]>
Commit | Line | Data |
---|---|---|
d2583ea7 AM |
1 | commit a70fd4ad7bd9f2ed223ff635a3d41e483057f23b |
2 | Author: djm@openbsd.org <djm@openbsd.org> | |
3 | Date: Wed Sep 12 01:31:30 2018 +0000 | |
4 | ||
5 | upstream: add cert->signature_type field and keep it in sync with | |
6 | ||
7 | certificate signature wrt loading and certification operations; ok markus@ | |
8 | ||
9 | OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3 | |
10 | ||
11 | diff --git a/sshkey.c b/sshkey.c | |
12 | index 72c08c7e..b467571f 100644 | |
13 | --- a/sshkey.c | |
14 | +++ b/sshkey.c | |
15 | @@ -1,4 +1,4 @@ | |
16 | -/* $OpenBSD: sshkey.c,v 1.66 2018/07/03 13:20:25 djm Exp $ */ | |
17 | +/* $OpenBSD: sshkey.c,v 1.67 2018/09/12 01:31:30 djm Exp $ */ | |
18 | /* | |
19 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | |
20 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | |
21 | @@ -78,6 +78,7 @@ int sshkey_private_serialize_opt(const struct sshkey *key, | |
22 | struct sshbuf *buf, enum sshkey_serialize_rep); | |
23 | static int sshkey_from_blob_internal(struct sshbuf *buf, | |
24 | struct sshkey **keyp, int allow_cert); | |
25 | +static int get_sigtype(const u_char *sig, size_t siglen, char **sigtypep); | |
26 | ||
27 | /* Supported key types */ | |
28 | struct keytype { | |
29 | @@ -453,6 +454,7 @@ cert_free(struct sshkey_cert *cert) | |
30 | free(cert->principals[i]); | |
31 | free(cert->principals); | |
32 | sshkey_free(cert->signature_key); | |
33 | + free(cert->signature_type); | |
34 | freezero(cert, sizeof(*cert)); | |
35 | } | |
36 | ||
37 | @@ -472,6 +474,7 @@ cert_new(void) | |
38 | cert->key_id = NULL; | |
39 | cert->principals = NULL; | |
40 | cert->signature_key = NULL; | |
41 | + cert->signature_type = NULL; | |
42 | return cert; | |
43 | } | |
44 | ||
45 | @@ -1695,54 +1698,68 @@ sshkey_cert_copy(const struct sshkey *from_key, struct sshkey *to_key) | |
46 | u_int i; | |
47 | const struct sshkey_cert *from; | |
48 | struct sshkey_cert *to; | |
49 | - int ret = SSH_ERR_INTERNAL_ERROR; | |
50 | - | |
51 | - if (to_key->cert != NULL) { | |
52 | - cert_free(to_key->cert); | |
53 | - to_key->cert = NULL; | |
54 | - } | |
55 | + int r = SSH_ERR_INTERNAL_ERROR; | |
56 | ||
57 | - if ((from = from_key->cert) == NULL) | |
58 | + if (to_key == NULL || (from = from_key->cert) == NULL) | |
59 | return SSH_ERR_INVALID_ARGUMENT; | |
60 | ||
61 | - if ((to = to_key->cert = cert_new()) == NULL) | |
62 | + if ((to = cert_new()) == NULL) | |
63 | return SSH_ERR_ALLOC_FAIL; | |
64 | ||
65 | - if ((ret = sshbuf_putb(to->certblob, from->certblob)) != 0 || | |
66 | - (ret = sshbuf_putb(to->critical, from->critical)) != 0 || | |
67 | - (ret = sshbuf_putb(to->extensions, from->extensions)) != 0) | |
68 | - return ret; | |
69 | + if ((r = sshbuf_putb(to->certblob, from->certblob)) != 0 || | |
70 | + (r = sshbuf_putb(to->critical, from->critical)) != 0 || | |
71 | + (r = sshbuf_putb(to->extensions, from->extensions)) != 0) | |
72 | + goto out; | |
73 | ||
74 | to->serial = from->serial; | |
75 | to->type = from->type; | |
76 | if (from->key_id == NULL) | |
77 | to->key_id = NULL; | |
78 | - else if ((to->key_id = strdup(from->key_id)) == NULL) | |
79 | - return SSH_ERR_ALLOC_FAIL; | |
80 | + else if ((to->key_id = strdup(from->key_id)) == NULL) { | |
81 | + r = SSH_ERR_ALLOC_FAIL; | |
82 | + goto out; | |
83 | + } | |
84 | to->valid_after = from->valid_after; | |
85 | to->valid_before = from->valid_before; | |
86 | if (from->signature_key == NULL) | |
87 | to->signature_key = NULL; | |
88 | - else if ((ret = sshkey_from_private(from->signature_key, | |
89 | + else if ((r = sshkey_from_private(from->signature_key, | |
90 | &to->signature_key)) != 0) | |
91 | - return ret; | |
92 | - | |
93 | - if (from->nprincipals > SSHKEY_CERT_MAX_PRINCIPALS) | |
94 | - return SSH_ERR_INVALID_ARGUMENT; | |
95 | + goto out; | |
96 | + if (from->signature_type != NULL && | |
97 | + (to->signature_type = strdup(from->signature_type)) == NULL) { | |
98 | + r = SSH_ERR_ALLOC_FAIL; | |
99 | + goto out; | |
100 | + } | |
101 | + if (from->nprincipals > SSHKEY_CERT_MAX_PRINCIPALS) { | |
102 | + r = SSH_ERR_INVALID_ARGUMENT; | |
103 | + goto out; | |
104 | + } | |
105 | if (from->nprincipals > 0) { | |
106 | if ((to->principals = calloc(from->nprincipals, | |
107 | - sizeof(*to->principals))) == NULL) | |
108 | - return SSH_ERR_ALLOC_FAIL; | |
109 | + sizeof(*to->principals))) == NULL) { | |
110 | + r = SSH_ERR_ALLOC_FAIL; | |
111 | + goto out; | |
112 | + } | |
113 | for (i = 0; i < from->nprincipals; i++) { | |
114 | to->principals[i] = strdup(from->principals[i]); | |
115 | if (to->principals[i] == NULL) { | |
116 | to->nprincipals = i; | |
117 | - return SSH_ERR_ALLOC_FAIL; | |
118 | + r = SSH_ERR_ALLOC_FAIL; | |
119 | + goto out; | |
120 | } | |
121 | } | |
122 | } | |
123 | to->nprincipals = from->nprincipals; | |
124 | - return 0; | |
125 | + | |
126 | + /* success */ | |
127 | + cert_free(to_key->cert); | |
128 | + to_key->cert = to; | |
129 | + to = NULL; | |
130 | + r = 0; | |
131 | + out: | |
132 | + cert_free(to); | |
133 | + return r; | |
134 | } | |
135 | ||
136 | int | |
137 | @@ -1954,6 +1971,8 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) | |
138 | if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, | |
139 | sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0) | |
140 | goto out; | |
141 | + if ((ret = get_sigtype(sig, slen, &key->cert->signature_type)) != 0) | |
142 | + goto out; | |
143 | ||
144 | /* Success */ | |
145 | ret = 0; | |
146 | @@ -2531,7 +2550,8 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, | |
147 | u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; | |
148 | size_t i, ca_len, sig_len; | |
149 | int ret = SSH_ERR_INTERNAL_ERROR; | |
150 | - struct sshbuf *cert; | |
151 | + struct sshbuf *cert = NULL; | |
152 | + char *sigtype = NULL; | |
153 | ||
154 | if (k == NULL || k->cert == NULL || | |
155 | k->cert->certblob == NULL || ca == NULL) | |
156 | @@ -2541,6 +2561,16 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, | |
157 | if (!sshkey_type_is_valid_ca(ca->type)) | |
158 | return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; | |
159 | ||
160 | + /* | |
161 | + * If no alg specified as argument but a signature_type was set, | |
162 | + * then prefer that. If both were specified, then they must match. | |
163 | + */ | |
164 | + if (alg == NULL) | |
165 | + alg = k->cert->signature_type; | |
166 | + else if (k->cert->signature_type != NULL && | |
167 | + strcmp(alg, k->cert->signature_type) != 0) | |
168 | + return SSH_ERR_INVALID_ARGUMENT; | |
169 | + | |
170 | if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0) | |
171 | return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; | |
172 | ||
173 | @@ -2629,7 +2659,17 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, | |
174 | if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), | |
175 | sshbuf_len(cert), alg, 0, signer_ctx)) != 0) | |
176 | goto out; | |
177 | - | |
178 | + /* Check and update signature_type against what was actually used */ | |
179 | + if ((ret = get_sigtype(sig_blob, sig_len, &sigtype)) != 0) | |
180 | + goto out; | |
181 | + if (alg != NULL && strcmp(alg, sigtype) != 0) { | |
182 | + ret = SSH_ERR_SIGN_ALG_UNSUPPORTED; | |
183 | + goto out; | |
184 | + } | |
185 | + if (k->cert->signature_type == NULL) { | |
186 | + k->cert->signature_type = sigtype; | |
187 | + sigtype = NULL; | |
188 | + } | |
189 | /* Append signature and we are done */ | |
190 | if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0) | |
191 | goto out; | |
192 | @@ -2639,6 +2679,7 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, | |
193 | sshbuf_reset(cert); | |
194 | free(sig_blob); | |
195 | free(ca_blob); | |
196 | + free(sigtype); | |
197 | sshbuf_free(principals); | |
198 | return ret; | |
199 | } | |
200 | diff --git a/sshkey.h b/sshkey.h | |
201 | index 9060b2ec..b8f279a6 100644 | |
202 | --- a/sshkey.h | |
203 | +++ b/sshkey.h | |
204 | @@ -1,4 +1,4 @@ | |
205 | -/* $OpenBSD: sshkey.h,v 1.26 2018/07/03 13:20:25 djm Exp $ */ | |
206 | +/* $OpenBSD: sshkey.h,v 1.27 2018/09/12 01:31:30 djm Exp $ */ | |
207 | ||
208 | /* | |
209 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | |
210 | @@ -102,6 +102,7 @@ struct sshkey_cert { | |
211 | struct sshbuf *critical; | |
212 | struct sshbuf *extensions; | |
213 | struct sshkey *signature_key; | |
214 | + char *signature_type; | |
215 | }; | |
216 | ||
217 | /* XXX opaquify? */ | |
218 | commit ba9e788315b1f6a350f910cb2a9e95b2ce584e89 | |
219 | Author: djm@openbsd.org <djm@openbsd.org> | |
220 | Date: Wed Sep 12 01:32:54 2018 +0000 | |
221 | ||
222 | upstream: add sshkey_check_cert_sigtype() that checks a | |
223 | ||
224 | cert->signature_type against a supplied whitelist; ok markus | |
225 | ||
226 | OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302 | |
227 | ||
228 | diff --git a/sshkey.c b/sshkey.c | |
229 | index b467571f..50ebdc25 100644 | |
230 | --- a/sshkey.c | |
231 | +++ b/sshkey.c | |
232 | @@ -1,4 +1,4 @@ | |
233 | -/* $OpenBSD: sshkey.c,v 1.67 2018/09/12 01:31:30 djm Exp $ */ | |
234 | +/* $OpenBSD: sshkey.c,v 1.68 2018/09/12 01:32:54 djm Exp $ */ | |
235 | /* | |
236 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | |
237 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | |
238 | @@ -2260,6 +2260,27 @@ get_sigtype(const u_char *sig, size_t siglen, char **sigtypep) | |
239 | return r; | |
240 | } | |
241 | ||
242 | +/* | |
243 | + * | |
244 | + * Checks whether a certificate's signature type is allowed. | |
245 | + * Returns 0 (success) if the certificate signature type appears in the | |
246 | + * "allowed" pattern-list, or the key is not a certificate to begin with. | |
247 | + * Otherwise returns a ssherr.h code. | |
248 | + */ | |
249 | +int | |
250 | +sshkey_check_cert_sigtype(const struct sshkey *key, const char *allowed) | |
251 | +{ | |
252 | + if (key == NULL || allowed == NULL) | |
253 | + return SSH_ERR_INVALID_ARGUMENT; | |
254 | + if (!sshkey_type_is_cert(key->type)) | |
255 | + return 0; | |
256 | + if (key->cert == NULL || key->cert->signature_type == NULL) | |
257 | + return SSH_ERR_INVALID_ARGUMENT; | |
258 | + if (match_pattern_list(key->cert->signature_type, allowed, 0) != 1) | |
259 | + return SSH_ERR_SIGN_ALG_UNSUPPORTED; | |
260 | + return 0; | |
261 | +} | |
262 | + | |
263 | /* | |
264 | * Returns the expected signature algorithm for a given public key algorithm. | |
265 | */ | |
266 | diff --git a/sshkey.h b/sshkey.h | |
267 | index b8f279a6..5a22a66f 100644 | |
268 | --- a/sshkey.h | |
269 | +++ b/sshkey.h | |
270 | @@ -1,4 +1,4 @@ | |
271 | -/* $OpenBSD: sshkey.h,v 1.27 2018/09/12 01:31:30 djm Exp $ */ | |
272 | +/* $OpenBSD: sshkey.h,v 1.28 2018/09/12 01:32:54 djm Exp $ */ | |
273 | ||
274 | /* | |
275 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | |
276 | @@ -158,6 +158,7 @@ int sshkey_cert_check_authority(const struct sshkey *, int, int, | |
277 | const char *, const char **); | |
278 | size_t sshkey_format_cert_validity(const struct sshkey_cert *, | |
279 | char *, size_t) __attribute__((__bounded__(__string__, 2, 3))); | |
280 | +int sshkey_check_cert_sigtype(const struct sshkey *, const char *); | |
281 | ||
282 | int sshkey_certify(struct sshkey *, struct sshkey *, const char *); | |
283 | /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ | |
284 | commit 2de78bc7da70e1338b32feeefcc6045cf49efcd4 | |
285 | Author: djm@openbsd.org <djm@openbsd.org> | |
286 | Date: Wed Sep 12 01:22:43 2018 +0000 | |
287 | ||
288 | upstream: s/sshkey_demote/sshkey_from_private/g | |
289 | ||
290 | OpenBSD-Regress-ID: 782bde7407d94a87aa8d1db7c23750e09d4443c4 | |
291 | ||
292 | diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c | |
293 | index 72367bde..7e03b7e5 100644 | |
294 | --- a/regress/unittests/sshkey/test_sshkey.c | |
295 | +++ b/regress/unittests/sshkey/test_sshkey.c | |
296 | @@ -1,4 +1,4 @@ | |
297 | -/* $OpenBSD: test_sshkey.c,v 1.14 2018/07/13 02:13:19 djm Exp $ */ | |
298 | +/* $OpenBSD: test_sshkey.c,v 1.15 2018/09/12 01:22:43 djm Exp $ */ | |
299 | /* | |
300 | * Regress test for sshkey.h key management API | |
301 | * | |
302 | @@ -318,7 +318,7 @@ sshkey_tests(void) | |
303 | TEST_DONE(); | |
304 | ||
305 | TEST_START("demote KEY_RSA"); | |
306 | - ASSERT_INT_EQ(sshkey_demote(kr, &k1), 0); | |
307 | + ASSERT_INT_EQ(sshkey_from_private(kr, &k1), 0); | |
308 | ASSERT_PTR_NE(k1, NULL); | |
309 | ASSERT_PTR_NE(kr, k1); | |
310 | ASSERT_INT_EQ(k1->type, KEY_RSA); | |
311 | @@ -334,7 +334,7 @@ sshkey_tests(void) | |
312 | TEST_DONE(); | |
313 | ||
314 | TEST_START("demote KEY_DSA"); | |
315 | - ASSERT_INT_EQ(sshkey_demote(kd, &k1), 0); | |
316 | + ASSERT_INT_EQ(sshkey_from_private(kd, &k1), 0); | |
317 | ASSERT_PTR_NE(k1, NULL); | |
318 | ASSERT_PTR_NE(kd, k1); | |
319 | ASSERT_INT_EQ(k1->type, KEY_DSA); | |
320 | @@ -350,7 +350,7 @@ sshkey_tests(void) | |
321 | ||
322 | #ifdef OPENSSL_HAS_ECC | |
323 | TEST_START("demote KEY_ECDSA"); | |
324 | - ASSERT_INT_EQ(sshkey_demote(ke, &k1), 0); | |
325 | + ASSERT_INT_EQ(sshkey_from_private(ke, &k1), 0); | |
326 | ASSERT_PTR_NE(k1, NULL); | |
327 | ASSERT_PTR_NE(ke, k1); | |
328 | ASSERT_INT_EQ(k1->type, KEY_ECDSA); | |
329 | @@ -367,7 +367,7 @@ sshkey_tests(void) | |
330 | #endif | |
331 | ||
332 | TEST_START("demote KEY_ED25519"); | |
333 | - ASSERT_INT_EQ(sshkey_demote(kf, &k1), 0); | |
334 | + ASSERT_INT_EQ(sshkey_from_private(kf, &k1), 0); | |
335 | ASSERT_PTR_NE(k1, NULL); | |
336 | ASSERT_PTR_NE(kf, k1); | |
337 | ASSERT_INT_EQ(k1->type, KEY_ED25519); | |
338 | ||
339 | commit d70d061828730a56636ab6f1f24fe4a8ccefcfc1 | |
340 | Author: djm@openbsd.org <djm@openbsd.org> | |
341 | Date: Wed Sep 12 01:36:45 2018 +0000 | |
342 | ||
343 | upstream: Include certs with multiple RSA signature variants in | |
344 | ||
345 | test data Ensure that cert->signature_key is populated correctly | |
346 | ||
347 | OpenBSD-Regress-ID: 56e68f70fe46cb3a193ca207385bdb301fd6603a | |
348 | ||
349 | diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha1 b/regress/unittests/sshkey/testdata/rsa_1_sha1 | |
350 | new file mode 100644 | |
351 | index 00000000..5de3f842 | |
352 | --- /dev/null | |
353 | +++ b/regress/unittests/sshkey/testdata/rsa_1_sha1 | |
354 | @@ -0,0 +1,15 @@ | |
355 | +-----BEGIN RSA PRIVATE KEY----- | |
356 | +MIICXAIBAAKBgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18u | |
357 | +d6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKd | |
358 | +NSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wIDAQAB | |
359 | +AoGAXyj5mpjmbD+YlxGIWz/zrM4hGsWgd4VteKEJxT6MMI4uzCRpkMd0ck8oHiwZ | |
360 | +GAI/SwUzIsgtONQuH3AXVsUgghW4Ynn+8ksEv0IZ918WDMDwqvqkyrVzsOsZzqYj | |
361 | +Pf8DUDKCpwFjnlknJ04yvWBZvVhWtY4OiZ8GV0Ttsu3k+GECQQD1YHfvBb5FdJBv | |
362 | +Uhde2Il+jaFia8mwVVNNaiD2ECxXx6CzGz54ZLEB9NPVfDUZK8lJ4UJDqelWNh3i | |
363 | +PF3RefWDAkEA1CVBzAFL4mNwpleVPzrfy69xP3gWOa26MxM/GE6zx9jC7HgQ3KPa | |
364 | +WKdG/FuHs085aTRDaDLmGcZ8IvMuu7NgKQJAcIOKmxR0Gd8IN7NZugjqixggb0Pj | |
365 | +mLKXXwESGiJyYtHL0zTj4Uqyi6Ya2GJ66o7UXscmnmYz828fJtTtZBdbRwJBALfi | |
366 | +C2QvA32Zv/0PEXibKXy996WSC4G3ShwXZKtHHKHvCxY5BDSbehk59VesZrVPyG2e | |
367 | +NYdOBxD0cIlCzJE56/ECQAndVkxvO8hwyEFGGwF3faHIAe/OxVb+MjaU25//Pe1/ | |
368 | +h/e6tlCk4w9CODpyV685gV394eYwMcGDcIkipTNUDZs= | |
369 | +-----END RSA PRIVATE KEY----- | |
370 | diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub b/regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub | |
371 | new file mode 100644 | |
372 | index 00000000..ff49d759 | |
373 | --- /dev/null | |
374 | +++ b/regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub | |
375 | @@ -0,0 +1 @@ | |
376 | +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgy5PGFfSaEuSuXsjvKlMZGXYD0xlnqdZftuW9tMkUYz4AAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wAAAAAAAAABAAAAAQAAAARodWdvAAAAEgAAAAV1c2VyMQAAAAV1c2VyMgAAAAA2i4NgAAAAAE0d4eAAAABEAAAADWZvcmNlLWNvbW1hbmQAAAALAAAABy9iaW4vbHMAAAAOc291cmNlLWFkZHJlc3MAAAAOAAAACjEwLjAuMC4wLzgAAABkAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQD00RRenvxICSYvj54CPiYHM86OT5xwI9XORNH6Zkl3JPCQkAEdQ3hyfhraROaHsSv43wJcKyKrEg5XUZ8fZ/BoKIGU4Rd5AmL9wyPGv2RVY7gWELqXVSpu89R2tQJRmMVMD38CH0wqCTuoZirlKMTen6yfgYuFEpuqar0uOIeAyaQG6/9rVKWK36tcfM7YXx8fmGSN4eK/JhWDDjlo28YJ7ZFF9umh5baZG2Ai/vL3BJ7C3pqaEQNdKj8XqaSoDvFWKfOujk1620Rcuj3W0D0dvp/rH8xz8YkM1dMqGlYIZ4nrF5acB58Nk5FYBjtj1hu4DGEQlWL1Avk1agU4DQLrAAABDwAAAAdzc2gtcnNhAAABAF5BtPY8FbmIekK/zNq6/Lp5agKT5zEVxqAyZKhp75bLRP+kOMZBVB9ZWrekZk6IAVAOCZGQzTsD4mxIQsxBLl8k5hvEWb90/+w9/BzW9ScOGQe+y0COa0QWWR7L3k1S8WX2oAGvtDWOj7Md85nij4ZSU9/QQQFVDF8VilWPSMxUf/3I1fqyDq7AWcZkGk/bFUN6K6RsCSxIPlGmKt0IauyvSMI2IT0XeRT242RngeeUW8vFrn9TXy9YxJRW+cSeLKCuu8agBYyQMXWQ+q39eZZqVYSoo7nFEEhtaLs8d6jzgGkcE9wGJ9KLgfY/mG2vX3gI4IzncKkVJRoeiDzXFIk= RSA test key #1 | |
377 | diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha1.pub b/regress/unittests/sshkey/testdata/rsa_1_sha1.pub | |
378 | new file mode 100644 | |
379 | index 00000000..23ef872e | |
380 | --- /dev/null | |
381 | +++ b/regress/unittests/sshkey/testdata/rsa_1_sha1.pub | |
382 | @@ -0,0 +1 @@ | |
383 | +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+w== RSA test key #1 | |
384 | diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha512 b/regress/unittests/sshkey/testdata/rsa_1_sha512 | |
385 | new file mode 100644 | |
386 | index 00000000..5de3f842 | |
387 | --- /dev/null | |
388 | +++ b/regress/unittests/sshkey/testdata/rsa_1_sha512 | |
389 | @@ -0,0 +1,15 @@ | |
390 | +-----BEGIN RSA PRIVATE KEY----- | |
391 | +MIICXAIBAAKBgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18u | |
392 | +d6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKd | |
393 | +NSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wIDAQAB | |
394 | +AoGAXyj5mpjmbD+YlxGIWz/zrM4hGsWgd4VteKEJxT6MMI4uzCRpkMd0ck8oHiwZ | |
395 | +GAI/SwUzIsgtONQuH3AXVsUgghW4Ynn+8ksEv0IZ918WDMDwqvqkyrVzsOsZzqYj | |
396 | +Pf8DUDKCpwFjnlknJ04yvWBZvVhWtY4OiZ8GV0Ttsu3k+GECQQD1YHfvBb5FdJBv | |
397 | +Uhde2Il+jaFia8mwVVNNaiD2ECxXx6CzGz54ZLEB9NPVfDUZK8lJ4UJDqelWNh3i | |
398 | +PF3RefWDAkEA1CVBzAFL4mNwpleVPzrfy69xP3gWOa26MxM/GE6zx9jC7HgQ3KPa | |
399 | +WKdG/FuHs085aTRDaDLmGcZ8IvMuu7NgKQJAcIOKmxR0Gd8IN7NZugjqixggb0Pj | |
400 | +mLKXXwESGiJyYtHL0zTj4Uqyi6Ya2GJ66o7UXscmnmYz828fJtTtZBdbRwJBALfi | |
401 | +C2QvA32Zv/0PEXibKXy996WSC4G3ShwXZKtHHKHvCxY5BDSbehk59VesZrVPyG2e | |
402 | +NYdOBxD0cIlCzJE56/ECQAndVkxvO8hwyEFGGwF3faHIAe/OxVb+MjaU25//Pe1/ | |
403 | +h/e6tlCk4w9CODpyV685gV394eYwMcGDcIkipTNUDZs= | |
404 | +-----END RSA PRIVATE KEY----- | |
405 | diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub b/regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub | |
406 | new file mode 100644 | |
407 | index 00000000..47451968 | |
408 | --- /dev/null | |
409 | +++ b/regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub | |
410 | @@ -0,0 +1 @@ | |
411 | +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg/bUEmnMYHxlv1N7iXvnYPYdzDjlTRKoaIGEPkaQQQDwAAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wAAAAAAAAABAAAAAQAAAARodWdvAAAAEgAAAAV1c2VyMQAAAAV1c2VyMgAAAAA2i4NgAAAAAE0d4eAAAABEAAAADWZvcmNlLWNvbW1hbmQAAAALAAAABy9iaW4vbHMAAAAOc291cmNlLWFkZHJlc3MAAAAOAAAACjEwLjAuMC4wLzgAAABkAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQD00RRenvxICSYvj54CPiYHM86OT5xwI9XORNH6Zkl3JPCQkAEdQ3hyfhraROaHsSv43wJcKyKrEg5XUZ8fZ/BoKIGU4Rd5AmL9wyPGv2RVY7gWELqXVSpu89R2tQJRmMVMD38CH0wqCTuoZirlKMTen6yfgYuFEpuqar0uOIeAyaQG6/9rVKWK36tcfM7YXx8fmGSN4eK/JhWDDjlo28YJ7ZFF9umh5baZG2Ai/vL3BJ7C3pqaEQNdKj8XqaSoDvFWKfOujk1620Rcuj3W0D0dvp/rH8xz8YkM1dMqGlYIZ4nrF5acB58Nk5FYBjtj1hu4DGEQlWL1Avk1agU4DQLrAAABFAAAAAxyc2Etc2hhMi01MTIAAAEA7/GoZsJqrq4xYotsRbpM8arZDjCzT6kohXeD/GVy26s5E/YWXRYCrOMIzSZxjuN5rAaNRW8ffxq14JyI94566Kg2OeoxQ6rK/dTqkk7I1RyypSXunT3I4++RPs1Q+hu9eS/WBzur0/D3dMejhuc3IBg6iB0481I4pGBGcD8/KjQFfhlCuGVXwB1ALk2zfXFT1HYYrs6bYZuQqjgvArnjYJ0do3fTSDC20/ydV4BHnI3fVAY2THVjX45V2ppPadl/rpczaJqW1ZtpnpJkV8Un316stQSD0xLHUDjp89O6d9Yq5S0kDdfwTRJIPm9f2cGNakJwN5qzmmmdDroRKODYcg== RSA test key #1 | |
412 | diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha512.pub b/regress/unittests/sshkey/testdata/rsa_1_sha512.pub | |
413 | new file mode 100644 | |
414 | index 00000000..23ef872e | |
415 | --- /dev/null | |
416 | +++ b/regress/unittests/sshkey/testdata/rsa_1_sha512.pub | |
417 | @@ -0,0 +1 @@ | |
418 | +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+w== RSA test key #1 | |
419 | commit 482d23bcacdd3664f21cc82a5135f66fc598275f | |
420 | Author: djm@openbsd.org <djm@openbsd.org> | |
421 | Date: Thu Sep 13 02:08:33 2018 +0000 | |
422 | ||
423 | upstream: hold our collective noses and use the openssl-1.1.x API in | |
424 | ||
425 | OpenSSH; feedback and ok tb@ jsing@ markus@ | |
426 | ||
427 | OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417 | |
428 | ||
429 | diff --git a/auth2.c b/auth2.c | |
430 | index ab879589..4d19957a 100644 | |
431 | --- a/auth2.c | |
432 | +++ b/auth2.c | |
433 | @@ -706,7 +706,7 @@ auth2_record_key(Authctxt *authctxt, int authenticated, | |
434 | struct sshkey **tmp, *dup; | |
435 | int r; | |
436 | ||
437 | - if ((r = sshkey_demote(key, &dup)) != 0) | |
438 | + if ((r = sshkey_from_private(key, &dup)) != 0) | |
439 | fatal("%s: copy key: %s", __func__, ssh_err(r)); | |
440 | sshkey_free(authctxt->auth_method_key); | |
441 | authctxt->auth_method_key = dup; | |
442 | @@ -715,7 +715,7 @@ auth2_record_key(Authctxt *authctxt, int authenticated, | |
443 | return; | |
444 | ||
445 | /* If authenticated, make sure we don't accept this key again */ | |
446 | - if ((r = sshkey_demote(key, &dup)) != 0) | |
447 | + if ((r = sshkey_from_private(key, &dup)) != 0) | |
448 | fatal("%s: copy key: %s", __func__, ssh_err(r)); | |
449 | if (authctxt->nprev_keys >= INT_MAX || | |
450 | (tmp = recallocarray(authctxt->prev_keys, authctxt->nprev_keys, | |
451 | diff --git a/cipher.c b/cipher.c | |
452 | index a72682a8..df43826e 100644 | |
453 | --- a/cipher.c | |
454 | +++ b/cipher.c | |
455 | @@ -446,7 +446,7 @@ cipher_get_keyiv_len(const struct sshcipher_ctx *cc) | |
456 | } | |
457 | ||
458 | int | |
459 | -cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | |
460 | +cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, size_t len) | |
461 | { | |
462 | #ifdef WITH_OPENSSL | |
463 | const struct sshcipher *c = cc->cipher; | |
464 | @@ -473,7 +473,7 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | |
465 | return 0; | |
466 | else if (evplen < 0) | |
467 | return SSH_ERR_LIBCRYPTO_ERROR; | |
468 | - if ((u_int)evplen != len) | |
469 | + if ((size_t)evplen != len) | |
470 | return SSH_ERR_INVALID_ARGUMENT; | |
471 | #ifndef OPENSSL_HAVE_EVPCTR | |
472 | if (c->evptype == evp_aes_128_ctr) | |
473 | @@ -484,14 +484,14 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | |
474 | if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, | |
475 | len, iv)) | |
476 | return SSH_ERR_LIBCRYPTO_ERROR; | |
477 | - } else | |
478 | - memcpy(iv, cc->evp->iv, len); | |
479 | + } else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len)) | |
480 | + return SSH_ERR_LIBCRYPTO_ERROR; | |
481 | #endif | |
482 | return 0; | |
483 | } | |
484 | ||
485 | int | |
486 | -cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) | |
487 | +cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len) | |
488 | { | |
489 | #ifdef WITH_OPENSSL | |
490 | const struct sshcipher *c = cc->cipher; | |
491 | @@ -507,6 +507,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) | |
492 | evplen = EVP_CIPHER_CTX_iv_length(cc->evp); | |
493 | if (evplen <= 0) | |
494 | return SSH_ERR_LIBCRYPTO_ERROR; | |
495 | + if ((size_t)evplen != len) | |
496 | + return SSH_ERR_INVALID_ARGUMENT; | |
497 | #ifndef OPENSSL_HAVE_EVPCTR | |
498 | /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */ | |
499 | if (c->evptype == evp_aes_128_ctr) | |
500 | @@ -518,8 +520,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) | |
501 | if (!EVP_CIPHER_CTX_ctrl(cc->evp, | |
502 | EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) | |
503 | return SSH_ERR_LIBCRYPTO_ERROR; | |
504 | - } else | |
505 | - memcpy(cc->evp->iv, iv, evplen); | |
506 | + } else if (!EVP_CIPHER_CTX_set_iv(cc->evp, iv, evplen)) | |
507 | + return SSH_ERR_LIBCRYPTO_ERROR; | |
508 | #endif | |
509 | return 0; | |
510 | } | |
511 | diff --git a/cipher.h b/cipher.h | |
512 | index dc7ecf11..dc1571d2 100644 | |
513 | --- a/cipher.h | |
514 | +++ b/cipher.h | |
515 | @@ -68,8 +68,8 @@ u_int cipher_is_cbc(const struct sshcipher *); | |
516 | ||
517 | u_int cipher_ctx_is_plaintext(struct sshcipher_ctx *); | |
518 | ||
519 | -int cipher_get_keyiv(struct sshcipher_ctx *, u_char *, u_int); | |
520 | -int cipher_set_keyiv(struct sshcipher_ctx *, const u_char *); | |
521 | +int cipher_get_keyiv(struct sshcipher_ctx *, u_char *, size_t); | |
522 | +int cipher_set_keyiv(struct sshcipher_ctx *, const u_char *, size_t); | |
523 | int cipher_get_keyiv_len(const struct sshcipher_ctx *); | |
524 | ||
525 | #endif /* CIPHER_H */ | |
526 | diff --git a/dh.c b/dh.c | |
527 | index ac8d5a0a..d0d4527b 100644 | |
528 | --- a/dh.c | |
529 | +++ b/dh.c | |
530 | @@ -216,14 +216,17 @@ choose_dh(int min, int wantbits, int max) | |
531 | /* diffie-hellman-groupN-sha1 */ | |
532 | ||
533 | int | |
534 | -dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) | |
535 | +dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub) | |
536 | { | |
537 | int i; | |
538 | int n = BN_num_bits(dh_pub); | |
539 | int bits_set = 0; | |
540 | BIGNUM *tmp; | |
541 | + const BIGNUM *dh_p; | |
542 | ||
543 | - if (dh_pub->neg) { | |
544 | + DH_get0_pqg(dh, &dh_p, NULL, NULL); | |
545 | + | |
546 | + if (BN_is_negative(dh_pub)) { | |
547 | logit("invalid public DH value: negative"); | |
548 | return 0; | |
549 | } | |
550 | @@ -236,7 +239,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) | |
551 | error("%s: BN_new failed", __func__); | |
552 | return 0; | |
553 | } | |
554 | - if (!BN_sub(tmp, dh->p, BN_value_one()) || | |
555 | + if (!BN_sub(tmp, dh_p, BN_value_one()) || | |
556 | BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ | |
557 | BN_clear_free(tmp); | |
558 | logit("invalid public DH value: >= p-1"); | |
559 | @@ -247,14 +250,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) | |
560 | for (i = 0; i <= n; i++) | |
561 | if (BN_is_bit_set(dh_pub, i)) | |
562 | bits_set++; | |
563 | - debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); | |
564 | + debug2("bits set: %d/%d", bits_set, BN_num_bits(dh_p)); | |
565 | ||
566 | /* | |
567 | * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial | |
568 | */ | |
569 | if (bits_set < 4) { | |
570 | logit("invalid public DH value (%d/%d)", | |
571 | - bits_set, BN_num_bits(dh->p)); | |
572 | + bits_set, BN_num_bits(dh_p)); | |
573 | return 0; | |
574 | } | |
575 | return 1; | |
576 | @@ -264,9 +267,12 @@ int | |
577 | dh_gen_key(DH *dh, int need) | |
578 | { | |
579 | int pbits; | |
580 | + const BIGNUM *dh_p, *pub_key; | |
581 | + | |
582 | + DH_get0_pqg(dh, &dh_p, NULL, NULL); | |
583 | ||
584 | - if (need < 0 || dh->p == NULL || | |
585 | - (pbits = BN_num_bits(dh->p)) <= 0 || | |
586 | + if (need < 0 || dh_p == NULL || | |
587 | + (pbits = BN_num_bits(dh_p)) <= 0 || | |
588 | need > INT_MAX / 2 || 2 * need > pbits) | |
589 | return SSH_ERR_INVALID_ARGUMENT; | |
590 | if (need < 256) | |
591 | @@ -275,13 +281,14 @@ dh_gen_key(DH *dh, int need) | |
592 | * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)), | |
593 | * so double requested need here. | |
594 | */ | |
595 | - dh->length = MINIMUM(need * 2, pbits - 1); | |
596 | - if (DH_generate_key(dh) == 0 || | |
597 | - !dh_pub_is_valid(dh, dh->pub_key)) { | |
598 | - BN_clear_free(dh->priv_key); | |
599 | - dh->priv_key = NULL; | |
600 | + if (!DH_set_length(dh, MINIMUM(need * 2, pbits - 1))) | |
601 | return SSH_ERR_LIBCRYPTO_ERROR; | |
602 | - } | |
603 | + | |
604 | + if (DH_generate_key(dh) == 0) | |
605 | + return SSH_ERR_LIBCRYPTO_ERROR; | |
606 | + DH_get0_key(dh, &pub_key, NULL); | |
607 | + if (!dh_pub_is_valid(dh, pub_key)) | |
608 | + return SSH_ERR_INVALID_FORMAT; | |
609 | return 0; | |
610 | } | |
611 | ||
612 | @@ -289,22 +296,27 @@ DH * | |
613 | dh_new_group_asc(const char *gen, const char *modulus) | |
614 | { | |
615 | DH *dh; | |
616 | + BIGNUM *dh_p = NULL, *dh_g = NULL; | |
617 | ||
618 | if ((dh = DH_new()) == NULL) | |
619 | return NULL; | |
620 | - if (BN_hex2bn(&dh->p, modulus) == 0 || | |
621 | - BN_hex2bn(&dh->g, gen) == 0) { | |
622 | - DH_free(dh); | |
623 | - return NULL; | |
624 | - } | |
625 | - return (dh); | |
626 | + if (BN_hex2bn(&dh_p, modulus) == 0 || | |
627 | + BN_hex2bn(&dh_g, gen) == 0) | |
628 | + goto fail; | |
629 | + if (!DH_set0_pqg(dh, dh_p, NULL, dh_g)) | |
630 | + goto fail; | |
631 | + return dh; | |
632 | + fail: | |
633 | + DH_free(dh); | |
634 | + BN_clear_free(dh_p); | |
635 | + BN_clear_free(dh_g); | |
636 | + return NULL; | |
637 | } | |
638 | ||
639 | /* | |
640 | * This just returns the group, we still need to generate the exchange | |
641 | * value. | |
642 | */ | |
643 | - | |
644 | DH * | |
645 | dh_new_group(BIGNUM *gen, BIGNUM *modulus) | |
646 | { | |
647 | @@ -312,10 +324,12 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus) | |
648 | ||
649 | if ((dh = DH_new()) == NULL) | |
650 | return NULL; | |
651 | - dh->p = modulus; | |
652 | - dh->g = gen; | |
653 | + if (!DH_set0_pqg(dh, modulus, NULL, gen)) { | |
654 | + DH_free(dh); | |
655 | + return NULL; | |
656 | + } | |
657 | ||
658 | - return (dh); | |
659 | + return dh; | |
660 | } | |
661 | ||
662 | /* rfc2409 "Second Oakley Group" (1024 bits) */ | |
663 | diff --git a/dh.h b/dh.h | |
664 | index bcd485cf..344b29e3 100644 | |
665 | --- a/dh.h | |
666 | +++ b/dh.h | |
667 | @@ -42,7 +42,7 @@ DH *dh_new_group18(void); | |
668 | DH *dh_new_group_fallback(int); | |
669 | ||
670 | int dh_gen_key(DH *, int); | |
671 | -int dh_pub_is_valid(DH *, BIGNUM *); | |
672 | +int dh_pub_is_valid(const DH *, const BIGNUM *); | |
673 | ||
674 | u_int dh_estimate(int); | |
675 | ||
676 | diff --git a/digest-openssl.c b/digest-openssl.c | |
677 | index 27709992..da7ed72b 100644 | |
678 | --- a/digest-openssl.c | |
679 | +++ b/digest-openssl.c | |
680 | @@ -43,7 +43,7 @@ | |
681 | ||
682 | struct ssh_digest_ctx { | |
683 | int alg; | |
684 | - EVP_MD_CTX mdctx; | |
685 | + EVP_MD_CTX *mdctx; | |
686 | }; | |
687 | ||
688 | struct ssh_digest { | |
689 | @@ -106,7 +106,7 @@ ssh_digest_bytes(int alg) | |
690 | size_t | |
691 | ssh_digest_blocksize(struct ssh_digest_ctx *ctx) | |
692 | { | |
693 | - return EVP_MD_CTX_block_size(&ctx->mdctx); | |
694 | + return EVP_MD_CTX_block_size(ctx->mdctx); | |
695 | } | |
696 | ||
697 | struct ssh_digest_ctx * | |
698 | @@ -118,11 +118,14 @@ ssh_digest_start(int alg) | |
699 | if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL)) | |
700 | return NULL; | |
701 | ret->alg = alg; | |
702 | - EVP_MD_CTX_init(&ret->mdctx); | |
703 | - if (EVP_DigestInit_ex(&ret->mdctx, digest->mdfunc(), NULL) != 1) { | |
704 | + if ((ret->mdctx = EVP_MD_CTX_new()) == NULL) { | |
705 | free(ret); | |
706 | return NULL; | |
707 | } | |
708 | + if (EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) { | |
709 | + ssh_digest_free(ret); | |
710 | + return NULL; | |
711 | + } | |
712 | return ret; | |
713 | } | |
714 | ||
715 | @@ -132,7 +135,7 @@ ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to) | |
716 | if (from->alg != to->alg) | |
717 | return SSH_ERR_INVALID_ARGUMENT; | |
718 | /* we have bcopy-style order while openssl has memcpy-style */ | |
719 | - if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx)) | |
720 | + if (!EVP_MD_CTX_copy_ex(to->mdctx, from->mdctx)) | |
721 | return SSH_ERR_LIBCRYPTO_ERROR; | |
722 | return 0; | |
723 | } | |
724 | @@ -140,7 +143,7 @@ ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to) | |
725 | int | |
726 | ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) | |
727 | { | |
728 | - if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1) | |
729 | + if (EVP_DigestUpdate(ctx->mdctx, m, mlen) != 1) | |
730 | return SSH_ERR_LIBCRYPTO_ERROR; | |
731 | return 0; | |
732 | } | |
733 | @@ -161,7 +164,7 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) | |
734 | return SSH_ERR_INVALID_ARGUMENT; | |
735 | if (dlen < digest->digest_len) /* No truncation allowed */ | |
736 | return SSH_ERR_INVALID_ARGUMENT; | |
737 | - if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1) | |
738 | + if (EVP_DigestFinal_ex(ctx->mdctx, d, &l) != 1) | |
739 | return SSH_ERR_LIBCRYPTO_ERROR; | |
740 | if (l != digest->digest_len) /* sanity */ | |
741 | return SSH_ERR_INTERNAL_ERROR; | |
742 | @@ -171,11 +174,10 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) | |
743 | void | |
744 | ssh_digest_free(struct ssh_digest_ctx *ctx) | |
745 | { | |
746 | - if (ctx != NULL) { | |
747 | - EVP_MD_CTX_cleanup(&ctx->mdctx); | |
748 | - explicit_bzero(ctx, sizeof(*ctx)); | |
749 | - free(ctx); | |
750 | - } | |
751 | + if (ctx == NULL) | |
752 | + return; | |
753 | + EVP_MD_CTX_free(ctx->mdctx); | |
754 | + freezero(ctx, sizeof(*ctx)); | |
755 | } | |
756 | ||
757 | int | |
758 | diff --git a/kexdhc.c b/kexdhc.c | |
759 | index 9a9f1ea7..a8b74247 100644 | |
760 | --- a/kexdhc.c | |
761 | +++ b/kexdhc.c | |
762 | @@ -56,6 +56,7 @@ kexdh_client(struct ssh *ssh) | |
763 | { | |
764 | struct kex *kex = ssh->kex; | |
765 | int r; | |
766 | + const BIGNUM *pub_key; | |
767 | ||
768 | /* generate and send 'e', client DH public key */ | |
769 | switch (kex->kex_type) { | |
770 | @@ -81,15 +82,17 @@ kexdh_client(struct ssh *ssh) | |
771 | goto out; | |
772 | } | |
773 | debug("sending SSH2_MSG_KEXDH_INIT"); | |
774 | - if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || | |
775 | - (r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || | |
776 | - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || | |
777 | + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) | |
778 | + goto out; | |
779 | + DH_get0_key(kex->dh, &pub_key, NULL); | |
780 | + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || | |
781 | + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || | |
782 | (r = sshpkt_send(ssh)) != 0) | |
783 | goto out; | |
784 | #ifdef DEBUG_KEXDH | |
785 | DHparams_print_fp(stderr, kex->dh); | |
786 | fprintf(stderr, "pub= "); | |
787 | - BN_print_fp(stderr, kex->dh->pub_key); | |
788 | + BN_print_fp(stderr, pub_key); | |
789 | fprintf(stderr, "\n"); | |
790 | #endif | |
791 | debug("expecting SSH2_MSG_KEXDH_REPLY"); | |
792 | @@ -104,6 +107,7 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) | |
793 | { | |
794 | struct kex *kex = ssh->kex; | |
795 | BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; | |
796 | + const BIGNUM *pub_key; | |
797 | struct sshkey *server_host_key = NULL; | |
798 | u_char *kbuf = NULL, *server_host_key_blob = NULL, *signature = NULL; | |
799 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | |
800 | @@ -168,6 +172,7 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) | |
801 | #endif | |
802 | ||
803 | /* calc and verify H */ | |
804 | + DH_get0_key(kex->dh, &pub_key, NULL); | |
805 | hashlen = sizeof(hash); | |
806 | if ((r = kex_dh_hash( | |
807 | kex->hash_alg, | |
808 | @@ -176,7 +181,7 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) | |
809 | sshbuf_ptr(kex->my), sshbuf_len(kex->my), | |
810 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), | |
811 | server_host_key_blob, sbloblen, | |
812 | - kex->dh->pub_key, | |
813 | + pub_key, | |
814 | dh_server_pub, | |
815 | shared_secret, | |
816 | hash, &hashlen)) != 0) | |
817 | diff --git a/kexdhs.c b/kexdhs.c | |
818 | index 5dfca0a2..8367c6c3 100644 | |
819 | --- a/kexdhs.c | |
820 | +++ b/kexdhs.c | |
821 | @@ -95,6 +95,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) | |
822 | { | |
823 | struct kex *kex = ssh->kex; | |
824 | BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; | |
825 | + const BIGNUM *pub_key; | |
826 | struct sshkey *server_host_public, *server_host_private; | |
827 | u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; | |
828 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | |
829 | @@ -121,6 +122,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) | |
830 | r = SSH_ERR_ALLOC_FAIL; | |
831 | goto out; | |
832 | } | |
833 | + DH_get0_key(kex->dh, &pub_key, NULL); | |
834 | if ((r = sshpkt_get_bignum2(ssh, dh_client_pub)) != 0 || | |
835 | (r = sshpkt_get_end(ssh)) != 0) | |
836 | goto out; | |
837 | @@ -130,12 +132,9 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) | |
838 | BN_print_fp(stderr, dh_client_pub); | |
839 | fprintf(stderr, "\n"); | |
840 | debug("bits %d", BN_num_bits(dh_client_pub)); | |
841 | -#endif | |
842 | - | |
843 | -#ifdef DEBUG_KEXDH | |
844 | DHparams_print_fp(stderr, kex->dh); | |
845 | fprintf(stderr, "pub= "); | |
846 | - BN_print_fp(stderr, kex->dh->pub_key); | |
847 | + BN_print_fp(stderr, pub_key); | |
848 | fprintf(stderr, "\n"); | |
849 | #endif | |
850 | if (!dh_pub_is_valid(kex->dh, dh_client_pub)) { | |
851 | @@ -171,7 +170,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) | |
852 | sshbuf_ptr(kex->my), sshbuf_len(kex->my), | |
853 | server_host_key_blob, sbloblen, | |
854 | dh_client_pub, | |
855 | - kex->dh->pub_key, | |
856 | + pub_key, | |
857 | shared_secret, | |
858 | hash, &hashlen)) != 0) | |
859 | goto out; | |
860 | @@ -197,7 +196,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) | |
861 | /* send server hostkey, DH pubkey 'f' and signed H */ | |
862 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || | |
863 | (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || | |
864 | - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ | |
865 | + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ | |
866 | (r = sshpkt_put_string(ssh, signature, slen)) != 0 || | |
867 | (r = sshpkt_send(ssh)) != 0) | |
868 | goto out; | |
869 | diff --git a/kexgexc.c b/kexgexc.c | |
870 | index 762a9a32..955bc837 100644 | |
871 | --- a/kexgexc.c | |
872 | +++ b/kexgexc.c | |
873 | @@ -93,6 +93,7 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh) | |
874 | { | |
875 | struct kex *kex = ssh->kex; | |
876 | BIGNUM *p = NULL, *g = NULL; | |
877 | + const BIGNUM *pub_key; | |
878 | int r, bits; | |
879 | ||
880 | debug("got SSH2_MSG_KEX_DH_GEX_GROUP"); | |
881 | @@ -118,16 +119,18 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh) | |
882 | p = g = NULL; /* belong to kex->dh now */ | |
883 | ||
884 | /* generate and send 'e', client DH public key */ | |
885 | - if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || | |
886 | - (r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || | |
887 | - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || | |
888 | + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) | |
889 | + goto out; | |
890 | + DH_get0_key(kex->dh, &pub_key, NULL); | |
891 | + if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || | |
892 | + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || | |
893 | (r = sshpkt_send(ssh)) != 0) | |
894 | goto out; | |
895 | debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); | |
896 | #ifdef DEBUG_KEXDH | |
897 | DHparams_print_fp(stderr, kex->dh); | |
898 | fprintf(stderr, "pub= "); | |
899 | - BN_print_fp(stderr, kex->dh->pub_key); | |
900 | + BN_print_fp(stderr, pub_key); | |
901 | fprintf(stderr, "\n"); | |
902 | #endif | |
903 | ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, NULL); | |
904 | @@ -144,6 +147,7 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) | |
905 | { | |
906 | struct kex *kex = ssh->kex; | |
907 | BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; | |
908 | + const BIGNUM *pub_key, *dh_p, *dh_g; | |
909 | struct sshkey *server_host_key = NULL; | |
910 | u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; | |
911 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | |
912 | @@ -211,6 +215,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) | |
913 | kex->min = kex->max = -1; | |
914 | ||
915 | /* calc and verify H */ | |
916 | + DH_get0_key(kex->dh, &pub_key, NULL); | |
917 | + DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g); | |
918 | hashlen = sizeof(hash); | |
919 | if ((r = kexgex_hash( | |
920 | kex->hash_alg, | |
921 | @@ -220,8 +226,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) | |
922 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), | |
923 | server_host_key_blob, sbloblen, | |
924 | kex->min, kex->nbits, kex->max, | |
925 | - kex->dh->p, kex->dh->g, | |
926 | - kex->dh->pub_key, | |
927 | + dh_p, dh_g, | |
928 | + pub_key, | |
929 | dh_server_pub, | |
930 | shared_secret, | |
931 | hash, &hashlen)) != 0) | |
932 | diff --git a/kexgexs.c b/kexgexs.c | |
933 | index f6983fd6..2a4aa7e8 100644 | |
934 | --- a/kexgexs.c | |
935 | +++ b/kexgexs.c | |
936 | @@ -72,6 +72,7 @@ input_kex_dh_gex_request(int type, u_int32_t seq, struct ssh *ssh) | |
937 | struct kex *kex = ssh->kex; | |
938 | int r; | |
939 | u_int min = 0, max = 0, nbits = 0; | |
940 | + const BIGNUM *dh_p, *dh_g; | |
941 | ||
942 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); | |
943 | if ((r = sshpkt_get_u32(ssh, &min)) != 0 || | |
944 | @@ -101,9 +102,10 @@ input_kex_dh_gex_request(int type, u_int32_t seq, struct ssh *ssh) | |
945 | goto out; | |
946 | } | |
947 | debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); | |
948 | + DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g); | |
949 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 || | |
950 | - (r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 || | |
951 | - (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 || | |
952 | + (r = sshpkt_put_bignum2(ssh, dh_p)) != 0 || | |
953 | + (r = sshpkt_put_bignum2(ssh, dh_g)) != 0 || | |
954 | (r = sshpkt_send(ssh)) != 0) | |
955 | goto out; | |
956 | ||
957 | @@ -123,6 +125,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |
958 | { | |
959 | struct kex *kex = ssh->kex; | |
960 | BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; | |
961 | + const BIGNUM *pub_key, *dh_p, *dh_g; | |
962 | struct sshkey *server_host_public, *server_host_private; | |
963 | u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; | |
964 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | |
965 | @@ -153,17 +156,17 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |
966 | (r = sshpkt_get_end(ssh)) != 0) | |
967 | goto out; | |
968 | ||
969 | + DH_get0_key(kex->dh, &pub_key, NULL); | |
970 | + DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g); | |
971 | + | |
972 | #ifdef DEBUG_KEXDH | |
973 | fprintf(stderr, "dh_client_pub= "); | |
974 | BN_print_fp(stderr, dh_client_pub); | |
975 | fprintf(stderr, "\n"); | |
976 | debug("bits %d", BN_num_bits(dh_client_pub)); | |
977 | -#endif | |
978 | - | |
979 | -#ifdef DEBUG_KEXDH | |
980 | DHparams_print_fp(stderr, kex->dh); | |
981 | fprintf(stderr, "pub= "); | |
982 | - BN_print_fp(stderr, kex->dh->pub_key); | |
983 | + BN_print_fp(stderr, pub_key); | |
984 | fprintf(stderr, "\n"); | |
985 | #endif | |
986 | if (!dh_pub_is_valid(kex->dh, dh_client_pub)) { | |
987 | @@ -199,9 +202,9 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |
988 | sshbuf_ptr(kex->my), sshbuf_len(kex->my), | |
989 | server_host_key_blob, sbloblen, | |
990 | kex->min, kex->nbits, kex->max, | |
991 | - kex->dh->p, kex->dh->g, | |
992 | + dh_p, dh_g, | |
993 | dh_client_pub, | |
994 | - kex->dh->pub_key, | |
995 | + pub_key, | |
996 | shared_secret, | |
997 | hash, &hashlen)) != 0) | |
998 | goto out; | |
999 | @@ -227,7 +230,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |
1000 | /* send server hostkey, DH pubkey 'f' and signed H */ | |
1001 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || | |
1002 | (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || | |
1003 | - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ | |
1004 | + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ | |
1005 | (r = sshpkt_put_string(ssh, signature, slen)) != 0 || | |
1006 | (r = sshpkt_send(ssh)) != 0) | |
1007 | goto out; | |
1008 | diff --git a/monitor.c b/monitor.c | |
1009 | index d4b4b047..b30813b4 100644 | |
1010 | --- a/monitor.c | |
1011 | +++ b/monitor.c | |
1012 | @@ -566,6 +566,7 @@ int | |
1013 | mm_answer_moduli(int sock, struct sshbuf *m) | |
1014 | { | |
1015 | DH *dh; | |
1016 | + const BIGNUM *dh_p, *dh_g; | |
1017 | int r; | |
1018 | u_int min, want, max; | |
1019 | ||
1020 | @@ -590,9 +591,10 @@ mm_answer_moduli(int sock, struct sshbuf *m) | |
1021 | return (0); | |
1022 | } else { | |
1023 | /* Send first bignum */ | |
1024 | + DH_get0_pqg(dh, &dh_p, NULL, &dh_g); | |
1025 | if ((r = sshbuf_put_u8(m, 1)) != 0 || | |
1026 | - (r = sshbuf_put_bignum2(m, dh->p)) != 0 || | |
1027 | - (r = sshbuf_put_bignum2(m, dh->g)) != 0) | |
1028 | + (r = sshbuf_put_bignum2(m, dh_p)) != 0 || | |
1029 | + (r = sshbuf_put_bignum2(m, dh_g)) != 0) | |
1030 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | |
1031 | ||
1032 | DH_free(dh); | |
1033 | diff --git a/ssh-dss.c b/ssh-dss.c | |
1034 | index 9f832ee2..631b1571 100644 | |
1035 | --- a/ssh-dss.c | |
1036 | +++ b/ssh-dss.c | |
1037 | @@ -51,6 +51,7 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |
1038 | const u_char *data, size_t datalen, u_int compat) | |
1039 | { | |
1040 | DSA_SIG *sig = NULL; | |
1041 | + const BIGNUM *sig_r, *sig_s; | |
1042 | u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; | |
1043 | size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); | |
1044 | struct sshbuf *b = NULL; | |
1045 | @@ -76,15 +77,16 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |
1046 | goto out; | |
1047 | } | |
1048 | ||
1049 | - rlen = BN_num_bytes(sig->r); | |
1050 | - slen = BN_num_bytes(sig->s); | |
1051 | + DSA_SIG_get0(sig, &sig_r, &sig_s); | |
1052 | + rlen = BN_num_bytes(sig_r); | |
1053 | + slen = BN_num_bytes(sig_s); | |
1054 | if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { | |
1055 | ret = SSH_ERR_INTERNAL_ERROR; | |
1056 | goto out; | |
1057 | } | |
1058 | explicit_bzero(sigblob, SIGBLOB_LEN); | |
1059 | - BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); | |
1060 | - BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen); | |
1061 | + BN_bn2bin(sig_r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); | |
1062 | + BN_bn2bin(sig_s, sigblob + SIGBLOB_LEN - slen); | |
1063 | ||
1064 | if ((b = sshbuf_new()) == NULL) { | |
1065 | ret = SSH_ERR_ALLOC_FAIL; | |
1066 | @@ -118,6 +120,7 @@ ssh_dss_verify(const struct sshkey *key, | |
1067 | const u_char *data, size_t datalen, u_int compat) | |
1068 | { | |
1069 | DSA_SIG *sig = NULL; | |
1070 | + BIGNUM *sig_r = NULL, *sig_s = NULL; | |
1071 | u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob = NULL; | |
1072 | size_t len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); | |
1073 | int ret = SSH_ERR_INTERNAL_ERROR; | |
1074 | @@ -155,16 +158,21 @@ ssh_dss_verify(const struct sshkey *key, | |
1075 | ||
1076 | /* parse signature */ | |
1077 | if ((sig = DSA_SIG_new()) == NULL || | |
1078 | - (sig->r = BN_new()) == NULL || | |
1079 | - (sig->s = BN_new()) == NULL) { | |
1080 | + (sig_r = BN_new()) == NULL || | |
1081 | + (sig_s = BN_new()) == NULL) { | |
1082 | ret = SSH_ERR_ALLOC_FAIL; | |
1083 | goto out; | |
1084 | } | |
1085 | - if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || | |
1086 | - (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) { | |
1087 | + if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig_r) == NULL) || | |
1088 | + (BN_bin2bn(sigblob + INTBLOB_LEN, INTBLOB_LEN, sig_s) == NULL)) { | |
1089 | ret = SSH_ERR_LIBCRYPTO_ERROR; | |
1090 | goto out; | |
1091 | } | |
1092 | + if (!DSA_SIG_set0(sig, sig_r, sig_s)) { | |
1093 | + ret = SSH_ERR_LIBCRYPTO_ERROR; | |
1094 | + goto out; | |
1095 | + } | |
1096 | + sig_r = sig_s = NULL; /* transferred */ | |
1097 | ||
1098 | /* sha1 the data */ | |
1099 | if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, | |
1100 | @@ -186,6 +194,8 @@ ssh_dss_verify(const struct sshkey *key, | |
1101 | out: | |
1102 | explicit_bzero(digest, sizeof(digest)); | |
1103 | DSA_SIG_free(sig); | |
1104 | + BN_clear_free(sig_r); | |
1105 | + BN_clear_free(sig_s); | |
1106 | sshbuf_free(b); | |
1107 | free(ktype); | |
1108 | if (sigblob != NULL) { | |
1109 | diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c | |
1110 | index 3d3b78d7..9e92af04 100644 | |
1111 | --- a/ssh-ecdsa.c | |
1112 | +++ b/ssh-ecdsa.c | |
1113 | @@ -49,6 +49,7 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |
1114 | const u_char *data, size_t datalen, u_int compat) | |
1115 | { | |
1116 | ECDSA_SIG *sig = NULL; | |
1117 | + const BIGNUM *sig_r, *sig_s; | |
1118 | int hash_alg; | |
1119 | u_char digest[SSH_DIGEST_MAX_LENGTH]; | |
1120 | size_t len, dlen; | |
1121 | @@ -80,8 +81,9 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |
1122 | ret = SSH_ERR_ALLOC_FAIL; | |
1123 | goto out; | |
1124 | } | |
1125 | - if ((ret = sshbuf_put_bignum2(bb, sig->r)) != 0 || | |
1126 | - (ret = sshbuf_put_bignum2(bb, sig->s)) != 0) | |
1127 | + ECDSA_SIG_get0(sig, &sig_r, &sig_s); | |
1128 | + if ((ret = sshbuf_put_bignum2(bb, sig_r)) != 0 || | |
1129 | + (ret = sshbuf_put_bignum2(bb, sig_s)) != 0) | |
1130 | goto out; | |
1131 | if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 || | |
1132 | (ret = sshbuf_put_stringb(b, bb)) != 0) | |
1133 | @@ -112,6 +114,7 @@ ssh_ecdsa_verify(const struct sshkey *key, | |
1134 | const u_char *data, size_t datalen, u_int compat) | |
1135 | { | |
1136 | ECDSA_SIG *sig = NULL; | |
1137 | + BIGNUM *sig_r = NULL, *sig_s = NULL; | |
1138 | int hash_alg; | |
1139 | u_char digest[SSH_DIGEST_MAX_LENGTH]; | |
1140 | size_t dlen; | |
1141 | @@ -146,15 +149,23 @@ ssh_ecdsa_verify(const struct sshkey *key, | |
1142 | } | |
1143 | ||
1144 | /* parse signature */ | |
1145 | - if ((sig = ECDSA_SIG_new()) == NULL) { | |
1146 | + if ((sig = ECDSA_SIG_new()) == NULL || | |
1147 | + (sig_r = BN_new()) == NULL || | |
1148 | + (sig_s = BN_new()) == NULL) { | |
1149 | ret = SSH_ERR_ALLOC_FAIL; | |
1150 | goto out; | |
1151 | } | |
1152 | - if (sshbuf_get_bignum2(sigbuf, sig->r) != 0 || | |
1153 | - sshbuf_get_bignum2(sigbuf, sig->s) != 0) { | |
1154 | + if (sshbuf_get_bignum2(sigbuf, sig_r) != 0 || | |
1155 | + sshbuf_get_bignum2(sigbuf, sig_s) != 0) { | |
1156 | ret = SSH_ERR_INVALID_FORMAT; | |
1157 | goto out; | |
1158 | } | |
1159 | + if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) { | |
1160 | + ret = SSH_ERR_LIBCRYPTO_ERROR; | |
1161 | + goto out; | |
1162 | + } | |
1163 | + sig_r = sig_s = NULL; /* transferred */ | |
1164 | + | |
1165 | if (sshbuf_len(sigbuf) != 0) { | |
1166 | ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; | |
1167 | goto out; | |
1168 | @@ -180,6 +191,8 @@ ssh_ecdsa_verify(const struct sshkey *key, | |
1169 | sshbuf_free(sigbuf); | |
1170 | sshbuf_free(b); | |
1171 | ECDSA_SIG_free(sig); | |
1172 | + BN_clear_free(sig_r); | |
1173 | + BN_clear_free(sig_s); | |
1174 | free(ktype); | |
1175 | return ret; | |
1176 | } | |
1177 | diff --git a/ssh-keygen.c b/ssh-keygen.c | |
1178 | index 748ce37d..a70fd1f8 100644 | |
1179 | --- a/ssh-keygen.c | |
1180 | +++ b/ssh-keygen.c | |
1181 | @@ -450,7 +450,10 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |
1182 | u_int magic, i1, i2, i3, i4; | |
1183 | size_t slen; | |
1184 | u_long e; | |
1185 | - | |
1186 | + BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL; | |
1187 | + BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL; | |
1188 | + BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; | |
1189 | + BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL; | |
1190 | if ((b = sshbuf_from(blob, blen)) == NULL) | |
1191 | fatal("%s: sshbuf_from failed", __func__); | |
1192 | if ((r = sshbuf_get_u32(b, &magic)) != 0) | |
1193 | @@ -494,11 +497,23 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |
1194 | ||
1195 | switch (key->type) { | |
1196 | case KEY_DSA: | |
1197 | - buffer_get_bignum_bits(b, key->dsa->p); | |
1198 | - buffer_get_bignum_bits(b, key->dsa->g); | |
1199 | - buffer_get_bignum_bits(b, key->dsa->q); | |
1200 | - buffer_get_bignum_bits(b, key->dsa->pub_key); | |
1201 | - buffer_get_bignum_bits(b, key->dsa->priv_key); | |
1202 | + if ((dsa_p = BN_new()) == NULL || | |
1203 | + (dsa_q = BN_new()) == NULL || | |
1204 | + (dsa_g = BN_new()) == NULL || | |
1205 | + (dsa_pub_key = BN_new()) == NULL || | |
1206 | + (dsa_priv_key = BN_new()) == NULL) | |
1207 | + fatal("%s: BN_new", __func__); | |
1208 | + buffer_get_bignum_bits(b, dsa_p); | |
1209 | + buffer_get_bignum_bits(b, dsa_g); | |
1210 | + buffer_get_bignum_bits(b, dsa_q); | |
1211 | + buffer_get_bignum_bits(b, dsa_pub_key); | |
1212 | + buffer_get_bignum_bits(b, dsa_priv_key); | |
1213 | + if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g)) | |
1214 | + fatal("%s: DSA_set0_pqg failed", __func__); | |
1215 | + dsa_p = dsa_q = dsa_g = NULL; /* transferred */ | |
1216 | + if (!DSA_set0_key(key->dsa, dsa_pub_key, dsa_priv_key)) | |
1217 | + fatal("%s: DSA_set0_key failed", __func__); | |
1218 | + dsa_pub_key = dsa_priv_key = NULL; /* transferred */ | |
1219 | break; | |
1220 | case KEY_RSA: | |
1221 | if ((r = sshbuf_get_u8(b, &e1)) != 0 || | |
1222 | @@ -515,18 +530,34 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |
1223 | e += e3; | |
1224 | debug("e %lx", e); | |
1225 | } | |
1226 | - if (!BN_set_word(key->rsa->e, e)) { | |
1227 | + if ((rsa_e = BN_new()) == NULL) | |
1228 | + fatal("%s: BN_new", __func__); | |
1229 | + if (!BN_set_word(rsa_e, e)) { | |
1230 | + BN_clear_free(rsa_e); | |
1231 | sshbuf_free(b); | |
1232 | sshkey_free(key); | |
1233 | return NULL; | |
1234 | } | |
1235 | - buffer_get_bignum_bits(b, key->rsa->d); | |
1236 | - buffer_get_bignum_bits(b, key->rsa->n); | |
1237 | - buffer_get_bignum_bits(b, key->rsa->iqmp); | |
1238 | - buffer_get_bignum_bits(b, key->rsa->q); | |
1239 | - buffer_get_bignum_bits(b, key->rsa->p); | |
1240 | - if ((r = ssh_rsa_generate_additional_parameters(key)) != 0) | |
1241 | + if ((rsa_n = BN_new()) == NULL || | |
1242 | + (rsa_d = BN_new()) == NULL || | |
1243 | + (rsa_p = BN_new()) == NULL || | |
1244 | + (rsa_q = BN_new()) == NULL || | |
1245 | + (rsa_iqmp = BN_new()) == NULL) | |
1246 | + fatal("%s: BN_new", __func__); | |
1247 | + buffer_get_bignum_bits(b, rsa_d); | |
1248 | + buffer_get_bignum_bits(b, rsa_n); | |
1249 | + buffer_get_bignum_bits(b, rsa_iqmp); | |
1250 | + buffer_get_bignum_bits(b, rsa_q); | |
1251 | + buffer_get_bignum_bits(b, rsa_p); | |
1252 | + if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, rsa_d)) | |
1253 | + fatal("%s: RSA_set0_key failed", __func__); | |
1254 | + rsa_n = rsa_e = rsa_d = NULL; /* transferred */ | |
1255 | + if (!RSA_set0_factors(key->rsa, rsa_p, rsa_q)) | |
1256 | + fatal("%s: RSA_set0_factors failed", __func__); | |
1257 | + rsa_p = rsa_q = NULL; /* transferred */ | |
1258 | + if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0) | |
1259 | fatal("generate RSA parameters failed: %s", ssh_err(r)); | |
1260 | + BN_clear_free(rsa_iqmp); | |
1261 | break; | |
1262 | } | |
1263 | rlen = sshbuf_len(b); | |
1264 | @@ -634,7 +665,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private) | |
1265 | identity_file); | |
1266 | } | |
1267 | fclose(fp); | |
1268 | - switch (EVP_PKEY_type(pubkey->type)) { | |
1269 | + switch (EVP_PKEY_base_id(pubkey)) { | |
1270 | case EVP_PKEY_RSA: | |
1271 | if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) | |
1272 | fatal("sshkey_new failed"); | |
1273 | @@ -658,7 +689,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private) | |
1274 | #endif | |
1275 | default: | |
1276 | fatal("%s: unsupported pubkey type %d", __func__, | |
1277 | - EVP_PKEY_type(pubkey->type)); | |
1278 | + EVP_PKEY_base_id(pubkey)); | |
1279 | } | |
1280 | EVP_PKEY_free(pubkey); | |
1281 | return; | |
1282 | diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c | |
1283 | index 028b272c..bcc18c6b 100644 | |
1284 | --- a/ssh-pkcs11-client.c | |
1285 | +++ b/ssh-pkcs11-client.c | |
1286 | @@ -156,12 +156,14 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, | |
1287 | static int | |
1288 | wrap_key(RSA *rsa) | |
1289 | { | |
1290 | - static RSA_METHOD helper_rsa; | |
1291 | + static RSA_METHOD *helper_rsa; | |
1292 | ||
1293 | - memcpy(&helper_rsa, RSA_get_default_method(), sizeof(helper_rsa)); | |
1294 | - helper_rsa.name = "ssh-pkcs11-helper"; | |
1295 | - helper_rsa.rsa_priv_enc = pkcs11_rsa_private_encrypt; | |
1296 | - RSA_set_method(rsa, &helper_rsa); | |
1297 | + if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL) | |
1298 | + fatal("%s: RSA_meth_dup failed", __func__); | |
1299 | + if (!RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper") || | |
1300 | + !RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt)) | |
1301 | + fatal("%s: failed to prepare method", __func__); | |
1302 | + RSA_set_method(rsa, helper_rsa); | |
1303 | return (0); | |
1304 | } | |
1305 | ||
1306 | diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c | |
1307 | index 65a7b589..c35f9415 100644 | |
1308 | --- a/ssh-pkcs11.c | |
1309 | +++ b/ssh-pkcs11.c | |
1310 | @@ -67,7 +67,7 @@ struct pkcs11_key { | |
1311 | struct pkcs11_provider *provider; | |
1312 | CK_ULONG slotidx; | |
1313 | int (*orig_finish)(RSA *rsa); | |
1314 | - RSA_METHOD rsa_method; | |
1315 | + RSA_METHOD *rsa_method; | |
1316 | char *keyid; | |
1317 | int keyid_len; | |
1318 | }; | |
1319 | @@ -182,6 +182,7 @@ pkcs11_rsa_finish(RSA *rsa) | |
1320 | rv = k11->orig_finish(rsa); | |
1321 | if (k11->provider) | |
1322 | pkcs11_provider_unref(k11->provider); | |
1323 | + RSA_meth_free(k11->rsa_method); | |
1324 | free(k11->keyid); | |
1325 | free(k11); | |
1326 | } | |
1327 | @@ -326,13 +327,18 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, | |
1328 | k11->keyid = xmalloc(k11->keyid_len); | |
1329 | memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); | |
1330 | } | |
1331 | - k11->orig_finish = def->finish; | |
1332 | - memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method)); | |
1333 | - k11->rsa_method.name = "pkcs11"; | |
1334 | - k11->rsa_method.rsa_priv_enc = pkcs11_rsa_private_encrypt; | |
1335 | - k11->rsa_method.rsa_priv_dec = pkcs11_rsa_private_decrypt; | |
1336 | - k11->rsa_method.finish = pkcs11_rsa_finish; | |
1337 | - RSA_set_method(rsa, &k11->rsa_method); | |
1338 | + k11->rsa_method = RSA_meth_dup(def); | |
1339 | + if (k11->rsa_method == NULL) | |
1340 | + fatal("%s: RSA_meth_dup failed", __func__); | |
1341 | + k11->orig_finish = RSA_meth_get_finish(def); | |
1342 | + if (!RSA_meth_set1_name(k11->rsa_method, "pkcs11") || | |
1343 | + !RSA_meth_set_priv_enc(k11->rsa_method, | |
1344 | + pkcs11_rsa_private_encrypt) || | |
1345 | + !RSA_meth_set_priv_dec(k11->rsa_method, | |
1346 | + pkcs11_rsa_private_decrypt) || | |
1347 | + !RSA_meth_set_finish(k11->rsa_method, pkcs11_rsa_finish)) | |
1348 | + fatal("%s: setup pkcs11 method failed", __func__); | |
1349 | + RSA_set_method(rsa, k11->rsa_method); | |
1350 | RSA_set_app_data(rsa, k11); | |
1351 | return (0); | |
1352 | } | |
1353 | @@ -444,6 +450,15 @@ pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key) | |
1354 | return (0); | |
1355 | } | |
1356 | ||
1357 | +static int | |
1358 | +have_rsa_key(const RSA *rsa) | |
1359 | +{ | |
1360 | + const BIGNUM *rsa_n, *rsa_e; | |
1361 | + | |
1362 | + RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL); | |
1363 | + return rsa_n != NULL && rsa_e != NULL; | |
1364 | +} | |
1365 | + | |
1366 | static int | |
1367 | pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, | |
1368 | CK_ATTRIBUTE filter[], CK_ATTRIBUTE attribs[3], | |
1369 | @@ -512,10 +527,20 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, | |
1370 | if ((rsa = RSA_new()) == NULL) { | |
1371 | error("RSA_new failed"); | |
1372 | } else { | |
1373 | - rsa->n = BN_bin2bn(attribs[1].pValue, | |
1374 | + BIGNUM *rsa_n, *rsa_e; | |
1375 | + | |
1376 | + rsa_n = BN_bin2bn(attribs[1].pValue, | |
1377 | attribs[1].ulValueLen, NULL); | |
1378 | - rsa->e = BN_bin2bn(attribs[2].pValue, | |
1379 | + rsa_e = BN_bin2bn(attribs[2].pValue, | |
1380 | attribs[2].ulValueLen, NULL); | |
1381 | + if (rsa_n != NULL && rsa_e != NULL) { | |
1382 | + if (!RSA_set0_key(rsa, | |
1383 | + rsa_n, rsa_e, NULL)) | |
1384 | + fatal("%s: set key", __func__); | |
1385 | + rsa_n = rsa_e = NULL; /* transferred */ | |
1386 | + } | |
1387 | + BN_free(rsa_n); | |
1388 | + BN_free(rsa_e); | |
1389 | } | |
1390 | } else { | |
1391 | cp = attribs[2].pValue; | |
1392 | @@ -525,16 +550,16 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, | |
1393 | == NULL) { | |
1394 | error("d2i_X509 failed"); | |
1395 | } else if ((evp = X509_get_pubkey(x509)) == NULL || | |
1396 | - evp->type != EVP_PKEY_RSA || | |
1397 | - evp->pkey.rsa == NULL) { | |
1398 | + EVP_PKEY_base_id(evp) != EVP_PKEY_RSA || | |
1399 | + EVP_PKEY_get0_RSA(evp) == NULL) { | |
1400 | debug("X509_get_pubkey failed or no rsa"); | |
1401 | - } else if ((rsa = RSAPublicKey_dup(evp->pkey.rsa)) | |
1402 | - == NULL) { | |
1403 | + } else if ((rsa = RSAPublicKey_dup( | |
1404 | + EVP_PKEY_get0_RSA(evp))) == NULL) { | |
1405 | error("RSAPublicKey_dup"); | |
1406 | } | |
1407 | X509_free(x509); | |
1408 | } | |
1409 | - if (rsa && rsa->n && rsa->e && | |
1410 | + if (rsa && have_rsa_key(rsa) && | |
1411 | pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { | |
1412 | if ((key = sshkey_new(KEY_UNSPEC)) == NULL) | |
1413 | fatal("sshkey_new failed"); | |
1414 | diff --git a/ssh-rsa.c b/ssh-rsa.c | |
1415 | index 1756315b..2788f334 100644 | |
1416 | --- a/ssh-rsa.c | |
1417 | +++ b/ssh-rsa.c | |
1418 | @@ -104,38 +104,55 @@ rsa_hash_alg_nid(int type) | |
1419 | } | |
1420 | ||
1421 | int | |
1422 | -ssh_rsa_generate_additional_parameters(struct sshkey *key) | |
1423 | +ssh_rsa_complete_crt_parameters(struct sshkey *key, const BIGNUM *iqmp) | |
1424 | { | |
1425 | - BIGNUM *aux = NULL; | |
1426 | + const BIGNUM *rsa_p, *rsa_q, *rsa_d; | |
1427 | + BIGNUM *aux = NULL, *d_consttime = NULL; | |
1428 | + BIGNUM *rsa_dmq1 = NULL, *rsa_dmp1 = NULL, *rsa_iqmp = NULL; | |
1429 | BN_CTX *ctx = NULL; | |
1430 | - BIGNUM d; | |
1431 | int r; | |
1432 | ||
1433 | if (key == NULL || key->rsa == NULL || | |
1434 | sshkey_type_plain(key->type) != KEY_RSA) | |
1435 | return SSH_ERR_INVALID_ARGUMENT; | |
1436 | ||
1437 | + RSA_get0_key(key->rsa, NULL, NULL, &rsa_d); | |
1438 | + RSA_get0_factors(key->rsa, &rsa_p, &rsa_q); | |
1439 | + | |
1440 | if ((ctx = BN_CTX_new()) == NULL) | |
1441 | return SSH_ERR_ALLOC_FAIL; | |
1442 | - if ((aux = BN_new()) == NULL) { | |
1443 | + if ((aux = BN_new()) == NULL || | |
1444 | + (rsa_dmq1 = BN_new()) == NULL || | |
1445 | + (rsa_dmp1 = BN_new()) == NULL) | |
1446 | + return SSH_ERR_ALLOC_FAIL; | |
1447 | + if ((d_consttime = BN_dup(rsa_d)) == NULL || | |
1448 | + (rsa_iqmp = BN_dup(iqmp)) == NULL) { | |
1449 | r = SSH_ERR_ALLOC_FAIL; | |
1450 | goto out; | |
1451 | } | |
1452 | BN_set_flags(aux, BN_FLG_CONSTTIME); | |
1453 | + BN_set_flags(d_consttime, BN_FLG_CONSTTIME); | |
1454 | ||
1455 | - BN_init(&d); | |
1456 | - BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME); | |
1457 | - | |
1458 | - if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) || | |
1459 | - (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) || | |
1460 | - (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) || | |
1461 | - (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) { | |
1462 | + if ((BN_sub(aux, rsa_q, BN_value_one()) == 0) || | |
1463 | + (BN_mod(rsa_dmq1, d_consttime, aux, ctx) == 0) || | |
1464 | + (BN_sub(aux, rsa_p, BN_value_one()) == 0) || | |
1465 | + (BN_mod(rsa_dmp1, d_consttime, aux, ctx) == 0)) { | |
1466 | + r = SSH_ERR_LIBCRYPTO_ERROR; | |
1467 | + goto out; | |
1468 | + } | |
1469 | + if (!RSA_set0_crt_params(key->rsa, rsa_dmp1, rsa_dmq1, rsa_iqmp)) { | |
1470 | r = SSH_ERR_LIBCRYPTO_ERROR; | |
1471 | goto out; | |
1472 | } | |
1473 | + rsa_dmp1 = rsa_dmq1 = rsa_iqmp = NULL; /* transferred */ | |
1474 | + /* success */ | |
1475 | r = 0; | |
1476 | out: | |
1477 | BN_clear_free(aux); | |
1478 | + BN_clear_free(d_consttime); | |
1479 | + BN_clear_free(rsa_dmp1); | |
1480 | + BN_clear_free(rsa_dmq1); | |
1481 | + BN_clear_free(rsa_iqmp); | |
1482 | BN_CTX_free(ctx); | |
1483 | return r; | |
1484 | } | |
1485 | @@ -145,6 +162,7 @@ int | |
1486 | ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |
1487 | const u_char *data, size_t datalen, const char *alg_ident) | |
1488 | { | |
1489 | + const BIGNUM *rsa_n; | |
1490 | u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL; | |
1491 | size_t slen = 0; | |
1492 | u_int dlen, len; | |
1493 | @@ -163,7 +181,8 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |
1494 | if (key == NULL || key->rsa == NULL || hash_alg == -1 || | |
1495 | sshkey_type_plain(key->type) != KEY_RSA) | |
1496 | return SSH_ERR_INVALID_ARGUMENT; | |
1497 | - if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) | |
1498 | + RSA_get0_key(key->rsa, &rsa_n, NULL, NULL); | |
1499 | + if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE) | |
1500 | return SSH_ERR_KEY_LENGTH; | |
1501 | slen = RSA_size(key->rsa); | |
1502 | if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) | |
1503 | @@ -225,6 +244,7 @@ ssh_rsa_verify(const struct sshkey *key, | |
1504 | const u_char *sig, size_t siglen, const u_char *data, size_t datalen, | |
1505 | const char *alg) | |
1506 | { | |
1507 | + const BIGNUM *rsa_n; | |
1508 | char *sigtype = NULL; | |
1509 | int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR; | |
1510 | size_t len = 0, diff, modlen, dlen; | |
1511 | @@ -235,7 +255,8 @@ ssh_rsa_verify(const struct sshkey *key, | |
1512 | sshkey_type_plain(key->type) != KEY_RSA || | |
1513 | sig == NULL || siglen == 0) | |
1514 | return SSH_ERR_INVALID_ARGUMENT; | |
1515 | - if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) | |
1516 | + RSA_get0_key(key->rsa, &rsa_n, NULL, NULL); | |
1517 | + if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE) | |
1518 | return SSH_ERR_KEY_LENGTH; | |
1519 | ||
1520 | if ((b = sshbuf_from(sig, siglen)) == NULL) | |
1521 | diff --git a/sshd.c b/sshd.c | |
1522 | index a738c3ab..98beb1ed 100644 | |
1523 | --- a/sshd.c | |
1524 | +++ b/sshd.c | |
1525 | @@ -493,8 +493,8 @@ demote_sensitive_data(void) | |
1526 | ||
1527 | for (i = 0; i < options.num_host_key_files; i++) { | |
1528 | if (sensitive_data.host_keys[i]) { | |
1529 | - if ((r = sshkey_demote(sensitive_data.host_keys[i], | |
1530 | - &tmp)) != 0) | |
1531 | + if ((r = sshkey_from_private( | |
1532 | + sensitive_data.host_keys[i], &tmp)) != 0) | |
1533 | fatal("could not demote host %s key: %s", | |
1534 | sshkey_type(sensitive_data.host_keys[i]), | |
1535 | ssh_err(r)); | |
1536 | @@ -1772,7 +1772,7 @@ main(int ac, char **av) | |
1537 | error("Error loading host key \"%s\": %s", | |
1538 | options.host_key_files[i], ssh_err(r)); | |
1539 | if (pubkey == NULL && key != NULL) | |
1540 | - if ((r = sshkey_demote(key, &pubkey)) != 0) | |
1541 | + if ((r = sshkey_from_private(key, &pubkey)) != 0) | |
1542 | fatal("Could not demote key: \"%s\": %s", | |
1543 | options.host_key_files[i], ssh_err(r)); | |
1544 | sensitive_data.host_keys[i] = key; | |
1545 | diff --git a/sshkey.c b/sshkey.c | |
1546 | index 50ebdc25..085f1707 100644 | |
1547 | --- a/sshkey.c | |
1548 | +++ b/sshkey.c | |
1549 | @@ -289,14 +289,24 @@ sshkey_names_valid2(const char *names, int allow_wildcard) | |
1550 | u_int | |
1551 | sshkey_size(const struct sshkey *k) | |
1552 | { | |
1553 | +#ifdef WITH_OPENSSL | |
1554 | + const BIGNUM *rsa_n, *dsa_p; | |
1555 | +#endif /* WITH_OPENSSL */ | |
1556 | + | |
1557 | switch (k->type) { | |
1558 | #ifdef WITH_OPENSSL | |
1559 | case KEY_RSA: | |
1560 | case KEY_RSA_CERT: | |
1561 | - return BN_num_bits(k->rsa->n); | |
1562 | + if (k->rsa == NULL) | |
1563 | + return 0; | |
1564 | + RSA_get0_key(k->rsa, &rsa_n, NULL, NULL); | |
1565 | + return BN_num_bits(rsa_n); | |
1566 | case KEY_DSA: | |
1567 | case KEY_DSA_CERT: | |
1568 | - return BN_num_bits(k->dsa->p); | |
1569 | + if (k->dsa == NULL) | |
1570 | + return 0; | |
1571 | + DSA_get0_pqg(k->dsa, &dsa_p, NULL, NULL); | |
1572 | + return BN_num_bits(dsa_p); | |
1573 | case KEY_ECDSA: | |
1574 | case KEY_ECDSA_CERT: | |
1575 | return sshkey_curve_nid_to_bits(k->ecdsa_nid); | |
1576 | @@ -503,10 +513,7 @@ sshkey_new(int type) | |
1577 | #ifdef WITH_OPENSSL | |
1578 | case KEY_RSA: | |
1579 | case KEY_RSA_CERT: | |
1580 | - if ((rsa = RSA_new()) == NULL || | |
1581 | - (rsa->n = BN_new()) == NULL || | |
1582 | - (rsa->e = BN_new()) == NULL) { | |
1583 | - RSA_free(rsa); | |
1584 | + if ((rsa = RSA_new()) == NULL) { | |
1585 | free(k); | |
1586 | return NULL; | |
1587 | } | |
1588 | @@ -514,12 +521,7 @@ sshkey_new(int type) | |
1589 | break; | |
1590 | case KEY_DSA: | |
1591 | case KEY_DSA_CERT: | |
1592 | - if ((dsa = DSA_new()) == NULL || | |
1593 | - (dsa->p = BN_new()) == NULL || | |
1594 | - (dsa->q = BN_new()) == NULL || | |
1595 | - (dsa->g = BN_new()) == NULL || | |
1596 | - (dsa->pub_key = BN_new()) == NULL) { | |
1597 | - DSA_free(dsa); | |
1598 | + if ((dsa = DSA_new()) == NULL) { | |
1599 | free(k); | |
1600 | return NULL; | |
1601 | } | |
1602 | @@ -553,47 +555,7 @@ sshkey_new(int type) | |
1603 | return k; | |
1604 | } | |
1605 | ||
1606 | -int | |
1607 | -sshkey_add_private(struct sshkey *k) | |
1608 | -{ | |
1609 | - switch (k->type) { | |
1610 | -#ifdef WITH_OPENSSL | |
1611 | - case KEY_RSA: | |
1612 | - case KEY_RSA_CERT: | |
1613 | -#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) | |
1614 | - if (bn_maybe_alloc_failed(k->rsa->d) || | |
1615 | - bn_maybe_alloc_failed(k->rsa->iqmp) || | |
1616 | - bn_maybe_alloc_failed(k->rsa->q) || | |
1617 | - bn_maybe_alloc_failed(k->rsa->p) || | |
1618 | - bn_maybe_alloc_failed(k->rsa->dmq1) || | |
1619 | - bn_maybe_alloc_failed(k->rsa->dmp1)) | |
1620 | - return SSH_ERR_ALLOC_FAIL; | |
1621 | - break; | |
1622 | - case KEY_DSA: | |
1623 | - case KEY_DSA_CERT: | |
1624 | - if (bn_maybe_alloc_failed(k->dsa->priv_key)) | |
1625 | - return SSH_ERR_ALLOC_FAIL; | |
1626 | - break; | |
1627 | -#undef bn_maybe_alloc_failed | |
1628 | - case KEY_ECDSA: | |
1629 | - case KEY_ECDSA_CERT: | |
1630 | - /* Cannot do anything until we know the group */ | |
1631 | - break; | |
1632 | -#endif /* WITH_OPENSSL */ | |
1633 | - case KEY_ED25519: | |
1634 | - case KEY_ED25519_CERT: | |
1635 | - case KEY_XMSS: | |
1636 | - case KEY_XMSS_CERT: | |
1637 | - /* no need to prealloc */ | |
1638 | - break; | |
1639 | - case KEY_UNSPEC: | |
1640 | - break; | |
1641 | - default: | |
1642 | - return SSH_ERR_INVALID_ARGUMENT; | |
1643 | - } | |
1644 | - return 0; | |
1645 | -} | |
1646 | - | |
1647 | +/* XXX garbage-collect this API */ | |
1648 | struct sshkey * | |
1649 | sshkey_new_private(int type) | |
1650 | { | |
1651 | @@ -601,10 +563,6 @@ sshkey_new_private(int type) | |
1652 | ||
1653 | if (k == NULL) | |
1654 | return NULL; | |
1655 | - if (sshkey_add_private(k) != 0) { | |
1656 | - sshkey_free(k); | |
1657 | - return NULL; | |
1658 | - } | |
1659 | return k; | |
1660 | } | |
1661 | ||
1662 | @@ -686,9 +644,15 @@ cert_compare(struct sshkey_cert *a, struct sshkey_cert *b) | |
1663 | int | |
1664 | sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) | |
1665 | { | |
1666 | -#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) | |
1667 | +#if defined(WITH_OPENSSL) | |
1668 | + const BIGNUM *rsa_e_a, *rsa_n_a; | |
1669 | + const BIGNUM *rsa_e_b, *rsa_n_b; | |
1670 | + const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a; | |
1671 | + const BIGNUM *dsa_p_b, *dsa_q_b, *dsa_g_b, *dsa_pub_key_b; | |
1672 | +# if defined(OPENSSL_HAS_ECC) | |
1673 | BN_CTX *bnctx; | |
1674 | -#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ | |
1675 | +# endif /* OPENSSL_HAS_ECC */ | |
1676 | +#endif /* WITH_OPENSSL */ | |
1677 | ||
1678 | if (a == NULL || b == NULL || | |
1679 | sshkey_type_plain(a->type) != sshkey_type_plain(b->type)) | |
1680 | @@ -698,16 +662,24 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) | |
1681 | #ifdef WITH_OPENSSL | |
1682 | case KEY_RSA_CERT: | |
1683 | case KEY_RSA: | |
1684 | - return a->rsa != NULL && b->rsa != NULL && | |
1685 | - BN_cmp(a->rsa->e, b->rsa->e) == 0 && | |
1686 | - BN_cmp(a->rsa->n, b->rsa->n) == 0; | |
1687 | + if (a->rsa == NULL || b->rsa == NULL) | |
1688 | + return 0; | |
1689 | + RSA_get0_key(a->rsa, &rsa_n_a, &rsa_e_a, NULL); | |
1690 | + RSA_get0_key(b->rsa, &rsa_n_b, &rsa_e_b, NULL); | |
1691 | + return BN_cmp(rsa_e_a, rsa_e_b) == 0 && | |
1692 | + BN_cmp(rsa_n_a, rsa_n_b) == 0; | |
1693 | case KEY_DSA_CERT: | |
1694 | case KEY_DSA: | |
1695 | - return a->dsa != NULL && b->dsa != NULL && | |
1696 | - BN_cmp(a->dsa->p, b->dsa->p) == 0 && | |
1697 | - BN_cmp(a->dsa->q, b->dsa->q) == 0 && | |
1698 | - BN_cmp(a->dsa->g, b->dsa->g) == 0 && | |
1699 | - BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; | |
1700 | + if (a->dsa == NULL || b->dsa == NULL) | |
1701 | + return 0; | |
1702 | + DSA_get0_pqg(a->dsa, &dsa_p_a, &dsa_q_a, &dsa_g_a); | |
1703 | + DSA_get0_pqg(b->dsa, &dsa_p_b, &dsa_q_b, &dsa_g_b); | |
1704 | + DSA_get0_key(a->dsa, &dsa_pub_key_a, NULL); | |
1705 | + DSA_get0_key(b->dsa, &dsa_pub_key_b, NULL); | |
1706 | + return BN_cmp(dsa_p_a, dsa_p_b) == 0 && | |
1707 | + BN_cmp(dsa_q_a, dsa_q_b) == 0 && | |
1708 | + BN_cmp(dsa_g_a, dsa_g_b) == 0 && | |
1709 | + BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0; | |
1710 | # ifdef OPENSSL_HAS_ECC | |
1711 | case KEY_ECDSA_CERT: | |
1712 | case KEY_ECDSA: | |
1713 | @@ -764,6 +736,9 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain, | |
1714 | { | |
1715 | int type, ret = SSH_ERR_INTERNAL_ERROR; | |
1716 | const char *typename; | |
1717 | +#ifdef WITH_OPENSSL | |
1718 | + const BIGNUM *rsa_n, *rsa_e, *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; | |
1719 | +#endif /* WITH_OPENSSL */ | |
1720 | ||
1721 | if (key == NULL) | |
1722 | return SSH_ERR_INVALID_ARGUMENT; | |
1723 | @@ -796,11 +771,13 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain, | |
1724 | case KEY_DSA: | |
1725 | if (key->dsa == NULL) | |
1726 | return SSH_ERR_INVALID_ARGUMENT; | |
1727 | + DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g); | |
1728 | + DSA_get0_key(key->dsa, &dsa_pub_key, NULL); | |
1729 | if ((ret = sshbuf_put_cstring(b, typename)) != 0 || | |
1730 | - (ret = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || | |
1731 | - (ret = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || | |
1732 | - (ret = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || | |
1733 | - (ret = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0) | |
1734 | + (ret = sshbuf_put_bignum2(b, dsa_p)) != 0 || | |
1735 | + (ret = sshbuf_put_bignum2(b, dsa_q)) != 0 || | |
1736 | + (ret = sshbuf_put_bignum2(b, dsa_g)) != 0 || | |
1737 | + (ret = sshbuf_put_bignum2(b, dsa_pub_key)) != 0) | |
1738 | return ret; | |
1739 | break; | |
1740 | # ifdef OPENSSL_HAS_ECC | |
1741 | @@ -817,9 +794,10 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain, | |
1742 | case KEY_RSA: | |
1743 | if (key->rsa == NULL) | |
1744 | return SSH_ERR_INVALID_ARGUMENT; | |
1745 | + RSA_get0_key(key->rsa, &rsa_n, &rsa_e, NULL); | |
1746 | if ((ret = sshbuf_put_cstring(b, typename)) != 0 || | |
1747 | - (ret = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || | |
1748 | - (ret = sshbuf_put_bignum2(b, key->rsa->n)) != 0) | |
1749 | + (ret = sshbuf_put_bignum2(b, rsa_e)) != 0 || | |
1750 | + (ret = sshbuf_put_bignum2(b, rsa_n)) != 0) | |
1751 | return ret; | |
1752 | break; | |
1753 | #endif /* WITH_OPENSSL */ | |
1754 | @@ -1767,59 +1745,95 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) | |
1755 | { | |
1756 | struct sshkey *n = NULL; | |
1757 | int ret = SSH_ERR_INTERNAL_ERROR; | |
1758 | + int r = SSH_ERR_INTERNAL_ERROR; | |
1759 | +#ifdef WITH_OPENSSL | |
1760 | + const BIGNUM *rsa_n, *rsa_e; | |
1761 | + BIGNUM *rsa_n_dup = NULL, *rsa_e_dup = NULL; | |
1762 | + const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; | |
1763 | + BIGNUM *dsa_p_dup = NULL, *dsa_q_dup = NULL, *dsa_g_dup = NULL; | |
1764 | + BIGNUM *dsa_pub_key_dup = NULL; | |
1765 | +#endif /* WITH_OPENSSL */ | |
1766 | ||
1767 | *pkp = NULL; | |
1768 | switch (k->type) { | |
1769 | #ifdef WITH_OPENSSL | |
1770 | case KEY_DSA: | |
1771 | case KEY_DSA_CERT: | |
1772 | - if ((n = sshkey_new(k->type)) == NULL) | |
1773 | - return SSH_ERR_ALLOC_FAIL; | |
1774 | - if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || | |
1775 | - (BN_copy(n->dsa->q, k->dsa->q) == NULL) || | |
1776 | - (BN_copy(n->dsa->g, k->dsa->g) == NULL) || | |
1777 | - (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) { | |
1778 | - sshkey_free(n); | |
1779 | - return SSH_ERR_ALLOC_FAIL; | |
1780 | + if ((n = sshkey_new(k->type)) == NULL) { | |
1781 | + r = SSH_ERR_ALLOC_FAIL; | |
1782 | + goto out; | |
1783 | + } | |
1784 | + | |
1785 | + DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g); | |
1786 | + DSA_get0_key(k->dsa, &dsa_pub_key, NULL); | |
1787 | + if ((dsa_p_dup = BN_dup(dsa_p)) == NULL || | |
1788 | + (dsa_q_dup = BN_dup(dsa_q)) == NULL || | |
1789 | + (dsa_g_dup = BN_dup(dsa_g)) == NULL || | |
1790 | + (dsa_pub_key_dup = BN_dup(dsa_pub_key)) == NULL) { | |
1791 | + r = SSH_ERR_ALLOC_FAIL; | |
1792 | + goto out; | |
1793 | } | |
1794 | + if (!DSA_set0_pqg(n->dsa, dsa_p_dup, dsa_q_dup, dsa_g_dup)) { | |
1795 | + r = SSH_ERR_LIBCRYPTO_ERROR; | |
1796 | + goto out; | |
1797 | + } | |
1798 | + dsa_p_dup = dsa_q_dup = dsa_g_dup = NULL; /* transferred */ | |
1799 | + if (!DSA_set0_key(n->dsa, dsa_pub_key_dup, NULL)) { | |
1800 | + r = SSH_ERR_LIBCRYPTO_ERROR; | |
1801 | + goto out; | |
1802 | + } | |
1803 | + dsa_pub_key_dup = NULL; /* transferred */ | |
1804 | + | |
1805 | break; | |
1806 | # ifdef OPENSSL_HAS_ECC | |
1807 | case KEY_ECDSA: | |
1808 | case KEY_ECDSA_CERT: | |
1809 | - if ((n = sshkey_new(k->type)) == NULL) | |
1810 | - return SSH_ERR_ALLOC_FAIL; | |
1811 | + if ((n = sshkey_new(k->type)) == NULL) { | |
1812 | + r = SSH_ERR_ALLOC_FAIL; | |
1813 | + goto out; | |
1814 | + } | |
1815 | n->ecdsa_nid = k->ecdsa_nid; | |
1816 | n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); | |
1817 | if (n->ecdsa == NULL) { | |
1818 | - sshkey_free(n); | |
1819 | - return SSH_ERR_ALLOC_FAIL; | |
1820 | + r = SSH_ERR_ALLOC_FAIL; | |
1821 | + goto out; | |
1822 | } | |
1823 | if (EC_KEY_set_public_key(n->ecdsa, | |
1824 | EC_KEY_get0_public_key(k->ecdsa)) != 1) { | |
1825 | - sshkey_free(n); | |
1826 | - return SSH_ERR_LIBCRYPTO_ERROR; | |
1827 | + r = SSH_ERR_LIBCRYPTO_ERROR; | |
1828 | + goto out; | |
1829 | } | |
1830 | break; | |
1831 | # endif /* OPENSSL_HAS_ECC */ | |
1832 | case KEY_RSA: | |
1833 | case KEY_RSA_CERT: | |
1834 | - if ((n = sshkey_new(k->type)) == NULL) | |
1835 | - return SSH_ERR_ALLOC_FAIL; | |
1836 | - if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || | |
1837 | - (BN_copy(n->rsa->e, k->rsa->e) == NULL)) { | |
1838 | - sshkey_free(n); | |
1839 | - return SSH_ERR_ALLOC_FAIL; | |
1840 | + if ((n = sshkey_new(k->type)) == NULL) { | |
1841 | + r = SSH_ERR_ALLOC_FAIL; | |
1842 | + goto out; | |
1843 | } | |
1844 | + RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL); | |
1845 | + if ((rsa_n_dup = BN_dup(rsa_n)) == NULL || | |
1846 | + (rsa_e_dup = BN_dup(rsa_e)) == NULL) { | |
1847 | + r = SSH_ERR_ALLOC_FAIL; | |
1848 | + goto out; | |
1849 | + } | |
1850 | + if (!RSA_set0_key(n->rsa, rsa_n_dup, rsa_e_dup, NULL)) { | |
1851 | + r = SSH_ERR_LIBCRYPTO_ERROR; | |
1852 | + goto out; | |
1853 | + } | |
1854 | + rsa_n_dup = rsa_e_dup = NULL; /* transferred */ | |
1855 | break; | |
1856 | #endif /* WITH_OPENSSL */ | |
1857 | case KEY_ED25519: | |
1858 | case KEY_ED25519_CERT: | |
1859 | - if ((n = sshkey_new(k->type)) == NULL) | |
1860 | - return SSH_ERR_ALLOC_FAIL; | |
1861 | + if ((n = sshkey_new(k->type)) == NULL) { | |
1862 | + r = SSH_ERR_ALLOC_FAIL; | |
1863 | + goto out; | |
1864 | + } | |
1865 | if (k->ed25519_pk != NULL) { | |
1866 | if ((n->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) { | |
1867 | - sshkey_free(n); | |
1868 | - return SSH_ERR_ALLOC_FAIL; | |
1869 | + r = SSH_ERR_ALLOC_FAIL; | |
1870 | + goto out; | |
1871 | } | |
1872 | memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); | |
1873 | } | |
1874 | @@ -1827,37 +1841,46 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) | |
1875 | #ifdef WITH_XMSS | |
1876 | case KEY_XMSS: | |
1877 | case KEY_XMSS_CERT: | |
1878 | - if ((n = sshkey_new(k->type)) == NULL) | |
1879 | - return SSH_ERR_ALLOC_FAIL; | |
1880 | - if ((ret = sshkey_xmss_init(n, k->xmss_name)) != 0) { | |
1881 | - sshkey_free(n); | |
1882 | - return ret; | |
1883 | + if ((n = sshkey_new(k->type)) == NULL) { | |
1884 | + r = SSH_ERR_ALLOC_FAIL; | |
1885 | + goto out; | |
1886 | } | |
1887 | + if ((r = sshkey_xmss_init(n, k->xmss_name)) != 0) | |
1888 | + goto out; | |
1889 | if (k->xmss_pk != NULL) { | |
1890 | size_t pklen = sshkey_xmss_pklen(k); | |
1891 | if (pklen == 0 || sshkey_xmss_pklen(n) != pklen) { | |
1892 | - sshkey_free(n); | |
1893 | - return SSH_ERR_INTERNAL_ERROR; | |
1894 | + r = SSH_ERR_INTERNAL_ERROR; | |
1895 | + goto out; | |
1896 | } | |
1897 | if ((n->xmss_pk = malloc(pklen)) == NULL) { | |
1898 | - sshkey_free(n); | |
1899 | - return SSH_ERR_ALLOC_FAIL; | |
1900 | + r = SSH_ERR_ALLOC_FAIL; | |
1901 | + goto out; | |
1902 | } | |
1903 | memcpy(n->xmss_pk, k->xmss_pk, pklen); | |
1904 | } | |
1905 | break; | |
1906 | #endif /* WITH_XMSS */ | |
1907 | default: | |
1908 | - return SSH_ERR_KEY_TYPE_UNKNOWN; | |
1909 | - } | |
1910 | - if (sshkey_is_cert(k)) { | |
1911 | - if ((ret = sshkey_cert_copy(k, n)) != 0) { | |
1912 | - sshkey_free(n); | |
1913 | - return ret; | |
1914 | - } | |
1915 | + r = SSH_ERR_KEY_TYPE_UNKNOWN; | |
1916 | + goto out; | |
1917 | } | |
1918 | + if (sshkey_is_cert(k) && (r = sshkey_cert_copy(k, n)) != 0) | |
1919 | + goto out; | |
1920 | + /* success */ | |
1921 | *pkp = n; | |
1922 | - return 0; | |
1923 | + n = NULL; | |
1924 | + r = 0; | |
1925 | + out: | |
1926 | + sshkey_free(n); | |
1927 | + BN_clear_free(rsa_n_dup); | |
1928 | + BN_clear_free(rsa_e_dup); | |
1929 | + BN_clear_free(dsa_p_dup); | |
1930 | + BN_clear_free(dsa_q_dup); | |
1931 | + BN_clear_free(dsa_g_dup); | |
1932 | + BN_clear_free(dsa_pub_key_dup); | |
1933 | + | |
1934 | + return r; | |
1935 | } | |
1936 | ||
1937 | static int | |
1938 | @@ -1985,6 +2008,17 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) | |
1939 | return ret; | |
1940 | } | |
1941 | ||
1942 | +static int | |
1943 | +check_rsa_length(const RSA *rsa) | |
1944 | +{ | |
1945 | + const BIGNUM *rsa_n; | |
1946 | + | |
1947 | + RSA_get0_key(rsa, &rsa_n, NULL, NULL); | |
1948 | + if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE) | |
1949 | + return SSH_ERR_KEY_LENGTH; | |
1950 | + return 0; | |
1951 | +} | |
1952 | + | |
1953 | static int | |
1954 | sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, | |
1955 | int allow_cert) | |
1956 | @@ -1995,9 +2029,13 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, | |
1957 | size_t len; | |
1958 | u_char *pk = NULL; | |
1959 | struct sshbuf *copy; | |
1960 | -#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) | |
1961 | +#if defined(WITH_OPENSSL) | |
1962 | + BIGNUM *rsa_n = NULL, *rsa_e = NULL; | |
1963 | + BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL, *dsa_pub_key = NULL; | |
1964 | +# if defined(OPENSSL_HAS_ECC) | |
1965 | EC_POINT *q = NULL; | |
1966 | -#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ | |
1967 | +# endif /* OPENSSL_HAS_ECC */ | |
1968 | +#endif /* WITH_OPENSSL */ | |
1969 | ||
1970 | #ifdef DEBUG_PK /* XXX */ | |
1971 | sshbuf_dump(b, stderr); | |
1972 | @@ -2032,15 +2070,23 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, | |
1973 | ret = SSH_ERR_ALLOC_FAIL; | |
1974 | goto out; | |
1975 | } | |
1976 | - if (sshbuf_get_bignum2(b, key->rsa->e) != 0 || | |
1977 | - sshbuf_get_bignum2(b, key->rsa->n) != 0) { | |
1978 | + if ((rsa_e = BN_new()) == NULL || | |
1979 | + (rsa_n = BN_new()) == NULL) { | |
1980 | + ret = SSH_ERR_ALLOC_FAIL; | |
1981 | + goto out; | |
1982 | + } | |
1983 | + if (sshbuf_get_bignum2(b, rsa_e) != 0 || | |
1984 | + sshbuf_get_bignum2(b, rsa_n) != 0) { | |
1985 | ret = SSH_ERR_INVALID_FORMAT; | |
1986 | goto out; | |
1987 | } | |
1988 | - if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { | |
1989 | - ret = SSH_ERR_KEY_LENGTH; | |
1990 | + if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, NULL)) { | |
1991 | + ret = SSH_ERR_LIBCRYPTO_ERROR; | |
1992 | goto out; | |
1993 | } | |
1994 | + rsa_n = rsa_e = NULL; /* transferred */ | |
1995 | + if ((ret = check_rsa_length(key->rsa)) != 0) | |
1996 | + goto out; | |
1997 | #ifdef DEBUG_PK | |
1998 | RSA_print_fp(stderr, key->rsa, 8); | |
1999 | #endif | |
2000 | @@ -2057,13 +2103,30 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, | |
2001 | ret = SSH_ERR_ALLOC_FAIL; | |
2002 | goto out; | |
2003 | } | |
2004 | - if (sshbuf_get_bignum2(b, key->dsa->p) != 0 || | |
2005 | - sshbuf_get_bignum2(b, key->dsa->q) != 0 || | |
2006 | - sshbuf_get_bignum2(b, key->dsa->g) != 0 || | |
2007 | - sshbuf_get_bignum2(b, key->dsa->pub_key) != 0) { | |
2008 | + if ((dsa_p = BN_new()) == NULL || | |
2009 | + (dsa_q = BN_new()) == NULL || | |
2010 | + (dsa_g = BN_new()) == NULL || | |
2011 | + (dsa_pub_key = BN_new()) == NULL) { | |
2012 | + ret = SSH_ERR_ALLOC_FAIL; | |
2013 | + goto out; | |
2014 | + } | |
2015 | + if (sshbuf_get_bignum2(b, dsa_p) != 0 || | |
2016 | + sshbuf_get_bignum2(b, dsa_q) != 0 || | |
2017 | + sshbuf_get_bignum2(b, dsa_g) != 0 || | |
2018 | + sshbuf_get_bignum2(b, dsa_pub_key) != 0) { | |
2019 | ret = SSH_ERR_INVALID_FORMAT; | |
2020 | goto out; | |
2021 | } | |
2022 | + if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g)) { | |
2023 | + ret = SSH_ERR_LIBCRYPTO_ERROR; | |
2024 | + goto out; | |
2025 | + } | |
2026 | + dsa_p = dsa_q = dsa_g = NULL; /* transferred */ | |
2027 | + if (!DSA_set0_key(key->dsa, dsa_pub_key, NULL)) { | |
2028 | + ret = SSH_ERR_LIBCRYPTO_ERROR; | |
2029 | + goto out; | |
2030 | + } | |
2031 | + dsa_pub_key = NULL; /* transferred */ | |
2032 | #ifdef DEBUG_PK | |
2033 | DSA_print_fp(stderr, key->dsa, 8); | |
2034 | #endif | |
2035 | @@ -2197,9 +2260,17 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, | |
2036 | free(ktype); | |
2037 | free(curve); | |
2038 | free(pk); | |
2039 | -#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) | |
2040 | +#if defined(WITH_OPENSSL) | |
2041 | + BN_clear_free(rsa_n); | |
2042 | + BN_clear_free(rsa_e); | |
2043 | + BN_clear_free(dsa_p); | |
2044 | + BN_clear_free(dsa_q); | |
2045 | + BN_clear_free(dsa_g); | |
2046 | + BN_clear_free(dsa_pub_key); | |
2047 | +# if defined(OPENSSL_HAS_ECC) | |
2048 | EC_POINT_free(q); | |
2049 | -#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ | |
2050 | +# endif /* OPENSSL_HAS_ECC */ | |
2051 | +#endif /* WITH_OPENSSL */ | |
2052 | return ret; | |
2053 | } | |
2054 | ||
2055 | @@ -2401,120 +2472,6 @@ sshkey_verify(const struct sshkey *key, | |
2056 | } | |
2057 | } | |
2058 | ||
2059 | -/* Converts a private to a public key */ | |
2060 | -int | |
2061 | -sshkey_demote(const struct sshkey *k, struct sshkey **dkp) | |
2062 | -{ | |
2063 | - struct sshkey *pk; | |
2064 | - int ret = SSH_ERR_INTERNAL_ERROR; | |
2065 | - | |
2066 | - *dkp = NULL; | |
2067 | - if ((pk = calloc(1, sizeof(*pk))) == NULL) | |
2068 | - return SSH_ERR_ALLOC_FAIL; | |
2069 | - pk->type = k->type; | |
2070 | - pk->flags = k->flags; | |
2071 | - pk->ecdsa_nid = k->ecdsa_nid; | |
2072 | - pk->dsa = NULL; | |
2073 | - pk->ecdsa = NULL; | |
2074 | - pk->rsa = NULL; | |
2075 | - pk->ed25519_pk = NULL; | |
2076 | - pk->ed25519_sk = NULL; | |
2077 | - pk->xmss_pk = NULL; | |
2078 | - pk->xmss_sk = NULL; | |
2079 | - | |
2080 | - switch (k->type) { | |
2081 | -#ifdef WITH_OPENSSL | |
2082 | - case KEY_RSA_CERT: | |
2083 | - if ((ret = sshkey_cert_copy(k, pk)) != 0) | |
2084 | - goto fail; | |
2085 | - /* FALLTHROUGH */ | |
2086 | - case KEY_RSA: | |
2087 | - if ((pk->rsa = RSA_new()) == NULL || | |
2088 | - (pk->rsa->e = BN_dup(k->rsa->e)) == NULL || | |
2089 | - (pk->rsa->n = BN_dup(k->rsa->n)) == NULL) { | |
2090 | - ret = SSH_ERR_ALLOC_FAIL; | |
2091 | - goto fail; | |
2092 | - } | |
2093 | - break; | |
2094 | - case KEY_DSA_CERT: | |
2095 | - if ((ret = sshkey_cert_copy(k, pk)) != 0) | |
2096 | - goto fail; | |
2097 | - /* FALLTHROUGH */ | |
2098 | - case KEY_DSA: | |
2099 | - if ((pk->dsa = DSA_new()) == NULL || | |
2100 | - (pk->dsa->p = BN_dup(k->dsa->p)) == NULL || | |
2101 | - (pk->dsa->q = BN_dup(k->dsa->q)) == NULL || | |
2102 | - (pk->dsa->g = BN_dup(k->dsa->g)) == NULL || | |
2103 | - (pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) { | |
2104 | - ret = SSH_ERR_ALLOC_FAIL; | |
2105 | - goto fail; | |
2106 | - } | |
2107 | - break; | |
2108 | - case KEY_ECDSA_CERT: | |
2109 | - if ((ret = sshkey_cert_copy(k, pk)) != 0) | |
2110 | - goto fail; | |
2111 | - /* FALLTHROUGH */ | |
2112 | -# ifdef OPENSSL_HAS_ECC | |
2113 | - case KEY_ECDSA: | |
2114 | - pk->ecdsa = EC_KEY_new_by_curve_name(pk->ecdsa_nid); | |
2115 | - if (pk->ecdsa == NULL) { | |
2116 | - ret = SSH_ERR_ALLOC_FAIL; | |
2117 | - goto fail; | |
2118 | - } | |
2119 | - if (EC_KEY_set_public_key(pk->ecdsa, | |
2120 | - EC_KEY_get0_public_key(k->ecdsa)) != 1) { | |
2121 | - ret = SSH_ERR_LIBCRYPTO_ERROR; | |
2122 | - goto fail; | |
2123 | - } | |
2124 | - break; | |
2125 | -# endif /* OPENSSL_HAS_ECC */ | |
2126 | -#endif /* WITH_OPENSSL */ | |
2127 | - case KEY_ED25519_CERT: | |
2128 | - if ((ret = sshkey_cert_copy(k, pk)) != 0) | |
2129 | - goto fail; | |
2130 | - /* FALLTHROUGH */ | |
2131 | - case KEY_ED25519: | |
2132 | - if (k->ed25519_pk != NULL) { | |
2133 | - if ((pk->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) { | |
2134 | - ret = SSH_ERR_ALLOC_FAIL; | |
2135 | - goto fail; | |
2136 | - } | |
2137 | - memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); | |
2138 | - } | |
2139 | - break; | |
2140 | -#ifdef WITH_XMSS | |
2141 | - case KEY_XMSS_CERT: | |
2142 | - if ((ret = sshkey_cert_copy(k, pk)) != 0) | |
2143 | - goto fail; | |
2144 | - /* FALLTHROUGH */ | |
2145 | - case KEY_XMSS: | |
2146 | - if ((ret = sshkey_xmss_init(pk, k->xmss_name)) != 0) | |
2147 | - goto fail; | |
2148 | - if (k->xmss_pk != NULL) { | |
2149 | - size_t pklen = sshkey_xmss_pklen(k); | |
2150 | - | |
2151 | - if (pklen == 0 || sshkey_xmss_pklen(pk) != pklen) { | |
2152 | - ret = SSH_ERR_INTERNAL_ERROR; | |
2153 | - goto fail; | |
2154 | - } | |
2155 | - if ((pk->xmss_pk = malloc(pklen)) == NULL) { | |
2156 | - ret = SSH_ERR_ALLOC_FAIL; | |
2157 | - goto fail; | |
2158 | - } | |
2159 | - memcpy(pk->xmss_pk, k->xmss_pk, pklen); | |
2160 | - } | |
2161 | - break; | |
2162 | -#endif /* WITH_XMSS */ | |
2163 | - default: | |
2164 | - ret = SSH_ERR_KEY_TYPE_UNKNOWN; | |
2165 | - fail: | |
2166 | - sshkey_free(pk); | |
2167 | - return ret; | |
2168 | - } | |
2169 | - *dkp = pk; | |
2170 | - return 0; | |
2171 | -} | |
2172 | - | |
2173 | /* Convert a plain key to their _CERT equivalent */ | |
2174 | int | |
2175 | sshkey_to_certified(struct sshkey *k) | |
2176 | @@ -2573,6 +2530,9 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, | |
2177 | int ret = SSH_ERR_INTERNAL_ERROR; | |
2178 | struct sshbuf *cert = NULL; | |
2179 | char *sigtype = NULL; | |
2180 | +#ifdef WITH_OPENSSL | |
2181 | + const BIGNUM *rsa_n, *rsa_e, *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; | |
2182 | +#endif /* WITH_OPENSSL */ | |
2183 | ||
2184 | if (k == NULL || k->cert == NULL || | |
2185 | k->cert->certblob == NULL || ca == NULL) | |
2186 | @@ -2609,10 +2569,12 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, | |
2187 | switch (k->type) { | |
2188 | #ifdef WITH_OPENSSL | |
2189 | case KEY_DSA_CERT: | |
2190 | - if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 || | |
2191 | - (ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 || | |
2192 | - (ret = sshbuf_put_bignum2(cert, k->dsa->g)) != 0 || | |
2193 | - (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0) | |
2194 | + DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g); | |
2195 | + DSA_get0_key(k->dsa, &dsa_pub_key, NULL); | |
2196 | + if ((ret = sshbuf_put_bignum2(cert, dsa_p)) != 0 || | |
2197 | + (ret = sshbuf_put_bignum2(cert, dsa_q)) != 0 || | |
2198 | + (ret = sshbuf_put_bignum2(cert, dsa_g)) != 0 || | |
2199 | + (ret = sshbuf_put_bignum2(cert, dsa_pub_key)) != 0) | |
2200 | goto out; | |
2201 | break; | |
2202 | # ifdef OPENSSL_HAS_ECC | |
2203 | @@ -2626,8 +2588,9 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, | |
2204 | break; | |
2205 | # endif /* OPENSSL_HAS_ECC */ | |
2206 | case KEY_RSA_CERT: | |
2207 | - if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 || | |
2208 | - (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0) | |
2209 | + RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL); | |
2210 | + if ((ret = sshbuf_put_bignum2(cert, rsa_e)) != 0 || | |
2211 | + (ret = sshbuf_put_bignum2(cert, rsa_n)) != 0) | |
2212 | goto out; | |
2213 | break; | |
2214 | #endif /* WITH_OPENSSL */ | |
2215 | @@ -2820,18 +2783,25 @@ sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *b, | |
2216 | enum sshkey_serialize_rep opts) | |
2217 | { | |
2218 | int r = SSH_ERR_INTERNAL_ERROR; | |
2219 | +#ifdef WITH_OPENSSL | |
2220 | + const BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_iqmp, *rsa_p, *rsa_q; | |
2221 | + const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key, *dsa_priv_key; | |
2222 | +#endif /* WITH_OPENSSL */ | |
2223 | ||
2224 | if ((r = sshbuf_put_cstring(b, sshkey_ssh_name(key))) != 0) | |
2225 | goto out; | |
2226 | switch (key->type) { | |
2227 | #ifdef WITH_OPENSSL | |
2228 | case KEY_RSA: | |
2229 | - if ((r = sshbuf_put_bignum2(b, key->rsa->n)) != 0 || | |
2230 | - (r = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || | |
2231 | - (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || | |
2232 | - (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || | |
2233 | - (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || | |
2234 | - (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) | |
2235 | + RSA_get0_key(key->rsa, &rsa_n, &rsa_e, &rsa_d); | |
2236 | + RSA_get0_factors(key->rsa, &rsa_p, &rsa_q); | |
2237 | + RSA_get0_crt_params(key->rsa, NULL, NULL, &rsa_iqmp); | |
2238 | + if ((r = sshbuf_put_bignum2(b, rsa_n)) != 0 || | |
2239 | + (r = sshbuf_put_bignum2(b, rsa_e)) != 0 || | |
2240 | + (r = sshbuf_put_bignum2(b, rsa_d)) != 0 || | |
2241 | + (r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 || | |
2242 | + (r = sshbuf_put_bignum2(b, rsa_p)) != 0 || | |
2243 | + (r = sshbuf_put_bignum2(b, rsa_q)) != 0) | |
2244 | goto out; | |
2245 | break; | |
2246 | case KEY_RSA_CERT: | |
2247 | @@ -2839,19 +2809,24 @@ sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *b, | |
2248 | r = SSH_ERR_INVALID_ARGUMENT; | |
2249 | goto out; | |
2250 | } | |
2251 | + RSA_get0_key(key->rsa, NULL, NULL, &rsa_d); | |
2252 | + RSA_get0_factors(key->rsa, &rsa_p, &rsa_q); | |
2253 | + RSA_get0_crt_params(key->rsa, NULL, NULL, &rsa_iqmp); | |
2254 | if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || | |
2255 | - (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || | |
2256 | - (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || | |
2257 | - (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || | |
2258 | - (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) | |
2259 | + (r = sshbuf_put_bignum2(b, rsa_d)) != 0 || | |
2260 | + (r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 || | |
2261 | + (r = sshbuf_put_bignum2(b, rsa_p)) != 0 || | |
2262 | + (r = sshbuf_put_bignum2(b, rsa_q)) != 0) | |
2263 | goto out; | |
2264 | break; | |
2265 | case KEY_DSA: | |
2266 | - if ((r = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || | |
2267 | - (r = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || | |
2268 | - (r = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || | |
2269 | - (r = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0 || | |
2270 | - (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) | |
2271 | + DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g); | |
2272 | + DSA_get0_key(key->dsa, &dsa_pub_key, &dsa_priv_key); | |
2273 | + if ((r = sshbuf_put_bignum2(b, dsa_p)) != 0 || | |
2274 | + (r = sshbuf_put_bignum2(b, dsa_q)) != 0 || | |
2275 | + (r = sshbuf_put_bignum2(b, dsa_g)) != 0 || | |
2276 | + (r = sshbuf_put_bignum2(b, dsa_pub_key)) != 0 || | |
2277 | + (r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0) | |
2278 | goto out; | |
2279 | break; | |
2280 | case KEY_DSA_CERT: | |
2281 | @@ -2859,8 +2834,9 @@ sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *b, | |
2282 | r = SSH_ERR_INVALID_ARGUMENT; | |
2283 | goto out; | |
2284 | } | |
2285 | + DSA_get0_key(key->dsa, NULL, &dsa_priv_key); | |
2286 | if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || | |
2287 | - (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) | |
2288 | + (r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0) | |
2289 | goto out; | |
2290 | break; | |
2291 | # ifdef OPENSSL_HAS_ECC | |
2292 | @@ -2961,6 +2937,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |
2293 | u_char *xmss_pk = NULL, *xmss_sk = NULL; | |
2294 | #ifdef WITH_OPENSSL | |
2295 | BIGNUM *exponent = NULL; | |
2296 | + BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; | |
2297 | + BIGNUM *rsa_iqmp = NULL, *rsa_p = NULL, *rsa_q = NULL; | |
2298 | + BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL; | |
2299 | + BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL; | |
2300 | #endif /* WITH_OPENSSL */ | |
2301 | ||
2302 | if (kp != NULL) | |
2303 | @@ -2975,18 +2955,44 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |
2304 | r = SSH_ERR_ALLOC_FAIL; | |
2305 | goto out; | |
2306 | } | |
2307 | - if ((r = sshbuf_get_bignum2(buf, k->dsa->p)) != 0 || | |
2308 | - (r = sshbuf_get_bignum2(buf, k->dsa->q)) != 0 || | |
2309 | - (r = sshbuf_get_bignum2(buf, k->dsa->g)) != 0 || | |
2310 | - (r = sshbuf_get_bignum2(buf, k->dsa->pub_key)) != 0 || | |
2311 | - (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) | |
2312 | + if ((dsa_p = BN_new()) == NULL || | |
2313 | + (dsa_q = BN_new()) == NULL || | |
2314 | + (dsa_g = BN_new()) == NULL || | |
2315 | + (dsa_pub_key = BN_new()) == NULL || | |
2316 | + (dsa_priv_key = BN_new()) == NULL) { | |
2317 | + r = SSH_ERR_ALLOC_FAIL; | |
2318 | + goto out; | |
2319 | + } | |
2320 | + if ((r = sshbuf_get_bignum2(buf, dsa_p)) != 0 || | |
2321 | + (r = sshbuf_get_bignum2(buf, dsa_q)) != 0 || | |
2322 | + (r = sshbuf_get_bignum2(buf, dsa_g)) != 0 || | |
2323 | + (r = sshbuf_get_bignum2(buf, dsa_pub_key)) != 0 || | |
2324 | + (r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0) | |
2325 | goto out; | |
2326 | + if (!DSA_set0_pqg(k->dsa, dsa_p, dsa_q, dsa_g)) { | |
2327 | + r = SSH_ERR_LIBCRYPTO_ERROR; | |
2328 | + goto out; | |
2329 | + } | |
2330 | + dsa_p = dsa_q = dsa_g = NULL; /* transferred */ | |
2331 | + if (!DSA_set0_key(k->dsa, dsa_pub_key, dsa_priv_key)) { | |
2332 | + r = SSH_ERR_LIBCRYPTO_ERROR; | |
2333 | + goto out; | |
2334 | + } | |
2335 | + dsa_pub_key = dsa_priv_key = NULL; /* transferred */ | |
2336 | break; | |
2337 | case KEY_DSA_CERT: | |
2338 | + if ((dsa_priv_key = BN_new()) == NULL) { | |
2339 | + r = SSH_ERR_ALLOC_FAIL; | |
2340 | + goto out; | |
2341 | + } | |
2342 | if ((r = sshkey_froms(buf, &k)) != 0 || | |
2343 | - (r = sshkey_add_private(k)) != 0 || | |
2344 | - (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) | |
2345 | + (r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0) | |
2346 | + goto out; | |
2347 | + if (!DSA_set0_key(k->dsa, NULL, dsa_priv_key)) { | |
2348 | + r = SSH_ERR_LIBCRYPTO_ERROR; | |
2349 | goto out; | |
2350 | + } | |
2351 | + dsa_priv_key = NULL; /* transferred */ | |
2352 | break; | |
2353 | # ifdef OPENSSL_HAS_ECC | |
2354 | case KEY_ECDSA: | |
2355 | @@ -3027,7 +3033,6 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |
2356 | goto out; | |
2357 | } | |
2358 | if ((r = sshkey_froms(buf, &k)) != 0 || | |
2359 | - (r = sshkey_add_private(k)) != 0 || | |
2360 | (r = sshbuf_get_bignum2(buf, exponent)) != 0) | |
2361 | goto out; | |
2362 | if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { | |
2363 | @@ -3045,32 +3050,65 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |
2364 | r = SSH_ERR_ALLOC_FAIL; | |
2365 | goto out; | |
2366 | } | |
2367 | - if ((r = sshbuf_get_bignum2(buf, k->rsa->n)) != 0 || | |
2368 | - (r = sshbuf_get_bignum2(buf, k->rsa->e)) != 0 || | |
2369 | - (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || | |
2370 | - (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || | |
2371 | - (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || | |
2372 | - (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || | |
2373 | - (r = ssh_rsa_generate_additional_parameters(k)) != 0) | |
2374 | + if ((rsa_n = BN_new()) == NULL || | |
2375 | + (rsa_e = BN_new()) == NULL || | |
2376 | + (rsa_d = BN_new()) == NULL || | |
2377 | + (rsa_iqmp = BN_new()) == NULL || | |
2378 | + (rsa_p = BN_new()) == NULL || | |
2379 | + (rsa_q = BN_new()) == NULL) { | |
2380 | + r = SSH_ERR_ALLOC_FAIL; | |
2381 | + goto out; | |
2382 | + } | |
2383 | + if ((r = sshbuf_get_bignum2(buf, rsa_n)) != 0 || | |
2384 | + (r = sshbuf_get_bignum2(buf, rsa_e)) != 0 || | |
2385 | + (r = sshbuf_get_bignum2(buf, rsa_d)) != 0 || | |
2386 | + (r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 || | |
2387 | + (r = sshbuf_get_bignum2(buf, rsa_p)) != 0 || | |
2388 | + (r = sshbuf_get_bignum2(buf, rsa_q)) != 0) | |
2389 | goto out; | |
2390 | - if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { | |
2391 | - r = SSH_ERR_KEY_LENGTH; | |
2392 | + if (!RSA_set0_key(k->rsa, rsa_n, rsa_e, rsa_d)) { | |
2393 | + r = SSH_ERR_LIBCRYPTO_ERROR; | |
2394 | + goto out; | |
2395 | + } | |
2396 | + rsa_n = rsa_e = rsa_d = NULL; /* transferred */ | |
2397 | + if (!RSA_set0_factors(k->rsa, rsa_p, rsa_q)) { | |
2398 | + r = SSH_ERR_LIBCRYPTO_ERROR; | |
2399 | goto out; | |
2400 | } | |
2401 | + rsa_p = rsa_q = NULL; /* transferred */ | |
2402 | + if ((r = check_rsa_length(k->rsa)) != 0) | |
2403 | + goto out; | |
2404 | + if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0) | |
2405 | + goto out; | |
2406 | break; | |
2407 | case KEY_RSA_CERT: | |
2408 | + if ((rsa_d = BN_new()) == NULL || | |
2409 | + (rsa_iqmp = BN_new()) == NULL || | |
2410 | + (rsa_p = BN_new()) == NULL || | |
2411 | + (rsa_q = BN_new()) == NULL) { | |
2412 | + r = SSH_ERR_ALLOC_FAIL; | |
2413 | + goto out; | |
2414 | + } | |
2415 | if ((r = sshkey_froms(buf, &k)) != 0 || | |
2416 | - (r = sshkey_add_private(k)) != 0 || | |
2417 | - (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || | |
2418 | - (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || | |
2419 | - (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || | |
2420 | - (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || | |
2421 | - (r = ssh_rsa_generate_additional_parameters(k)) != 0) | |
2422 | + (r = sshbuf_get_bignum2(buf, rsa_d)) != 0 || | |
2423 | + (r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 || | |
2424 | + (r = sshbuf_get_bignum2(buf, rsa_p)) != 0 || | |
2425 | + (r = sshbuf_get_bignum2(buf, rsa_q)) != 0) | |
2426 | + goto out; | |
2427 | + if (!RSA_set0_key(k->rsa, NULL, NULL, rsa_d)) { | |
2428 | + r = SSH_ERR_LIBCRYPTO_ERROR; | |
2429 | goto out; | |
2430 | - if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { | |
2431 | - r = SSH_ERR_KEY_LENGTH; | |
2432 | + } | |
2433 | + rsa_d = NULL; /* transferred */ | |
2434 | + if (!RSA_set0_factors(k->rsa, rsa_p, rsa_q)) { | |
2435 | + r = SSH_ERR_LIBCRYPTO_ERROR; | |
2436 | goto out; | |
2437 | } | |
2438 | + rsa_p = rsa_q = NULL; /* transferred */ | |
2439 | + if ((r = check_rsa_length(k->rsa)) != 0) | |
2440 | + goto out; | |
2441 | + if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0) | |
2442 | + goto out; | |
2443 | break; | |
2444 | #endif /* WITH_OPENSSL */ | |
2445 | case KEY_ED25519: | |
2446 | @@ -3091,7 +3129,6 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |
2447 | break; | |
2448 | case KEY_ED25519_CERT: | |
2449 | if ((r = sshkey_froms(buf, &k)) != 0 || | |
2450 | - (r = sshkey_add_private(k)) != 0 || | |
2451 | (r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 || | |
2452 | (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0) | |
2453 | goto out; | |
2454 | @@ -3128,7 +3165,6 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |
2455 | break; | |
2456 | case KEY_XMSS_CERT: | |
2457 | if ((r = sshkey_froms(buf, &k)) != 0 || | |
2458 | - (r = sshkey_add_private(k)) != 0 || | |
2459 | (r = sshbuf_get_cstring(buf, &xmss_name, NULL)) != 0 || | |
2460 | (r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 || | |
2461 | (r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0) | |
2462 | @@ -3177,6 +3213,17 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |
2463 | free(curve); | |
2464 | #ifdef WITH_OPENSSL | |
2465 | BN_clear_free(exponent); | |
2466 | + BN_clear_free(dsa_p); | |
2467 | + BN_clear_free(dsa_q); | |
2468 | + BN_clear_free(dsa_g); | |
2469 | + BN_clear_free(dsa_pub_key); | |
2470 | + BN_clear_free(dsa_priv_key); | |
2471 | + BN_clear_free(rsa_n); | |
2472 | + BN_clear_free(rsa_e); | |
2473 | + BN_clear_free(rsa_d); | |
2474 | + BN_clear_free(rsa_p); | |
2475 | + BN_clear_free(rsa_q); | |
2476 | + BN_clear_free(rsa_iqmp); | |
2477 | #endif /* WITH_OPENSSL */ | |
2478 | sshkey_free(k); | |
2479 | freezero(ed25519_pk, pklen); | |
2480 | @@ -3831,7 +3878,9 @@ translate_libcrypto_error(unsigned long pem_err) | |
2481 | switch (pem_reason) { | |
2482 | case EVP_R_BAD_DECRYPT: | |
2483 | return SSH_ERR_KEY_WRONG_PASSPHRASE; | |
2484 | +#ifdef EVP_R_BN_DECODE_ERROR | |
2485 | case EVP_R_BN_DECODE_ERROR: | |
2486 | +#endif | |
2487 | case EVP_R_DECODE_ERROR: | |
2488 | #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR | |
2489 | case EVP_R_PRIVATE_KEY_DECODE_ERROR: | |
2490 | @@ -3896,7 +3945,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, | |
2491 | r = convert_libcrypto_error(); | |
2492 | goto out; | |
2493 | } | |
2494 | - if (pk->type == EVP_PKEY_RSA && | |
2495 | + if (EVP_PKEY_base_id(pk) == EVP_PKEY_RSA && | |
2496 | (type == KEY_UNSPEC || type == KEY_RSA)) { | |
2497 | if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { | |
2498 | r = SSH_ERR_ALLOC_FAIL; | |
2499 | @@ -3911,11 +3960,9 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, | |
2500 | r = SSH_ERR_LIBCRYPTO_ERROR; | |
2501 | goto out; | |
2502 | } | |
2503 | - if (BN_num_bits(prv->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { | |
2504 | - r = SSH_ERR_KEY_LENGTH; | |
2505 | + if ((r = check_rsa_length(prv->rsa)) != 0) | |
2506 | goto out; | |
2507 | - } | |
2508 | - } else if (pk->type == EVP_PKEY_DSA && | |
2509 | + } else if (EVP_PKEY_base_id(pk) == EVP_PKEY_DSA && | |
2510 | (type == KEY_UNSPEC || type == KEY_DSA)) { | |
2511 | if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { | |
2512 | r = SSH_ERR_ALLOC_FAIL; | |
2513 | @@ -3927,7 +3974,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, | |
2514 | DSA_print_fp(stderr, prv->dsa, 8); | |
2515 | #endif | |
2516 | #ifdef OPENSSL_HAS_ECC | |
2517 | - } else if (pk->type == EVP_PKEY_EC && | |
2518 | + } else if (EVP_PKEY_base_id(pk) == EVP_PKEY_EC && | |
2519 | (type == KEY_UNSPEC || type == KEY_ECDSA)) { | |
2520 | if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { | |
2521 | r = SSH_ERR_ALLOC_FAIL; | |
2522 | diff --git a/sshkey.h b/sshkey.h | |
2523 | index 5a22a66f..4147ad92 100644 | |
2524 | --- a/sshkey.h | |
2525 | +++ b/sshkey.h | |
2526 | @@ -39,6 +39,7 @@ | |
2527 | # define EC_POINT void | |
2528 | # endif /* OPENSSL_HAS_ECC */ | |
2529 | #else /* WITH_OPENSSL */ | |
2530 | +# define BIGNUM void | |
2531 | # define RSA void | |
2532 | # define DSA void | |
2533 | # define EC_KEY void | |
2534 | @@ -127,10 +128,8 @@ struct sshkey { | |
2535 | #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES | |
2536 | ||
2537 | struct sshkey *sshkey_new(int); | |
2538 | -int sshkey_add_private(struct sshkey *); | |
2539 | -struct sshkey *sshkey_new_private(int); | |
2540 | +struct sshkey *sshkey_new_private(int); /* XXX garbage collect */ | |
2541 | void sshkey_free(struct sshkey *); | |
2542 | -int sshkey_demote(const struct sshkey *, struct sshkey **); | |
2543 | int sshkey_equal_public(const struct sshkey *, | |
2544 | const struct sshkey *); | |
2545 | int sshkey_equal(const struct sshkey *, const struct sshkey *); | |
2546 | @@ -220,7 +219,7 @@ int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, | |
2547 | const char *passphrase, struct sshkey **keyp, char **commentp); | |
2548 | ||
2549 | /* XXX should be internal, but used by ssh-keygen */ | |
2550 | -int ssh_rsa_generate_additional_parameters(struct sshkey *); | |
2551 | +int ssh_rsa_complete_crt_parameters(struct sshkey *, const BIGNUM *); | |
2552 | ||
2553 | /* stateful keys (e.g. XMSS) */ | |
2554 | #ifdef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS | |
2555 | ||
2556 | commit 86112951d63d48839f035b5795be62635a463f99 | |
2557 | Author: Damien Miller <djm@mindrot.org> | |
2558 | Date: Thu Sep 13 12:12:42 2018 +1000 | |
2559 | ||
2560 | forgot to stage these test files in commit d70d061 | |
2561 | ||
2562 | diff --git a/regress/unittests/sshkey/mktestdata.sh b/regress/unittests/sshkey/mktestdata.sh | |
2563 | index 8047bc62..93da34c6 100755 | |
2564 | --- a/regress/unittests/sshkey/mktestdata.sh | |
2565 | +++ b/regress/unittests/sshkey/mktestdata.sh | |
2566 | @@ -1,5 +1,5 @@ | |
2567 | #!/bin/sh | |
2568 | -# $OpenBSD: mktestdata.sh,v 1.6 2017/04/30 23:33:48 djm Exp $ | |
2569 | +# $OpenBSD: mktestdata.sh,v 1.7 2018/09/12 01:36:45 djm Exp $ | |
2570 | ||
2571 | PW=mekmitasdigoat | |
2572 | ||
2573 | @@ -128,6 +128,18 @@ ssh-keygen -s rsa_2 -I hugo -n user1,user2 \ | |
2574 | -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \ | |
2575 | -V 19990101:20110101 -z 4 ed25519_1.pub | |
2576 | ||
2577 | +# Make a few RSA variant signature too. | |
2578 | +cp rsa_1 rsa_1_sha1 | |
2579 | +cp rsa_1 rsa_1_sha512 | |
2580 | +cp rsa_1.pub rsa_1_sha1.pub | |
2581 | +cp rsa_1.pub rsa_1_sha512.pub | |
2582 | +ssh-keygen -s rsa_2 -I hugo -n user1,user2 -t ssh-rsa \ | |
2583 | + -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \ | |
2584 | + -V 19990101:20110101 -z 1 rsa_1_sha1.pub | |
2585 | +ssh-keygen -s rsa_2 -I hugo -n user1,user2 -t rsa-sha2-512 \ | |
2586 | + -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \ | |
2587 | + -V 19990101:20110101 -z 1 rsa_1_sha512.pub | |
2588 | + | |
2589 | ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \ | |
2590 | -V 19990101:20110101 -z 5 rsa_1.pub | |
2591 | ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \ | |
2592 | diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c | |
2593 | index 99b7e21c..0636e84b 100644 | |
2594 | --- a/regress/unittests/sshkey/test_file.c | |
2595 | +++ b/regress/unittests/sshkey/test_file.c | |
2596 | @@ -1,4 +1,4 @@ | |
2597 | -/* $OpenBSD: test_file.c,v 1.6 2017/04/30 23:33:48 djm Exp $ */ | |
2598 | +/* $OpenBSD: test_file.c,v 1.7 2018/09/12 01:36:45 djm Exp $ */ | |
2599 | /* | |
2600 | * Regress test for sshkey.h key management API | |
2601 | * | |
2602 | @@ -105,6 +105,24 @@ sshkey_file_tests(void) | |
2603 | sshkey_free(k2); | |
2604 | TEST_DONE(); | |
2605 | ||
2606 | + TEST_START("load RSA cert with SHA1 signature"); | |
2607 | + ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha1"), &k2), 0); | |
2608 | + ASSERT_PTR_NE(k2, NULL); | |
2609 | + ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); | |
2610 | + ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); | |
2611 | + ASSERT_STRING_EQ(k2->cert->signature_type, "ssh-rsa"); | |
2612 | + sshkey_free(k2); | |
2613 | + TEST_DONE(); | |
2614 | + | |
2615 | + TEST_START("load RSA cert with SHA512 signature"); | |
2616 | + ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha512"), &k2), 0); | |
2617 | + ASSERT_PTR_NE(k2, NULL); | |
2618 | + ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); | |
2619 | + ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); | |
2620 | + ASSERT_STRING_EQ(k2->cert->signature_type, "rsa-sha2-512"); | |
2621 | + sshkey_free(k2); | |
2622 | + TEST_DONE(); | |
2623 | + | |
2624 | TEST_START("load RSA cert"); | |
2625 | ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0); | |
2626 | ASSERT_PTR_NE(k2, NULL); | |
2627 | ||
2628 | commit 48f54b9d12c1c79fba333bc86d455d8f4cda8cfc | |
2629 | Author: Damien Miller <djm@mindrot.org> | |
2630 | Date: Thu Sep 13 12:13:50 2018 +1000 | |
2631 | ||
2632 | adapt -portable to OpenSSL 1.1x API | |
2633 | ||
2634 | Polyfill missing API with replacement functions extracted from LibreSSL | |
2635 | ||
2636 | diff --git a/auth-pam.c b/auth-pam.c | |
2637 | index 8c013836..1dec53e9 100644 | |
2638 | --- a/auth-pam.c | |
2639 | +++ b/auth-pam.c | |
2640 | @@ -128,6 +128,10 @@ extern u_int utmp_len; | |
2641 | typedef pthread_t sp_pthread_t; | |
2642 | #else | |
2643 | typedef pid_t sp_pthread_t; | |
2644 | +#define pthread_exit fake_pthread_exit | |
2645 | +#define pthread_create fake_pthread_create | |
2646 | +#define pthread_cancel fake_pthread_cancel | |
2647 | +#define pthread_join fake_pthread_join | |
2648 | #endif | |
2649 | ||
2650 | struct pam_ctxt { | |
2651 | diff --git a/cipher.c b/cipher.c | |
2652 | index df43826e..12c59888 100644 | |
2653 | --- a/cipher.c | |
2654 | +++ b/cipher.c | |
2655 | @@ -525,41 +525,3 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len) | |
2656 | #endif | |
2657 | return 0; | |
2658 | } | |
2659 | - | |
2660 | -#ifdef WITH_OPENSSL | |
2661 | -#define EVP_X_STATE(evp) (evp)->cipher_data | |
2662 | -#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size | |
2663 | -#endif | |
2664 | - | |
2665 | -int | |
2666 | -cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat) | |
2667 | -{ | |
2668 | -#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4) | |
2669 | - const struct sshcipher *c = cc->cipher; | |
2670 | - int plen = 0; | |
2671 | - | |
2672 | - if (c->evptype == EVP_rc4) { | |
2673 | - plen = EVP_X_STATE_LEN(cc->evp); | |
2674 | - if (dat == NULL) | |
2675 | - return (plen); | |
2676 | - memcpy(dat, EVP_X_STATE(cc->evp), plen); | |
2677 | - } | |
2678 | - return (plen); | |
2679 | -#else | |
2680 | - return 0; | |
2681 | -#endif | |
2682 | -} | |
2683 | - | |
2684 | -void | |
2685 | -cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat) | |
2686 | -{ | |
2687 | -#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4) | |
2688 | - const struct sshcipher *c = cc->cipher; | |
2689 | - int plen; | |
2690 | - | |
2691 | - if (c->evptype == EVP_rc4) { | |
2692 | - plen = EVP_X_STATE_LEN(cc->evp); | |
2693 | - memcpy(EVP_X_STATE(cc->evp), dat, plen); | |
2694 | - } | |
2695 | -#endif | |
2696 | -} | |
2697 | diff --git a/configure.ac b/configure.ac | |
2698 | index 83e53075..c0e120fe 100644 | |
2699 | --- a/configure.ac | |
2700 | +++ b/configure.ac | |
2701 | @@ -2602,9 +2602,10 @@ if test "x$openssl" = "xyes" ; then | |
2702 | AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) | |
2703 | ;; | |
2704 | 100*) ;; # 1.0.x | |
2705 | + 101*) ;; # 1.1.x | |
2706 | 200*) ;; # LibreSSL | |
2707 | *) | |
2708 | - AC_MSG_ERROR([OpenSSL >= 1.1.0 is not yet supported (have "$ssl_library_ver")]) | |
2709 | + AC_MSG_ERROR([OpenSSL > 1.1.x is not yet supported (have "$ssl_library_ver")]) | |
2710 | ;; | |
2711 | esac | |
2712 | AC_MSG_RESULT([$ssl_library_ver]) | |
2713 | @@ -2777,6 +2778,115 @@ if test "x$openssl" = "xyes" ; then | |
2714 | [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], | |
2715 | [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) | |
2716 | ||
2717 | + # LibreSSL/OpenSSL 1.1x API | |
2718 | + AC_SEARCH_LIBS([DH_get0_key], [crypto], | |
2719 | + [AC_DEFINE([HAVE_DH_GET0_KEY], [1], | |
2720 | + [Define if libcrypto has DH_get0_key])]) | |
2721 | + AC_SEARCH_LIBS([DH_get0_pqg], [crypto], | |
2722 | + [AC_DEFINE([HAVE_DH_GET0_PQG], [1], | |
2723 | + [Define if libcrypto has DH_get0_pqg])]) | |
2724 | + AC_SEARCH_LIBS([DH_set0_key], [crypto], | |
2725 | + [AC_DEFINE([HAVE_DH_SET0_KEY], [1], | |
2726 | + [Define if libcrypto has DH_set0_key])]) | |
2727 | + AC_SEARCH_LIBS([DH_set_length], [crypto], | |
2728 | + [AC_DEFINE([HAVE_DH_SET_LENGTH], [1], | |
2729 | + [Define if libcrypto has DH_set_length])]) | |
2730 | + AC_SEARCH_LIBS([DH_set0_pqg], [crypto], | |
2731 | + [AC_DEFINE([HAVE_DH_SET0_PQG], [1], | |
2732 | + [Define if libcrypto has DH_set0_pqg])]) | |
2733 | + | |
2734 | + AC_SEARCH_LIBS([DSA_get0_key], [crypto], | |
2735 | + [AC_DEFINE([HAVE_DSA_GET0_KEY], [1], | |
2736 | + [Define if libcrypto has DSA_get0_key])]) | |
2737 | + AC_SEARCH_LIBS([DSA_get0_pqg], [crypto], | |
2738 | + [AC_DEFINE([HAVE_DSA_GET0_PQG], [1], | |
2739 | + [Define if libcrypto has DSA_get0_pqg])]) | |
2740 | + AC_SEARCH_LIBS([DSA_set0_key], [crypto], | |
2741 | + [AC_DEFINE([HAVE_DSA_SET0_KEY], [1], | |
2742 | + [Define if libcrypto has DSA_set0_key])]) | |
2743 | + AC_SEARCH_LIBS([DSA_set0_pqg], [crypto], | |
2744 | + [AC_DEFINE([HAVE_DSA_SET0_PQG], [1], | |
2745 | + [Define if libcrypto has DSA_set0_pqg])]) | |
2746 | + | |
2747 | + AC_SEARCH_LIBS([DSA_SIG_get0], [crypto], | |
2748 | + [AC_DEFINE([HAVE_DSA_SIG_GET0], [1], | |
2749 | + [Define if libcrypto has DSA_SIG_get0])]) | |
2750 | + AC_SEARCH_LIBS([DSA_SIG_set0], [crypto], | |
2751 | + [AC_DEFINE([HAVE_DSA_SIG_SET0], [1], | |
2752 | + [Define if libcrypto has DSA_SIG_set0])]) | |
2753 | + | |
2754 | + AC_SEARCH_LIBS([ECDSA_SIG_get0], [crypto], | |
2755 | + [AC_DEFINE([HAVE_ECDSA_SIG_GET0], [1], | |
2756 | + [Define if libcrypto has ECDSA_SIG_get0])]) | |
2757 | + AC_SEARCH_LIBS([ECDSA_SIG_set0], [crypto], | |
2758 | + [AC_DEFINE([HAVE_ECDSA_SIG_SET0], [1], | |
2759 | + [Define if libcrypto has ECDSA_SIG_set0])]) | |
2760 | + | |
2761 | + AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv], [crypto], | |
2762 | + [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV], [1], | |
2763 | + [Define if libcrypto has EVP_CIPHER_CTX_iv])]) | |
2764 | + AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv_noconst], [crypto], | |
2765 | + [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV_NOCONST], [1], | |
2766 | + [Define if libcrypto has EVP_CIPHER_CTX_iv_noconst])]) | |
2767 | + AC_SEARCH_LIBS([EVP_CIPHER_CTX_get_iv], [crypto], | |
2768 | + [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1], | |
2769 | + [Define if libcrypto has EVP_CIPHER_CTX_get_iv])]) | |
2770 | + AC_SEARCH_LIBS([EVP_CIPHER_CTX_set_iv], [crypto], | |
2771 | + [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1], | |
2772 | + [Define if libcrypto has EVP_CIPHER_CTX_set_iv])]) | |
2773 | + | |
2774 | + AC_SEARCH_LIBS([RSA_get0_crt_params], [crypto], | |
2775 | + [AC_DEFINE([HAVE_RSA_GET0_CRT_PARAMS], [1], | |
2776 | + [Define if libcrypto has RSA_get0_crt_params])]) | |
2777 | + AC_SEARCH_LIBS([RSA_get0_factors], [crypto], | |
2778 | + [AC_DEFINE([HAVE_RSA_GET0_FACTORS], [1], | |
2779 | + [Define if libcrypto has RSA_get0_factors])]) | |
2780 | + AC_SEARCH_LIBS([RSA_get0_key], [crypto], | |
2781 | + [AC_DEFINE([HAVE_RSA_GET0_KEY], [1], | |
2782 | + [Define if libcrypto has RSA_get0_key])]) | |
2783 | + AC_SEARCH_LIBS([RSA_set0_crt_params], [crypto], | |
2784 | + [AC_DEFINE([HAVE_RSA_SET0_CRT_PARAMS], [1], | |
2785 | + [Define if libcrypto has RSA_get0_srt_params])]) | |
2786 | + AC_SEARCH_LIBS([RSA_set0_factors], [crypto], | |
2787 | + [AC_DEFINE([HAVE_RSA_SET0_FACTORS], [1], | |
2788 | + [Define if libcrypto has RSA_set0_factors])]) | |
2789 | + AC_SEARCH_LIBS([RSA_set0_key], [crypto], | |
2790 | + [AC_DEFINE([HAVE_RSA_SET0_KEY], [1], | |
2791 | + [Define if libcrypto has RSA_set0_key])]) | |
2792 | + | |
2793 | + AC_SEARCH_LIBS([RSA_meth_free], [crypto], | |
2794 | + [AC_DEFINE([HAVE_RSA_METH_FREE], [1], | |
2795 | + [Define if libcrypto has RSA_meth_free])]) | |
2796 | + AC_SEARCH_LIBS([RSA_meth_dup], [crypto], | |
2797 | + [AC_DEFINE([HAVE_RSA_METH_DUP], [1], | |
2798 | + [Define if libcrypto has RSA_meth_dup])]) | |
2799 | + AC_SEARCH_LIBS([RSA_meth_set1_name], [crypto], | |
2800 | + [AC_DEFINE([HAVE_RSA_METH_SET1_NAME], [1], | |
2801 | + [Define if libcrypto has RSA_meth_set1_name])]) | |
2802 | + AC_SEARCH_LIBS([RSA_meth_get_finish], [crypto], | |
2803 | + [AC_DEFINE([HAVE_RSA_METH_GET_FINISH], [1], | |
2804 | + [Define if libcrypto has RSA_meth_get_finish])]) | |
2805 | + AC_SEARCH_LIBS([RSA_meth_set_priv_enc], [crypto], | |
2806 | + [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_ENC], [1], | |
2807 | + [Define if libcrypto has RSA_meth_set_priv_enc])]) | |
2808 | + AC_SEARCH_LIBS([RSA_meth_set_priv_dec], [crypto], | |
2809 | + [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_DEC], [1], | |
2810 | + [Define if libcrypto has RSA_meth_set_priv_dec])]) | |
2811 | + AC_SEARCH_LIBS([RSA_meth_set_finish], [crypto], | |
2812 | + [AC_DEFINE([HAVE_RSA_METH_SET_FINISH], [1], | |
2813 | + [Define if libcrypto has RSA_meth_set_finish])]) | |
2814 | + | |
2815 | + AC_SEARCH_LIBS([EVP_PKEY_get0_RSA], [crypto], | |
2816 | + [AC_DEFINE([HAVE_EVP_PKEY_GET0_RSA], [1], | |
2817 | + [Define if libcrypto has EVP_PKEY_get0_RSA])]) | |
2818 | + | |
2819 | + AC_SEARCH_LIBS([EVP_MD_CTX_new], [crypto], | |
2820 | + [AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1], | |
2821 | + [Define if libcrypto has EVP_MD_CTX_new])]) | |
2822 | + AC_SEARCH_LIBS([EVP_MD_CTX_free], [crypto], | |
2823 | + [AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1], | |
2824 | + [Define if libcrypto has EVP_MD_CTX_free])]) | |
2825 | + | |
2826 | AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) | |
2827 | AC_LINK_IFELSE( | |
2828 | [AC_LANG_PROGRAM([[ | |
2829 | diff --git a/dh.c b/dh.c | |
2830 | index d0d4527b..f3ed3882 100644 | |
2831 | --- a/dh.c | |
2832 | +++ b/dh.c | |
2833 | @@ -43,6 +43,8 @@ | |
2834 | #include "misc.h" | |
2835 | #include "ssherr.h" | |
2836 | ||
2837 | +#include "openbsd-compat/openssl-compat.h" | |
2838 | + | |
2839 | static int | |
2840 | parse_prime(int linenum, char *line, struct dhgroup *dhg) | |
2841 | { | |
2842 | diff --git a/kexdh.c b/kexdh.c | |
2843 | index 0bf0dc13..e6925b18 100644 | |
2844 | --- a/kexdh.c | |
2845 | +++ b/kexdh.c | |
2846 | @@ -33,6 +33,8 @@ | |
2847 | ||
2848 | #include <openssl/evp.h> | |
2849 | ||
2850 | +#include "openbsd-compat/openssl-compat.h" | |
2851 | + | |
2852 | #include "ssh2.h" | |
2853 | #include "sshkey.h" | |
2854 | #include "cipher.h" | |
2855 | diff --git a/kexdhc.c b/kexdhc.c | |
2856 | index a8b74247..8b56377a 100644 | |
2857 | --- a/kexdhc.c | |
2858 | +++ b/kexdhc.c | |
2859 | @@ -36,6 +36,8 @@ | |
2860 | #include <string.h> | |
2861 | #include <signal.h> | |
2862 | ||
2863 | +#include "openbsd-compat/openssl-compat.h" | |
2864 | + | |
2865 | #include "sshkey.h" | |
2866 | #include "cipher.h" | |
2867 | #include "digest.h" | |
2868 | diff --git a/kexdhs.c b/kexdhs.c | |
2869 | index 8367c6c3..337aab5b 100644 | |
2870 | --- a/kexdhs.c | |
2871 | +++ b/kexdhs.c | |
2872 | @@ -35,6 +35,8 @@ | |
2873 | ||
2874 | #include <openssl/dh.h> | |
2875 | ||
2876 | +#include "openbsd-compat/openssl-compat.h" | |
2877 | + | |
2878 | #include "sshkey.h" | |
2879 | #include "cipher.h" | |
2880 | #include "digest.h" | |
2881 | diff --git a/kexgex.c b/kexgex.c | |
2882 | index 8b0d8333..3ca4bd37 100644 | |
2883 | --- a/kexgex.c | |
2884 | +++ b/kexgex.c | |
2885 | @@ -33,6 +33,8 @@ | |
2886 | #include <openssl/evp.h> | |
2887 | #include <signal.h> | |
2888 | ||
2889 | +#include "openbsd-compat/openssl-compat.h" | |
2890 | + | |
2891 | #include "sshkey.h" | |
2892 | #include "cipher.h" | |
2893 | #include "kex.h" | |
2894 | diff --git a/kexgexc.c b/kexgexc.c | |
2895 | index 955bc837..0d07f73c 100644 | |
2896 | --- a/kexgexc.c | |
2897 | +++ b/kexgexc.c | |
2898 | @@ -37,6 +37,8 @@ | |
2899 | #include <string.h> | |
2900 | #include <signal.h> | |
2901 | ||
2902 | +#include "openbsd-compat/openssl-compat.h" | |
2903 | + | |
2904 | #include "sshkey.h" | |
2905 | #include "cipher.h" | |
2906 | #include "digest.h" | |
2907 | diff --git a/kexgexs.c b/kexgexs.c | |
2908 | index 2a4aa7e8..ce934f88 100644 | |
2909 | --- a/kexgexs.c | |
2910 | +++ b/kexgexs.c | |
2911 | @@ -36,6 +36,8 @@ | |
2912 | ||
2913 | #include <openssl/dh.h> | |
2914 | ||
2915 | +#include "openbsd-compat/openssl-compat.h" | |
2916 | + | |
2917 | #include "sshkey.h" | |
2918 | #include "cipher.h" | |
2919 | #include "digest.h" | |
2920 | diff --git a/monitor.c b/monitor.c | |
2921 | index b30813b4..531b2993 100644 | |
2922 | --- a/monitor.c | |
2923 | +++ b/monitor.c | |
2924 | @@ -29,7 +29,6 @@ | |
2925 | ||
2926 | #include <sys/types.h> | |
2927 | #include <sys/socket.h> | |
2928 | -#include "openbsd-compat/sys-tree.h" | |
2929 | #include <sys/wait.h> | |
2930 | ||
2931 | #include <errno.h> | |
2932 | @@ -60,7 +59,10 @@ | |
2933 | #include <openssl/dh.h> | |
2934 | #endif | |
2935 | ||
2936 | +#include "openbsd-compat/sys-tree.h" | |
2937 | #include "openbsd-compat/sys-queue.h" | |
2938 | +#include "openbsd-compat/openssl-compat.h" | |
2939 | + | |
2940 | #include "atomicio.h" | |
2941 | #include "xmalloc.h" | |
2942 | #include "ssh.h" | |
2943 | diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in | |
2944 | index 2fd9b952..c1e14cbd 100644 | |
2945 | --- a/openbsd-compat/Makefile.in | |
2946 | +++ b/openbsd-compat/Makefile.in | |
2947 | @@ -85,6 +85,7 @@ COMPAT= arc4random.o \ | |
2948 | getrrsetbyname-ldns.o \ | |
2949 | kludge-fd_set.o \ | |
2950 | openssl-compat.o \ | |
2951 | + libressl-api-compat.o \ | |
2952 | xcrypt.o | |
2953 | ||
2954 | PORTS= port-aix.o \ | |
2955 | diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c | |
2956 | new file mode 100644 | |
2957 | index 00000000..de3e64a6 | |
2958 | --- /dev/null | |
2959 | +++ b/openbsd-compat/libressl-api-compat.c | |
2960 | @@ -0,0 +1,636 @@ | |
2961 | +/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */ | |
2962 | +/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */ | |
2963 | +/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */ | |
2964 | +/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */ | |
2965 | +/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */ | |
2966 | +/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ | |
2967 | +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | |
2968 | + * All rights reserved. | |
2969 | + * | |
2970 | + * This package is an SSL implementation written | |
2971 | + * by Eric Young (eay@cryptsoft.com). | |
2972 | + * The implementation was written so as to conform with Netscapes SSL. | |
2973 | + * | |
2974 | + * This library is free for commercial and non-commercial use as long as | |
2975 | + * the following conditions are aheared to. The following conditions | |
2976 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
2977 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
2978 | + * included with this distribution is covered by the same copyright terms | |
2979 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
2980 | + * | |
2981 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
2982 | + * the code are not to be removed. | |
2983 | + * If this package is used in a product, Eric Young should be given attribution | |
2984 | + * as the author of the parts of the library used. | |
2985 | + * This can be in the form of a textual message at program startup or | |
2986 | + * in documentation (online or textual) provided with the package. | |
2987 | + * | |
2988 | + * Redistribution and use in source and binary forms, with or without | |
2989 | + * modification, are permitted provided that the following conditions | |
2990 | + * are met: | |
2991 | + * 1. Redistributions of source code must retain the copyright | |
2992 | + * notice, this list of conditions and the following disclaimer. | |
2993 | + * 2. Redistributions in binary form must reproduce the above copyright | |
2994 | + * notice, this list of conditions and the following disclaimer in the | |
2995 | + * documentation and/or other materials provided with the distribution. | |
2996 | + * 3. All advertising materials mentioning features or use of this software | |
2997 | + * must display the following acknowledgement: | |
2998 | + * "This product includes cryptographic software written by | |
2999 | + * Eric Young (eay@cryptsoft.com)" | |
3000 | + * The word 'cryptographic' can be left out if the rouines from the library | |
3001 | + * being used are not cryptographic related :-). | |
3002 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
3003 | + * the apps directory (application code) you must include an acknowledgement: | |
3004 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
3005 | + * | |
3006 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
3007 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
3008 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
3009 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
3010 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
3011 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
3012 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
3013 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
3014 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
3015 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
3016 | + * SUCH DAMAGE. | |
3017 | + * | |
3018 | + * The licence and distribution terms for any publically available version or | |
3019 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
3020 | + * copied and put under another distribution licence | |
3021 | + * [including the GNU Public Licence.] | |
3022 | + */ | |
3023 | + | |
3024 | +/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */ | |
3025 | +/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */ | |
3026 | +/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ | |
3027 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
3028 | + * project 2000. | |
3029 | + */ | |
3030 | +/* ==================================================================== | |
3031 | + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. | |
3032 | + * | |
3033 | + * Redistribution and use in source and binary forms, with or without | |
3034 | + * modification, are permitted provided that the following conditions | |
3035 | + * are met: | |
3036 | + * | |
3037 | + * 1. Redistributions of source code must retain the above copyright | |
3038 | + * notice, this list of conditions and the following disclaimer. | |
3039 | + * | |
3040 | + * 2. Redistributions in binary form must reproduce the above copyright | |
3041 | + * notice, this list of conditions and the following disclaimer in | |
3042 | + * the documentation and/or other materials provided with the | |
3043 | + * distribution. | |
3044 | + * | |
3045 | + * 3. All advertising materials mentioning features or use of this | |
3046 | + * software must display the following acknowledgment: | |
3047 | + * "This product includes software developed by the OpenSSL Project | |
3048 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
3049 | + * | |
3050 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
3051 | + * endorse or promote products derived from this software without | |
3052 | + * prior written permission. For written permission, please contact | |
3053 | + * licensing@OpenSSL.org. | |
3054 | + * | |
3055 | + * 5. Products derived from this software may not be called "OpenSSL" | |
3056 | + * nor may "OpenSSL" appear in their names without prior written | |
3057 | + * permission of the OpenSSL Project. | |
3058 | + * | |
3059 | + * 6. Redistributions of any form whatsoever must retain the following | |
3060 | + * acknowledgment: | |
3061 | + * "This product includes software developed by the OpenSSL Project | |
3062 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
3063 | + * | |
3064 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
3065 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
3066 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
3067 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
3068 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
3069 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
3070 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
3071 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
3072 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
3073 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
3074 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
3075 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
3076 | + * ==================================================================== | |
3077 | + * | |
3078 | + * This product includes cryptographic software written by Eric Young | |
3079 | + * (eay@cryptsoft.com). This product includes software written by Tim | |
3080 | + * Hudson (tjh@cryptsoft.com). | |
3081 | + * | |
3082 | + */ | |
3083 | + | |
3084 | +/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */ | |
3085 | +/* | |
3086 | + * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> | |
3087 | + * | |
3088 | + * Permission to use, copy, modify, and distribute this software for any | |
3089 | + * purpose with or without fee is hereby granted, provided that the above | |
3090 | + * copyright notice and this permission notice appear in all copies. | |
3091 | + * | |
3092 | + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |
3093 | + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
3094 | + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |
3095 | + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
3096 | + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
3097 | + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
3098 | + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
3099 | + */ | |
3100 | + | |
3101 | +#include "includes.h" | |
3102 | + | |
3103 | +#ifdef WITH_OPENSSL | |
3104 | + | |
3105 | +#include <sys/types.h> | |
3106 | + | |
3107 | +#include <stdlib.h> | |
3108 | +#include <string.h> | |
3109 | + | |
3110 | +#include <openssl/err.h> | |
3111 | +#include <openssl/bn.h> | |
3112 | +#include <openssl/dsa.h> | |
3113 | +#include <openssl/rsa.h> | |
3114 | +#include <openssl/evp.h> | |
3115 | +#include <openssl/ecdsa.h> | |
3116 | +#include <openssl/dh.h> | |
3117 | + | |
3118 | +#ifndef HAVE_DSA_GET0_PQG | |
3119 | +void | |
3120 | +DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) | |
3121 | +{ | |
3122 | + if (p != NULL) | |
3123 | + *p = d->p; | |
3124 | + if (q != NULL) | |
3125 | + *q = d->q; | |
3126 | + if (g != NULL) | |
3127 | + *g = d->g; | |
3128 | +} | |
3129 | +#endif /* HAVE_DSA_GET0_PQG */ | |
3130 | + | |
3131 | +#ifndef HAVE_DSA_SET0_PQG | |
3132 | +int | |
3133 | +DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) | |
3134 | +{ | |
3135 | + if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) || | |
3136 | + (d->g == NULL && g == NULL)) | |
3137 | + return 0; | |
3138 | + | |
3139 | + if (p != NULL) { | |
3140 | + BN_free(d->p); | |
3141 | + d->p = p; | |
3142 | + } | |
3143 | + if (q != NULL) { | |
3144 | + BN_free(d->q); | |
3145 | + d->q = q; | |
3146 | + } | |
3147 | + if (g != NULL) { | |
3148 | + BN_free(d->g); | |
3149 | + d->g = g; | |
3150 | + } | |
3151 | + | |
3152 | + return 1; | |
3153 | +} | |
3154 | +#endif /* HAVE_DSA_SET0_PQG */ | |
3155 | + | |
3156 | +#ifndef HAVE_DSA_GET0_KEY | |
3157 | +void | |
3158 | +DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) | |
3159 | +{ | |
3160 | + if (pub_key != NULL) | |
3161 | + *pub_key = d->pub_key; | |
3162 | + if (priv_key != NULL) | |
3163 | + *priv_key = d->priv_key; | |
3164 | +} | |
3165 | +#endif /* HAVE_DSA_GET0_KEY */ | |
3166 | + | |
3167 | +#ifndef HAVE_DSA_SET0_KEY | |
3168 | +int | |
3169 | +DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) | |
3170 | +{ | |
3171 | + if (d->pub_key == NULL && pub_key == NULL) | |
3172 | + return 0; | |
3173 | + | |
3174 | + if (pub_key != NULL) { | |
3175 | + BN_free(d->pub_key); | |
3176 | + d->pub_key = pub_key; | |
3177 | + } | |
3178 | + if (priv_key != NULL) { | |
3179 | + BN_free(d->priv_key); | |
3180 | + d->priv_key = priv_key; | |
3181 | + } | |
3182 | + | |
3183 | + return 1; | |
3184 | +} | |
3185 | +#endif /* HAVE_DSA_SET0_KEY */ | |
3186 | + | |
3187 | +#ifndef HAVE_RSA_GET0_KEY | |
3188 | +void | |
3189 | +RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) | |
3190 | +{ | |
3191 | + if (n != NULL) | |
3192 | + *n = r->n; | |
3193 | + if (e != NULL) | |
3194 | + *e = r->e; | |
3195 | + if (d != NULL) | |
3196 | + *d = r->d; | |
3197 | +} | |
3198 | +#endif /* HAVE_RSA_GET0_KEY */ | |
3199 | + | |
3200 | +#ifndef HAVE_RSA_SET0_KEY | |
3201 | +int | |
3202 | +RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) | |
3203 | +{ | |
3204 | + if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) | |
3205 | + return 0; | |
3206 | + | |
3207 | + if (n != NULL) { | |
3208 | + BN_free(r->n); | |
3209 | + r->n = n; | |
3210 | + } | |
3211 | + if (e != NULL) { | |
3212 | + BN_free(r->e); | |
3213 | + r->e = e; | |
3214 | + } | |
3215 | + if (d != NULL) { | |
3216 | + BN_free(r->d); | |
3217 | + r->d = d; | |
3218 | + } | |
3219 | + | |
3220 | + return 1; | |
3221 | +} | |
3222 | +#endif /* HAVE_RSA_SET0_KEY */ | |
3223 | + | |
3224 | +#ifndef HAVE_RSA_GET0_CRT_PARAMS | |
3225 | +void | |
3226 | +RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, | |
3227 | + const BIGNUM **iqmp) | |
3228 | +{ | |
3229 | + if (dmp1 != NULL) | |
3230 | + *dmp1 = r->dmp1; | |
3231 | + if (dmq1 != NULL) | |
3232 | + *dmq1 = r->dmq1; | |
3233 | + if (iqmp != NULL) | |
3234 | + *iqmp = r->iqmp; | |
3235 | +} | |
3236 | +#endif /* HAVE_RSA_GET0_CRT_PARAMS */ | |
3237 | + | |
3238 | +#ifndef HAVE_RSA_SET0_CRT_PARAMS | |
3239 | +int | |
3240 | +RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) | |
3241 | +{ | |
3242 | + if ((r->dmp1 == NULL && dmp1 == NULL) || | |
3243 | + (r->dmq1 == NULL && dmq1 == NULL) || | |
3244 | + (r->iqmp == NULL && iqmp == NULL)) | |
3245 | + return 0; | |
3246 | + | |
3247 | + if (dmp1 != NULL) { | |
3248 | + BN_free(r->dmp1); | |
3249 | + r->dmp1 = dmp1; | |
3250 | + } | |
3251 | + if (dmq1 != NULL) { | |
3252 | + BN_free(r->dmq1); | |
3253 | + r->dmq1 = dmq1; | |
3254 | + } | |
3255 | + if (iqmp != NULL) { | |
3256 | + BN_free(r->iqmp); | |
3257 | + r->iqmp = iqmp; | |
3258 | + } | |
3259 | + | |
3260 | + return 1; | |
3261 | +} | |
3262 | +#endif /* HAVE_RSA_SET0_CRT_PARAMS */ | |
3263 | + | |
3264 | +#ifndef HAVE_RSA_GET0_FACTORS | |
3265 | +void | |
3266 | +RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) | |
3267 | +{ | |
3268 | + if (p != NULL) | |
3269 | + *p = r->p; | |
3270 | + if (q != NULL) | |
3271 | + *q = r->q; | |
3272 | +} | |
3273 | +#endif /* HAVE_RSA_GET0_FACTORS */ | |
3274 | + | |
3275 | +#ifndef HAVE_RSA_SET0_FACTORS | |
3276 | +int | |
3277 | +RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) | |
3278 | +{ | |
3279 | + if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) | |
3280 | + return 0; | |
3281 | + | |
3282 | + if (p != NULL) { | |
3283 | + BN_free(r->p); | |
3284 | + r->p = p; | |
3285 | + } | |
3286 | + if (q != NULL) { | |
3287 | + BN_free(r->q); | |
3288 | + r->q = q; | |
3289 | + } | |
3290 | + | |
3291 | + return 1; | |
3292 | +} | |
3293 | +#endif /* HAVE_RSA_SET0_FACTORS */ | |
3294 | + | |
3295 | +#ifndef HAVE_EVP_CIPHER_CTX_GET_IV | |
3296 | +int | |
3297 | +EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len) | |
3298 | +{ | |
3299 | + if (ctx == NULL) | |
3300 | + return 0; | |
3301 | + if (EVP_CIPHER_CTX_iv_length(ctx) < 0) | |
3302 | + return 0; | |
3303 | + if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) | |
3304 | + return 0; | |
3305 | + if (len > EVP_MAX_IV_LENGTH) | |
3306 | + return 0; /* sanity check; shouldn't happen */ | |
3307 | + /* | |
3308 | + * Skip the memcpy entirely when the requested IV length is zero, | |
3309 | + * since the iv pointer may be NULL or invalid. | |
3310 | + */ | |
3311 | + if (len != 0) { | |
3312 | + if (iv == NULL) | |
3313 | + return 0; | |
3314 | +# ifdef HAVE_EVP_CIPHER_CTX_IV | |
3315 | + memcpy(iv, EVP_CIPHER_CTX_iv(ctx), len); | |
3316 | +# else | |
3317 | + memcpy(iv, ctx->iv, len); | |
3318 | +# endif /* HAVE_EVP_CIPHER_CTX_IV */ | |
3319 | + } | |
3320 | + return 1; | |
3321 | +} | |
3322 | +#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */ | |
3323 | + | |
3324 | +#ifndef HAVE_EVP_CIPHER_CTX_SET_IV | |
3325 | +int | |
3326 | +EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len) | |
3327 | +{ | |
3328 | + if (ctx == NULL) | |
3329 | + return 0; | |
3330 | + if (EVP_CIPHER_CTX_iv_length(ctx) < 0) | |
3331 | + return 0; | |
3332 | + if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) | |
3333 | + return 0; | |
3334 | + if (len > EVP_MAX_IV_LENGTH) | |
3335 | + return 0; /* sanity check; shouldn't happen */ | |
3336 | + /* | |
3337 | + * Skip the memcpy entirely when the requested IV length is zero, | |
3338 | + * since the iv pointer may be NULL or invalid. | |
3339 | + */ | |
3340 | + if (len != 0) { | |
3341 | + if (iv == NULL) | |
3342 | + return 0; | |
3343 | +# ifdef HAVE_EVP_CIPHER_CTX_IV_NOCONST | |
3344 | + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, len); | |
3345 | +# else | |
3346 | + memcpy(ctx->iv, iv, len); | |
3347 | +# endif /* HAVE_EVP_CIPHER_CTX_IV_NOCONST */ | |
3348 | + } | |
3349 | + return 1; | |
3350 | +} | |
3351 | +#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ | |
3352 | + | |
3353 | +#ifndef HAVE_DSA_SIG_GET0 | |
3354 | +void | |
3355 | +DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) | |
3356 | +{ | |
3357 | + if (pr != NULL) | |
3358 | + *pr = sig->r; | |
3359 | + if (ps != NULL) | |
3360 | + *ps = sig->s; | |
3361 | +} | |
3362 | +#endif /* HAVE_DSA_SIG_GET0 */ | |
3363 | + | |
3364 | +#ifndef HAVE_DSA_SIG_SET0 | |
3365 | +int | |
3366 | +DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) | |
3367 | +{ | |
3368 | + if (r == NULL || s == NULL) | |
3369 | + return 0; | |
3370 | + | |
3371 | + BN_clear_free(sig->r); | |
3372 | + sig->r = r; | |
3373 | + BN_clear_free(sig->s); | |
3374 | + sig->s = s; | |
3375 | + | |
3376 | + return 1; | |
3377 | +} | |
3378 | +#endif /* HAVE_DSA_SIG_SET0 */ | |
3379 | + | |
3380 | +#ifndef HAVE_ECDSA_SIG_GET0 | |
3381 | +void | |
3382 | +ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) | |
3383 | +{ | |
3384 | + if (pr != NULL) | |
3385 | + *pr = sig->r; | |
3386 | + if (ps != NULL) | |
3387 | + *ps = sig->s; | |
3388 | +} | |
3389 | +#endif /* HAVE_ECDSA_SIG_GET0 */ | |
3390 | + | |
3391 | +#ifndef HAVE_ECDSA_SIG_SET0 | |
3392 | +int | |
3393 | +ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) | |
3394 | +{ | |
3395 | + if (r == NULL || s == NULL) | |
3396 | + return 0; | |
3397 | + | |
3398 | + BN_clear_free(sig->r); | |
3399 | + BN_clear_free(sig->s); | |
3400 | + sig->r = r; | |
3401 | + sig->s = s; | |
3402 | + return 1; | |
3403 | +} | |
3404 | +#endif /* HAVE_ECDSA_SIG_SET0 */ | |
3405 | + | |
3406 | +#ifndef HAVE_DH_GET0_PQG | |
3407 | +void | |
3408 | +DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) | |
3409 | +{ | |
3410 | + if (p != NULL) | |
3411 | + *p = dh->p; | |
3412 | + if (q != NULL) | |
3413 | + *q = dh->q; | |
3414 | + if (g != NULL) | |
3415 | + *g = dh->g; | |
3416 | +} | |
3417 | +#endif /* HAVE_DH_GET0_PQG */ | |
3418 | + | |
3419 | +#ifndef HAVE_DH_SET0_PQG | |
3420 | +int | |
3421 | +DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) | |
3422 | +{ | |
3423 | + if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) | |
3424 | + return 0; | |
3425 | + | |
3426 | + if (p != NULL) { | |
3427 | + BN_free(dh->p); | |
3428 | + dh->p = p; | |
3429 | + } | |
3430 | + if (q != NULL) { | |
3431 | + BN_free(dh->q); | |
3432 | + dh->q = q; | |
3433 | + } | |
3434 | + if (g != NULL) { | |
3435 | + BN_free(dh->g); | |
3436 | + dh->g = g; | |
3437 | + } | |
3438 | + | |
3439 | + return 1; | |
3440 | +} | |
3441 | +#endif /* HAVE_DH_SET0_PQG */ | |
3442 | + | |
3443 | +#ifndef HAVE_DH_GET0_KEY | |
3444 | +void | |
3445 | +DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) | |
3446 | +{ | |
3447 | + if (pub_key != NULL) | |
3448 | + *pub_key = dh->pub_key; | |
3449 | + if (priv_key != NULL) | |
3450 | + *priv_key = dh->priv_key; | |
3451 | +} | |
3452 | +#endif /* HAVE_DH_GET0_KEY */ | |
3453 | + | |
3454 | +#ifndef HAVE_DH_SET0_KEY | |
3455 | +int | |
3456 | +DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) | |
3457 | +{ | |
3458 | + if (pub_key != NULL) { | |
3459 | + BN_free(dh->pub_key); | |
3460 | + dh->pub_key = pub_key; | |
3461 | + } | |
3462 | + if (priv_key != NULL) { | |
3463 | + BN_free(dh->priv_key); | |
3464 | + dh->priv_key = priv_key; | |
3465 | + } | |
3466 | + | |
3467 | + return 1; | |
3468 | +} | |
3469 | +#endif /* HAVE_DH_SET0_KEY */ | |
3470 | + | |
3471 | +#ifndef HAVE_DH_SET_LENGTH | |
3472 | +int | |
3473 | +DH_set_length(DH *dh, long length) | |
3474 | +{ | |
3475 | + if (length < 0 || length > INT_MAX) | |
3476 | + return 0; | |
3477 | + | |
3478 | + dh->length = length; | |
3479 | + return 1; | |
3480 | +} | |
3481 | +#endif /* HAVE_DH_SET_LENGTH */ | |
3482 | + | |
3483 | +#ifndef HAVE_RSA_METH_FREE | |
3484 | +void | |
3485 | +RSA_meth_free(RSA_METHOD *meth) | |
3486 | +{ | |
3487 | + if (meth != NULL) { | |
3488 | + free((char *)meth->name); | |
3489 | + free(meth); | |
3490 | + } | |
3491 | +} | |
3492 | +#endif /* HAVE_RSA_METH_FREE */ | |
3493 | + | |
3494 | +#ifndef HAVE_RSA_METH_DUP | |
3495 | +RSA_METHOD * | |
3496 | +RSA_meth_dup(const RSA_METHOD *meth) | |
3497 | +{ | |
3498 | + RSA_METHOD *copy; | |
3499 | + | |
3500 | + if ((copy = calloc(1, sizeof(*copy))) == NULL) | |
3501 | + return NULL; | |
3502 | + memcpy(copy, meth, sizeof(*copy)); | |
3503 | + if ((copy->name = strdup(meth->name)) == NULL) { | |
3504 | + free(copy); | |
3505 | + return NULL; | |
3506 | + } | |
3507 | + | |
3508 | + return copy; | |
3509 | +} | |
3510 | +#endif /* HAVE_RSA_METH_DUP */ | |
3511 | + | |
3512 | +#ifndef HAVE_RSA_METH_SET1_NAME | |
3513 | +int | |
3514 | +RSA_meth_set1_name(RSA_METHOD *meth, const char *name) | |
3515 | +{ | |
3516 | + char *copy; | |
3517 | + | |
3518 | + if ((copy = strdup(name)) == NULL) | |
3519 | + return 0; | |
3520 | + free((char *)meth->name); | |
3521 | + meth->name = copy; | |
3522 | + return 1; | |
3523 | +} | |
3524 | +#endif /* HAVE_RSA_METH_SET1_NAME */ | |
3525 | + | |
3526 | +#ifndef HAVE_RSA_METH_GET_FINISH | |
3527 | +int | |
3528 | +(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa) | |
3529 | +{ | |
3530 | + return meth->finish; | |
3531 | +} | |
3532 | +#endif /* HAVE_RSA_METH_GET_FINISH */ | |
3533 | + | |
3534 | +#ifndef HAVE_RSA_METH_SET_PRIV_ENC | |
3535 | +int | |
3536 | +RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, | |
3537 | + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) | |
3538 | +{ | |
3539 | + meth->rsa_priv_enc = priv_enc; | |
3540 | + return 1; | |
3541 | +} | |
3542 | +#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ | |
3543 | + | |
3544 | +#ifndef HAVE_RSA_METH_SET_PRIV_DEC | |
3545 | +int | |
3546 | +RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, | |
3547 | + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) | |
3548 | +{ | |
3549 | + meth->rsa_priv_dec = priv_dec; | |
3550 | + return 1; | |
3551 | +} | |
3552 | +#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ | |
3553 | + | |
3554 | +#ifndef HAVE_RSA_METH_SET_FINISH | |
3555 | +int | |
3556 | +RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)) | |
3557 | +{ | |
3558 | + meth->finish = finish; | |
3559 | + return 1; | |
3560 | +} | |
3561 | +#endif /* HAVE_RSA_METH_SET_FINISH */ | |
3562 | + | |
3563 | +#ifndef HAVE_EVP_PKEY_GET0_RSA | |
3564 | +RSA * | |
3565 | +EVP_PKEY_get0_RSA(EVP_PKEY *pkey) | |
3566 | +{ | |
3567 | + if (pkey->type != EVP_PKEY_RSA) { | |
3568 | + /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */ | |
3569 | + return NULL; | |
3570 | + } | |
3571 | + return pkey->pkey.rsa; | |
3572 | +} | |
3573 | +#endif /* HAVE_EVP_PKEY_GET0_RSA */ | |
3574 | + | |
3575 | +#ifndef HAVE_EVP_MD_CTX_NEW | |
3576 | +EVP_MD_CTX * | |
3577 | +EVP_MD_CTX_new(void) | |
3578 | +{ | |
3579 | + return calloc(1, sizeof(EVP_MD_CTX)); | |
3580 | +} | |
3581 | +#endif /* HAVE_EVP_MD_CTX_NEW */ | |
3582 | + | |
3583 | +#ifndef HAVE_EVP_MD_CTX_FREE | |
3584 | +void | |
3585 | +EVP_MD_CTX_free(EVP_MD_CTX *ctx) | |
3586 | +{ | |
3587 | + if (ctx == NULL) | |
3588 | + return; | |
3589 | + | |
3590 | + EVP_MD_CTX_cleanup(ctx); | |
3591 | + | |
3592 | + free(ctx); | |
3593 | +} | |
3594 | +#endif /* HAVE_EVP_MD_CTX_FREE */ | |
3595 | + | |
3596 | +#endif /* WITH_OPENSSL */ | |
3597 | diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h | |
3598 | index 2ae42bac..9e0264c0 100644 | |
3599 | --- a/openbsd-compat/openssl-compat.h | |
3600 | +++ b/openbsd-compat/openssl-compat.h | |
3601 | @@ -24,6 +24,8 @@ | |
3602 | #include <openssl/evp.h> | |
3603 | #include <openssl/rsa.h> | |
3604 | #include <openssl/dsa.h> | |
3605 | +#include <openssl/ecdsa.h> | |
3606 | +#include <openssl/dh.h> | |
3607 | ||
3608 | int ssh_compatible_openssl(long, long); | |
3609 | ||
3610 | @@ -96,5 +98,139 @@ void ssh_OpenSSL_add_all_algorithms(void); | |
3611 | ||
3612 | #endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ | |
3613 | ||
3614 | +/* LibreSSL/OpenSSL 1.1x API compat */ | |
3615 | +#ifndef HAVE_DSA_GET0_PQG | |
3616 | +void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, | |
3617 | + const BIGNUM **g); | |
3618 | +#endif /* HAVE_DSA_GET0_PQG */ | |
3619 | + | |
3620 | +#ifndef HAVE_DSA_SET0_PQG | |
3621 | +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); | |
3622 | +#endif /* HAVE_DSA_SET0_PQG */ | |
3623 | + | |
3624 | +#ifndef HAVE_DSA_GET0_KEY | |
3625 | +void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, | |
3626 | + const BIGNUM **priv_key); | |
3627 | +#endif /* HAVE_DSA_GET0_KEY */ | |
3628 | + | |
3629 | +#ifndef HAVE_DSA_SET0_KEY | |
3630 | +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); | |
3631 | +#endif /* HAVE_DSA_SET0_KEY */ | |
3632 | + | |
3633 | +#ifndef HAVE_EVP_CIPHER_CTX_GET_IV | |
3634 | +int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, | |
3635 | + unsigned char *iv, size_t len); | |
3636 | +#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */ | |
3637 | + | |
3638 | +#ifndef HAVE_EVP_CIPHER_CTX_SET_IV | |
3639 | +int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, | |
3640 | + const unsigned char *iv, size_t len); | |
3641 | +#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ | |
3642 | + | |
3643 | +#ifndef HAVE_RSA_GET0_KEY | |
3644 | +void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, | |
3645 | + const BIGNUM **d); | |
3646 | +#endif /* HAVE_RSA_GET0_KEY */ | |
3647 | + | |
3648 | +#ifndef HAVE_RSA_SET0_KEY | |
3649 | +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); | |
3650 | +#endif /* HAVE_RSA_SET0_KEY */ | |
3651 | + | |
3652 | +#ifndef HAVE_RSA_GET0_CRT_PARAMS | |
3653 | +void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, | |
3654 | + const BIGNUM **iqmp); | |
3655 | +#endif /* HAVE_RSA_GET0_CRT_PARAMS */ | |
3656 | + | |
3657 | +#ifndef HAVE_RSA_SET0_CRT_PARAMS | |
3658 | +int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); | |
3659 | +#endif /* HAVE_RSA_SET0_CRT_PARAMS */ | |
3660 | + | |
3661 | +#ifndef HAVE_RSA_GET0_FACTORS | |
3662 | +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); | |
3663 | +#endif /* HAVE_RSA_GET0_FACTORS */ | |
3664 | + | |
3665 | +#ifndef HAVE_RSA_SET0_FACTORS | |
3666 | +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); | |
3667 | +#endif /* HAVE_RSA_SET0_FACTORS */ | |
3668 | + | |
3669 | +#ifndef DSA_SIG_GET0 | |
3670 | +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); | |
3671 | +#endif /* DSA_SIG_GET0 */ | |
3672 | + | |
3673 | +#ifndef DSA_SIG_SET0 | |
3674 | +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); | |
3675 | +#endif /* DSA_SIG_SET0 */ | |
3676 | + | |
3677 | +#ifndef HAVE_ECDSA_SIG_GET0 | |
3678 | +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); | |
3679 | +#endif /* HAVE_ECDSA_SIG_GET0 */ | |
3680 | + | |
3681 | +#ifndef HAVE_ECDSA_SIG_SET0 | |
3682 | +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); | |
3683 | +#endif /* HAVE_ECDSA_SIG_SET0 */ | |
3684 | + | |
3685 | +#ifndef HAVE_DH_GET0_PQG | |
3686 | +void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, | |
3687 | + const BIGNUM **g); | |
3688 | +#endif /* HAVE_DH_GET0_PQG */ | |
3689 | + | |
3690 | +#ifndef HAVE_DH_SET0_PQG | |
3691 | +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); | |
3692 | +#endif /* HAVE_DH_SET0_PQG */ | |
3693 | + | |
3694 | +#ifndef HAVE_DH_GET0_KEY | |
3695 | +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); | |
3696 | +#endif /* HAVE_DH_GET0_KEY */ | |
3697 | + | |
3698 | +#ifndef HAVE_DH_SET0_KEY | |
3699 | +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); | |
3700 | +#endif /* HAVE_DH_SET0_KEY */ | |
3701 | + | |
3702 | +#ifndef HAVE_DH_SET_LENGTH | |
3703 | +int DH_set_length(DH *dh, long length); | |
3704 | +#endif /* HAVE_DH_SET_LENGTH */ | |
3705 | + | |
3706 | +#ifndef HAVE_RSA_METH_FREE | |
3707 | +void RSA_meth_free(RSA_METHOD *meth); | |
3708 | +#endif /* HAVE_RSA_METH_FREE */ | |
3709 | + | |
3710 | +#ifndef HAVE_RSA_METH_DUP | |
3711 | +RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); | |
3712 | +#endif /* HAVE_RSA_METH_DUP */ | |
3713 | + | |
3714 | +#ifndef HAVE_RSA_METH_SET1_NAME | |
3715 | +int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); | |
3716 | +#endif /* HAVE_RSA_METH_SET1_NAME */ | |
3717 | + | |
3718 | +#ifndef HAVE_RSA_METH_GET_FINISH | |
3719 | +int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); | |
3720 | +#endif /* HAVE_RSA_METH_GET_FINISH */ | |
3721 | + | |
3722 | +#ifndef HAVE_RSA_METH_SET_PRIV_ENC | |
3723 | +int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, | |
3724 | + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); | |
3725 | +#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ | |
3726 | + | |
3727 | +#ifndef HAVE_RSA_METH_SET_PRIV_DEC | |
3728 | +int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, | |
3729 | + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); | |
3730 | +#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ | |
3731 | + | |
3732 | +#ifndef HAVE_RSA_METH_SET_FINISH | |
3733 | +int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)); | |
3734 | +#endif /* HAVE_RSA_METH_SET_FINISH */ | |
3735 | + | |
3736 | +#ifndef HAVE_EVP_PKEY_GET0_RSA | |
3737 | +RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); | |
3738 | +#endif /* HAVE_EVP_PKEY_GET0_RSA */ | |
3739 | + | |
3740 | +#ifndef HAVE_EVP_MD_CTX_new | |
3741 | +EVP_MD_CTX *EVP_MD_CTX_new(void); | |
3742 | +#endif /* HAVE_EVP_MD_CTX_new */ | |
3743 | + | |
3744 | +#ifndef HAVE_EVP_MD_CTX_free | |
3745 | +void EVP_MD_CTX_free(EVP_MD_CTX *ctx); | |
3746 | +#endif /* HAVE_EVP_MD_CTX_free */ | |
3747 | + | |
3748 | #endif /* WITH_OPENSSL */ | |
3749 | #endif /* _OPENSSL_COMPAT_H */ | |
3750 | diff --git a/ssh-dss.c b/ssh-dss.c | |
3751 | index 631b1571..a23c383d 100644 | |
3752 | --- a/ssh-dss.c | |
3753 | +++ b/ssh-dss.c | |
3754 | @@ -43,6 +43,8 @@ | |
3755 | #define SSHKEY_INTERNAL | |
3756 | #include "sshkey.h" | |
3757 | ||
3758 | +#include "openbsd-compat/openssl-compat.h" | |
3759 | + | |
3760 | #define INTBLOB_LEN 20 | |
3761 | #define SIGBLOB_LEN (2*INTBLOB_LEN) | |
3762 | ||
3763 | diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c | |
3764 | index 9e92af04..2f553175 100644 | |
3765 | --- a/ssh-ecdsa.c | |
3766 | +++ b/ssh-ecdsa.c | |
3767 | @@ -43,6 +43,8 @@ | |
3768 | #define SSHKEY_INTERNAL | |
3769 | #include "sshkey.h" | |
3770 | ||
3771 | +#include "openbsd-compat/openssl-compat.h" | |
3772 | + | |
3773 | /* ARGSUSED */ | |
3774 | int | |
3775 | ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |
3776 | diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c | |
3777 | index bcc18c6b..d1241ce6 100644 | |
3778 | --- a/ssh-pkcs11-client.c | |
3779 | +++ b/ssh-pkcs11-client.c | |
3780 | @@ -32,6 +32,8 @@ | |
3781 | ||
3782 | #include <openssl/rsa.h> | |
3783 | ||
3784 | +#include "openbsd-compat/openssl-compat.h" | |
3785 | + | |
3786 | #include "pathnames.h" | |
3787 | #include "xmalloc.h" | |
3788 | #include "sshbuf.h" | |
3789 | diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c | |
3790 | index c35f9415..775de964 100644 | |
3791 | --- a/ssh-pkcs11.c | |
3792 | +++ b/ssh-pkcs11.c | |
3793 | @@ -30,6 +30,7 @@ | |
3794 | #include <dlfcn.h> | |
3795 | ||
3796 | #include "openbsd-compat/sys-queue.h" | |
3797 | +#include "openbsd-compat/openssl-compat.h" | |
3798 | ||
3799 | #include <openssl/x509.h> | |
3800 | ||
3801 | diff --git a/ssh-rsa.c b/ssh-rsa.c | |
3802 | index 2788f334..9b14f9a9 100644 | |
3803 | --- a/ssh-rsa.c | |
3804 | +++ b/ssh-rsa.c | |
3805 | @@ -35,6 +35,8 @@ | |
3806 | #include "digest.h" | |
3807 | #include "log.h" | |
3808 | ||
3809 | +#include "openbsd-compat/openssl-compat.h" | |
3810 | + | |
3811 | static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *); | |
3812 | ||
3813 | static const char * | |
3814 | diff --git a/sshkey.c b/sshkey.c | |
3815 | index 085f1707..6f2c9d44 100644 | |
3816 | --- a/sshkey.c | |
3817 | +++ b/sshkey.c | |
3818 | @@ -60,6 +60,8 @@ | |
3819 | ||
3820 | #include "xmss_fast.h" | |
3821 | ||
3822 | +#include "openbsd-compat/openssl-compat.h" | |
3823 | + | |
3824 | /* openssh private key file format */ | |
3825 | #define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n" | |
3826 | #define MARK_END "-----END OPENSSH PRIVATE KEY-----\n" | |
3827 | @@ -1744,7 +1746,6 @@ int | |
3828 | sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) | |
3829 | { | |
3830 | struct sshkey *n = NULL; | |
3831 | - int ret = SSH_ERR_INTERNAL_ERROR; | |
3832 | int r = SSH_ERR_INTERNAL_ERROR; | |
3833 | #ifdef WITH_OPENSSL | |
3834 | const BIGNUM *rsa_n, *rsa_e; | |
3835 | ||
3836 | commit 86e0a9f3d249d5580390daf58e015e68b01cef10 | |
3837 | Author: djm@openbsd.org <djm@openbsd.org> | |
3838 | Date: Thu Sep 13 05:06:51 2018 +0000 | |
3839 | ||
3840 | upstream: use only openssl-1.1.x API here too | |
3841 | ||
3842 | OpenBSD-Regress-ID: ae877064597c349954b1b443769723563cecbc8f | |
3843 | ||
3844 | diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c | |
3845 | index 7e03b7e5..8e35f441 100644 | |
3846 | --- a/regress/unittests/sshkey/test_sshkey.c | |
3847 | +++ b/regress/unittests/sshkey/test_sshkey.c | |
3848 | @@ -1,4 +1,4 @@ | |
3849 | -/* $OpenBSD: test_sshkey.c,v 1.15 2018/09/12 01:22:43 djm Exp $ */ | |
3850 | +/* $OpenBSD: test_sshkey.c,v 1.16 2018/09/13 05:06:51 djm Exp $ */ | |
3851 | /* | |
3852 | * Regress test for sshkey.h key management API | |
3853 | * | |
3854 | @@ -173,6 +173,61 @@ get_private(const char *n) | |
3855 | return ret; | |
3856 | } | |
3857 | ||
3858 | +static const BIGNUM * | |
3859 | +rsa_n(struct sshkey *k) | |
3860 | +{ | |
3861 | + const BIGNUM *n = NULL; | |
3862 | + | |
3863 | + ASSERT_PTR_NE(k, NULL); | |
3864 | + ASSERT_PTR_NE(k->rsa, NULL); | |
3865 | + RSA_get0_key(k->rsa, &n, NULL, NULL); | |
3866 | + return n; | |
3867 | +} | |
3868 | + | |
3869 | +static const BIGNUM * | |
3870 | +rsa_e(struct sshkey *k) | |
3871 | +{ | |
3872 | + const BIGNUM *e = NULL; | |
3873 | + | |
3874 | + ASSERT_PTR_NE(k, NULL); | |
3875 | + ASSERT_PTR_NE(k->rsa, NULL); | |
3876 | + RSA_get0_key(k->rsa, NULL, &e, NULL); | |
3877 | + return e; | |
3878 | +} | |
3879 | + | |
3880 | +static const BIGNUM * | |
3881 | +rsa_p(struct sshkey *k) | |
3882 | +{ | |
3883 | + const BIGNUM *p = NULL; | |
3884 | + | |
3885 | + ASSERT_PTR_NE(k, NULL); | |
3886 | + ASSERT_PTR_NE(k->rsa, NULL); | |
3887 | + RSA_get0_factors(k->rsa, &p, NULL); | |
3888 | + return p; | |
3889 | +} | |
3890 | + | |
3891 | +static const BIGNUM * | |
3892 | +dsa_g(struct sshkey *k) | |
3893 | +{ | |
3894 | + const BIGNUM *g = NULL; | |
3895 | + | |
3896 | + ASSERT_PTR_NE(k, NULL); | |
3897 | + ASSERT_PTR_NE(k->dsa, NULL); | |
3898 | + DSA_get0_pqg(k->dsa, NULL, NULL, &g); | |
3899 | + return g; | |
3900 | +} | |
3901 | + | |
3902 | +static const BIGNUM * | |
3903 | +dsa_priv_key(struct sshkey *k) | |
3904 | +{ | |
3905 | + const BIGNUM *priv_key = NULL; | |
3906 | + | |
3907 | + ASSERT_PTR_NE(k, NULL); | |
3908 | + ASSERT_PTR_NE(k->dsa, NULL); | |
3909 | + DSA_get0_key(k->dsa, NULL, &priv_key); | |
3910 | + return priv_key; | |
3911 | +} | |
3912 | + | |
3913 | void | |
3914 | sshkey_tests(void) | |
3915 | { | |
3916 | @@ -197,9 +252,6 @@ sshkey_tests(void) | |
3917 | k1 = sshkey_new(KEY_RSA); | |
3918 | ASSERT_PTR_NE(k1, NULL); | |
3919 | ASSERT_PTR_NE(k1->rsa, NULL); | |
3920 | - ASSERT_PTR_NE(k1->rsa->n, NULL); | |
3921 | - ASSERT_PTR_NE(k1->rsa->e, NULL); | |
3922 | - ASSERT_PTR_EQ(k1->rsa->p, NULL); | |
3923 | sshkey_free(k1); | |
3924 | TEST_DONE(); | |
3925 | ||
3926 | @@ -207,8 +259,6 @@ sshkey_tests(void) | |
3927 | k1 = sshkey_new(KEY_DSA); | |
3928 | ASSERT_PTR_NE(k1, NULL); | |
3929 | ASSERT_PTR_NE(k1->dsa, NULL); | |
3930 | - ASSERT_PTR_NE(k1->dsa->g, NULL); | |
3931 | - ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); | |
3932 | sshkey_free(k1); | |
3933 | TEST_DONE(); | |
3934 | ||
3935 | @@ -230,27 +280,6 @@ sshkey_tests(void) | |
3936 | sshkey_free(k1); | |
3937 | TEST_DONE(); | |
3938 | ||
3939 | - TEST_START("new_private KEY_RSA"); | |
3940 | - k1 = sshkey_new_private(KEY_RSA); | |
3941 | - ASSERT_PTR_NE(k1, NULL); | |
3942 | - ASSERT_PTR_NE(k1->rsa, NULL); | |
3943 | - ASSERT_PTR_NE(k1->rsa->n, NULL); | |
3944 | - ASSERT_PTR_NE(k1->rsa->e, NULL); | |
3945 | - ASSERT_PTR_NE(k1->rsa->p, NULL); | |
3946 | - ASSERT_INT_EQ(sshkey_add_private(k1), 0); | |
3947 | - sshkey_free(k1); | |
3948 | - TEST_DONE(); | |
3949 | - | |
3950 | - TEST_START("new_private KEY_DSA"); | |
3951 | - k1 = sshkey_new_private(KEY_DSA); | |
3952 | - ASSERT_PTR_NE(k1, NULL); | |
3953 | - ASSERT_PTR_NE(k1->dsa, NULL); | |
3954 | - ASSERT_PTR_NE(k1->dsa->g, NULL); | |
3955 | - ASSERT_PTR_NE(k1->dsa->priv_key, NULL); | |
3956 | - ASSERT_INT_EQ(sshkey_add_private(k1), 0); | |
3957 | - sshkey_free(k1); | |
3958 | - TEST_DONE(); | |
3959 | - | |
3960 | TEST_START("generate KEY_RSA too small modulus"); | |
3961 | ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 128, &k1), | |
3962 | SSH_ERR_KEY_LENGTH); | |
3963 | @@ -285,18 +314,18 @@ sshkey_tests(void) | |
3964 | ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0); | |
3965 | ASSERT_PTR_NE(kr, NULL); | |
3966 | ASSERT_PTR_NE(kr->rsa, NULL); | |
3967 | - ASSERT_PTR_NE(kr->rsa->n, NULL); | |
3968 | - ASSERT_PTR_NE(kr->rsa->e, NULL); | |
3969 | - ASSERT_PTR_NE(kr->rsa->p, NULL); | |
3970 | - ASSERT_INT_EQ(BN_num_bits(kr->rsa->n), 1024); | |
3971 | + ASSERT_PTR_NE(rsa_n(kr), NULL); | |
3972 | + ASSERT_PTR_NE(rsa_e(kr), NULL); | |
3973 | + ASSERT_PTR_NE(rsa_p(kr), NULL); | |
3974 | + ASSERT_INT_EQ(BN_num_bits(rsa_n(kr)), 1024); | |
3975 | TEST_DONE(); | |
3976 | ||
3977 | TEST_START("generate KEY_DSA"); | |
3978 | ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0); | |
3979 | ASSERT_PTR_NE(kd, NULL); | |
3980 | ASSERT_PTR_NE(kd->dsa, NULL); | |
3981 | - ASSERT_PTR_NE(kd->dsa->g, NULL); | |
3982 | - ASSERT_PTR_NE(kd->dsa->priv_key, NULL); | |
3983 | + ASSERT_PTR_NE(dsa_g(kd), NULL); | |
3984 | + ASSERT_PTR_NE(dsa_priv_key(kd), NULL); | |
3985 | TEST_DONE(); | |
3986 | ||
3987 | #ifdef OPENSSL_HAS_ECC | |
3988 | @@ -323,9 +352,9 @@ sshkey_tests(void) | |
3989 | ASSERT_PTR_NE(kr, k1); | |
3990 | ASSERT_INT_EQ(k1->type, KEY_RSA); | |
3991 | ASSERT_PTR_NE(k1->rsa, NULL); | |
3992 | - ASSERT_PTR_NE(k1->rsa->n, NULL); | |
3993 | - ASSERT_PTR_NE(k1->rsa->e, NULL); | |
3994 | - ASSERT_PTR_EQ(k1->rsa->p, NULL); | |
3995 | + ASSERT_PTR_NE(rsa_n(k1), NULL); | |
3996 | + ASSERT_PTR_NE(rsa_e(k1), NULL); | |
3997 | + ASSERT_PTR_EQ(rsa_p(k1), NULL); | |
3998 | TEST_DONE(); | |
3999 | ||
4000 | TEST_START("equal KEY_RSA/demoted KEY_RSA"); | |
4001 | @@ -339,8 +368,8 @@ sshkey_tests(void) | |
4002 | ASSERT_PTR_NE(kd, k1); | |
4003 | ASSERT_INT_EQ(k1->type, KEY_DSA); | |
4004 | ASSERT_PTR_NE(k1->dsa, NULL); | |
4005 | - ASSERT_PTR_NE(k1->dsa->g, NULL); | |
4006 | - ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); | |
4007 | + ASSERT_PTR_NE(dsa_g(k1), NULL); | |
4008 | + ASSERT_PTR_EQ(dsa_priv_key(k1), NULL); | |
4009 | TEST_DONE(); | |
4010 | ||
4011 | TEST_START("equal KEY_DSA/demoted KEY_DSA"); | |
4012 | ||
4013 | commit a3fd8074e2e2f06602e25618721f9556c731312c | |
4014 | Author: djm@openbsd.org <djm@openbsd.org> | |
4015 | Date: Thu Sep 13 09:03:20 2018 +0000 | |
4016 | ||
4017 | upstream: missed a bit of openssl-1.0.x API in this unittest | |
4018 | ||
4019 | OpenBSD-Regress-ID: a73a54d7f7381856a3f3a2d25947bee7a9a5dbc9 | |
4020 | ||
4021 | diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c | |
4022 | index b598f05c..548da684 100644 | |
4023 | --- a/regress/unittests/sshkey/common.c | |
4024 | +++ b/regress/unittests/sshkey/common.c | |
4025 | @@ -1,4 +1,4 @@ | |
4026 | -/* $OpenBSD: common.c,v 1.2 2015/01/08 13:10:58 djm Exp $ */ | |
4027 | +/* $OpenBSD: common.c,v 1.3 2018/09/13 09:03:20 djm Exp $ */ | |
4028 | /* | |
4029 | * Helpers for key API tests | |
4030 | * | |
4031 | @@ -82,3 +82,80 @@ load_bignum(const char *name) | |
4032 | return ret; | |
4033 | } | |
4034 | ||
4035 | +const BIGNUM * | |
4036 | +rsa_n(struct sshkey *k) | |
4037 | +{ | |
4038 | + const BIGNUM *n = NULL; | |
4039 | + | |
4040 | + ASSERT_PTR_NE(k, NULL); | |
4041 | + ASSERT_PTR_NE(k->rsa, NULL); | |
4042 | + RSA_get0_key(k->rsa, &n, NULL, NULL); | |
4043 | + return n; | |
4044 | +} | |
4045 | + | |
4046 | +const BIGNUM * | |
4047 | +rsa_e(struct sshkey *k) | |
4048 | +{ | |
4049 | + const BIGNUM *e = NULL; | |
4050 | + | |
4051 | + ASSERT_PTR_NE(k, NULL); | |
4052 | + ASSERT_PTR_NE(k->rsa, NULL); | |
4053 | + RSA_get0_key(k->rsa, NULL, &e, NULL); | |
4054 | + return e; | |
4055 | +} | |
4056 | + | |
4057 | +const BIGNUM * | |
4058 | +rsa_p(struct sshkey *k) | |
4059 | +{ | |
4060 | + const BIGNUM *p = NULL; | |
4061 | + | |
4062 | + ASSERT_PTR_NE(k, NULL); | |
4063 | + ASSERT_PTR_NE(k->rsa, NULL); | |
4064 | + RSA_get0_factors(k->rsa, &p, NULL); | |
4065 | + return p; | |
4066 | +} | |
4067 | + | |
4068 | +const BIGNUM * | |
4069 | +rsa_q(struct sshkey *k) | |
4070 | +{ | |
4071 | + const BIGNUM *q = NULL; | |
4072 | + | |
4073 | + ASSERT_PTR_NE(k, NULL); | |
4074 | + ASSERT_PTR_NE(k->rsa, NULL); | |
4075 | + RSA_get0_factors(k->rsa, NULL, &q); | |
4076 | + return q; | |
4077 | +} | |
4078 | + | |
4079 | +const BIGNUM * | |
4080 | +dsa_g(struct sshkey *k) | |
4081 | +{ | |
4082 | + const BIGNUM *g = NULL; | |
4083 | + | |
4084 | + ASSERT_PTR_NE(k, NULL); | |
4085 | + ASSERT_PTR_NE(k->dsa, NULL); | |
4086 | + DSA_get0_pqg(k->dsa, NULL, NULL, &g); | |
4087 | + return g; | |
4088 | +} | |
4089 | + | |
4090 | +const BIGNUM * | |
4091 | +dsa_pub_key(struct sshkey *k) | |
4092 | +{ | |
4093 | + const BIGNUM *pub_key = NULL; | |
4094 | + | |
4095 | + ASSERT_PTR_NE(k, NULL); | |
4096 | + ASSERT_PTR_NE(k->dsa, NULL); | |
4097 | + DSA_get0_key(k->dsa, &pub_key, NULL); | |
4098 | + return pub_key; | |
4099 | +} | |
4100 | + | |
4101 | +const BIGNUM * | |
4102 | +dsa_priv_key(struct sshkey *k) | |
4103 | +{ | |
4104 | + const BIGNUM *priv_key = NULL; | |
4105 | + | |
4106 | + ASSERT_PTR_NE(k, NULL); | |
4107 | + ASSERT_PTR_NE(k->dsa, NULL); | |
4108 | + DSA_get0_key(k->dsa, NULL, &priv_key); | |
4109 | + return priv_key; | |
4110 | +} | |
4111 | + | |
4112 | diff --git a/regress/unittests/sshkey/common.h b/regress/unittests/sshkey/common.h | |
4113 | index bf7d19dc..7a514fdc 100644 | |
4114 | --- a/regress/unittests/sshkey/common.h | |
4115 | +++ b/regress/unittests/sshkey/common.h | |
4116 | @@ -1,4 +1,4 @@ | |
4117 | -/* $OpenBSD: common.h,v 1.1 2014/06/24 01:14:18 djm Exp $ */ | |
4118 | +/* $OpenBSD: common.h,v 1.2 2018/09/13 09:03:20 djm Exp $ */ | |
4119 | /* | |
4120 | * Helpers for key API tests | |
4121 | * | |
4122 | @@ -14,3 +14,12 @@ struct sshbuf *load_text_file(const char *name); | |
4123 | /* Load a bignum from a file */ | |
4124 | BIGNUM *load_bignum(const char *name); | |
4125 | ||
4126 | +/* Accessors for key components */ | |
4127 | +const BIGNUM *rsa_n(struct sshkey *k); | |
4128 | +const BIGNUM *rsa_e(struct sshkey *k); | |
4129 | +const BIGNUM *rsa_p(struct sshkey *k); | |
4130 | +const BIGNUM *rsa_q(struct sshkey *k); | |
4131 | +const BIGNUM *dsa_g(struct sshkey *k); | |
4132 | +const BIGNUM *dsa_pub_key(struct sshkey *k); | |
4133 | +const BIGNUM *dsa_priv_key(struct sshkey *k); | |
4134 | + | |
4135 | diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c | |
4136 | index 0636e84b..65610dac 100644 | |
4137 | --- a/regress/unittests/sshkey/test_file.c | |
4138 | +++ b/regress/unittests/sshkey/test_file.c | |
4139 | @@ -1,4 +1,4 @@ | |
4140 | -/* $OpenBSD: test_file.c,v 1.7 2018/09/12 01:36:45 djm Exp $ */ | |
4141 | +/* $OpenBSD: test_file.c,v 1.8 2018/09/13 09:03:20 djm Exp $ */ | |
4142 | /* | |
4143 | * Regress test for sshkey.h key management API | |
4144 | * | |
4145 | @@ -60,9 +60,9 @@ sshkey_file_tests(void) | |
4146 | a = load_bignum("rsa_1.param.n"); | |
4147 | b = load_bignum("rsa_1.param.p"); | |
4148 | c = load_bignum("rsa_1.param.q"); | |
4149 | - ASSERT_BIGNUM_EQ(k1->rsa->n, a); | |
4150 | - ASSERT_BIGNUM_EQ(k1->rsa->p, b); | |
4151 | - ASSERT_BIGNUM_EQ(k1->rsa->q, c); | |
4152 | + ASSERT_BIGNUM_EQ(rsa_n(k1), a); | |
4153 | + ASSERT_BIGNUM_EQ(rsa_p(k1), b); | |
4154 | + ASSERT_BIGNUM_EQ(rsa_q(k1), c); | |
4155 | BN_free(a); | |
4156 | BN_free(b); | |
4157 | BN_free(c); | |
4158 | @@ -169,9 +169,9 @@ sshkey_file_tests(void) | |
4159 | a = load_bignum("dsa_1.param.g"); | |
4160 | b = load_bignum("dsa_1.param.priv"); | |
4161 | c = load_bignum("dsa_1.param.pub"); | |
4162 | - ASSERT_BIGNUM_EQ(k1->dsa->g, a); | |
4163 | - ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b); | |
4164 | - ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c); | |
4165 | + ASSERT_BIGNUM_EQ(dsa_g(k1), a); | |
4166 | + ASSERT_BIGNUM_EQ(dsa_priv_key(k1), b); | |
4167 | + ASSERT_BIGNUM_EQ(dsa_pub_key(k1), c); | |
4168 | BN_free(a); | |
4169 | BN_free(b); | |
4170 | BN_free(c); | |
4171 | diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c | |
4172 | index 8e35f441..47a03fad 100644 | |
4173 | --- a/regress/unittests/sshkey/test_sshkey.c | |
4174 | +++ b/regress/unittests/sshkey/test_sshkey.c | |
4175 | @@ -1,4 +1,4 @@ | |
4176 | -/* $OpenBSD: test_sshkey.c,v 1.16 2018/09/13 05:06:51 djm Exp $ */ | |
4177 | +/* $OpenBSD: test_sshkey.c,v 1.17 2018/09/13 09:03:20 djm Exp $ */ | |
4178 | /* | |
4179 | * Regress test for sshkey.h key management API | |
4180 | * | |
4181 | @@ -173,61 +173,6 @@ get_private(const char *n) | |
4182 | return ret; | |
4183 | } | |
4184 | ||
4185 | -static const BIGNUM * | |
4186 | -rsa_n(struct sshkey *k) | |
4187 | -{ | |
4188 | - const BIGNUM *n = NULL; | |
4189 | - | |
4190 | - ASSERT_PTR_NE(k, NULL); | |
4191 | - ASSERT_PTR_NE(k->rsa, NULL); | |
4192 | - RSA_get0_key(k->rsa, &n, NULL, NULL); | |
4193 | - return n; | |
4194 | -} | |
4195 | - | |
4196 | -static const BIGNUM * | |
4197 | -rsa_e(struct sshkey *k) | |
4198 | -{ | |
4199 | - const BIGNUM *e = NULL; | |
4200 | - | |
4201 | - ASSERT_PTR_NE(k, NULL); | |
4202 | - ASSERT_PTR_NE(k->rsa, NULL); | |
4203 | - RSA_get0_key(k->rsa, NULL, &e, NULL); | |
4204 | - return e; | |
4205 | -} | |
4206 | - | |
4207 | -static const BIGNUM * | |
4208 | -rsa_p(struct sshkey *k) | |
4209 | -{ | |
4210 | - const BIGNUM *p = NULL; | |
4211 | - | |
4212 | - ASSERT_PTR_NE(k, NULL); | |
4213 | - ASSERT_PTR_NE(k->rsa, NULL); | |
4214 | - RSA_get0_factors(k->rsa, &p, NULL); | |
4215 | - return p; | |
4216 | -} | |
4217 | - | |
4218 | -static const BIGNUM * | |
4219 | -dsa_g(struct sshkey *k) | |
4220 | -{ | |
4221 | - const BIGNUM *g = NULL; | |
4222 | - | |
4223 | - ASSERT_PTR_NE(k, NULL); | |
4224 | - ASSERT_PTR_NE(k->dsa, NULL); | |
4225 | - DSA_get0_pqg(k->dsa, NULL, NULL, &g); | |
4226 | - return g; | |
4227 | -} | |
4228 | - | |
4229 | -static const BIGNUM * | |
4230 | -dsa_priv_key(struct sshkey *k) | |
4231 | -{ | |
4232 | - const BIGNUM *priv_key = NULL; | |
4233 | - | |
4234 | - ASSERT_PTR_NE(k, NULL); | |
4235 | - ASSERT_PTR_NE(k->dsa, NULL); | |
4236 | - DSA_get0_key(k->dsa, NULL, &priv_key); | |
4237 | - return priv_key; | |
4238 | -} | |
4239 | - | |
4240 | void | |
4241 | sshkey_tests(void) | |
4242 | { | |
4243 | ||
4244 | commit d64e78526596f098096113fcf148216798c327ff | |
4245 | Author: Damien Miller <djm@mindrot.org> | |
4246 | Date: Thu Sep 13 19:05:48 2018 +1000 | |
4247 | ||
4248 | add compat header | |
4249 | ||
4250 | diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c | |
4251 | index 548da684..e63465c4 100644 | |
4252 | --- a/regress/unittests/sshkey/common.c | |
4253 | +++ b/regress/unittests/sshkey/common.c | |
4254 | @@ -27,6 +27,8 @@ | |
4255 | # include <openssl/ec.h> | |
4256 | #endif | |
4257 | ||
4258 | +#include "openbsd-compat/openssl-compat.h" | |
4259 | + | |
4260 | #include "../test_helper/test_helper.h" | |
4261 | ||
4262 | #include "ssherr.h" |