-/* $OpenBSD: authfd.c,v 1.104 2017/06/28 01:09:22 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.105 2017/07/01 13:50:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "xmalloc.h"
#include "ssh.h"
-#include "rsa.h"
#include "sshbuf.h"
#include "sshkey.h"
#include "authfd.h"
-/* $OpenBSD: authfile.c,v 1.126 2017/05/31 09:15:42 deraadt Exp $ */
+/* $OpenBSD: authfile.c,v 1.127 2017/07/01 13:50:45 djm Exp $ */
/*
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
*
#include "ssh.h"
#include "log.h"
#include "authfile.h"
-#include "rsa.h"
#include "misc.h"
#include "atomicio.h"
#include "sshkey.h"
-# $OpenBSD: Makefile,v 1.88 2017/04/30 23:26:16 djm Exp $
+# $OpenBSD: Makefile,v 1.89 2017/07/01 13:50:45 djm Exp $
.PATH: ${.CURDIR}/..
.include "${.CURDIR}/../Makefile.inc"
chacha.c poly1305.c cipher-chachapoly.c ssh-ed25519.c hmac.c umac.c
.if (${OPENSSL:L} == "yes")
-SRCS+= bufec.c bufbn.c rsa.c \
+SRCS+= bufec.c bufbn.c \
ssh-dss.c ssh-rsa.c ssh-ecdsa.c dh.c \
kexdh.c kexgex.c kexecdh.c \
kexdhc.c kexgexc.c kexecdhc.c \
-/* $OpenBSD: rsa.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */
-/*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- * All rights reserved
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose. Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- *
- *
- * Copyright (c) 1999 Niels Provos. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- *
- * Description of the RSA algorithm can be found e.g. from the following
- * sources:
- *
- * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1994.
- *
- * Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to
- * Computer Security. Prentice-Hall, 1989.
- *
- * Man Young Rhee: Cryptography and Secure Data Communications. McGraw-Hill,
- * 1994.
- *
- * R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications
- * System and Method. US Patent 4,405,829, 1983.
- *
- * Hans Riesel: Prime Numbers and Computer Methods for Factorization.
- * Birkhauser, 1994.
- *
- * The RSA Frequently Asked Questions document by RSA Data Security,
- * Inc., 1995.
- *
- * RSA in 3 lines of perl by Adam Back <aba@atlax.ex.ac.uk>, 1995, as
- * included below:
- *
- * [gone - had to be deleted - what a pity]
- */
-
-#include <sys/types.h>
-
-#include <string.h>
-
-#include "rsa.h"
-#include "log.h"
-#include "ssherr.h"
-
-int
-rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
-{
- u_char *inbuf = NULL, *outbuf = NULL;
- int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR;
-
- if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
- return SSH_ERR_INVALID_ARGUMENT;
-
- olen = BN_num_bytes(key->n);
- if ((outbuf = malloc(olen)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
-
- ilen = BN_num_bytes(in);
- if ((inbuf = malloc(ilen)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
- BN_bn2bin(in, inbuf);
-
- if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key,
- RSA_PKCS1_PADDING)) <= 0) {
- r = SSH_ERR_LIBCRYPTO_ERROR;
- goto out;
- }
-
- if (BN_bin2bn(outbuf, len, out) == NULL) {
- r = SSH_ERR_LIBCRYPTO_ERROR;
- goto out;
- }
- r = 0;
-
- out:
- if (outbuf != NULL) {
- explicit_bzero(outbuf, olen);
- free(outbuf);
- }
- if (inbuf != NULL) {
- explicit_bzero(inbuf, ilen);
- free(inbuf);
- }
- return r;
-}
-
-int
-rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
-{
- u_char *inbuf = NULL, *outbuf = NULL;
- int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR;
-
- olen = BN_num_bytes(key->n);
- if ((outbuf = malloc(olen)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
-
- ilen = BN_num_bytes(in);
- if ((inbuf = malloc(ilen)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
- BN_bn2bin(in, inbuf);
-
- if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
- RSA_PKCS1_PADDING)) <= 0) {
- r = SSH_ERR_LIBCRYPTO_ERROR;
- goto out;
- } else if (BN_bin2bn(outbuf, len, out) == NULL) {
- r = SSH_ERR_LIBCRYPTO_ERROR;
- goto out;
- }
- r = 0;
- out:
- if (outbuf != NULL) {
- explicit_bzero(outbuf, olen);
- free(outbuf);
- }
- if (inbuf != NULL) {
- explicit_bzero(inbuf, ilen);
- free(inbuf);
- }
- return r;
-}
-
-/* calculate p-1 and q-1 */
-int
-rsa_generate_additional_parameters(RSA *rsa)
-{
- BIGNUM *aux = NULL;
- BN_CTX *ctx = NULL;
- int r;
-
- if ((ctx = BN_CTX_new()) == NULL)
- return SSH_ERR_ALLOC_FAIL;
- if ((aux = BN_new()) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
-
- if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
- (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
- (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
- (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
- r = SSH_ERR_LIBCRYPTO_ERROR;
- goto out;
- }
- r = 0;
- out:
- BN_clear_free(aux);
- BN_CTX_free(ctx);
- return r;
-}
-
-/* $OpenBSD: rsa.h,v 1.17 2014/06/24 01:13:21 djm Exp $ */
-
-/*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- * All rights reserved
- * RSA key generation, encryption and decryption.
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose. Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- */
-
-#ifndef RSA_H
-#define RSA_H
-
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-
-int rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *);
-int rsa_private_decrypt(BIGNUM *, BIGNUM *, RSA *);
-int rsa_generate_additional_parameters(RSA *);
-
-#endif /* RSA_H */
-/* $OpenBSD: ssh-add.c,v 1.132 2017/05/30 14:16:41 markus Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.133 2017/07/01 13:50:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "xmalloc.h"
#include "ssh.h"
-#include "rsa.h"
#include "log.h"
#include "sshkey.h"
#include "sshbuf.h"
-/* $OpenBSD: ssh-agent.c,v 1.221 2017/04/30 23:29:10 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.222 2017/07/01 13:50:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "xmalloc.h"
#include "ssh.h"
-#include "rsa.h"
#include "sshbuf.h"
#include "sshkey.h"
#include "authfd.h"
-/* $OpenBSD: ssh-keygen.c,v 1.305 2017/06/28 01:09:22 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.306 2017/07/01 13:50:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "xmalloc.h"
#include "sshkey.h"
-#include "rsa.h"
#include "authfile.h"
#include "uuencode.h"
#include "sshbuf.h"
buffer_get_bignum_bits(b, key->rsa->iqmp);
buffer_get_bignum_bits(b, key->rsa->q);
buffer_get_bignum_bits(b, key->rsa->p);
- if ((r = rsa_generate_additional_parameters(key->rsa)) != 0)
+ if ((r = ssh_rsa_generate_additional_parameters(key)) != 0)
fatal("generate RSA parameters failed: %s", ssh_err(r));
break;
}
-/* $OpenBSD: ssh-rsa.c,v 1.61 2017/05/07 23:15:59 djm Exp $ */
+/* $OpenBSD: ssh-rsa.c,v 1.62 2017/07/01 13:50:45 djm Exp $ */
/*
* Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
*
}
}
+/* calculate p-1 and q-1 */
+int
+ssh_rsa_generate_additional_parameters(struct sshkey *key)
+{
+ RSA *rsa;
+ BIGNUM *aux = NULL;
+ BN_CTX *ctx = NULL;
+ int r;
+
+ if (key == NULL || key->rsa == NULL ||
+ sshkey_type_plain(key->type) != KEY_RSA)
+ return SSH_ERR_INVALID_ARGUMENT;
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ return SSH_ERR_ALLOC_FAIL;
+ if ((aux = BN_new()) == NULL) {
+ r = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
+ rsa = key->rsa;
+
+ if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
+ (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
+ (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
+ (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
+ r = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ r = 0;
+ out:
+ BN_clear_free(aux);
+ BN_CTX_free(ctx);
+ return r;
+}
+
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
int
ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
-/* $OpenBSD: sshconnect.c,v 1.282 2017/06/24 05:37:44 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.283 2017/07/01 13:50:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "xmalloc.h"
#include "ssh.h"
-#include "rsa.h"
#include "buffer.h"
#include "packet.h"
#include "uidswap.h"
-/* $OpenBSD: sshd.c,v 1.490 2017/05/31 08:09:45 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.491 2017/07/01 13:50:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "xmalloc.h"
#include "ssh.h"
#include "ssh2.h"
-#include "rsa.h"
#include "sshpty.h"
#include "packet.h"
#include "log.h"
-/* $OpenBSD: sshkey.c,v 1.53 2017/06/28 01:09:22 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.54 2017/07/01 13:50:45 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
#include "ssherr.h"
#include "misc.h"
#include "sshbuf.h"
-#include "rsa.h"
#include "cipher.h"
#include "digest.h"
#define SSHKEY_INTERNAL
(r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 ||
(r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 ||
(r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 ||
- (r = rsa_generate_additional_parameters(k->rsa)) != 0)
+ (r = ssh_rsa_generate_additional_parameters(k)) != 0)
goto out;
if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
r = SSH_ERR_KEY_LENGTH;
(r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 ||
(r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 ||
(r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 ||
- (r = rsa_generate_additional_parameters(k->rsa)) != 0)
+ (r = ssh_rsa_generate_additional_parameters(k)) != 0)
goto out;
if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
r = SSH_ERR_KEY_LENGTH;
-/* $OpenBSD: sshkey.h,v 1.20 2017/06/28 01:09:22 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.21 2017/07/01 13:50:45 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
const char *passphrase, struct sshkey **keyp, char **commentp);
+/* XXX should be internal, but used by ssh-keygen */
+int ssh_rsa_generate_additional_parameters(struct sshkey *);
+
#ifdef SSHKEY_INTERNAL
int ssh_rsa_sign(const struct sshkey *key,
u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
projects / openbsd / commitdiff