob(buffer, NULL, NULL) == 0) { - return sshkey_parse_private_fileblob_type(buffer, KEY_RSA1, - passphrase, keyp, commentp); - } -#endif /* WITH_SSH1 */ return sshkey_parse_private_fileblob_type(buffer, KEY_UNSPEC, passphrase, keyp, commentp); } -- cgit v1.2.3 From cdccebdf85204bf7542b7fcc1aa2ea3f36661833 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 30 Apr 2017 23:15:04 +0000 Subject: upstream commit remove SSHv1 ciphers; ok markus@ Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890 --- Makefile.in | 2 +- cipher-3des1.c | 158 -------------------------------------- cipher-bf1.c | 106 -------------------------- cipher.c | 237 ++++++++++++++++++--------------------------------------- cipher.h | 25 +----- readconf.c | 25 +----- readconf.h | 3 +- ssh.c | 21 +---- sshkey.c | 8 +- 9 files changed, 86 insertions(+), 499 deletions(-) delete mode 100644 cipher-3des1.c delete mode 100644 cipher-bf1.c (limited to 'sshkey.c') diff --git a/Makefile.in b/Makefile.in index e247c0de7..f6625734a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -78,7 +78,7 @@ LIBOPENSSH_OBJS=\ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ authfd.o authfile.o bufaux.o bufbn.o bufec.o buffer.o \ canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \ - cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ + cipher-ctr.o cleanup.o \ compat.o crc32.o deattack.o fatal.o hostfile.o \ log.o match.o moduli.o nchan.o packet.o opacket.o \ readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ diff --git a/cipher-3des1.c b/cipher-3des1.c deleted file mode 100644 index 9fcc2785a..000000000 --- a/cipher-3des1.c +++ /dev/null @@ -1,158 +0,0 @@ -/* $OpenBSD: cipher-3des1.c,v 1.12 2015/01/14 10:24:42 markus Exp $ */ -/* - * Copyright (c) 2003 Markus Friedl. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#ifdef WITH_SSH1 - -#include -#include -#include - -#include "ssherr.h" - -/* - * This is used by SSH1: - * - * What kind of triple DES are these 2 routines? - * - * Why is there a redundant initialization vector? - * - * If only iv3 was used, then, this would till effect have been - * outer-cbc. However, there is also a private iv1 == iv2 which - * perhaps makes differential analysis easier. On the other hand, the - * private iv1 probably makes the CRC-32 attack ineffective. This is a - * result of that there is no longer any known iv1 to use when - * choosing the X block. - */ -struct ssh1_3des_ctx -{ - EVP_CIPHER_CTX k1, k2, k3; -}; - -const EVP_CIPHER * evp_ssh1_3des(void); -int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); - -static int -ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, - int enc) -{ - struct ssh1_3des_ctx *c; - u_char *k1, *k2, *k3; - - if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { - if ((c = calloc(1, sizeof(*c))) == NULL) - return 0; - EVP_CIPHER_CTX_set_app_data(ctx, c); - } - if (key == NULL) - return 1; - if (enc == -1) - enc = ctx->encrypt; - k1 = k2 = k3 = (u_char *) key; - k2 += 8; - if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) { - if (enc) - k3 += 16; - else - k1 += 16; - } - EVP_CIPHER_CTX_init(&c->k1); - EVP_CIPHER_CTX_init(&c->k2); - EVP_CIPHER_CTX_init(&c->k3); - if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || - EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || - EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { - explicit_bzero(c, sizeof(*c)); - free(c); - EVP_CIPHER_CTX_set_app_data(ctx, NULL); - return 0; - } - return 1; -} - -static int -ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len) -{ - struct ssh1_3des_ctx *c; - - if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) - return 0; - if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 || - EVP_Cipher(&c->k2, dest, dest, len) == 0 || - EVP_Cipher(&c->k3, dest, dest, len) == 0) - return 0; - return 1; -} - -static int -ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) -{ - struct ssh1_3des_ctx *c; - - if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { - EVP_CIPHER_CTX_cleanup(&c->k1); - EVP_CIPHER_CTX_cleanup(&c->k2); - EVP_CIPHER_CTX_cleanup(&c->k3); - explicit_bzero(c, sizeof(*c)); - free(c); - EVP_CIPHER_CTX_set_app_data(ctx, NULL); - } - return 1; -} - -int -ssh1_3des_iv(EVP_CIPHER_CTX *evp, int doset, u_char *iv, int len) -{ - struct ssh1_3des_ctx *c; - - if (len != 24) - return SSH_ERR_INVALID_ARGUMENT; - if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) - return SSH_ERR_INTERNAL_ERROR; - if (doset) { - memcpy(c->k1.iv, iv, 8); - memcpy(c->k2.iv, iv + 8, 8); - memcpy(c->k3.iv, iv + 16, 8); - } else { - memcpy(iv, c->k1.iv, 8); - memcpy(iv + 8, c->k2.iv, 8); - memcpy(iv + 16, c->k3.iv, 8); - } - return 0; -} - -const EVP_CIPHER * -evp_ssh1_3des(void) -{ - static EVP_CIPHER ssh1_3des; - - memset(&ssh1_3des, 0, sizeof(ssh1_3des)); - ssh1_3des.nid = NID_undef; - ssh1_3des.block_size = 8; - ssh1_3des.iv_len = 0; - ssh1_3des.key_len = 16; - ssh1_3des.init = ssh1_3des_init; - ssh1_3des.cleanup = ssh1_3des_cleanup; - ssh1_3des.do_cipher = ssh1_3des_cbc; - ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH; - return &ssh1_3des; -} -#endif /* WITH_SSH1 */ diff --git a/cipher-bf1.c b/cipher-bf1.c deleted file mode 100644 index c205b077c..000000000 --- a/cipher-bf1.c +++ /dev/null @@ -1,106 +0,0 @@ -/* $OpenBSD: cipher-bf1.c,v 1.7 2015/01/14 10:24:42 markus Exp $ */ -/* - * Copyright (c) 2003 Markus Friedl. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#ifdef WITH_SSH1 -#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_BF) - -#include - -#include -#include - -#include - -#include "openbsd-compat/openssl-compat.h" - -/* - * SSH1 uses a variation on Blowfish, all bytes must be swapped before - * and after encryption/decryption. Thus the swap_bytes stuff (yuk). - */ - -const EVP_CIPHER * evp_ssh1_bf(void); - -static void -swap_bytes(const u_char *src, u_char *dst, int n) -{ - u_char c[4]; - - /* Process 4 bytes every lap. */ - for (n = n / 4; n > 0; n--) { - c[3] = *src++; - c[2] = *src++; - c[1] = *src++; - c[0] = *src++; - - *dst++ = c[0]; - *dst++ = c[1]; - *dst++ = c[2]; - *dst++ = c[3]; - } -} - -#ifdef SSH_OLD_EVP -static void bf_ssh1_init (EVP_CIPHER_CTX * ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - if (iv != NULL) - memcpy (&(ctx->oiv[0]), iv, 8); - memcpy (&(ctx->iv[0]), &(ctx->oiv[0]), 8); - if (key != NULL) - BF_set_key (&(ctx->c.bf_ks), EVP_CIPHER_CTX_key_length (ctx), - key); -} -#endif - -static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, - const u_char *, LIBCRYPTO_EVP_INL_TYPE) = NULL; - -static int -bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, - LIBCRYPTO_EVP_INL_TYPE len) -{ - int ret; - - swap_bytes(in, out, len); - ret = (*orig_bf)(ctx, out, out, len); - swap_bytes(out, out, len); - return (ret); -} - -const EVP_CIPHER * -evp_ssh1_bf(void) -{ - static EVP_CIPHER ssh1_bf; - - memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER)); - orig_bf = ssh1_bf.do_cipher; - ssh1_bf.nid = NID_undef; -#ifdef SSH_OLD_EVP - ssh1_bf.init = bf_ssh1_init; -#endif - ssh1_bf.do_cipher = bf_ssh1_cipher; - ssh1_bf.key_len = 32; - return (&ssh1_bf); -} -#endif /* defined(WITH_OPENSSL) && !defined(OPENSSL_NO_BF) */ - -#endif /* WITH_SSH1 */ diff --git a/cipher.c b/cipher.c index 2df2b84bc..622e745d0 100644 --- a/cipher.c +++ b/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.103 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: cipher.c,v 1.104 2017/04/30 23:15:04 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -63,7 +63,6 @@ struct sshcipher_ctx { struct sshcipher { char *name; - int number; /* for ssh1 only */ u_int block_size; u_int key_len; u_int iv_len; /* defaults to block_size */ @@ -74,6 +73,7 @@ struct sshcipher { #define CFLAG_CHACHAPOLY (1<<1) #define CFLAG_AESCTR (1<<2) #define CFLAG_NONE (1<<3) +#define CFLAG_INTERNAL CFLAG_NONE /* Don't use "none" for packets */ #ifdef WITH_OPENSSL const EVP_CIPHER *(*evptype)(void); #else @@ -83,45 +83,42 @@ struct sshcipher { static const struct sshcipher ciphers[] = { #ifdef WITH_OPENSSL - { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, - { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, + { "3des-cbc", 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, # ifndef OPENSSL_NO_BF - { "blowfish-cbc", - SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, + { "blowfish-cbc", 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, # endif /* OPENSSL_NO_BF */ # ifndef OPENSSL_NO_CAST - { "cast128-cbc", - SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc }, + { "cast128-cbc", 8, 16, 0, 0, 0, 1, EVP_cast5_cbc }, # endif /* OPENSSL_NO_CAST */ # ifndef OPENSSL_NO_RC4 - { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 }, - { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 }, - { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 }, + { "arcfour", 8, 16, 0, 0, 0, 0, EVP_rc4 }, + { "arcfour128", 8, 16, 0, 0, 1536, 0, EVP_rc4 }, + { "arcfour256", 8, 32, 0, 0, 1536, 0, EVP_rc4 }, # endif /* OPENSSL_NO_RC4 */ - { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc }, - { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc }, - { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, + { "aes128-cbc", 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc }, + { "aes192-cbc", 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc }, + { "aes256-cbc", 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, { "rijndael-cbc@lysator.liu.se", - SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr }, + 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, + { "aes128-ctr", 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr }, + { "aes192-ctr", 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr }, + { "aes256-ctr", 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr }, # ifdef OPENSSL_HAVE_EVPGCM { "aes128-gcm@openssh.com", - SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm }, + 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm }, { "aes256-gcm@openssh.com", - SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, + 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, # endif /* OPENSSL_HAVE_EVPGCM */ -#else /* WITH_OPENSSL */ - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL }, - { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, CFLAG_NONE, NULL }, -#endif /* WITH_OPENSSL */ +#else + { "aes128-ctr", 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes192-ctr", 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes256-ctr", 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL }, +#endif { "chacha20-poly1305@openssh.com", - SSH_CIPHER_SSH2, 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL }, + 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL }, + { "none", 8, 0, 0, 0, 0, CFLAG_NONE, NULL }, - { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL } + { NULL, 0, 0, 0, 0, 0, 0, NULL } }; /*--*/ @@ -135,7 +132,7 @@ cipher_alg_list(char sep, int auth_only) const struct sshcipher *c; for (c = ciphers; c->name != NULL; c++) { - if (c->number != SSH_CIPHER_SSH2) + if ((c->flags & CFLAG_INTERNAL) != 0) continue; if (auth_only && c->auth_len == 0) continue; @@ -190,12 +187,6 @@ cipher_ivlen(const struct sshcipher *c) c->iv_len : c->block_size; } -u_int -cipher_get_number(const struct sshcipher *c) -{ - return (c->number); -} - u_int cipher_is_cbc(const struct sshcipher *c) { @@ -208,24 +199,6 @@ cipher_ctx_is_plaintext(struct sshcipher_ctx *cc) return cc->plaintext; } -u_int -cipher_ctx_get_number(struct sshcipher_ctx *cc) -{ - return cc->cipher->number; -} - -u_int -cipher_mask_ssh1(int client) -{ - u_int mask = 0; - mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */ - mask |= 1 << SSH_CIPHER_BLOWFISH; - if (client) { - mask |= 1 << SSH_CIPHER_DES; - } - return mask; -} - const struct sshcipher * cipher_by_name(const char *name) { @@ -236,16 +209,6 @@ cipher_by_name(const char *name) return NULL; } -const struct sshcipher * -cipher_by_number(int id) -{ - const struct sshcipher *c; - for (c = ciphers; c->name != NULL; c++) - if (c->number == id) - return c; - return NULL; -} - #define CIPHER_SEP "," int ciphers_valid(const char *names) @@ -261,7 +224,7 @@ ciphers_valid(const char *names) for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; (p = strsep(&cp, CIPHER_SEP))) { c = cipher_by_name(p); - if (c == NULL || c->number != SSH_CIPHER_SSH2) { + if (c == NULL || (c->flags & CFLAG_INTERNAL) != 0) { free(cipher_list); return 0; } @@ -270,38 +233,12 @@ ciphers_valid(const char *names) return 1; } -/* - * Parses the name of the cipher. Returns the number of the corresponding - * cipher, or -1 on error. - */ - -int -cipher_number(const char *name) -{ - const struct sshcipher *c; - if (name == NULL) - return -1; - for (c = ciphers; c->name != NULL; c++) - if (strcasecmp(c->name, name) == 0) - return c->number; - return -1; -} - -char * -cipher_name(int id) -{ - const struct sshcipher *c = cipher_by_number(id); - return (c==NULL) ? "" : c->name; -} - const char * cipher_warning_message(const struct sshcipher_ctx *cc) { if (cc == NULL || cc->cipher == NULL) return NULL; - if (cc->cipher->number == SSH_CIPHER_DES) - return "use of DES is strongly discouraged due to " - "cryptographic weaknesses"; + /* XXX repurpose for CBC warning */ return NULL; } @@ -322,12 +259,7 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher, if ((cc = calloc(sizeof(*cc), 1)) == NULL) return SSH_ERR_ALLOC_FAIL; - if (cipher->number == SSH_CIPHER_DES) { - if (keylen > 8) - keylen = 8; - } - - cc->plaintext = (cipher->number == SSH_CIPHER_NONE); + cc->plaintext = 0; /* XXX */ cc->encrypt = do_encrypt; if (keylen < cipher->key_len || @@ -341,6 +273,10 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher, ret = chachapoly_init(&cc->cp_ctx, key, keylen); goto out; } + if ((cc->cipher->flags & CFLAG_NONE) != 0) { + ret = 0; + goto out; + } #ifndef WITH_OPENSSL if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen); @@ -348,10 +284,6 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher, ret = 0; goto out; } - if ((cc->cipher->flags & CFLAG_NONE) != 0) { - ret = 0; - goto out; - } ret = SSH_ERR_INVALID_ARGUMENT; goto out; #else /* WITH_OPENSSL */ @@ -436,6 +368,10 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest, return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len, aadlen, authlen, cc->encrypt); } + if ((cc->cipher->flags & CFLAG_NONE) != 0) { + memcpy(dest, src, aadlen + len); + return 0; + } #ifndef WITH_OPENSSL if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { if (aadlen) @@ -444,10 +380,6 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest, dest + aadlen, len); return 0; } - if ((cc->cipher->flags & CFLAG_NONE) != 0) { - memcpy(dest, src, aadlen + len); - return 0; - } return SSH_ERR_INVALID_ARGUMENT; #else if (authlen) { @@ -554,19 +486,16 @@ int cipher_get_keyiv_len(const struct sshcipher_ctx *cc) { const struct sshcipher *c = cc->cipher; - int ivlen = 0; - if (c->number == SSH_CIPHER_3DES) - ivlen = 24; - else if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) - ivlen = 0; - else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) - ivlen = sizeof(cc->ac_ctx.ctr); + if ((c->flags & CFLAG_CHACHAPOLY) != 0) + return 0; + else if ((c->flags & CFLAG_AESCTR) != 0) + return sizeof(cc->ac_ctx.ctr); #ifdef WITH_OPENSSL - else - ivlen = EVP_CIPHER_CTX_iv_length(cc->evp); -#endif /* WITH_OPENSSL */ - return (ivlen); + return EVP_CIPHER_CTX_iv_length(cc->evp); +#else + return 0; +#endif } int @@ -591,34 +520,26 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) if ((cc->cipher->flags & CFLAG_NONE) != 0) return 0; - switch (c->number) { #ifdef WITH_OPENSSL - case SSH_CIPHER_SSH2: - case SSH_CIPHER_DES: - case SSH_CIPHER_BLOWFISH: - evplen = EVP_CIPHER_CTX_iv_length(cc->evp); - if (evplen == 0) - return 0; - else if (evplen < 0) - return SSH_ERR_LIBCRYPTO_ERROR; - if ((u_int)evplen != len) - return SSH_ERR_INVALID_ARGUMENT; + evplen = EVP_CIPHER_CTX_iv_length(cc->evp); + if (evplen == 0) + return 0; + else if (evplen < 0) + return SSH_ERR_LIBCRYPTO_ERROR; + if ((u_int)evplen != len) + return SSH_ERR_INVALID_ARGUMENT; #ifndef OPENSSL_HAVE_EVPCTR - if (c->evptype == evp_aes_128_ctr) - ssh_aes_ctr_iv(cc->evp, 0, iv, len); - else + if (c->evptype == evp_aes_128_ctr) + ssh_aes_ctr_iv(cc->evp, 0, iv, len); + else #endif - if (cipher_authlen(c)) { - if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, - len, iv)) - return SSH_ERR_LIBCRYPTO_ERROR; - } else - memcpy(iv, cc->evp->iv, len); - break; + if (cipher_authlen(c)) { + if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, + len, iv)) + return SSH_ERR_LIBCRYPTO_ERROR; + } else + memcpy(iv, cc->evp->iv, len); #endif - default: - return SSH_ERR_INVALID_ARGUMENT; - } return 0; } @@ -635,32 +556,24 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) if ((cc->cipher->flags & CFLAG_NONE) != 0) return 0; - switch (c->number) { #ifdef WITH_OPENSSL - case SSH_CIPHER_SSH2: - case SSH_CIPHER_DES: - case SSH_CIPHER_BLOWFISH: - evplen = EVP_CIPHER_CTX_iv_length(cc->evp); - if (evplen <= 0) - return SSH_ERR_LIBCRYPTO_ERROR; + evplen = EVP_CIPHER_CTX_iv_length(cc->evp); + if (evplen <= 0) + return SSH_ERR_LIBCRYPTO_ERROR; #ifndef OPENSSL_HAVE_EVPCTR - /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */ - if (c->evptype == evp_aes_128_ctr) - ssh_aes_ctr_iv(cc->evp, 1, (u_char *)iv, evplen); - else + /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */ + if (c->evptype == evp_aes_128_ctr) + ssh_aes_ctr_iv(cc->evp, 1, (u_char *)iv, evplen); + else #endif - if (cipher_authlen(c)) { - /* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */ - if (!EVP_CIPHER_CTX_ctrl(cc->evp, - EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) - return SSH_ERR_LIBCRYPTO_ERROR; - } else - memcpy(cc->evp->iv, iv, evplen); - break; + if (cipher_authlen(c)) { + /* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */ + if (!EVP_CIPHER_CTX_ctrl(cc->evp, + EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) + return SSH_ERR_LIBCRYPTO_ERROR; + } else + memcpy(cc->evp->iv, iv, evplen); #endif - default: - return SSH_ERR_INVALID_ARGUMENT; - } return 0; } diff --git a/cipher.h b/cipher.h index f4bca6285..312bbc8a0 100644 --- a/cipher.h +++ b/cipher.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.49 2016/08/03 05:41:57 djm Exp $ */ +/* $OpenBSD: cipher.h,v 1.50 2017/04/30 23:15:04 djm Exp $ */ /* * Author: Tatu Ylonen @@ -42,34 +42,13 @@ #include "cipher-chachapoly.h" #include "cipher-aesctr.h" -/* - * Cipher types for SSH-1. New types can be added, but old types should not - * be removed for compatibility. The maximum allowed value is 31. - */ -#define SSH_CIPHER_SSH2 -3 -#define SSH_CIPHER_INVALID -2 /* No valid cipher selected. */ -#define SSH_CIPHER_NOT_SET -1 /* None selected (invalid number). */ -#define SSH_CIPHER_NONE 0 /* no encryption */ -#define SSH_CIPHER_IDEA 1 /* IDEA CFB */ -#define SSH_CIPHER_DES 2 /* DES CBC */ -#define SSH_CIPHER_3DES 3 /* 3DES CBC */ -#define SSH_CIPHER_BROKEN_TSS 4 /* TRI's Simple Stream encryption CBC */ -#define SSH_CIPHER_BROKEN_RC4 5 /* Alleged RC4 */ -#define SSH_CIPHER_BLOWFISH 6 -#define SSH_CIPHER_RESERVED 7 -#define SSH_CIPHER_MAX 31 - #define CIPHER_ENCRYPT 1 #define CIPHER_DECRYPT 0 struct sshcipher; struct sshcipher_ctx; -u_int cipher_mask_ssh1(int); const struct sshcipher *cipher_by_name(const char *); -const struct sshcipher *cipher_by_number(int); -int cipher_number(const char *); -char *cipher_name(int); const char *cipher_warning_message(const struct sshcipher_ctx *); int ciphers_valid(const char *); char *cipher_alg_list(char, int); @@ -90,9 +69,7 @@ u_int cipher_ivlen(const struct sshcipher *); u_int cipher_is_cbc(const struct sshcipher *); u_int cipher_ctx_is_plaintext(struct sshcipher_ctx *); -u_int cipher_ctx_get_number(struct sshcipher_ctx *); -u_int cipher_get_number(const struct sshcipher *); int cipher_get_keyiv(struct sshcipher_ctx *, u_char *, u_int); int cipher_set_keyiv(struct sshcipher_ctx *, const u_char *); int cipher_get_keyiv_len(const struct sshcipher_ctx *); diff --git a/readconf.c b/readconf.c index 963c648b9..5a7197c14 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.273 2017/04/30 23:11:45 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.274 2017/04/30 23:15:04 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -182,6 +182,7 @@ static struct { } keywords[] = { /* Deprecated options */ { "protocol", oIgnore }, /* NB. silently ignored */ + { "cipher", oDeprecated }, { "fallbacktorsh", oDeprecated }, { "globalknownhostsfile2", oDeprecated }, { "rhostsauthentication", oDeprecated }, @@ -240,7 +241,6 @@ static struct { { "hostkeyalias", oHostKeyAlias }, { "proxycommand", oProxyCommand }, { "port", oPort }, - { "cipher", oCipher }, { "ciphers", oCiphers }, { "macs", oMacs }, { "remoteforward", oRemoteForward }, @@ -1175,19 +1175,6 @@ parse_int: intptr = &options->connection_attempts; goto parse_int; - case oCipher: - intptr = &options->cipher; - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing argument.", filename, linenum); - value = cipher_number(arg); - if (value == -1) - fatal("%.200s line %d: Bad cipher '%s'.", - filename, linenum, arg ? arg : ""); - if (*activep && *intptr == -1) - *intptr = value; - break; - case oCiphers: arg = strdelim(&s); if (!arg || *arg == '\0') @@ -1811,7 +1798,6 @@ initialize_options(Options * options) options->connection_attempts = -1; options->connection_timeout = -1; options->number_of_password_prompts = -1; - options->cipher = -1; options->ciphers = NULL; options->macs = NULL; options->kex_algorithms = NULL; @@ -1968,9 +1954,6 @@ fill_default_options(Options * options) options->connection_attempts = 1; if (options->number_of_password_prompts == -1) options->number_of_password_prompts = 3; - /* Selected in ssh_login(). */ - if (options->cipher == -1) - options->cipher = SSH_CIPHER_NOT_SET; /* options->hostkeyalgorithms, default set in myproposals.h */ if (options->add_keys_to_agent == -1) options->add_keys_to_agent = 0; @@ -2603,10 +2586,6 @@ dump_client_config(Options *o, const char *host) printf("\n"); } - /* oCipher */ - if (o->cipher != SSH_CIPHER_NOT_SET) - printf("Cipher %s\n", cipher_name(o->cipher)); - /* oControlPersist */ if (o->control_persist == 0 || o->control_persist_timeout == 0) dump_cfg_fmtint(oControlPersist, o->control_persist); diff --git a/readconf.h b/readconf.h index f53864854..c2ffd9ed4 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.119 2017/04/30 23:11:45 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.120 2017/04/30 23:15:04 djm Exp $ */ /* * Author: Tatu Ylonen @@ -70,7 +70,6 @@ typedef struct { * aborting connection attempt */ int number_of_password_prompts; /* Max number of password * prompts. */ - int cipher; /* Cipher to use. */ char *ciphers; /* SSH2 ciphers in order of preference. */ char *macs; /* SSH2 macs in order of preference. */ char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ diff --git a/ssh.c b/ssh.c index a682ce91a..c1316f44c 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.455 2017/04/30 23:13:25 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.456 2017/04/30 23:15:04 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -813,27 +813,14 @@ main(int ac, char **av) } break; case 'c': - if (ciphers_valid(*optarg == '+' ? + if (!ciphers_valid(*optarg == '+' ? optarg + 1 : optarg)) { - /* SSH2 only */ - free(options.ciphers); - options.ciphers = xstrdup(optarg); - options.cipher = SSH_CIPHER_INVALID; - break; - } - /* SSH1 only */ - options.cipher = cipher_number(optarg); - if (options.cipher == -1) { fprintf(stderr, "Unknown cipher type '%s'\n", optarg); exit(255); } - if (options.cipher == SSH_CIPHER_3DES) - options.ciphers = xstrdup("3des-cbc"); - else if (options.cipher == SSH_CIPHER_BLOWFISH) - options.ciphers = xstrdup("blowfish-cbc"); - else - options.ciphers = xstrdup(KEX_CLIENT_ENCRYPT); + free(options.ciphers); + options.ciphers = xstrdup(optarg); break; case 'm': if (mac_valid(optarg)) { diff --git a/sshkey.c b/sshkey.c index 045f1284f..1741d9b19 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.46 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.47 2017/04/30 23:15:04 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2971,12 +2971,8 @@ sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob, kdfname = "none"; } else if (ciphername == NULL) ciphername = DEFAULT_CIPHERNAME; - else if (cipher_number(ciphername) != SSH_CIPHER_SSH2) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } if ((cipher = cipher_by_name(ciphername)) == NULL) { - r = SSH_ERR_INTERNAL_ERROR; + r = SSH_ERR_INVALID_ARGUMENT; goto out; } -- cgit v1.2.3 From 873d3e7d9a4707d0934fb4c4299354418f91b541 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 30 Apr 2017 23:18:44 +0000 Subject: upstream commit remove KEY_RSA1 ok markus@ Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133 --- clientloop.c | 5 ++--- hostfile.c | 18 +++-------------- ssh-agent.c | 28 +++++++++++--------------- ssh-keygen.1 | 9 ++++----- ssh-keygen.c | 27 +++++-------------------- ssh-keyscan.1 | 9 ++------- ssh-keyscan.c | 64 ++++++++++++++++++++++++++--------------------------------- ssh.c | 5 ++--- ssh.h | 4 ++-- sshconnect.c | 3 +-- sshconnect2.c | 7 ++----- sshd.c | 10 +--------- sshkey.c | 63 +++++++--------------------------------------------------- sshkey.h | 3 +-- 14 files changed, 72 insertions(+), 183 deletions(-) (limited to 'sshkey.c') diff --git a/clientloop.c b/clientloop.c index 469a2f00a..018688a81 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.292 2017/04/30 23:13:25 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.293 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1831,8 +1831,7 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx) size_t i; struct sshkey **tmp; - if (l->status != HKF_STATUS_MATCHED || l->key == NULL || - l->key->type == KEY_RSA1) + if (l->status != HKF_STATUS_MATCHED || l->key == NULL) return 0; /* Mark off keys we've already seen for this host */ diff --git a/hostfile.c b/hostfile.c index b8f9cd143..1804cff99 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.69 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: hostfile.c,v 1.70 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -346,16 +346,11 @@ check_hostkeys_by_key_or_type(struct hostkeys *hostkeys, HostStatus end_return = HOST_NEW; int want_cert = sshkey_is_cert(k); HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE; - int proto = (k ? k->type : keytype) == KEY_RSA1 ? 1 : 2; if (found != NULL) *found = NULL; for (i = 0; i < hostkeys->num_entries; i++) { - if (proto == 1 && hostkeys->entries[i].key->type != KEY_RSA1) - continue; - if (proto == 2 && hostkeys->entries[i].key->type == KEY_RSA1) - continue; if (hostkeys->entries[i].marker != want_marker) continue; if (k == NULL) { @@ -490,13 +485,6 @@ host_delete(struct hostkey_foreach_line *l, void *_ctx) return 0; } - /* XXX might need a knob for this later */ - /* Don't remove RSA1 keys */ - if (l->key->type == KEY_RSA1) { - fprintf(ctx->out, "%s\n", l->line); - return 0; - } - /* * If this line contains one of the keys that we will be * adding later, then don't change it and mark the key for @@ -804,12 +792,12 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, lineinfo.keytype = sshkey_type_from_name(ktype); /* - * Assume RSA1 if the first component is a short + * Assume legacy RSA1 if the first component is a short * decimal number. */ if (lineinfo.keytype == KEY_UNSPEC && l < 8 && strspn(ktype, "0123456789") == l) - lineinfo.keytype = KEY_RSA1; + goto bad; /* * Check that something other than whitespace follows diff --git a/ssh-agent.c b/ssh-agent.c index 6788287b7..cc3bffad8 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.219 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.220 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -247,6 +247,8 @@ process_request_identities(SocketEntry *e, int version) Identity *id; struct sshbuf *msg; int r; + u_char *blob; + size_t blen; if ((msg = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); @@ -256,21 +258,15 @@ process_request_identities(SocketEntry *e, int version) (r = sshbuf_put_u32(msg, tab->nentries)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); TAILQ_FOREACH(id, &tab->idlist, next) { - if (id->key->type == KEY_RSA1) { - } else { - u_char *blob; - size_t blen; - - if ((r = sshkey_to_blob(id->key, &blob, &blen)) != 0) { - error("%s: sshkey_to_blob: %s", __func__, - ssh_err(r)); - continue; - } - if ((r = sshbuf_put_string(msg, blob, blen)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); - free(blob); + if ((r = sshkey_to_blob(id->key, &blob, &blen)) != 0) { + error("%s: sshkey_to_blob: %s", __func__, + ssh_err(r)); + continue; } + if ((r = sshbuf_put_string(msg, blob, blen)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); + free(blob); if ((r = sshbuf_put_cstring(msg, id->comment)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); } @@ -639,7 +635,7 @@ process_add_smartcard_key(SocketEntry *e) count = pkcs11_add_provider(canonical_provider, pin, &keys); for (i = 0; i < count; i++) { k = keys[i]; - version = k->type == KEY_RSA1 ? 1 : 2; + version = 2; tab = idtab_lookup(version); if (lookup_identity(k, version) == NULL) { id = xcalloc(1, sizeof(Identity)); diff --git a/ssh-keygen.1 b/ssh-keygen.1 index a83388a9f..be1a169f4 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.135 2017/04/29 06:06:01 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.136 2017/04/30 23:18:44 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 29 2017 $ +.Dd $Mdocdate: April 30 2017 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -207,7 +207,7 @@ There is no way to recover a lost passphrase. If the passphrase is lost or forgotten, a new key must be generated and the corresponding public key copied to other machines. .Pp -For RSA1 keys and keys stored in the newer OpenSSH format, +For keys stored in the newer OpenSSH format, there is also a comment field in the key file that is only for convenience to the user to help identify the key. The comment can tell what the key is for, or whatever is useful. @@ -264,7 +264,7 @@ flag will be ignored. Provides a new comment. .It Fl c Requests changing the comment in the private and public key files. -This operation is only supported for RSA1 keys and keys stored in the +This operation is only supported for keys stored in the newer OpenSSH format. The program will prompt for the file containing the private keys, for the passphrase if the key has one, and for the new comment. @@ -384,7 +384,6 @@ section. Prints the contents of one or more certificates. .It Fl l Show fingerprint of specified public key file. -Private RSA1 keys are also supported. For RSA and DSA keys .Nm tries to find the matching public key file and prints its fingerprint. diff --git a/ssh-keygen.c b/ssh-keygen.c index 70d421844..51c24bc55 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.301 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.302 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -246,9 +246,6 @@ ask_filename(struct passwd *pw, const char *prompt) name = _PATH_SSH_CLIENT_ID_RSA; else { switch (sshkey_type_from_name(key_type_name)) { - case KEY_RSA1: - name = _PATH_SSH_CLIENT_IDENTITY; - break; case KEY_DSA_CERT: case KEY_DSA: name = _PATH_SSH_CLIENT_ID_DSA; @@ -320,8 +317,6 @@ do_convert_to_ssh2(struct passwd *pw, struct sshkey *k) char comment[61]; int r; - if (k->type == KEY_RSA1) - fatal("version 1 keys are not supported"); if ((r = sshkey_to_blob(k, &blob, &len)) != 0) fatal("key_to_blob failed: %s", ssh_err(r)); /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ @@ -343,7 +338,6 @@ static void do_convert_to_pkcs8(struct sshkey *k) { switch (sshkey_type_plain(k->type)) { - case KEY_RSA1: case KEY_RSA: if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) fatal("PEM_write_RSA_PUBKEY failed"); @@ -368,7 +362,6 @@ static void do_convert_to_pem(struct sshkey *k) { switch (sshkey_type_plain(k->type)) { - case KEY_RSA1: case KEY_RSA: if (!PEM_write_RSAPublicKey(stdout, k->rsa)) fatal("PEM_write_RSAPublicKey failed"); @@ -825,13 +818,6 @@ try_read_key(char **cpp) struct sshkey *ret; int r; - if ((ret = sshkey_new(KEY_RSA1)) == NULL) - fatal("sshkey_new failed"); - /* Try RSA1 */ - if ((r = sshkey_read(ret, cpp)) == 0) - return ret; - /* Try modern */ - sshkey_free(ret); if ((ret = sshkey_new(KEY_UNSPEC)) == NULL) fatal("sshkey_new failed"); if ((r = sshkey_read(ret, cpp)) == 0) @@ -1442,9 +1428,8 @@ do_change_comment(struct passwd *pw) } } - if (private->type != KEY_RSA1 && private->type != KEY_ED25519 && - !use_new_format) { - error("Comments are only supported for RSA1 or keys stored in " + if (private->type != KEY_ED25519 && !use_new_format) { + error("Comments are only supported for keys stored in " "the new format (-o)."); explicit_bzero(passphrase, strlen(passphrase)); sshkey_free(private); @@ -2241,13 +2226,11 @@ do_check_krl(struct passwd *pw, int argc, char **argv) exit(ret); } -# define RSA1_USAGE "" - static void usage(void) { fprintf(stderr, - "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n" + "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]\n" " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" @@ -2255,7 +2238,7 @@ usage(void) " ssh-keygen -y [-f input_keyfile]\n" " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" - " ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE); + " ssh-keygen -B [-f input_keyfile]\n"); #ifdef ENABLE_PKCS11 fprintf(stderr, " ssh-keygen -D pkcs11\n"); diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index d29d9d906..82bcb5d01 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.38 2015/11/08 23:24:03 jmc Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.39 2017/04/30 23:18:44 djm Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -6,7 +6,7 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" -.Dd $Mdocdate: November 8 2015 $ +.Dd $Mdocdate: April 30 2017 $ .Dt SSH-KEYSCAN 1 .Os .Sh NAME @@ -127,11 +127,6 @@ Input format: 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 .Ed .Pp -Output format for RSA1 keys: -.Bd -literal -host-or-namelist bits exponent modulus -.Ed -.Pp Output format for RSA, DSA, ECDSA, and Ed25519 keys: .Bd -literal host-or-namelist keytype base64-encoded-key diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 6a9292487..d49d79ad7 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.111 2017/04/30 23:13:25 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.112 2017/04/30 23:18:44 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -54,11 +54,13 @@ int IPv4or6 = AF_UNSPEC; int ssh_port = SSH_DEFAULT_PORT; -#define KT_RSA1 1 -#define KT_DSA 2 -#define KT_RSA 4 -#define KT_ECDSA 8 -#define KT_ED25519 16 +#define KT_DSA (1) +#define KT_RSA (1<<1) +#define KT_ECDSA (1<<2) +#define KT_ED25519 (1<<3) + +#define KT_MIN KT_DSA +#define KT_MAX KT_ED25519 int get_cert = 0; int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; @@ -94,7 +96,7 @@ typedef struct Connection { int c_plen; /* Packet length field for ssh packet */ int c_len; /* Total bytes which must be read. */ int c_off; /* Length of data read so far. */ - int c_keytype; /* Only one of KT_RSA1, KT_DSA, or KT_RSA */ + int c_keytype; /* Only one of KT_* */ sig_atomic_t c_done; /* SSH2 done */ char *c_namebase; /* Address to free for c_name and c_namelist */ char *c_name; /* Hostname of connection for errors */ @@ -435,6 +437,20 @@ congreet(int s) size_t bufsiz; con *c = &fdcon[s]; + /* send client banner */ + n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n", + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2); + if (n < 0 || (size_t)n >= sizeof(buf)) { + error("snprintf: buffer too small"); + confree(s); + return; + } + if (atomicio(vwrite, s, buf, n) != (size_t)n) { + error("write (%s): %s", c->c_name, strerror(errno)); + confree(s); + return; + } + for (;;) { memset(buf, '\0', sizeof(buf)); bufsiz = sizeof(buf); @@ -477,38 +493,14 @@ congreet(int s) c->c_ssh->compat = compat_datafellows(remote_version); else c->c_ssh->compat = 0; - if (c->c_keytype != KT_RSA1) { - if (!ssh2_capable(remote_major, remote_minor)) { - debug("%s doesn't support ssh2", c->c_name); - confree(s); - return; - } - } else if (remote_major != 1) { - debug("%s doesn't support ssh1", c->c_name); + if (!ssh2_capable(remote_major, remote_minor)) { + debug("%s doesn't support ssh2", c->c_name); confree(s); return; } fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf)); - n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n", - c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2, - c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2); - if (n < 0 || (size_t)n >= sizeof(buf)) { - error("snprintf: buffer too small"); - confree(s); - return; - } - if (atomicio(vwrite, s, buf, n) != (size_t)n) { - error("write (%s): %s", c->c_name, strerror(errno)); - confree(s); - return; - } - if (c->c_keytype != KT_RSA1) { - keygrab_ssh2(c); - confree(s); - return; - } - c->c_status = CS_SIZE; - contouch(s); + keygrab_ssh2(c); + confree(s); } static void @@ -606,7 +598,7 @@ do_host(char *host) if (name == NULL) return; - for (j = KT_RSA1; j <= KT_ED25519; j *= 2) { + for (j = KT_MIN; j <= KT_MAX; j *= 2) { if (get_keytypes & j) { while (ncon >= MAXCON) conloop(); diff --git a/ssh.c b/ssh.c index c1316f44c..ea394b0c2 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.456 2017/04/30 23:15:04 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.457 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1276,8 +1276,7 @@ main(int ac, char **av) sensitive_data.nkeys = 0; sensitive_data.keys = NULL; sensitive_data.external_keysign = 0; - if (options.rhosts_rsa_authentication || - options.hostbased_authentication) { + if (options.hostbased_authentication) { sensitive_data.nkeys = 9; sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(Key)); diff --git a/ssh.h b/ssh.h index 50467a792..6e27672df 100644 --- a/ssh.h +++ b/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.83 2015/12/11 03:19:09 djm Exp $ */ +/* $OpenBSD: ssh.h,v 1.84 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen @@ -32,7 +32,7 @@ /* * Maximum length of lines in authorized_keys file. - * Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with + * Current value permits 16kbit RSA keys and 8kbit DSA keys, with * some room for options and comments. */ #define SSH_MAX_PUBKEY_BYTES 16384 diff --git a/sshconnect.c b/sshconnect.c index d01d2c82d..28fd62104 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.276 2017/04/30 23:13:25 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.277 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1367,7 +1367,6 @@ static int show_other_keys(struct hostkeys *hostkeys, Key *key) { int type[] = { - KEY_RSA1, KEY_RSA, KEY_DSA, KEY_ECDSA, diff --git a/sshconnect2.c b/sshconnect2.c index 7e4cde151..393353db5 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.256 2017/04/28 03:24:53 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.257 2017/04/30 23:18:44 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1317,8 +1317,6 @@ pubkey_prepare(Authctxt *authctxt) /* list of keys stored in the filesystem and PKCS#11 */ for (i = 0; i < options.num_identity_files; i++) { key = options.identity_keys[i]; - if (key && key->type == KEY_RSA1) - continue; if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER) continue; options.identity_keys[i] = NULL; @@ -1471,7 +1469,7 @@ try_identity(Identity *id) key_type(id->key), id->filename); return (0); } - return (id->key->type != KEY_RSA1); + return 1; } int @@ -1764,7 +1762,6 @@ userauth_hostbased(Authctxt *authctxt) private = NULL; for (i = 0; i < authctxt->sensitive->nkeys; i++) { if (authctxt->sensitive->keys[i] == NULL || - authctxt->sensitive->keys[i]->type == KEY_RSA1 || authctxt->sensitive->keys[i]->type == KEY_UNSPEC) continue; if (match_pattern_list( diff --git a/sshd.c b/sshd.c index d18da6bdf..f128912b5 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.486 2017/04/30 23:13:25 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.487 2017/04/30 23:18:44 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1676,14 +1676,6 @@ main(int ac, char **av) key = key_load_private(options.host_key_files[i], "", NULL); pubkey = key_load_public(options.host_key_files[i], NULL); - if ((pubkey != NULL && pubkey->type == KEY_RSA1) || - (key != NULL && key->type == KEY_RSA1)) { - verbose("Ignoring RSA1 key %s", - options.host_key_files[i]); - key_free(key); - key_free(pubkey); - continue; - } if (pubkey == NULL && key != NULL) pubkey = key_demote(key); sensitive_data.host_keys[i] = key; diff --git a/sshkey.c b/sshkey.c index 1741d9b19..0f6468197 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.47 2017/04/30 23:15:04 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.48 2017/04/30 23:18:44 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -235,10 +235,6 @@ sshkey_names_valid2(const char *names, int allow_wildcard) for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { type = sshkey_type_from_name(p); - if (type == KEY_RSA1) { - free(s); - return 0; - } if (type == KEY_UNSPEC) { if (allow_wildcard) { /* @@ -247,8 +243,6 @@ sshkey_names_valid2(const char *names, int allow_wildcard) * the component is accepted. */ for (kt = keytypes; kt->type != -1; kt++) { - if (kt->type == KEY_RSA1) - continue; if (match_pattern_list(kt->name, p, 0) != 0) break; @@ -269,7 +263,6 @@ sshkey_size(const struct sshkey *k) { switch (k->type) { #ifdef WITH_OPENSSL - case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT: return BN_num_bits(k->rsa->n); @@ -472,7 +465,6 @@ sshkey_new(int type) k->ed25519_pk = NULL; switch (k->type) { #ifdef WITH_OPENSSL - case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT: if ((rsa = RSA_new()) == NULL || @@ -530,7 +522,6 @@ sshkey_add_private(struct sshkey *k) { switch (k->type) { #ifdef WITH_OPENSSL - case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT: #define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) @@ -586,7 +577,6 @@ sshkey_free(struct sshkey *k) return; switch (k->type) { #ifdef WITH_OPENSSL - case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT: if (k->rsa != NULL) @@ -664,7 +654,6 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) switch (a->type) { #ifdef WITH_OPENSSL - case KEY_RSA1: case KEY_RSA_CERT: case KEY_RSA: return a->rsa != NULL && b->rsa != NULL && @@ -881,25 +870,7 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg, r = SSH_ERR_INVALID_ARGUMENT; goto out; } - - if (k->type == KEY_RSA1) { -#ifdef WITH_OPENSSL - int nlen = BN_num_bytes(k->rsa->n); - int elen = BN_num_bytes(k->rsa->e); - - if (nlen < 0 || elen < 0 || nlen >= INT_MAX - elen) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - blob_len = nlen + elen; - if ((blob = malloc(blob_len)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - BN_bn2bin(k->rsa->n, blob); - BN_bn2bin(k->rsa->e, blob + nlen); -#endif /* WITH_OPENSSL */ - } else if ((r = to_blob(k, &blob, &blob_len, 1)) != 0) + if ((r = to_blob(k, &blob, &blob_len, 1)) != 0) goto out; if ((ret = calloc(1, SSH_DIGEST_MAX_LENGTH)) == NULL) { r = SSH_ERR_ALLOC_FAIL; @@ -1208,8 +1179,6 @@ sshkey_read(struct sshkey *ret, char **cpp) cp = *cpp; switch (ret->type) { - case KEY_RSA1: - break; case KEY_UNSPEC: case KEY_RSA: case KEY_DSA: @@ -1362,31 +1331,17 @@ sshkey_to_base64(const struct sshkey *key, char **b64p) return r; } -static int -sshkey_format_rsa1(const struct sshkey *key, struct sshbuf *b) -{ - int r = SSH_ERR_INTERNAL_ERROR; - - return r; -} - static int sshkey_format_text(const struct sshkey *key, struct sshbuf *b) { int r = SSH_ERR_INTERNAL_ERROR; char *uu = NULL; - if (key->type == KEY_RSA1) { - if ((r = sshkey_format_rsa1(key, b)) != 0) - goto out; - } else { - /* Unsupported key types handled in sshkey_to_base64() */ - if ((r = sshkey_to_base64(key, &uu)) != 0) - goto out; - if ((r = sshbuf_putf(b, "%s %s", - sshkey_ssh_name(key), uu)) != 0) - goto out; - } + if ((r = sshkey_to_base64(key, &uu)) != 0) + goto out; + if ((r = sshbuf_putf(b, "%s %s", + sshkey_ssh_name(key), uu)) != 0) + goto out; r = 0; out: free(uu); @@ -1602,7 +1557,6 @@ sshkey_generate(int type, u_int bits, struct sshkey **keyp) break; # endif /* OPENSSL_HAS_ECC */ case KEY_RSA: - case KEY_RSA1: ret = rsa_generate_private_key(bits, &k->rsa); break; #endif /* WITH_OPENSSL */ @@ -1713,7 +1667,6 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) break; # endif /* OPENSSL_HAS_ECC */ case KEY_RSA: - case KEY_RSA1: case KEY_RSA_CERT: if ((n = sshkey_new(k->type)) == NULL) return SSH_ERR_ALLOC_FAIL; @@ -2183,7 +2136,6 @@ sshkey_demote(const struct sshkey *k, struct sshkey **dkp) if ((ret = sshkey_cert_copy(k, pk)) != 0) goto fail; /* FALLTHROUGH */ - case KEY_RSA1: case KEY_RSA: if ((pk->rsa = RSA_new()) == NULL || (pk->rsa->e = BN_dup(k->rsa->e)) == NULL || @@ -2742,7 +2694,6 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) switch (k->type) { case KEY_RSA: case KEY_RSA_CERT: - case KEY_RSA1: if (RSA_blinding_on(k->rsa, NULL) != 1) { r = SSH_ERR_LIBCRYPTO_ERROR; goto out; diff --git a/sshkey.h b/sshkey.h index 1b9e42f45..0012f885d 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.15 2017/03/10 04:07:20 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.16 2017/04/30 23:18:44 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -53,7 +53,6 @@ struct sshbuf; /* Key types */ enum sshkey_types { - KEY_RSA1, KEY_RSA, KEY_DSA, KEY_ECDSA, -- cgit v1.2.3 From bd636f40911094a39c2920bf87d2ec340533c152 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 7 May 2017 23:15:59 +0000 Subject: upstream commit Refuse RSA keys <1024 bits in length. Improve reporting for keys that do not meet this requirement. ok markus@ Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c --- ssh-keygen.c | 24 ++++++++++++++++-------- ssh-rsa.c | 10 ++++++---- ssh.h | 5 +---- ssherr.c | 4 +++- ssherr.h | 3 ++- sshkey.c | 29 ++++++++++++++++++++++++----- sshkey.h | 4 ++-- 7 files changed, 54 insertions(+), 25 deletions(-) (limited to 'sshkey.c') diff --git a/ssh-keygen.c b/ssh-keygen.c index 51c24bc55..7886582d7 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.302 2017/04/30 23:18:44 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.303 2017/05/07 23:15:59 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -226,13 +226,21 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp) OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; if (*bitsp > maxbits) fatal("key bits exceeds maximum %d", maxbits); - if (type == KEY_DSA && *bitsp != 1024) - fatal("DSA keys must be 1024 bits"); - else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 1024) - fatal("Key must at least be 1024 bits"); - else if (type == KEY_ECDSA && sshkey_ecdsa_bits_to_nid(*bitsp) == -1) - fatal("Invalid ECDSA key length - valid lengths are " - "256, 384 or 521 bits"); + switch (type) { + case KEY_DSA: + if (*bitsp != 1024) + fatal("Invalid DSA key length: must be 1024 bits"); + break; + case KEY_RSA: + if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE) + fatal("Invalid RSA key length: minimum is %d bits", + SSH_RSA_MINIMUM_MODULUS_SIZE); + break; + case KEY_ECDSA: + if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1) + fatal("Invalid ECDSA key length: valid lengths are " + "256, 384 or 521 bits"); + } #endif } diff --git a/ssh-rsa.c b/ssh-rsa.c index cde05df10..e8acc01fa 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.60 2016/09/12 23:39:34 djm Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.61 2017/05/07 23:15:59 djm Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl * @@ -99,9 +99,10 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, else hash_alg = rsa_hash_alg_from_ident(alg_ident); if (key == NULL || key->rsa == NULL || hash_alg == -1 || - sshkey_type_plain(key->type) != KEY_RSA || - BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) + sshkey_type_plain(key->type) != KEY_RSA) return SSH_ERR_INVALID_ARGUMENT; + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) + return SSH_ERR_KEY_LENGTH; slen = RSA_size(key->rsa); if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) return SSH_ERR_INVALID_ARGUMENT; @@ -172,9 +173,10 @@ ssh_rsa_verify(const struct sshkey *key, if (key == NULL || key->rsa == NULL || sshkey_type_plain(key->type) != KEY_RSA || - BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE || sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) + return SSH_ERR_KEY_LENGTH; if ((b = sshbuf_from(sig, siglen)) == NULL) return SSH_ERR_ALLOC_FAIL; diff --git a/ssh.h b/ssh.h index 08d05ce29..12d800922 100644 --- a/ssh.h +++ b/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.86 2017/05/03 21:08:09 naddy Exp $ */ +/* $OpenBSD: ssh.h,v 1.87 2017/05/07 23:15:59 djm Exp $ */ /* * Author: Tatu Ylonen @@ -98,8 +98,5 @@ #define SSH_PRIVSEP_USER "sshd" #endif -/* Minimum modulus size (n) for RSA keys. */ -#define SSH_RSA_MINIMUM_MODULUS_SIZE 768 - /* Listen backlog for sshd, ssh-agent and forwarding sockets */ #define SSH_LISTEN_BACKLOG 128 diff --git a/ssherr.c b/ssherr.c index 680207063..4bd5f59cc 100644 --- a/ssherr.c +++ b/ssherr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssherr.c,v 1.5 2015/09/13 14:39:16 tim Exp $ */ +/* $OpenBSD: ssherr.c,v 1.6 2017/05/07 23:15:59 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -135,6 +135,8 @@ ssh_err(int n) return "Connection corrupted"; case SSH_ERR_PROTOCOL_ERROR: return "Protocol error"; + case SSH_ERR_KEY_LENGTH: + return "Invalid key length"; default: return "unknown error"; } diff --git a/ssherr.h b/ssherr.h index 6f771b4b7..a30781620 100644 --- a/ssherr.h +++ b/ssherr.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssherr.h,v 1.3 2015/01/30 01:13:33 djm Exp $ */ +/* $OpenBSD: ssherr.h,v 1.4 2017/05/07 23:15:59 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -77,6 +77,7 @@ #define SSH_ERR_CONN_TIMEOUT -53 #define SSH_ERR_CONN_CORRUPT -54 #define SSH_ERR_PROTOCOL_ERROR -55 +#define SSH_ERR_KEY_LENGTH -56 /* Translate a numeric error code to a human-readable error string */ const char *ssh_err(int n); diff --git a/sshkey.c b/sshkey.c index 0f6468197..6518c6f0b 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.48 2017/04/30 23:18:44 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.49 2017/05/07 23:15:59 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -1392,10 +1392,11 @@ rsa_generate_private_key(u_int bits, RSA **rsap) BIGNUM *f4 = NULL; int ret = SSH_ERR_INTERNAL_ERROR; - if (rsap == NULL || - bits < SSH_RSA_MINIMUM_MODULUS_SIZE || - bits > SSHBUF_MAX_BIGNUM * 8) + if (rsap == NULL) return SSH_ERR_INVALID_ARGUMENT; + if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE || + bits > SSHBUF_MAX_BIGNUM * 8) + return SSH_ERR_KEY_LENGTH; *rsap = NULL; if ((private = RSA_new()) == NULL || (f4 = BN_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; @@ -1423,8 +1424,10 @@ dsa_generate_private_key(u_int bits, DSA **dsap) DSA *private; int ret = SSH_ERR_INTERNAL_ERROR; - if (dsap == NULL || bits != 1024) + if (dsap == NULL) return SSH_ERR_INVALID_ARGUMENT; + if (bits != 1024) + return SSH_ERR_KEY_LENGTH; if ((private = DSA_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; @@ -1876,6 +1879,10 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, ret = SSH_ERR_INVALID_FORMAT; goto out; } + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + ret = SSH_ERR_KEY_LENGTH; + goto out; + } #ifdef DEBUG_PK RSA_print_fp(stderr, key->rsa, 8); #endif @@ -2643,6 +2650,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || (r = rsa_generate_additional_parameters(k->rsa)) != 0) goto out; + if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + r = SSH_ERR_KEY_LENGTH; + goto out; + } break; case KEY_RSA_CERT: if ((r = sshkey_froms(buf, &k)) != 0 || @@ -2653,6 +2664,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || (r = rsa_generate_additional_parameters(k->rsa)) != 0) goto out; + if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + r = SSH_ERR_KEY_LENGTH; + goto out; + } break; #endif /* WITH_OPENSSL */ case KEY_ED25519: @@ -3427,6 +3442,10 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } + if (BN_num_bits(prv->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + r = SSH_ERR_KEY_LENGTH; + goto out; + } } else if (pk->type == EVP_PKEY_DSA && (type == KEY_UNSPEC || type == KEY_DSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { diff --git a/sshkey.h b/sshkey.h index fc1956605..b0b5b2749 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.17 2017/05/03 21:08:09 naddy Exp $ */ +/* $OpenBSD: sshkey.h,v 1.18 2017/05/07 23:15:59 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -46,7 +46,7 @@ # define EC_POINT void #endif /* WITH_OPENSSL */ -#define SSH_RSA_MINIMUM_MODULUS_SIZE 768 +#define SSH_RSA_MINIMUM_MODULUS_SIZE 1024 #define SSH_KEY_MAX_SIGN_DATA_SIZE (1 << 20) struct sshbuf; -- cgit v1.2.3 From 5f02bb1f99f70bb422be8a5c2b77ef853f1db554 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 8 May 2017 06:11:06 +0000 Subject: upstream commit make requesting bad ECDSA bits yield the same error (SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6 --- sshkey.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'sshkey.c') diff --git a/sshkey.c b/sshkey.c index 6518c6f0b..f9518bd77 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.49 2017/05/07 23:15:59 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.50 2017/05/08 06:11:06 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -1504,9 +1504,10 @@ ecdsa_generate_private_key(u_int bits, int *nid, EC_KEY **ecdsap) EC_KEY *private; int ret = SSH_ERR_INTERNAL_ERROR; - if (nid == NULL || ecdsap == NULL || - (*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1) + if (nid == NULL || ecdsap == NULL) return SSH_ERR_INVALID_ARGUMENT; + if ((*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1) + return SSH_ERR_KEY_LENGTH; *ecdsap = NULL; if ((private = EC_KEY_new_by_curve_name(*nid)) == NULL) { ret = SSH_ERR_ALLOC_FAIL; -- cgit v1.2.3 From 9e509d4ec97cb3d71696f1a2f1fdad254cbbce11 Mon Sep 17 00:00:00 2001 From: "deraadt@openbsd.org" Date: Wed, 31 May 2017 09:15:42 +0000 Subject: upstream commit Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065 --- auth2-pubkey.c | 9 +++++---- authfile.c | 16 ++-------------- bitmap.c | 2 +- clientloop.c | 10 +++++----- hostfile.c | 4 ++-- krl.c | 4 ++-- misc.c | 4 ++-- scp.c | 8 ++------ session.c | 10 +++++----- ssh-pkcs11.c | 6 +++--- sshbuf.c | 16 ++++++++-------- sshkey.c | 7 ++++--- utf8.c | 4 ++-- xmalloc.c | 14 +++++++++++++- xmalloc.h | 3 ++- 15 files changed, 58 insertions(+), 59 deletions(-) (limited to 'sshkey.c') diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 7a6280f8d..271dbaf65 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.65 2017/05/30 14:29:59 markus Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.66 2017/05/31 09:15:42 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -1156,9 +1156,10 @@ auth2_record_userkey(Authctxt *authctxt, struct sshkey *key) struct sshkey **tmp; if (authctxt->nprev_userkeys >= INT_MAX || - (tmp = reallocarray(authctxt->prev_userkeys, - authctxt->nprev_userkeys + 1, sizeof(*tmp))) == NULL) - fatal("%s: reallocarray failed", __func__); + (tmp = recallocarray(authctxt->prev_userkeys, + authctxt->nprev_userkeys, authctxt->nprev_userkeys + 1, + sizeof(*tmp))) == NULL) + fatal("%s: recallocarray failed", __func__); authctxt->prev_userkeys = tmp; authctxt->prev_userkeys[authctxt->nprev_userkeys] = key; authctxt->nprev_userkeys++; diff --git a/authfile.c b/authfile.c index af4190eeb..3481e0b04 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.125 2017/05/30 08:49:32 markus Exp $ */ +/* $OpenBSD: authfile.c,v 1.126 2017/05/31 09:15:42 deraadt Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -100,25 +100,13 @@ sshkey_load_file(int fd, struct sshbuf *blob) u_char buf[1024]; size_t len; struct stat st; - int r, dontmax = 0; + int r; if (fstat(fd, &st) < 0) return SSH_ERR_SYSTEM_ERROR; if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && st.st_size > MAX_KEY_FILE_SIZE) return SSH_ERR_INVALID_FORMAT; - /* - * Pre-allocate the buffer used for the key contents and clamp its - * maximum size. This ensures that key contents are never leaked via - * implicit realloc() in the sshbuf code. - */ - if ((st.st_mode & S_IFREG) == 0 || st.st_size <= 0) { - st.st_size = 64*1024; /* 64k ought to be enough for anybody. :) */ - dontmax = 1; - } - if ((r = sshbuf_allocate(blob, st.st_size)) != 0 || - (dontmax && (r = sshbuf_set_max_size(blob, st.st_size)) != 0)) - return r; for (;;) { if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { if (errno == EPIPE) diff --git a/bitmap.c b/bitmap.c index 3d7aa1379..71f87ec54 100644 --- a/bitmap.c +++ b/bitmap.c @@ -87,7 +87,7 @@ reserve(struct bitmap *b, u_int n) return -1; /* invalid */ nlen = (n / BITMAP_BITS) + 1; if (b->len < nlen) { - if ((tmp = reallocarray(b->d, nlen, BITMAP_BYTES)) == NULL) + if ((tmp = recallocarray(b->d, b->len, nlen, BITMAP_BYTES)) == NULL) return -1; b->d = tmp; memset(b->d + b->len, 0, (nlen - b->len) * BITMAP_BYTES); diff --git a/clientloop.c b/clientloop.c index 33d6fa908..612838376 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.298 2017/05/31 07:00:13 markus Exp $ */ +/* $OpenBSD: clientloop.c,v 1.299 2017/05/31 09:15:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1812,9 +1812,9 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx) /* This line contained a key that not offered by the server */ debug3("%s: deprecated %s key at %s:%ld", __func__, sshkey_ssh_name(l->key), l->path, l->linenum); - if ((tmp = reallocarray(ctx->old_keys, ctx->nold + 1, + if ((tmp = recallocarray(ctx->old_keys, ctx->nold, ctx->nold + 1, sizeof(*ctx->old_keys))) == NULL) - fatal("%s: reallocarray failed nold = %zu", + fatal("%s: recallocarray failed nold = %zu", __func__, ctx->nold); ctx->old_keys = tmp; ctx->old_keys[ctx->nold++] = l->key; @@ -2046,9 +2046,9 @@ client_input_hostkeys(void) } } /* Key is good, record it */ - if ((tmp = reallocarray(ctx->keys, ctx->nkeys + 1, + if ((tmp = recallocarray(ctx->keys, ctx->nkeys, ctx->nkeys + 1, sizeof(*ctx->keys))) == NULL) - fatal("%s: reallocarray failed nkeys = %zu", + fatal("%s: recallocarray failed nkeys = %zu", __func__, ctx->nkeys); ctx->keys = tmp; ctx->keys[ctx->nkeys++] = key; diff --git a/hostfile.c b/hostfile.c index 1804cff99..12f174ff9 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.70 2017/04/30 23:18:44 djm Exp $ */ +/* $OpenBSD: hostfile.c,v 1.71 2017/05/31 09:15:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -251,7 +251,7 @@ record_hostkey(struct hostkey_foreach_line *l, void *_ctx) l->marker == MRK_NONE ? "" : (l->marker == MRK_CA ? "ca " : "revoked "), sshkey_type(l->key), l->path, l->linenum); - if ((tmp = reallocarray(hostkeys->entries, + if ((tmp = recallocarray(hostkeys->entries, hostkeys->num_entries, hostkeys->num_entries + 1, sizeof(*hostkeys->entries))) == NULL) return SSH_ERR_ALLOC_FAIL; hostkeys->entries = tmp; diff --git a/krl.c b/krl.c index 3f28178b7..086fc20e5 100644 --- a/krl.c +++ b/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.39 2017/03/10 07:18:32 dtucker Exp $ */ +/* $OpenBSD: krl.c,v 1.40 2017/05/31 09:15:42 deraadt Exp $ */ #include "includes.h" @@ -1026,7 +1026,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, } } /* Record keys used to sign the KRL */ - tmp_ca_used = reallocarray(ca_used, nca_used + 1, + tmp_ca_used = recallocarray(ca_used, nca_used, nca_used + 1, sizeof(*ca_used)); if (tmp_ca_used == NULL) { r = SSH_ERR_ALLOC_FAIL; diff --git a/misc.c b/misc.c index cfd32729a..af24fa5c4 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.109 2017/03/14 00:55:37 dtucker Exp $ */ +/* $OpenBSD: misc.c,v 1.110 2017/05/31 09:15:42 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -539,7 +539,7 @@ addargs(arglist *args, char *fmt, ...) } else if (args->num+2 >= nalloc) nalloc *= 2; - args->list = xreallocarray(args->list, nalloc, sizeof(char *)); + args->list = xrecallocarray(args->list, args->nalloc, nalloc, sizeof(char *)); args->nalloc = nalloc; args->list[args->num++] = cp; args->list[args->num] = NULL; diff --git a/scp.c b/scp.c index f9f48e075..a533eb097 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.191 2017/05/02 08:06:33 jmc Exp $ */ +/* $OpenBSD: scp.c,v 1.192 2017/05/31 09:15:42 deraadt Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -1368,11 +1368,7 @@ allocbuf(BUF *bp, int fd, int blksize) #endif /* HAVE_STRUCT_STAT_ST_BLKSIZE */ if (bp->cnt >= size) return (bp); - if (bp->buf == NULL) - bp->buf = xmalloc(size); - else - bp->buf = xreallocarray(bp->buf, 1, size); - memset(bp->buf, 0, size); + bp->buf = xrecallocarray(bp->buf, bp->cnt, size, 1); bp->cnt = size; return (bp); } diff --git a/session.c b/session.c index cbd27c689..4ef48ecd6 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.287 2017/05/31 08:09:45 markus Exp $ */ +/* $OpenBSD: session.c,v 1.288 2017/05/31 09:15:42 deraadt Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1711,8 +1711,8 @@ session_new(void) return NULL; debug2("%s: allocate (allocated %d max %d)", __func__, sessions_nalloc, options.max_sessions); - tmp = xreallocarray(sessions, sessions_nalloc + 1, - sizeof(*sessions)); + tmp = xrecallocarray(sessions, sessions_nalloc, + sessions_nalloc + 1, sizeof(*sessions)); if (tmp == NULL) { error("%s: cannot allocate %d sessions", __func__, sessions_nalloc + 1); @@ -2036,8 +2036,8 @@ session_env_req(Session *s) for (i = 0; i < options.num_accept_env; i++) { if (match_pattern(name, options.accept_env[i])) { debug2("Setting env %d: %s=%s", s->num_env, name, val); - s->env = xreallocarray(s->env, s->num_env + 1, - sizeof(*s->env)); + s->env = xrecallocarray(s->env, s->num_env, + s->num_env + 1, sizeof(*s->env)); s->env[s->num_env].name = name; s->env[s->num_env].val = val; s->num_env++; diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index ea97508f1..b37491c5d 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.24 2017/05/30 14:15:17 markus Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.25 2017/05/31 09:15:42 deraadt Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -546,8 +546,8 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, sshkey_free(key); } else { /* expand key array and add key */ - *keysp = xreallocarray(*keysp, *nkeys + 1, - sizeof(struct sshkey *)); + *keysp = xrecallocarray(*keysp, *nkeys, + *nkeys + 1, sizeof(struct sshkey *)); (*keysp)[*nkeys] = key; *nkeys = *nkeys + 1; debug("have %d keys", *nkeys); diff --git a/sshbuf.c b/sshbuf.c index 652c99a21..b7a90b5c2 100644 --- a/sshbuf.c +++ b/sshbuf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.c,v 1.9 2017/05/26 20:34:49 markus Exp $ */ +/* $OpenBSD: sshbuf.c,v 1.10 2017/05/31 09:15:42 deraadt Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -193,15 +193,16 @@ sshbuf_reset(struct sshbuf *buf) buf->off = buf->size; return; } - if (sshbuf_check_sanity(buf) == 0) - explicit_bzero(buf->d, buf->alloc); + (void) sshbuf_check_sanity(buf); buf->off = buf->size = 0; if (buf->alloc != SSHBUF_SIZE_INIT) { - if ((d = realloc(buf->d, SSHBUF_SIZE_INIT)) != NULL) { + if ((d = recallocarray(buf->d, buf->alloc, SSHBUF_SIZE_INIT, + 1)) != NULL) { buf->cd = buf->d = d; buf->alloc = SSHBUF_SIZE_INIT; } - } + } else + explicit_bzero(buf->d, SSHBUF_SIZE_INIT); } size_t @@ -253,9 +254,8 @@ sshbuf_set_max_size(struct sshbuf *buf, size_t max_size) rlen = ROUNDUP(buf->size, SSHBUF_SIZE_INC); if (rlen > max_size) rlen = max_size; - explicit_bzero(buf->d + buf->size, buf->alloc - buf->size); SSHBUF_DBG(("new alloc = %zu", rlen)); - if ((dp = realloc(buf->d, rlen)) == NULL) + if ((dp = recallocarray(buf->d, buf->alloc, rlen, 1)) == NULL) return SSH_ERR_ALLOC_FAIL; buf->cd = buf->d = dp; buf->alloc = rlen; @@ -344,7 +344,7 @@ sshbuf_allocate(struct sshbuf *buf, size_t len) if (rlen > buf->max_size) rlen = buf->alloc + need; SSHBUF_DBG(("adjusted rlen %zu", rlen)); - if ((dp = realloc(buf->d, rlen)) == NULL) { + if ((dp = recallocarray(buf->d, buf->alloc, rlen, 1)) == NULL) { SSHBUF_DBG(("realloc fail")); return SSH_ERR_ALLOC_FAIL; } diff --git a/sshkey.c b/sshkey.c index f9518bd77..9a3f0be58 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.50 2017/05/08 06:11:06 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.51 2017/05/31 09:15:42 deraadt Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -1764,8 +1764,9 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) goto out; } oprincipals = key->cert->principals; - key->cert->principals = reallocarray(key->cert->principals, - key->cert->nprincipals + 1, sizeof(*key->cert->principals)); + key->cert->principals = recallocarray(key->cert->principals, + key->cert->nprincipals, key->cert->nprincipals + 1, + sizeof(*key->cert->principals)); if (key->cert->principals == NULL) { free(principal); key->cert->principals = oprincipals; diff --git a/utf8.c b/utf8.c index da5778138..bc131385f 100644 --- a/utf8.c +++ b/utf8.c @@ -1,4 +1,4 @@ -/* $OpenBSD: utf8.c,v 1.6 2017/04/17 14:31:23 schwarze Exp $ */ +/* $OpenBSD: utf8.c,v 1.7 2017/05/31 09:15:42 deraadt Exp $ */ /* * Copyright (c) 2016 Ingo Schwarze * @@ -76,7 +76,7 @@ grow_dst(char **dst, size_t *sz, size_t maxsz, char **dp, size_t need) tsz = *sz + 128; if (tsz > maxsz) tsz = maxsz; - if ((tp = realloc(*dst, tsz)) == NULL) + if ((tp = recallocarray(*dst, *sz, tsz, 1)) == NULL) return -1; *dp = tp + (*dp - *dst); *dst = tp; diff --git a/xmalloc.c b/xmalloc.c index b58323677..5cc0310a4 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.c,v 1.33 2016/02/15 09:47:49 dtucker Exp $ */ +/* $OpenBSD: xmalloc.c,v 1.34 2017/05/31 09:15:42 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -77,6 +77,18 @@ xreallocarray(void *ptr, size_t nmemb, size_t size) return new_ptr; } +void * +xrecallocarray(void *ptr, size_t onmemb, size_t nmemb, size_t size) +{ + void *new_ptr; + + new_ptr = recallocarray(ptr, onmemb, nmemb, size); + if (new_ptr == NULL) + fatal("xrecallocarray: out of memory (%zu elements of %zu bytes)", + nmemb, size); + return new_ptr; +} + char * xstrdup(const char *str) { diff --git a/xmalloc.h b/xmalloc.h index e49928932..cf38ddfa4 100644 --- a/xmalloc.h +++ b/xmalloc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.h,v 1.16 2016/02/15 09:47:49 dtucker Exp $ */ +/* $OpenBSD: xmalloc.h,v 1.17 2017/05/31 09:15:42 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -20,6 +20,7 @@ void ssh_malloc_init(void); void *xmalloc(size_t); void *xcalloc(size_t, size_t); void *xreallocarray(void *, size_t, size_t); +void *xrecallocarray(void *, size_t, size_t, size_t); char *xstrdup(const char *); int xasprintf(char **, const char *, ...) __attribute__((__format__ (printf, 2, 3))) -- cgit v1.2.3 From 2076e4adb986512ce8c415dd194fd4e52136c4b4 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 9 Jun 2017 06:40:24 +0000 Subject: upstream commit better translate libcrypto errors by looking deeper in the accursed error stack for codes that indicate the wrong passphrase was supplied for a PEM key. bz#2699 ok dtucker@ Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681 --- sshkey.c | 104 +++++++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 62 insertions(+), 42 deletions(-) (limited to 'sshkey.c') diff --git a/sshkey.c b/sshkey.c index 9a3f0be58..a138a6f66 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.51 2017/05/31 09:15:42 deraadt Exp $ */ +/* $OpenBSD: sshkey.c,v 1.52 2017/06/09 06:40:24 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -1331,7 +1331,7 @@ sshkey_to_base64(const struct sshkey *key, char **b64p) return r; } -static int +int sshkey_format_text(const struct sshkey *key, struct sshbuf *b) { int r = SSH_ERR_INTERNAL_ERROR; @@ -3365,6 +3365,64 @@ sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, #ifdef WITH_OPENSSL +static int +translate_libcrypto_error(unsigned long pem_err) +{ + int pem_reason = ERR_GET_REASON(pem_err); + + switch (ERR_GET_LIB(pem_err)) { + case ERR_LIB_PEM: + switch (pem_reason) { + case PEM_R_BAD_PASSWORD_READ: + case PEM_R_PROBLEMS_GETTING_PASSWORD: + case PEM_R_BAD_DECRYPT: + return SSH_ERR_KEY_WRONG_PASSPHRASE; + default: + return SSH_ERR_INVALID_FORMAT; + } + case ERR_LIB_EVP: + switch (pem_reason) { + case EVP_R_BAD_DECRYPT: + return SSH_ERR_KEY_WRONG_PASSPHRASE; + case EVP_R_BN_DECODE_ERROR: + case EVP_R_DECODE_ERROR: +#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR + case EVP_R_PRIVATE_KEY_DECODE_ERROR: +#endif + return SSH_ERR_INVALID_FORMAT; + default: + return SSH_ERR_LIBCRYPTO_ERROR; + } + case ERR_LIB_ASN1: + return SSH_ERR_INVALID_FORMAT; + } + return SSH_ERR_LIBCRYPTO_ERROR; +} + +static void +clear_libcrypto_errors(void) +{ + while (ERR_get_error() != 0) + ; +} + +/* + * Translate OpenSSL error codes to determine whether + * passphrase is required/incorrect. + */ +static int +convert_libcrypto_error(void) +{ + /* + * Some password errors are reported at the beginning + * of the error queue. + */ + if (translate_libcrypto_error(ERR_peek_error()) == + SSH_ERR_KEY_WRONG_PASSPHRASE) + return SSH_ERR_KEY_WRONG_PASSPHRASE; + return translate_libcrypto_error(ERR_peek_last_error()); +} + static int sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, const char *passphrase, struct sshkey **keyp) @@ -3385,48 +3443,10 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, goto out; } + clear_libcrypto_errors(); if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, (char *)passphrase)) == NULL) { - unsigned long pem_err = ERR_peek_last_error(); - int pem_reason = ERR_GET_REASON(pem_err); - - /* - * Translate OpenSSL error codes to determine whether - * passphrase is required/incorrect. - */ - switch (ERR_GET_LIB(pem_err)) { - case ERR_LIB_PEM: - switch (pem_reason) { - case PEM_R_BAD_PASSWORD_READ: - case PEM_R_PROBLEMS_GETTING_PASSWORD: - case PEM_R_BAD_DECRYPT: - r = SSH_ERR_KEY_WRONG_PASSPHRASE; - goto out; - default: - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - case ERR_LIB_EVP: - switch (pem_reason) { - case EVP_R_BAD_DECRYPT: - r = SSH_ERR_KEY_WRONG_PASSPHRASE; - goto out; - case EVP_R_BN_DECODE_ERROR: - case EVP_R_DECODE_ERROR: -#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR - case EVP_R_PRIVATE_KEY_DECODE_ERROR: -#endif - r = SSH_ERR_INVALID_FORMAT; - goto out; - default: - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - case ERR_LIB_ASN1: - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - r = SSH_ERR_LIBCRYPTO_ERROR; + r = convert_libcrypto_error(); goto out; } if (pk->type == EVP_PKEY_RSA && -- cgit v1.2.3 From a98339edbc1fc21342a390f345179a9c3031bef7 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 28 Jun 2017 01:09:22 +0000 Subject: upstream commit Allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates. bz#2377 ok markus Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f --- authfd.c | 6 ++--- authfd.h | 4 ++-- ssh-keygen.1 | 22 ++++++++++++++++-- ssh-keygen.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++------- sshkey.c | 25 ++++++++++++++++---- sshkey.h | 10 ++++++-- 6 files changed, 121 insertions(+), 22 deletions(-) (limited to 'sshkey.c') diff --git a/authfd.c b/authfd.c index 8486e28b3..6c9843c87 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.103 2017/05/05 10:42:49 naddy Exp $ */ +/* $OpenBSD: authfd.c,v 1.104 2017/06/28 01:09:22 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -326,7 +326,7 @@ ssh_free_identitylist(struct ssh_identitylist *idl) /* encode signature algoritm in flag bits, so we can keep the msg format */ static u_int -agent_encode_alg(struct sshkey *key, const char *alg) +agent_encode_alg(const struct sshkey *key, const char *alg) { if (alg != NULL && key->type == KEY_RSA) { if (strcmp(alg, "rsa-sha2-256") == 0) @@ -339,7 +339,7 @@ agent_encode_alg(struct sshkey *key, const char *alg) /* ask agent to sign data, returns err.h code on error, 0 on success */ int -ssh_agent_sign(int sock, struct sshkey *key, +ssh_agent_sign(int sock, const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, const char *alg, u_int compat) { diff --git a/authfd.h b/authfd.h index 0e98331d7..43abf85da 100644 --- a/authfd.h +++ b/authfd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.h,v 1.40 2017/05/05 10:42:49 naddy Exp $ */ +/* $OpenBSD: authfd.h,v 1.41 2017/06/28 01:09:22 djm Exp $ */ /* * Author: Tatu Ylonen @@ -38,7 +38,7 @@ int ssh_remove_all_identities(int sock, int version); int ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge, u_char session_id[16], u_char response[16]); -int ssh_agent_sign(int sock, struct sshkey *key, +int ssh_agent_sign(int sock, const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, const char *alg, u_int compat); diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 786d37d51..66f8321c5 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.141 2017/05/05 10:41:58 naddy Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.142 2017/06/28 01:09:22 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 5 2017 $ +.Dd $Mdocdate: June 28 2017 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -114,6 +114,8 @@ .Fl s Ar ca_key .Fl I Ar certificate_identity .Op Fl h +.Op Fl U +.Op Fl D Ar pkcs11_provider .Op Fl n Ar principals .Op Fl O Ar option .Op Fl V Ar validity_interval @@ -558,6 +560,14 @@ The possible values are .Dq ed25519 , or .Dq rsa . +.It Fl U +When used in combination with +.Fl s , +this option indicates that a CA key resides in a +.Xr ssh-agent 1 . +See the +.Sx CERTIFICATES +section for more information. .It Fl u Update a KRL. When specified with @@ -705,6 +715,14 @@ to .Pp .Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub .Pp +Similarly, it is possible for the CA key to be hosted in a +.Xr ssh-agent 1 . +This is indicated by the +.Fl U +flag and, again, the CA key must be identified by its public half. +.Pp +.Dl $ ssh-keygen -Us ca_key.pub -I key_id user_key.pub +.Pp In all cases, .Ar key_id is a "key identifier" that is logged by the server when the certificate diff --git a/ssh-keygen.c b/ssh-keygen.c index cc3a7df18..b6b690051 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.304 2017/05/30 14:16:41 markus Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.305 2017/06/28 01:09:22 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -59,6 +59,7 @@ #include "krl.h" #include "digest.h" #include "utf8.h" +#include "authfd.h" #ifdef WITH_OPENSSL # define DEFAULT_KEY_TYPE_NAME "rsa" @@ -121,6 +122,9 @@ char *identity_comment = NULL; /* Path to CA key when certifying keys. */ char *ca_key_path = NULL; +/* Prefer to use agent keys for CA signing */ +int prefer_agent = 0; + /* Certificate serial number */ unsigned long long cert_serial = 0; @@ -1597,24 +1601,66 @@ load_pkcs11_key(char *path) #endif /* ENABLE_PKCS11 */ } +/* Signer for sshkey_certify_custom that uses the agent */ +static int +agent_signer(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, + const char *alg, u_int compat, void *ctx) +{ + int *agent_fdp = (int *)ctx; + + return ssh_agent_sign(*agent_fdp, key, sigp, lenp, + data, datalen, alg, compat); +} + static void do_ca_sign(struct passwd *pw, int argc, char **argv) { - int r, i, fd; + int r, i, fd, found, agent_fd = -1; u_int n; struct sshkey *ca, *public; char valid[64], *otmp, *tmp, *cp, *out, *comment, **plist = NULL; FILE *f; + struct ssh_identitylist *agent_ids; + size_t j; #ifdef ENABLE_PKCS11 pkcs11_init(1); #endif tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); if (pkcs11provider != NULL) { + /* If a PKCS#11 token was specified then try to use it */ if ((ca = load_pkcs11_key(tmp)) == NULL) fatal("No PKCS#11 key matching %s found", ca_key_path); - } else + } else if (prefer_agent) { + /* + * Agent signature requested. Try to use agent after making + * sure the public key specified is actually present in the + * agent. + */ + if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0) + fatal("Cannot load CA public key %s: %s", + tmp, ssh_err(r)); + if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) + fatal("Cannot use public key for CA signature: %s", + ssh_err(r)); + if ((r = ssh_fetch_identitylist(agent_fd, &agent_ids)) != 0) + fatal("Retrieve agent key list: %s", ssh_err(r)); + found = 0; + for (j = 0; j < agent_ids->nkeys; j++) { + if (sshkey_equal(ca, agent_ids->keys[j])) { + found = 1; + break; + } + } + if (!found) + fatal("CA key %s not found in agent", tmp); + ssh_free_identitylist(agent_ids); + ca->flags |= SSHKEY_FLAG_EXT; + } else { + /* CA key is assumed to be a private key on the filesystem */ ca = load_identity(tmp); + } free(tmp); if (key_type_name != NULL && @@ -1664,8 +1710,16 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) &public->cert->signature_key)) != 0) fatal("sshkey_from_private (ca key): %s", ssh_err(r)); - if ((r = sshkey_certify(public, ca, key_type_name)) != 0) - fatal("Couldn't certify key %s: %s", tmp, ssh_err(r)); + if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) { + if ((r = sshkey_certify_custom(public, ca, + key_type_name, agent_signer, &agent_fd)) != 0) + fatal("Couldn't certify key %s via agent: %s", + tmp, ssh_err(r)); + } else { + if ((sshkey_certify(public, ca, key_type_name)) != 0) + fatal("Couldn't certify key %s: %s", + tmp, ssh_err(r)); + } if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) *cp = '\0'; @@ -2261,8 +2315,9 @@ usage(void) " ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n" " [-j start_line] [-K checkpt] [-W generator]\n" #endif - " ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n" - " [-O option] [-V validity_interval] [-z serial_number] file ...\n" + " ssh-keygen -s ca_key -I certificate_identity [-h] [-U]\n" + " [-D pkcs11_provider] [-n principals] [-O option]\n" + " [-V validity_interval] [-z serial_number] file ...\n" " ssh-keygen -L [-f input_keyfile]\n" " ssh-keygen -A\n" " ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n" @@ -2320,8 +2375,8 @@ main(int argc, char **argv) if (gethostname(hostname, sizeof(hostname)) < 0) fatal("gethostname: %s", strerror(errno)); - /* Remaining characters: UYdw */ - while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy" + /* Remaining characters: Ydw */ + while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy" "C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:" "a:b:f:g:j:m:n:r:s:t:z:")) != -1) { switch (opt) { @@ -2448,6 +2503,9 @@ main(int argc, char **argv) case 'D': pkcs11provider = optarg; break; + case 'U': + prefer_agent = 1; + break; case 'u': update_krl = 1; break; diff --git a/sshkey.c b/sshkey.c index a138a6f66..acc6e3f2d 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.52 2017/06/09 06:40:24 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.53 2017/06/28 01:09:22 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2253,7 +2253,8 @@ sshkey_drop_cert(struct sshkey *k) /* Sign a certified key, (re-)generating the signed certblob. */ int -sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) +sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, + sshkey_certify_signer *signer, void *signer_ctx) { struct sshbuf *principals = NULL; u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; @@ -2342,8 +2343,8 @@ sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) goto out; /* Sign the whole mess */ - if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), - sshbuf_len(cert), alg, 0)) != 0) + if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), + sshbuf_len(cert), alg, 0, signer_ctx)) != 0) goto out; /* Append signature and we are done */ @@ -2359,6 +2360,22 @@ sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) return ret; } +static int +default_key_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, + const char *alg, u_int compat, void *ctx) +{ + if (ctx != NULL) + return SSH_ERR_INVALID_ARGUMENT; + return sshkey_sign(key, sigp, lenp, data, datalen, alg, compat); +} + +int +sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) +{ + return sshkey_certify_custom(k, ca, alg, default_key_sign, NULL); +} + int sshkey_cert_check_authority(const struct sshkey *k, int want_host, int require_principal, diff --git a/sshkey.h b/sshkey.h index 8aaa31532..d8346a57b 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.19 2017/06/13 11:22:15 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.20 2017/06/28 01:09:22 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -137,13 +137,19 @@ int sshkey_type_is_cert(int); int sshkey_type_plain(int); int sshkey_to_certified(struct sshkey *); int sshkey_drop_cert(struct sshkey *); -int sshkey_certify(struct sshkey *, struct sshkey *, const char *); int sshkey_cert_copy(const struct sshkey *, struct sshkey *); int sshkey_cert_check_authority(const struct sshkey *, int, int, const char *, const char **); size_t sshkey_format_cert_validity(const struct sshkey_cert *, char *, size_t) __attribute__((__bounded__(__string__, 2, 3))); +int sshkey_certify(struct sshkey *, struct sshkey *, const char *); +/* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ +typedef int sshkey_certify_signer(const struct sshkey *, u_char **, size_t *, + const u_char *, size_t, const char *, u_int, void *); +int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, + sshkey_certify_signer *, void *); + int sshkey_ecdsa_nid_from_name(const char *); int sshkey_curve_name_to_nid(const char *); const char * sshkey_curve_nid_to_name(int); -- cgit v1.2.3 From 83fa3a044891887369ce8b487ce88d713a04df48 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 1 Jul 2017 13:50:45 +0000 Subject: upstream commit remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f --- Makefile.in | 2 +- authfd.c | 3 +- authfile.c | 3 +- rsa.c | 188 ----------------------------------------------------------- rsa.h | 26 --------- ssh-add.c | 3 +- ssh-agent.c | 3 +- ssh-keygen.c | 5 +- ssh-rsa.c | 37 +++++++++++- sshconnect.c | 3 +- sshd.c | 3 +- sshkey.c | 7 +-- sshkey.h | 5 +- 13 files changed, 52 insertions(+), 236 deletions(-) delete mode 100644 rsa.c delete mode 100644 rsa.h (limited to 'sshkey.c') diff --git a/Makefile.in b/Makefile.in index 29d539a73..ac3907b1e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -81,7 +81,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ cipher-ctr.o cleanup.o \ compat.o crc32.o fatal.o hostfile.o \ log.o match.o moduli.o nchan.o packet.o opacket.o \ - readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ + readpass.o ttymodes.o xmalloc.o addrmatch.o \ atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \ monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ diff --git a/authfd.c b/authfd.c index 6c9843c87..a460fa350 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.104 2017/06/28 01:09:22 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.105 2017/07/01 13:50:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -51,7 +51,6 @@ #include "xmalloc.h" #include "ssh.h" -#include "rsa.h" #include "sshbuf.h" #include "sshkey.h" #include "authfd.h" diff --git a/authfile.c b/authfile.c index 3481e0b04..d09b700d2 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.126 2017/05/31 09:15:42 deraadt Exp $ */ +/* $OpenBSD: authfile.c,v 1.127 2017/07/01 13:50:45 djm Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -42,7 +42,6 @@ #include "ssh.h" #include "log.h" #include "authfile.h" -#include "rsa.h" #include "misc.h" #include "atomicio.h" #include "sshkey.h" diff --git a/rsa.c b/rsa.c deleted file mode 100644 index 5ecacef90..000000000 --- a/rsa.c +++ /dev/null @@ -1,188 +0,0 @@ -/* $OpenBSD: rsa.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - * - * - * Copyright (c) 1999 Niels Provos. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * - * Description of the RSA algorithm can be found e.g. from the following - * sources: - * - * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1994. - * - * Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to - * Computer Security. Prentice-Hall, 1989. - * - * Man Young Rhee: Cryptography and Secure Data Communications. McGraw-Hill, - * 1994. - * - * R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications - * System and Method. US Patent 4,405,829, 1983. - * - * Hans Riesel: Prime Numbers and Computer Methods for Factorization. - * Birkhauser, 1994. - * - * The RSA Frequently Asked Questions document by RSA Data Security, - * Inc., 1995. - * - * RSA in 3 lines of perl by Adam Back , 1995, as - * included below: - * - * [gone - had to be deleted - what a pity] - */ - -#include "includes.h" - -#include - -#include -#include - -#include "rsa.h" -#include "log.h" -#include "ssherr.h" - -int -rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) -{ - u_char *inbuf = NULL, *outbuf = NULL; - int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR; - - if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) - return SSH_ERR_INVALID_ARGUMENT; - - olen = BN_num_bytes(key->n); - if ((outbuf = malloc(olen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - - ilen = BN_num_bytes(in); - if ((inbuf = malloc(ilen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - BN_bn2bin(in, inbuf); - - if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key, - RSA_PKCS1_PADDING)) <= 0) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - - if (BN_bin2bn(outbuf, len, out) == NULL) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - r = 0; - - out: - if (outbuf != NULL) { - explicit_bzero(outbuf, olen); - free(outbuf); - } - if (inbuf != NULL) { - explicit_bzero(inbuf, ilen); - free(inbuf); - } - return r; -} - -int -rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) -{ - u_char *inbuf = NULL, *outbuf = NULL; - int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR; - - olen = BN_num_bytes(key->n); - if ((outbuf = malloc(olen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - - ilen = BN_num_bytes(in); - if ((inbuf = malloc(ilen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - BN_bn2bin(in, inbuf); - - if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key, - RSA_PKCS1_PADDING)) <= 0) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } else if (BN_bin2bn(outbuf, len, out) == NULL) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - r = 0; - out: - if (outbuf != NULL) { - explicit_bzero(outbuf, olen); - free(outbuf); - } - if (inbuf != NULL) { - explicit_bzero(inbuf, ilen); - free(inbuf); - } - return r; -} - -/* calculate p-1 and q-1 */ -int -rsa_generate_additional_parameters(RSA *rsa) -{ - BIGNUM *aux = NULL; - BN_CTX *ctx = NULL; - int r; - - if ((ctx = BN_CTX_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((aux = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - - if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) || - (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) || - (BN_sub(aux, rsa->p, BN_value_one()) == 0) || - (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - r = 0; - out: - BN_clear_free(aux); - BN_CTX_free(ctx); - return r; -} - diff --git a/rsa.h b/rsa.h deleted file mode 100644 index c476707d5..000000000 --- a/rsa.h +++ /dev/null @@ -1,26 +0,0 @@ -/* $OpenBSD: rsa.h,v 1.17 2014/06/24 01:13:21 djm Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * RSA key generation, encryption and decryption. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#ifndef RSA_H -#define RSA_H - -#include -#include - -int rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *); -int rsa_private_decrypt(BIGNUM *, BIGNUM *, RSA *); -int rsa_generate_additional_parameters(RSA *); - -#endif /* RSA_H */ diff --git a/ssh-add.c b/ssh-add.c index 438c1c25a..72d89db4a 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.132 2017/05/30 14:16:41 markus Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.133 2017/07/01 13:50:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -55,7 +55,6 @@ #include "xmalloc.h" #include "ssh.h" -#include "rsa.h" #include "log.h" #include "sshkey.h" #include "sshbuf.h" diff --git a/ssh-agent.c b/ssh-agent.c index 2ef8367b9..eb8c2043d 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.221 2017/04/30 23:29:10 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.222 2017/07/01 13:50:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -73,7 +73,6 @@ #include "xmalloc.h" #include "ssh.h" -#include "rsa.h" #include "sshbuf.h" #include "sshkey.h" #include "authfd.h" diff --git a/ssh-keygen.c b/ssh-keygen.c index b6b690051..d8f942f5a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.305 2017/06/28 01:09:22 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.306 2017/07/01 13:50:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -41,7 +41,6 @@ #include "xmalloc.h" #include "sshkey.h" -#include "rsa.h" #include "authfile.h" #include "uuencode.h" #include "sshbuf.h" @@ -528,7 +527,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) buffer_get_bignum_bits(b, key->rsa->iqmp); buffer_get_bignum_bits(b, key->rsa->q); buffer_get_bignum_bits(b, key->rsa->p); - if ((r = rsa_generate_additional_parameters(key->rsa)) != 0) + if ((r = ssh_rsa_generate_additional_parameters(key)) != 0) fatal("generate RSA parameters failed: %s", ssh_err(r)); break; } diff --git a/ssh-rsa.c b/ssh-rsa.c index e8acc01fa..f570ae6d4 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.61 2017/05/07 23:15:59 djm Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.62 2017/07/01 13:50:45 djm Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl * @@ -78,6 +78,41 @@ rsa_hash_alg_nid(int type) } } +/* calculate p-1 and q-1 */ +int +ssh_rsa_generate_additional_parameters(struct sshkey *key) +{ + RSA *rsa; + BIGNUM *aux = NULL; + BN_CTX *ctx = NULL; + int r; + + if (key == NULL || key->rsa == NULL || + sshkey_type_plain(key->type) != KEY_RSA) + return SSH_ERR_INVALID_ARGUMENT; + + if ((ctx = BN_CTX_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((aux = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + rsa = key->rsa; + + if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) || + (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) || + (BN_sub(aux, rsa->p, BN_value_one()) == 0) || + (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + r = 0; + out: + BN_clear_free(aux); + BN_CTX_free(ctx); + return r; +} + /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ int ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, diff --git a/sshconnect.c b/sshconnect.c index 8f527aa43..aaae5fc9f 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.282 2017/06/24 05:37:44 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.283 2017/07/01 13:50:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -48,7 +48,6 @@ #include "key.h" #include "hostfile.h" #include "ssh.h" -#include "rsa.h" #include "buffer.h" #include "packet.h" #include "uidswap.h" diff --git a/sshd.c b/sshd.c index 06cb81f27..1d19ce679 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.490 2017/05/31 08:09:45 markus Exp $ */ +/* $OpenBSD: sshd.c,v 1.491 2017/07/01 13:50:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -88,7 +88,6 @@ #include "xmalloc.h" #include "ssh.h" #include "ssh2.h" -#include "rsa.h" #include "sshpty.h" #include "packet.h" #include "log.h" diff --git a/sshkey.c b/sshkey.c index acc6e3f2d..acc396321 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.53 2017/06/28 01:09:22 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.54 2017/07/01 13:50:45 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -51,7 +51,6 @@ #include "ssherr.h" #include "misc.h" #include "sshbuf.h" -#include "rsa.h" #include "cipher.h" #include "digest.h" #define SSHKEY_INTERNAL @@ -2667,7 +2666,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || - (r = rsa_generate_additional_parameters(k->rsa)) != 0) + (r = ssh_rsa_generate_additional_parameters(k)) != 0) goto out; if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { r = SSH_ERR_KEY_LENGTH; @@ -2681,7 +2680,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || - (r = rsa_generate_additional_parameters(k->rsa)) != 0) + (r = ssh_rsa_generate_additional_parameters(k)) != 0) goto out; if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { r = SSH_ERR_KEY_LENGTH; diff --git a/sshkey.h b/sshkey.h index d8346a57b..9093eac51 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.20 2017/06/28 01:09:22 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.21 2017/07/01 13:50:45 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -196,6 +196,9 @@ int sshkey_parse_private_fileblob(struct sshbuf *buffer, int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, const char *passphrase, struct sshkey **keyp, char **commentp); +/* XXX should be internal, but used by ssh-keygen */ +int ssh_rsa_generate_additional_parameters(struct sshkey *); + #ifdef SSHKEY_INTERNAL int ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, -- cgit v1.2.3 From dc2bd308768386b02c7337120203ca477e67ba62 Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Wed, 19 Jul 2017 08:30:41 +0000 Subject: upstream commit fix support for unknown key types; ok djm@ Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48 --- sshkey.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'sshkey.c') diff --git a/sshkey.c b/sshkey.c index acc396321..d987bf5a3 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.54 2017/07/01 13:50:45 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.55 2017/07/19 08:30:41 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -1986,11 +1986,6 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, pk = NULL; break; case KEY_UNSPEC: - if ((key = sshkey_new(type)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - break; default: ret = SSH_ERR_KEY_TYPE_UNKNOWN; goto out; -- cgit v1.2.3 From 0f3455356bc284d7c6f4d3c1614d31161bd5dcc2 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 12 Aug 2017 06:42:52 +0000 Subject: upstream commit Switch from aes256-cbc to aes256-ctr for encrypting new-style private keys. The latter having the advantage of being supported for no-OpenSSL builds; bz#2754 ok markus@ Upstream-ID: 54179a2afd28f93470471030567ac40431e56909 --- sshkey.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sshkey.c') diff --git a/sshkey.c b/sshkey.c index d987bf5a3..e91c54f53 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.55 2017/07/19 08:30:41 markus Exp $ */ +/* $OpenBSD: sshkey.c,v 1.56 2017/08/12 06:42:52 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -65,7 +65,7 @@ #define KDFNAME "bcrypt" #define AUTH_MAGIC "openssh-key-v1" #define SALT_LEN 16 -#define DEFAULT_CIPHERNAME "aes256-cbc" +#define DEFAULT_CIPHERNAME "aes256-ctr" #define DEFAULT_ROUNDS 16 /* Version identification string for SSH v1 identity files. */ -- cgit v1.2.3