From 873d3e7d9a4707d0934fb4c4299354418f91b541 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 30 Apr 2017 23:18:44 +0000 Subject: upstream commit remove KEY_RSA1 ok markus@ Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133 --- sshkey.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'sshkey.h') diff --git a/sshkey.h b/sshkey.h index 1b9e42f45..0012f885d 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.15 2017/03/10 04:07:20 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.16 2017/04/30 23:18:44 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -53,7 +53,6 @@ struct sshbuf; /* Key types */ enum sshkey_types { - KEY_RSA1, KEY_RSA, KEY_DSA, KEY_ECDSA, -- cgit v1.2.3 From 768405fddf64ff83aa6ef701ebb3c1f82d98a2f3 Mon Sep 17 00:00:00 2001 From: "naddy@openbsd.org" Date: Wed, 3 May 2017 21:08:09 +0000 Subject: upstream commit remove miscellaneous SSH1 leftovers; ok markus@ Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c --- clientloop.c | 4 ++-- kex.h | 5 +---- opacket.h | 8 -------- packet.c | 21 ++------------------- packet.h | 3 +-- pathnames.h | 3 +-- ssh.h | 4 ++-- ssh_config.5 | 9 ++------- sshkey.h | 4 +--- 9 files changed, 12 insertions(+), 49 deletions(-) (limited to 'sshkey.h') diff --git a/clientloop.c b/clientloop.c index dbc2c85c6..367b682ff 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.295 2017/04/30 23:28:41 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.296 2017/05/03 21:08:09 naddy Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -942,7 +942,7 @@ print_escape_help(Buffer *b, int escape_char, int mux_client, int using_stderr) } /* - * Process the characters one by one, call with c==NULL for proto1 case. + * Process the characters one by one. */ static int process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, diff --git a/kex.h b/kex.h index 3794f2127..13b22351f 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.81 2016/09/28 21:44:52 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.82 2017/05/03 21:08:09 naddy Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -225,9 +225,6 @@ int kexc25519_shared_key(const u_char key[CURVE25519_SIZE], __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); -int -derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); - #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) void dump_digest(char *, u_char *, int); #endif diff --git a/opacket.h b/opacket.h index c487f4f40..46d31f805 100644 --- a/opacket.h +++ b/opacket.h @@ -6,7 +6,6 @@ void ssh_packet_start(struct ssh *, u_char); void ssh_packet_put_char(struct ssh *, int ch); void ssh_packet_put_int(struct ssh *, u_int value); void ssh_packet_put_int64(struct ssh *, u_int64_t value); -void ssh_packet_put_bignum(struct ssh *, BIGNUM * value); void ssh_packet_put_bignum2(struct ssh *, BIGNUM * value); void ssh_packet_put_ecpoint(struct ssh *, const EC_GROUP *, const EC_POINT *); void ssh_packet_put_string(struct ssh *, const void *buf, u_int len); @@ -17,7 +16,6 @@ void ssh_packet_send(struct ssh *); u_int ssh_packet_get_char(struct ssh *); u_int ssh_packet_get_int(struct ssh *); u_int64_t ssh_packet_get_int64(struct ssh *); -void ssh_packet_get_bignum(struct ssh *, BIGNUM * value); void ssh_packet_get_bignum2(struct ssh *, BIGNUM * value); void ssh_packet_get_ecpoint(struct ssh *, const EC_GROUP *, EC_POINT *); void *ssh_packet_get_string(struct ssh *, u_int *length_ptr); @@ -62,8 +60,6 @@ void packet_read_expect(int expected_type); ssh_packet_get_protocol_flags(active_state) #define packet_start_compression(level) \ ssh_packet_start_compression(active_state, (level)) -#define packet_set_encryption_key(key, keylen, number) \ - ssh_packet_set_encryption_key(active_state, (key), (keylen), (number)) #define packet_start(type) \ ssh_packet_start(active_state, (type)) #define packet_put_char(value) \ @@ -78,8 +74,6 @@ void packet_read_expect(int expected_type); ssh_packet_put_cstring(active_state, (str)) #define packet_put_raw(buf, len) \ ssh_packet_put_raw(active_state, (buf), (len)) -#define packet_put_bignum(value) \ - ssh_packet_put_bignum(active_state, (value)) #define packet_put_bignum2(value) \ ssh_packet_put_bignum2(active_state, (value)) #define packet_send() \ @@ -88,8 +82,6 @@ void packet_read_expect(int expected_type); ssh_packet_read(active_state) #define packet_get_int64() \ ssh_packet_get_int64(active_state) -#define packet_get_bignum(value) \ - ssh_packet_get_bignum(active_state, (value)) #define packet_get_bignum2(value) \ ssh_packet_get_bignum2(active_state, (value)) #define packet_remaining() \ diff --git a/packet.c b/packet.c index f997064cb..533bd1e61 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.252 2017/04/30 23:28:42 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.253 2017/05/03 21:08:09 naddy Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -184,10 +184,6 @@ struct session_state { u_int32_t rekey_interval; /* how often in seconds */ time_t rekey_time; /* time of last rekeying */ - /* Session key for protocol v1 */ - u_char ssh1_key[SSH_SESSION_KEY_LENGTH]; - u_int ssh1_keylen; - /* roundup current message to extra_pad bytes */ u_char extra_pad; @@ -278,8 +274,7 @@ ssh_packet_is_rekeying(struct ssh *ssh) } /* - * Sets the descriptors used for communication. Disables encryption until - * packet_set_encryption_key is called. + * Sets the descriptors used for communication. */ struct ssh * ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out) @@ -796,18 +791,6 @@ uncompress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) /* NOTREACHED */ } -/* - * Causes any further packets to be encrypted using the given key. The same - * key is used for both sending and reception. However, both directions are - * encrypted independently of each other. - */ - -void -ssh_packet_set_encryption_key(struct ssh *ssh, const u_char *key, u_int keylen, int number) -{ - fatal("no SSH protocol 1 support"); -} - int ssh_set_newkeys(struct ssh *ssh, int mode) { diff --git a/packet.h b/packet.h index b169f4ea1..b82f45a75 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.78 2017/04/30 23:23:54 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.79 2017/05/03 21:08:09 naddy Exp $ */ /* * Author: Tatu Ylonen @@ -93,7 +93,6 @@ void ssh_packet_set_nonblocking(struct ssh *); int ssh_packet_get_connection_in(struct ssh *); int ssh_packet_get_connection_out(struct ssh *); void ssh_packet_close(struct ssh *); -void ssh_packet_set_encryption_key(struct ssh *, const u_char *, u_int, int); void ssh_packet_set_input_hook(struct ssh *, ssh_packet_hook_fn *, void *); int ssh_packet_is_rekeying(struct ssh *); diff --git a/pathnames.h b/pathnames.h index a8deb9fc6..cff672e2f 100644 --- a/pathnames.h +++ b/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.25 2016/03/31 05:24:06 dtucker Exp $ */ +/* $OpenBSD: pathnames.h,v 1.26 2017/05/03 21:08:09 naddy Exp $ */ /* * Author: Tatu Ylonen @@ -36,7 +36,6 @@ */ #define _PATH_SERVER_CONFIG_FILE SSHDIR "/sshd_config" #define _PATH_HOST_CONFIG_FILE SSHDIR "/ssh_config" -#define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key" #define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key" #define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key" #define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key" diff --git a/ssh.h b/ssh.h index 882768c5f..08d05ce29 100644 --- a/ssh.h +++ b/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.85 2017/04/30 23:28:12 djm Exp $ */ +/* $OpenBSD: ssh.h,v 1.86 2017/05/03 21:08:09 naddy Exp $ */ /* * Author: Tatu Ylonen @@ -47,7 +47,7 @@ #define PROTOCOL_MAJOR_1 1 #define PROTOCOL_MINOR_1 5 -/* We support both SSH2 */ +/* We support only SSH2 */ #define PROTOCOL_MAJOR_2 2 #define PROTOCOL_MINOR_2 0 diff --git a/ssh_config.5 b/ssh_config.5 index a565f330d..e8e51d2cb 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.245 2017/04/30 23:18:22 djm Exp $ -.Dd $Mdocdate: April 30 2017 $ +.\" $OpenBSD: ssh_config.5,v 1.246 2017/05/03 21:08:09 naddy Exp $ +.Dd $Mdocdate: May 3 2017 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1564,11 +1564,6 @@ If set to .Cm yes , .Xr ssh 1 must be setuid root. -Note that this option must be set to -.Cm yes -for -.Cm RhostsRSAAuthentication -with older servers. .It Cm User Specifies the user to log in as. This can be useful when a different user name is used on different machines. diff --git a/sshkey.h b/sshkey.h index 0012f885d..fc1956605 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.16 2017/04/30 23:18:44 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.17 2017/05/03 21:08:09 naddy Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -184,8 +184,6 @@ int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, const char *passphrase, const char *comment, int force_new_format, const char *new_format_cipher, int new_format_rounds); -int sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob, - struct sshkey **keyp, char **commentp); int sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, struct sshkey **keyp, char **commentp); int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, -- cgit v1.2.3 From bd636f40911094a39c2920bf87d2ec340533c152 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 7 May 2017 23:15:59 +0000 Subject: upstream commit Refuse RSA keys <1024 bits in length. Improve reporting for keys that do not meet this requirement. ok markus@ Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c --- ssh-keygen.c | 24 ++++++++++++++++-------- ssh-rsa.c | 10 ++++++---- ssh.h | 5 +---- ssherr.c | 4 +++- ssherr.h | 3 ++- sshkey.c | 29 ++++++++++++++++++++++++----- sshkey.h | 4 ++-- 7 files changed, 54 insertions(+), 25 deletions(-) (limited to 'sshkey.h') diff --git a/ssh-keygen.c b/ssh-keygen.c index 51c24bc55..7886582d7 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.302 2017/04/30 23:18:44 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.303 2017/05/07 23:15:59 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -226,13 +226,21 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp) OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; if (*bitsp > maxbits) fatal("key bits exceeds maximum %d", maxbits); - if (type == KEY_DSA && *bitsp != 1024) - fatal("DSA keys must be 1024 bits"); - else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 1024) - fatal("Key must at least be 1024 bits"); - else if (type == KEY_ECDSA && sshkey_ecdsa_bits_to_nid(*bitsp) == -1) - fatal("Invalid ECDSA key length - valid lengths are " - "256, 384 or 521 bits"); + switch (type) { + case KEY_DSA: + if (*bitsp != 1024) + fatal("Invalid DSA key length: must be 1024 bits"); + break; + case KEY_RSA: + if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE) + fatal("Invalid RSA key length: minimum is %d bits", + SSH_RSA_MINIMUM_MODULUS_SIZE); + break; + case KEY_ECDSA: + if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1) + fatal("Invalid ECDSA key length: valid lengths are " + "256, 384 or 521 bits"); + } #endif } diff --git a/ssh-rsa.c b/ssh-rsa.c index cde05df10..e8acc01fa 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.60 2016/09/12 23:39:34 djm Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.61 2017/05/07 23:15:59 djm Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl * @@ -99,9 +99,10 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, else hash_alg = rsa_hash_alg_from_ident(alg_ident); if (key == NULL || key->rsa == NULL || hash_alg == -1 || - sshkey_type_plain(key->type) != KEY_RSA || - BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) + sshkey_type_plain(key->type) != KEY_RSA) return SSH_ERR_INVALID_ARGUMENT; + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) + return SSH_ERR_KEY_LENGTH; slen = RSA_size(key->rsa); if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) return SSH_ERR_INVALID_ARGUMENT; @@ -172,9 +173,10 @@ ssh_rsa_verify(const struct sshkey *key, if (key == NULL || key->rsa == NULL || sshkey_type_plain(key->type) != KEY_RSA || - BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE || sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) + return SSH_ERR_KEY_LENGTH; if ((b = sshbuf_from(sig, siglen)) == NULL) return SSH_ERR_ALLOC_FAIL; diff --git a/ssh.h b/ssh.h index 08d05ce29..12d800922 100644 --- a/ssh.h +++ b/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.86 2017/05/03 21:08:09 naddy Exp $ */ +/* $OpenBSD: ssh.h,v 1.87 2017/05/07 23:15:59 djm Exp $ */ /* * Author: Tatu Ylonen @@ -98,8 +98,5 @@ #define SSH_PRIVSEP_USER "sshd" #endif -/* Minimum modulus size (n) for RSA keys. */ -#define SSH_RSA_MINIMUM_MODULUS_SIZE 768 - /* Listen backlog for sshd, ssh-agent and forwarding sockets */ #define SSH_LISTEN_BACKLOG 128 diff --git a/ssherr.c b/ssherr.c index 680207063..4bd5f59cc 100644 --- a/ssherr.c +++ b/ssherr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssherr.c,v 1.5 2015/09/13 14:39:16 tim Exp $ */ +/* $OpenBSD: ssherr.c,v 1.6 2017/05/07 23:15:59 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -135,6 +135,8 @@ ssh_err(int n) return "Connection corrupted"; case SSH_ERR_PROTOCOL_ERROR: return "Protocol error"; + case SSH_ERR_KEY_LENGTH: + return "Invalid key length"; default: return "unknown error"; } diff --git a/ssherr.h b/ssherr.h index 6f771b4b7..a30781620 100644 --- a/ssherr.h +++ b/ssherr.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssherr.h,v 1.3 2015/01/30 01:13:33 djm Exp $ */ +/* $OpenBSD: ssherr.h,v 1.4 2017/05/07 23:15:59 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -77,6 +77,7 @@ #define SSH_ERR_CONN_TIMEOUT -53 #define SSH_ERR_CONN_CORRUPT -54 #define SSH_ERR_PROTOCOL_ERROR -55 +#define SSH_ERR_KEY_LENGTH -56 /* Translate a numeric error code to a human-readable error string */ const char *ssh_err(int n); diff --git a/sshkey.c b/sshkey.c index 0f6468197..6518c6f0b 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.48 2017/04/30 23:18:44 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.49 2017/05/07 23:15:59 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -1392,10 +1392,11 @@ rsa_generate_private_key(u_int bits, RSA **rsap) BIGNUM *f4 = NULL; int ret = SSH_ERR_INTERNAL_ERROR; - if (rsap == NULL || - bits < SSH_RSA_MINIMUM_MODULUS_SIZE || - bits > SSHBUF_MAX_BIGNUM * 8) + if (rsap == NULL) return SSH_ERR_INVALID_ARGUMENT; + if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE || + bits > SSHBUF_MAX_BIGNUM * 8) + return SSH_ERR_KEY_LENGTH; *rsap = NULL; if ((private = RSA_new()) == NULL || (f4 = BN_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; @@ -1423,8 +1424,10 @@ dsa_generate_private_key(u_int bits, DSA **dsap) DSA *private; int ret = SSH_ERR_INTERNAL_ERROR; - if (dsap == NULL || bits != 1024) + if (dsap == NULL) return SSH_ERR_INVALID_ARGUMENT; + if (bits != 1024) + return SSH_ERR_KEY_LENGTH; if ((private = DSA_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; @@ -1876,6 +1879,10 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, ret = SSH_ERR_INVALID_FORMAT; goto out; } + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + ret = SSH_ERR_KEY_LENGTH; + goto out; + } #ifdef DEBUG_PK RSA_print_fp(stderr, key->rsa, 8); #endif @@ -2643,6 +2650,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || (r = rsa_generate_additional_parameters(k->rsa)) != 0) goto out; + if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + r = SSH_ERR_KEY_LENGTH; + goto out; + } break; case KEY_RSA_CERT: if ((r = sshkey_froms(buf, &k)) != 0 || @@ -2653,6 +2664,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || (r = rsa_generate_additional_parameters(k->rsa)) != 0) goto out; + if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + r = SSH_ERR_KEY_LENGTH; + goto out; + } break; #endif /* WITH_OPENSSL */ case KEY_ED25519: @@ -3427,6 +3442,10 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } + if (BN_num_bits(prv->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + r = SSH_ERR_KEY_LENGTH; + goto out; + } } else if (pk->type == EVP_PKEY_DSA && (type == KEY_UNSPEC || type == KEY_DSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { diff --git a/sshkey.h b/sshkey.h index fc1956605..b0b5b2749 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.17 2017/05/03 21:08:09 naddy Exp $ */ +/* $OpenBSD: sshkey.h,v 1.18 2017/05/07 23:15:59 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -46,7 +46,7 @@ # define EC_POINT void #endif /* WITH_OPENSSL */ -#define SSH_RSA_MINIMUM_MODULUS_SIZE 768 +#define SSH_RSA_MINIMUM_MODULUS_SIZE 1024 #define SSH_KEY_MAX_SIGN_DATA_SIZE (1 << 20) struct sshbuf; -- cgit v1.2.3 From 6026f48dfca78b713e4a7f681ffa42a0afe0929e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 13 Jun 2017 11:22:15 +0000 Subject: upstream commit missing prototype. Upstream-ID: f443d2be9910fd2165a0667956d03343c46f66c9 --- sshkey.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sshkey.h') diff --git a/sshkey.h b/sshkey.h index b0b5b2749..8aaa31532 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.18 2017/05/07 23:15:59 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.19 2017/06/13 11:22:15 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -124,6 +124,7 @@ int sshkey_fingerprint_raw(const struct sshkey *k, int, u_char **retp, size_t *lenp); const char *sshkey_type(const struct sshkey *); const char *sshkey_cert_type(const struct sshkey *); +int sshkey_format_text(const struct sshkey *, struct sshbuf *); int sshkey_write(const struct sshkey *, FILE *); int sshkey_read(struct sshkey *, char **); u_int sshkey_size(const struct sshkey *); -- cgit v1.2.3 From a98339edbc1fc21342a390f345179a9c3031bef7 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 28 Jun 2017 01:09:22 +0000 Subject: upstream commit Allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates. bz#2377 ok markus Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f --- authfd.c | 6 ++--- authfd.h | 4 ++-- ssh-keygen.1 | 22 ++++++++++++++++-- ssh-keygen.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++------- sshkey.c | 25 ++++++++++++++++---- sshkey.h | 10 ++++++-- 6 files changed, 121 insertions(+), 22 deletions(-) (limited to 'sshkey.h') diff --git a/authfd.c b/authfd.c index 8486e28b3..6c9843c87 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.103 2017/05/05 10:42:49 naddy Exp $ */ +/* $OpenBSD: authfd.c,v 1.104 2017/06/28 01:09:22 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -326,7 +326,7 @@ ssh_free_identitylist(struct ssh_identitylist *idl) /* encode signature algoritm in flag bits, so we can keep the msg format */ static u_int -agent_encode_alg(struct sshkey *key, const char *alg) +agent_encode_alg(const struct sshkey *key, const char *alg) { if (alg != NULL && key->type == KEY_RSA) { if (strcmp(alg, "rsa-sha2-256") == 0) @@ -339,7 +339,7 @@ agent_encode_alg(struct sshkey *key, const char *alg) /* ask agent to sign data, returns err.h code on error, 0 on success */ int -ssh_agent_sign(int sock, struct sshkey *key, +ssh_agent_sign(int sock, const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, const char *alg, u_int compat) { diff --git a/authfd.h b/authfd.h index 0e98331d7..43abf85da 100644 --- a/authfd.h +++ b/authfd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.h,v 1.40 2017/05/05 10:42:49 naddy Exp $ */ +/* $OpenBSD: authfd.h,v 1.41 2017/06/28 01:09:22 djm Exp $ */ /* * Author: Tatu Ylonen @@ -38,7 +38,7 @@ int ssh_remove_all_identities(int sock, int version); int ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge, u_char session_id[16], u_char response[16]); -int ssh_agent_sign(int sock, struct sshkey *key, +int ssh_agent_sign(int sock, const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, const char *alg, u_int compat); diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 786d37d51..66f8321c5 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.141 2017/05/05 10:41:58 naddy Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.142 2017/06/28 01:09:22 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 5 2017 $ +.Dd $Mdocdate: June 28 2017 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -114,6 +114,8 @@ .Fl s Ar ca_key .Fl I Ar certificate_identity .Op Fl h +.Op Fl U +.Op Fl D Ar pkcs11_provider .Op Fl n Ar principals .Op Fl O Ar option .Op Fl V Ar validity_interval @@ -558,6 +560,14 @@ The possible values are .Dq ed25519 , or .Dq rsa . +.It Fl U +When used in combination with +.Fl s , +this option indicates that a CA key resides in a +.Xr ssh-agent 1 . +See the +.Sx CERTIFICATES +section for more information. .It Fl u Update a KRL. When specified with @@ -705,6 +715,14 @@ to .Pp .Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub .Pp +Similarly, it is possible for the CA key to be hosted in a +.Xr ssh-agent 1 . +This is indicated by the +.Fl U +flag and, again, the CA key must be identified by its public half. +.Pp +.Dl $ ssh-keygen -Us ca_key.pub -I key_id user_key.pub +.Pp In all cases, .Ar key_id is a "key identifier" that is logged by the server when the certificate diff --git a/ssh-keygen.c b/ssh-keygen.c index cc3a7df18..b6b690051 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.304 2017/05/30 14:16:41 markus Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.305 2017/06/28 01:09:22 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -59,6 +59,7 @@ #include "krl.h" #include "digest.h" #include "utf8.h" +#include "authfd.h" #ifdef WITH_OPENSSL # define DEFAULT_KEY_TYPE_NAME "rsa" @@ -121,6 +122,9 @@ char *identity_comment = NULL; /* Path to CA key when certifying keys. */ char *ca_key_path = NULL; +/* Prefer to use agent keys for CA signing */ +int prefer_agent = 0; + /* Certificate serial number */ unsigned long long cert_serial = 0; @@ -1597,24 +1601,66 @@ load_pkcs11_key(char *path) #endif /* ENABLE_PKCS11 */ } +/* Signer for sshkey_certify_custom that uses the agent */ +static int +agent_signer(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, + const char *alg, u_int compat, void *ctx) +{ + int *agent_fdp = (int *)ctx; + + return ssh_agent_sign(*agent_fdp, key, sigp, lenp, + data, datalen, alg, compat); +} + static void do_ca_sign(struct passwd *pw, int argc, char **argv) { - int r, i, fd; + int r, i, fd, found, agent_fd = -1; u_int n; struct sshkey *ca, *public; char valid[64], *otmp, *tmp, *cp, *out, *comment, **plist = NULL; FILE *f; + struct ssh_identitylist *agent_ids; + size_t j; #ifdef ENABLE_PKCS11 pkcs11_init(1); #endif tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); if (pkcs11provider != NULL) { + /* If a PKCS#11 token was specified then try to use it */ if ((ca = load_pkcs11_key(tmp)) == NULL) fatal("No PKCS#11 key matching %s found", ca_key_path); - } else + } else if (prefer_agent) { + /* + * Agent signature requested. Try to use agent after making + * sure the public key specified is actually present in the + * agent. + */ + if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0) + fatal("Cannot load CA public key %s: %s", + tmp, ssh_err(r)); + if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) + fatal("Cannot use public key for CA signature: %s", + ssh_err(r)); + if ((r = ssh_fetch_identitylist(agent_fd, &agent_ids)) != 0) + fatal("Retrieve agent key list: %s", ssh_err(r)); + found = 0; + for (j = 0; j < agent_ids->nkeys; j++) { + if (sshkey_equal(ca, agent_ids->keys[j])) { + found = 1; + break; + } + } + if (!found) + fatal("CA key %s not found in agent", tmp); + ssh_free_identitylist(agent_ids); + ca->flags |= SSHKEY_FLAG_EXT; + } else { + /* CA key is assumed to be a private key on the filesystem */ ca = load_identity(tmp); + } free(tmp); if (key_type_name != NULL && @@ -1664,8 +1710,16 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) &public->cert->signature_key)) != 0) fatal("sshkey_from_private (ca key): %s", ssh_err(r)); - if ((r = sshkey_certify(public, ca, key_type_name)) != 0) - fatal("Couldn't certify key %s: %s", tmp, ssh_err(r)); + if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) { + if ((r = sshkey_certify_custom(public, ca, + key_type_name, agent_signer, &agent_fd)) != 0) + fatal("Couldn't certify key %s via agent: %s", + tmp, ssh_err(r)); + } else { + if ((sshkey_certify(public, ca, key_type_name)) != 0) + fatal("Couldn't certify key %s: %s", + tmp, ssh_err(r)); + } if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) *cp = '\0'; @@ -2261,8 +2315,9 @@ usage(void) " ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n" " [-j start_line] [-K checkpt] [-W generator]\n" #endif - " ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n" - " [-O option] [-V validity_interval] [-z serial_number] file ...\n" + " ssh-keygen -s ca_key -I certificate_identity [-h] [-U]\n" + " [-D pkcs11_provider] [-n principals] [-O option]\n" + " [-V validity_interval] [-z serial_number] file ...\n" " ssh-keygen -L [-f input_keyfile]\n" " ssh-keygen -A\n" " ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n" @@ -2320,8 +2375,8 @@ main(int argc, char **argv) if (gethostname(hostname, sizeof(hostname)) < 0) fatal("gethostname: %s", strerror(errno)); - /* Remaining characters: UYdw */ - while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy" + /* Remaining characters: Ydw */ + while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy" "C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:" "a:b:f:g:j:m:n:r:s:t:z:")) != -1) { switch (opt) { @@ -2448,6 +2503,9 @@ main(int argc, char **argv) case 'D': pkcs11provider = optarg; break; + case 'U': + prefer_agent = 1; + break; case 'u': update_krl = 1; break; diff --git a/sshkey.c b/sshkey.c index a138a6f66..acc6e3f2d 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.52 2017/06/09 06:40:24 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.53 2017/06/28 01:09:22 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2253,7 +2253,8 @@ sshkey_drop_cert(struct sshkey *k) /* Sign a certified key, (re-)generating the signed certblob. */ int -sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) +sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, + sshkey_certify_signer *signer, void *signer_ctx) { struct sshbuf *principals = NULL; u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; @@ -2342,8 +2343,8 @@ sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) goto out; /* Sign the whole mess */ - if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), - sshbuf_len(cert), alg, 0)) != 0) + if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), + sshbuf_len(cert), alg, 0, signer_ctx)) != 0) goto out; /* Append signature and we are done */ @@ -2359,6 +2360,22 @@ sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) return ret; } +static int +default_key_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, + const char *alg, u_int compat, void *ctx) +{ + if (ctx != NULL) + return SSH_ERR_INVALID_ARGUMENT; + return sshkey_sign(key, sigp, lenp, data, datalen, alg, compat); +} + +int +sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) +{ + return sshkey_certify_custom(k, ca, alg, default_key_sign, NULL); +} + int sshkey_cert_check_authority(const struct sshkey *k, int want_host, int require_principal, diff --git a/sshkey.h b/sshkey.h index 8aaa31532..d8346a57b 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.19 2017/06/13 11:22:15 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.20 2017/06/28 01:09:22 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -137,13 +137,19 @@ int sshkey_type_is_cert(int); int sshkey_type_plain(int); int sshkey_to_certified(struct sshkey *); int sshkey_drop_cert(struct sshkey *); -int sshkey_certify(struct sshkey *, struct sshkey *, const char *); int sshkey_cert_copy(const struct sshkey *, struct sshkey *); int sshkey_cert_check_authority(const struct sshkey *, int, int, const char *, const char **); size_t sshkey_format_cert_validity(const struct sshkey_cert *, char *, size_t) __attribute__((__bounded__(__string__, 2, 3))); +int sshkey_certify(struct sshkey *, struct sshkey *, const char *); +/* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ +typedef int sshkey_certify_signer(const struct sshkey *, u_char **, size_t *, + const u_char *, size_t, const char *, u_int, void *); +int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, + sshkey_certify_signer *, void *); + int sshkey_ecdsa_nid_from_name(const char *); int sshkey_curve_name_to_nid(const char *); const char * sshkey_curve_nid_to_name(int); -- cgit v1.2.3 From 83fa3a044891887369ce8b487ce88d713a04df48 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 1 Jul 2017 13:50:45 +0000 Subject: upstream commit remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f --- Makefile.in | 2 +- authfd.c | 3 +- authfile.c | 3 +- rsa.c | 188 ----------------------------------------------------------- rsa.h | 26 --------- ssh-add.c | 3 +- ssh-agent.c | 3 +- ssh-keygen.c | 5 +- ssh-rsa.c | 37 +++++++++++- sshconnect.c | 3 +- sshd.c | 3 +- sshkey.c | 7 +-- sshkey.h | 5 +- 13 files changed, 52 insertions(+), 236 deletions(-) delete mode 100644 rsa.c delete mode 100644 rsa.h (limited to 'sshkey.h') diff --git a/Makefile.in b/Makefile.in index 29d539a73..ac3907b1e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -81,7 +81,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ cipher-ctr.o cleanup.o \ compat.o crc32.o fatal.o hostfile.o \ log.o match.o moduli.o nchan.o packet.o opacket.o \ - readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ + readpass.o ttymodes.o xmalloc.o addrmatch.o \ atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \ monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ diff --git a/authfd.c b/authfd.c index 6c9843c87..a460fa350 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.104 2017/06/28 01:09:22 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.105 2017/07/01 13:50:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -51,7 +51,6 @@ #include "xmalloc.h" #include "ssh.h" -#include "rsa.h" #include "sshbuf.h" #include "sshkey.h" #include "authfd.h" diff --git a/authfile.c b/authfile.c index 3481e0b04..d09b700d2 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.126 2017/05/31 09:15:42 deraadt Exp $ */ +/* $OpenBSD: authfile.c,v 1.127 2017/07/01 13:50:45 djm Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -42,7 +42,6 @@ #include "ssh.h" #include "log.h" #include "authfile.h" -#include "rsa.h" #include "misc.h" #include "atomicio.h" #include "sshkey.h" diff --git a/rsa.c b/rsa.c deleted file mode 100644 index 5ecacef90..000000000 --- a/rsa.c +++ /dev/null @@ -1,188 +0,0 @@ -/* $OpenBSD: rsa.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - * - * - * Copyright (c) 1999 Niels Provos. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * - * Description of the RSA algorithm can be found e.g. from the following - * sources: - * - * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1994. - * - * Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to - * Computer Security. Prentice-Hall, 1989. - * - * Man Young Rhee: Cryptography and Secure Data Communications. McGraw-Hill, - * 1994. - * - * R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications - * System and Method. US Patent 4,405,829, 1983. - * - * Hans Riesel: Prime Numbers and Computer Methods for Factorization. - * Birkhauser, 1994. - * - * The RSA Frequently Asked Questions document by RSA Data Security, - * Inc., 1995. - * - * RSA in 3 lines of perl by Adam Back , 1995, as - * included below: - * - * [gone - had to be deleted - what a pity] - */ - -#include "includes.h" - -#include - -#include -#include - -#include "rsa.h" -#include "log.h" -#include "ssherr.h" - -int -rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) -{ - u_char *inbuf = NULL, *outbuf = NULL; - int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR; - - if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) - return SSH_ERR_INVALID_ARGUMENT; - - olen = BN_num_bytes(key->n); - if ((outbuf = malloc(olen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - - ilen = BN_num_bytes(in); - if ((inbuf = malloc(ilen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - BN_bn2bin(in, inbuf); - - if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key, - RSA_PKCS1_PADDING)) <= 0) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - - if (BN_bin2bn(outbuf, len, out) == NULL) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - r = 0; - - out: - if (outbuf != NULL) { - explicit_bzero(outbuf, olen); - free(outbuf); - } - if (inbuf != NULL) { - explicit_bzero(inbuf, ilen); - free(inbuf); - } - return r; -} - -int -rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) -{ - u_char *inbuf = NULL, *outbuf = NULL; - int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR; - - olen = BN_num_bytes(key->n); - if ((outbuf = malloc(olen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - - ilen = BN_num_bytes(in); - if ((inbuf = malloc(ilen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - BN_bn2bin(in, inbuf); - - if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key, - RSA_PKCS1_PADDING)) <= 0) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } else if (BN_bin2bn(outbuf, len, out) == NULL) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - r = 0; - out: - if (outbuf != NULL) { - explicit_bzero(outbuf, olen); - free(outbuf); - } - if (inbuf != NULL) { - explicit_bzero(inbuf, ilen); - free(inbuf); - } - return r; -} - -/* calculate p-1 and q-1 */ -int -rsa_generate_additional_parameters(RSA *rsa) -{ - BIGNUM *aux = NULL; - BN_CTX *ctx = NULL; - int r; - - if ((ctx = BN_CTX_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((aux = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - - if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) || - (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) || - (BN_sub(aux, rsa->p, BN_value_one()) == 0) || - (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - r = 0; - out: - BN_clear_free(aux); - BN_CTX_free(ctx); - return r; -} - diff --git a/rsa.h b/rsa.h deleted file mode 100644 index c476707d5..000000000 --- a/rsa.h +++ /dev/null @@ -1,26 +0,0 @@ -/* $OpenBSD: rsa.h,v 1.17 2014/06/24 01:13:21 djm Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * RSA key generation, encryption and decryption. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#ifndef RSA_H -#define RSA_H - -#include -#include - -int rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *); -int rsa_private_decrypt(BIGNUM *, BIGNUM *, RSA *); -int rsa_generate_additional_parameters(RSA *); - -#endif /* RSA_H */ diff --git a/ssh-add.c b/ssh-add.c index 438c1c25a..72d89db4a 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.132 2017/05/30 14:16:41 markus Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.133 2017/07/01 13:50:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -55,7 +55,6 @@ #include "xmalloc.h" #include "ssh.h" -#include "rsa.h" #include "log.h" #include "sshkey.h" #include "sshbuf.h" diff --git a/ssh-agent.c b/ssh-agent.c index 2ef8367b9..eb8c2043d 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.221 2017/04/30 23:29:10 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.222 2017/07/01 13:50:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -73,7 +73,6 @@ #include "xmalloc.h" #include "ssh.h" -#include "rsa.h" #include "sshbuf.h" #include "sshkey.h" #include "authfd.h" diff --git a/ssh-keygen.c b/ssh-keygen.c index b6b690051..d8f942f5a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.305 2017/06/28 01:09:22 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.306 2017/07/01 13:50:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -41,7 +41,6 @@ #include "xmalloc.h" #include "sshkey.h" -#include "rsa.h" #include "authfile.h" #include "uuencode.h" #include "sshbuf.h" @@ -528,7 +527,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) buffer_get_bignum_bits(b, key->rsa->iqmp); buffer_get_bignum_bits(b, key->rsa->q); buffer_get_bignum_bits(b, key->rsa->p); - if ((r = rsa_generate_additional_parameters(key->rsa)) != 0) + if ((r = ssh_rsa_generate_additional_parameters(key)) != 0) fatal("generate RSA parameters failed: %s", ssh_err(r)); break; } diff --git a/ssh-rsa.c b/ssh-rsa.c index e8acc01fa..f570ae6d4 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.61 2017/05/07 23:15:59 djm Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.62 2017/07/01 13:50:45 djm Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl * @@ -78,6 +78,41 @@ rsa_hash_alg_nid(int type) } } +/* calculate p-1 and q-1 */ +int +ssh_rsa_generate_additional_parameters(struct sshkey *key) +{ + RSA *rsa; + BIGNUM *aux = NULL; + BN_CTX *ctx = NULL; + int r; + + if (key == NULL || key->rsa == NULL || + sshkey_type_plain(key->type) != KEY_RSA) + return SSH_ERR_INVALID_ARGUMENT; + + if ((ctx = BN_CTX_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((aux = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + rsa = key->rsa; + + if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) || + (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) || + (BN_sub(aux, rsa->p, BN_value_one()) == 0) || + (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + r = 0; + out: + BN_clear_free(aux); + BN_CTX_free(ctx); + return r; +} + /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ int ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, diff --git a/sshconnect.c b/sshconnect.c index 8f527aa43..aaae5fc9f 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.282 2017/06/24 05:37:44 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.283 2017/07/01 13:50:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -48,7 +48,6 @@ #include "key.h" #include "hostfile.h" #include "ssh.h" -#include "rsa.h" #include "buffer.h" #include "packet.h" #include "uidswap.h" diff --git a/sshd.c b/sshd.c index 06cb81f27..1d19ce679 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.490 2017/05/31 08:09:45 markus Exp $ */ +/* $OpenBSD: sshd.c,v 1.491 2017/07/01 13:50:45 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -88,7 +88,6 @@ #include "xmalloc.h" #include "ssh.h" #include "ssh2.h" -#include "rsa.h" #include "sshpty.h" #include "packet.h" #include "log.h" diff --git a/sshkey.c b/sshkey.c index acc6e3f2d..acc396321 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.53 2017/06/28 01:09:22 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.54 2017/07/01 13:50:45 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -51,7 +51,6 @@ #include "ssherr.h" #include "misc.h" #include "sshbuf.h" -#include "rsa.h" #include "cipher.h" #include "digest.h" #define SSHKEY_INTERNAL @@ -2667,7 +2666,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || - (r = rsa_generate_additional_parameters(k->rsa)) != 0) + (r = ssh_rsa_generate_additional_parameters(k)) != 0) goto out; if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { r = SSH_ERR_KEY_LENGTH; @@ -2681,7 +2680,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || - (r = rsa_generate_additional_parameters(k->rsa)) != 0) + (r = ssh_rsa_generate_additional_parameters(k)) != 0) goto out; if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { r = SSH_ERR_KEY_LENGTH; diff --git a/sshkey.h b/sshkey.h index d8346a57b..9093eac51 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.20 2017/06/28 01:09:22 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.21 2017/07/01 13:50:45 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -196,6 +196,9 @@ int sshkey_parse_private_fileblob(struct sshbuf *buffer, int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, const char *passphrase, struct sshkey **keyp, char **commentp); +/* XXX should be internal, but used by ssh-keygen */ +int ssh_rsa_generate_additional_parameters(struct sshkey *); + #ifdef SSHKEY_INTERNAL int ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, -- cgit v1.2.3