1 commit a70fd4ad7bd9f2ed223ff635a3d41e483057f23b
2 Author: djm@openbsd.org <djm@openbsd.org>
3 Date: Wed Sep 12 01:31:30 2018 +0000
5 upstream: add cert->signature_type field and keep it in sync with
7 certificate signature wrt loading and certification operations; ok markus@
9 OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3
11 diff --git a/sshkey.c b/sshkey.c
12 index 72c08c7e..b467571f 100644
16 -/* $OpenBSD: sshkey.c,v 1.66 2018/07/03 13:20:25 djm Exp $ */
17 +/* $OpenBSD: sshkey.c,v 1.67 2018/09/12 01:31:30 djm Exp $ */
19 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
20 * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
21 @@ -78,6 +78,7 @@ int sshkey_private_serialize_opt(const struct sshkey *key,
22 struct sshbuf *buf, enum sshkey_serialize_rep);
23 static int sshkey_from_blob_internal(struct sshbuf *buf,
24 struct sshkey **keyp, int allow_cert);
25 +static int get_sigtype(const u_char *sig, size_t siglen, char **sigtypep);
27 /* Supported key types */
29 @@ -453,6 +454,7 @@ cert_free(struct sshkey_cert *cert)
30 free(cert->principals[i]);
31 free(cert->principals);
32 sshkey_free(cert->signature_key);
33 + free(cert->signature_type);
34 freezero(cert, sizeof(*cert));
37 @@ -472,6 +474,7 @@ cert_new(void)
39 cert->principals = NULL;
40 cert->signature_key = NULL;
41 + cert->signature_type = NULL;
45 @@ -1695,54 +1698,68 @@ sshkey_cert_copy(const struct sshkey *from_key, struct sshkey *to_key)
47 const struct sshkey_cert *from;
48 struct sshkey_cert *to;
49 - int ret = SSH_ERR_INTERNAL_ERROR;
51 - if (to_key->cert != NULL) {
52 - cert_free(to_key->cert);
53 - to_key->cert = NULL;
55 + int r = SSH_ERR_INTERNAL_ERROR;
57 - if ((from = from_key->cert) == NULL)
58 + if (to_key == NULL || (from = from_key->cert) == NULL)
59 return SSH_ERR_INVALID_ARGUMENT;
61 - if ((to = to_key->cert = cert_new()) == NULL)
62 + if ((to = cert_new()) == NULL)
63 return SSH_ERR_ALLOC_FAIL;
65 - if ((ret = sshbuf_putb(to->certblob, from->certblob)) != 0 ||
66 - (ret = sshbuf_putb(to->critical, from->critical)) != 0 ||
67 - (ret = sshbuf_putb(to->extensions, from->extensions)) != 0)
69 + if ((r = sshbuf_putb(to->certblob, from->certblob)) != 0 ||
70 + (r = sshbuf_putb(to->critical, from->critical)) != 0 ||
71 + (r = sshbuf_putb(to->extensions, from->extensions)) != 0)
74 to->serial = from->serial;
75 to->type = from->type;
76 if (from->key_id == NULL)
78 - else if ((to->key_id = strdup(from->key_id)) == NULL)
79 - return SSH_ERR_ALLOC_FAIL;
80 + else if ((to->key_id = strdup(from->key_id)) == NULL) {
81 + r = SSH_ERR_ALLOC_FAIL;
84 to->valid_after = from->valid_after;
85 to->valid_before = from->valid_before;
86 if (from->signature_key == NULL)
87 to->signature_key = NULL;
88 - else if ((ret = sshkey_from_private(from->signature_key,
89 + else if ((r = sshkey_from_private(from->signature_key,
90 &to->signature_key)) != 0)
93 - if (from->nprincipals > SSHKEY_CERT_MAX_PRINCIPALS)
94 - return SSH_ERR_INVALID_ARGUMENT;
96 + if (from->signature_type != NULL &&
97 + (to->signature_type = strdup(from->signature_type)) == NULL) {
98 + r = SSH_ERR_ALLOC_FAIL;
101 + if (from->nprincipals > SSHKEY_CERT_MAX_PRINCIPALS) {
102 + r = SSH_ERR_INVALID_ARGUMENT;
105 if (from->nprincipals > 0) {
106 if ((to->principals = calloc(from->nprincipals,
107 - sizeof(*to->principals))) == NULL)
108 - return SSH_ERR_ALLOC_FAIL;
109 + sizeof(*to->principals))) == NULL) {
110 + r = SSH_ERR_ALLOC_FAIL;
113 for (i = 0; i < from->nprincipals; i++) {
114 to->principals[i] = strdup(from->principals[i]);
115 if (to->principals[i] == NULL) {
117 - return SSH_ERR_ALLOC_FAIL;
118 + r = SSH_ERR_ALLOC_FAIL;
123 to->nprincipals = from->nprincipals;
127 + cert_free(to_key->cert);
137 @@ -1954,6 +1971,8 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf)
138 if ((ret = sshkey_verify(key->cert->signature_key, sig, slen,
139 sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0)
141 + if ((ret = get_sigtype(sig, slen, &key->cert->signature_type)) != 0)
146 @@ -2531,7 +2550,8 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
147 u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32];
148 size_t i, ca_len, sig_len;
149 int ret = SSH_ERR_INTERNAL_ERROR;
150 - struct sshbuf *cert;
151 + struct sshbuf *cert = NULL;
152 + char *sigtype = NULL;
154 if (k == NULL || k->cert == NULL ||
155 k->cert->certblob == NULL || ca == NULL)
156 @@ -2541,6 +2561,16 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
157 if (!sshkey_type_is_valid_ca(ca->type))
158 return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;
161 + * If no alg specified as argument but a signature_type was set,
162 + * then prefer that. If both were specified, then they must match.
165 + alg = k->cert->signature_type;
166 + else if (k->cert->signature_type != NULL &&
167 + strcmp(alg, k->cert->signature_type) != 0)
168 + return SSH_ERR_INVALID_ARGUMENT;
170 if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)
171 return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;
173 @@ -2629,7 +2659,17 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
174 if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert),
175 sshbuf_len(cert), alg, 0, signer_ctx)) != 0)
178 + /* Check and update signature_type against what was actually used */
179 + if ((ret = get_sigtype(sig_blob, sig_len, &sigtype)) != 0)
181 + if (alg != NULL && strcmp(alg, sigtype) != 0) {
182 + ret = SSH_ERR_SIGN_ALG_UNSUPPORTED;
185 + if (k->cert->signature_type == NULL) {
186 + k->cert->signature_type = sigtype;
189 /* Append signature and we are done */
190 if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0)
192 @@ -2639,6 +2679,7 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
197 sshbuf_free(principals);
200 diff --git a/sshkey.h b/sshkey.h
201 index 9060b2ec..b8f279a6 100644
205 -/* $OpenBSD: sshkey.h,v 1.26 2018/07/03 13:20:25 djm Exp $ */
206 +/* $OpenBSD: sshkey.h,v 1.27 2018/09/12 01:31:30 djm Exp $ */
209 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
210 @@ -102,6 +102,7 @@ struct sshkey_cert {
211 struct sshbuf *critical;
212 struct sshbuf *extensions;
213 struct sshkey *signature_key;
214 + char *signature_type;
218 commit ba9e788315b1f6a350f910cb2a9e95b2ce584e89
219 Author: djm@openbsd.org <djm@openbsd.org>
220 Date: Wed Sep 12 01:32:54 2018 +0000
222 upstream: add sshkey_check_cert_sigtype() that checks a
224 cert->signature_type against a supplied whitelist; ok markus
226 OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302
228 diff --git a/sshkey.c b/sshkey.c
229 index b467571f..50ebdc25 100644
233 -/* $OpenBSD: sshkey.c,v 1.67 2018/09/12 01:31:30 djm Exp $ */
234 +/* $OpenBSD: sshkey.c,v 1.68 2018/09/12 01:32:54 djm Exp $ */
236 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
237 * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
238 @@ -2260,6 +2260,27 @@ get_sigtype(const u_char *sig, size_t siglen, char **sigtypep)
244 + * Checks whether a certificate's signature type is allowed.
245 + * Returns 0 (success) if the certificate signature type appears in the
246 + * "allowed" pattern-list, or the key is not a certificate to begin with.
247 + * Otherwise returns a ssherr.h code.
250 +sshkey_check_cert_sigtype(const struct sshkey *key, const char *allowed)
252 + if (key == NULL || allowed == NULL)
253 + return SSH_ERR_INVALID_ARGUMENT;
254 + if (!sshkey_type_is_cert(key->type))
256 + if (key->cert == NULL || key->cert->signature_type == NULL)
257 + return SSH_ERR_INVALID_ARGUMENT;
258 + if (match_pattern_list(key->cert->signature_type, allowed, 0) != 1)
259 + return SSH_ERR_SIGN_ALG_UNSUPPORTED;
264 * Returns the expected signature algorithm for a given public key algorithm.
266 diff --git a/sshkey.h b/sshkey.h
267 index b8f279a6..5a22a66f 100644
271 -/* $OpenBSD: sshkey.h,v 1.27 2018/09/12 01:31:30 djm Exp $ */
272 +/* $OpenBSD: sshkey.h,v 1.28 2018/09/12 01:32:54 djm Exp $ */
275 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
276 @@ -158,6 +158,7 @@ int sshkey_cert_check_authority(const struct sshkey *, int, int,
277 const char *, const char **);
278 size_t sshkey_format_cert_validity(const struct sshkey_cert *,
279 char *, size_t) __attribute__((__bounded__(__string__, 2, 3)));
280 +int sshkey_check_cert_sigtype(const struct sshkey *, const char *);
282 int sshkey_certify(struct sshkey *, struct sshkey *, const char *);
283 /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */
284 commit 2de78bc7da70e1338b32feeefcc6045cf49efcd4
285 Author: djm@openbsd.org <djm@openbsd.org>
286 Date: Wed Sep 12 01:22:43 2018 +0000
288 upstream: s/sshkey_demote/sshkey_from_private/g
290 OpenBSD-Regress-ID: 782bde7407d94a87aa8d1db7c23750e09d4443c4
292 diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
293 index 72367bde..7e03b7e5 100644
294 --- a/regress/unittests/sshkey/test_sshkey.c
295 +++ b/regress/unittests/sshkey/test_sshkey.c
297 -/* $OpenBSD: test_sshkey.c,v 1.14 2018/07/13 02:13:19 djm Exp $ */
298 +/* $OpenBSD: test_sshkey.c,v 1.15 2018/09/12 01:22:43 djm Exp $ */
300 * Regress test for sshkey.h key management API
302 @@ -318,7 +318,7 @@ sshkey_tests(void)
305 TEST_START("demote KEY_RSA");
306 - ASSERT_INT_EQ(sshkey_demote(kr, &k1), 0);
307 + ASSERT_INT_EQ(sshkey_from_private(kr, &k1), 0);
308 ASSERT_PTR_NE(k1, NULL);
309 ASSERT_PTR_NE(kr, k1);
310 ASSERT_INT_EQ(k1->type, KEY_RSA);
311 @@ -334,7 +334,7 @@ sshkey_tests(void)
314 TEST_START("demote KEY_DSA");
315 - ASSERT_INT_EQ(sshkey_demote(kd, &k1), 0);
316 + ASSERT_INT_EQ(sshkey_from_private(kd, &k1), 0);
317 ASSERT_PTR_NE(k1, NULL);
318 ASSERT_PTR_NE(kd, k1);
319 ASSERT_INT_EQ(k1->type, KEY_DSA);
320 @@ -350,7 +350,7 @@ sshkey_tests(void)
322 #ifdef OPENSSL_HAS_ECC
323 TEST_START("demote KEY_ECDSA");
324 - ASSERT_INT_EQ(sshkey_demote(ke, &k1), 0);
325 + ASSERT_INT_EQ(sshkey_from_private(ke, &k1), 0);
326 ASSERT_PTR_NE(k1, NULL);
327 ASSERT_PTR_NE(ke, k1);
328 ASSERT_INT_EQ(k1->type, KEY_ECDSA);
329 @@ -367,7 +367,7 @@ sshkey_tests(void)
332 TEST_START("demote KEY_ED25519");
333 - ASSERT_INT_EQ(sshkey_demote(kf, &k1), 0);
334 + ASSERT_INT_EQ(sshkey_from_private(kf, &k1), 0);
335 ASSERT_PTR_NE(k1, NULL);
336 ASSERT_PTR_NE(kf, k1);
337 ASSERT_INT_EQ(k1->type, KEY_ED25519);
339 commit d70d061828730a56636ab6f1f24fe4a8ccefcfc1
340 Author: djm@openbsd.org <djm@openbsd.org>
341 Date: Wed Sep 12 01:36:45 2018 +0000
343 upstream: Include certs with multiple RSA signature variants in
345 test data Ensure that cert->signature_key is populated correctly
347 OpenBSD-Regress-ID: 56e68f70fe46cb3a193ca207385bdb301fd6603a
349 diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha1 b/regress/unittests/sshkey/testdata/rsa_1_sha1
351 index 00000000..5de3f842
353 +++ b/regress/unittests/sshkey/testdata/rsa_1_sha1
355 +-----BEGIN RSA PRIVATE KEY-----
356 +MIICXAIBAAKBgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18u
357 +d6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKd
358 +NSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wIDAQAB
359 +AoGAXyj5mpjmbD+YlxGIWz/zrM4hGsWgd4VteKEJxT6MMI4uzCRpkMd0ck8oHiwZ
360 +GAI/SwUzIsgtONQuH3AXVsUgghW4Ynn+8ksEv0IZ918WDMDwqvqkyrVzsOsZzqYj
361 +Pf8DUDKCpwFjnlknJ04yvWBZvVhWtY4OiZ8GV0Ttsu3k+GECQQD1YHfvBb5FdJBv
362 +Uhde2Il+jaFia8mwVVNNaiD2ECxXx6CzGz54ZLEB9NPVfDUZK8lJ4UJDqelWNh3i
363 +PF3RefWDAkEA1CVBzAFL4mNwpleVPzrfy69xP3gWOa26MxM/GE6zx9jC7HgQ3KPa
364 +WKdG/FuHs085aTRDaDLmGcZ8IvMuu7NgKQJAcIOKmxR0Gd8IN7NZugjqixggb0Pj
365 +mLKXXwESGiJyYtHL0zTj4Uqyi6Ya2GJ66o7UXscmnmYz828fJtTtZBdbRwJBALfi
366 +C2QvA32Zv/0PEXibKXy996WSC4G3ShwXZKtHHKHvCxY5BDSbehk59VesZrVPyG2e
367 +NYdOBxD0cIlCzJE56/ECQAndVkxvO8hwyEFGGwF3faHIAe/OxVb+MjaU25//Pe1/
368 +h/e6tlCk4w9CODpyV685gV394eYwMcGDcIkipTNUDZs=
369 +-----END RSA PRIVATE KEY-----
370 diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub b/regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub
372 index 00000000..ff49d759
374 +++ b/regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub
376 +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgy5PGFfSaEuSuXsjvKlMZGXYD0xlnqdZftuW9tMkUYz4AAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wAAAAAAAAABAAAAAQAAAARodWdvAAAAEgAAAAV1c2VyMQAAAAV1c2VyMgAAAAA2i4NgAAAAAE0d4eAAAABEAAAADWZvcmNlLWNvbW1hbmQAAAALAAAABy9iaW4vbHMAAAAOc291cmNlLWFkZHJlc3MAAAAOAAAACjEwLjAuMC4wLzgAAABkAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQD00RRenvxICSYvj54CPiYHM86OT5xwI9XORNH6Zkl3JPCQkAEdQ3hyfhraROaHsSv43wJcKyKrEg5XUZ8fZ/BoKIGU4Rd5AmL9wyPGv2RVY7gWELqXVSpu89R2tQJRmMVMD38CH0wqCTuoZirlKMTen6yfgYuFEpuqar0uOIeAyaQG6/9rVKWK36tcfM7YXx8fmGSN4eK/JhWDDjlo28YJ7ZFF9umh5baZG2Ai/vL3BJ7C3pqaEQNdKj8XqaSoDvFWKfOujk1620Rcuj3W0D0dvp/rH8xz8YkM1dMqGlYIZ4nrF5acB58Nk5FYBjtj1hu4DGEQlWL1Avk1agU4DQLrAAABDwAAAAdzc2gtcnNhAAABAF5BtPY8FbmIekK/zNq6/Lp5agKT5zEVxqAyZKhp75bLRP+kOMZBVB9ZWrekZk6IAVAOCZGQzTsD4mxIQsxBLl8k5hvEWb90/+w9/BzW9ScOGQe+y0COa0QWWR7L3k1S8WX2oAGvtDWOj7Md85nij4ZSU9/QQQFVDF8VilWPSMxUf/3I1fqyDq7AWcZkGk/bFUN6K6RsCSxIPlGmKt0IauyvSMI2IT0XeRT242RngeeUW8vFrn9TXy9YxJRW+cSeLKCuu8agBYyQMXWQ+q39eZZqVYSoo7nFEEhtaLs8d6jzgGkcE9wGJ9KLgfY/mG2vX3gI4IzncKkVJRoeiDzXFIk= RSA test key #1
377 diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha1.pub b/regress/unittests/sshkey/testdata/rsa_1_sha1.pub
379 index 00000000..23ef872e
381 +++ b/regress/unittests/sshkey/testdata/rsa_1_sha1.pub
383 +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+w== RSA test key #1
384 diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha512 b/regress/unittests/sshkey/testdata/rsa_1_sha512
386 index 00000000..5de3f842
388 +++ b/regress/unittests/sshkey/testdata/rsa_1_sha512
390 +-----BEGIN RSA PRIVATE KEY-----
391 +MIICXAIBAAKBgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18u
392 +d6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKd
393 +NSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wIDAQAB
394 +AoGAXyj5mpjmbD+YlxGIWz/zrM4hGsWgd4VteKEJxT6MMI4uzCRpkMd0ck8oHiwZ
395 +GAI/SwUzIsgtONQuH3AXVsUgghW4Ynn+8ksEv0IZ918WDMDwqvqkyrVzsOsZzqYj
396 +Pf8DUDKCpwFjnlknJ04yvWBZvVhWtY4OiZ8GV0Ttsu3k+GECQQD1YHfvBb5FdJBv
397 +Uhde2Il+jaFia8mwVVNNaiD2ECxXx6CzGz54ZLEB9NPVfDUZK8lJ4UJDqelWNh3i
398 +PF3RefWDAkEA1CVBzAFL4mNwpleVPzrfy69xP3gWOa26MxM/GE6zx9jC7HgQ3KPa
399 +WKdG/FuHs085aTRDaDLmGcZ8IvMuu7NgKQJAcIOKmxR0Gd8IN7NZugjqixggb0Pj
400 +mLKXXwESGiJyYtHL0zTj4Uqyi6Ya2GJ66o7UXscmnmYz828fJtTtZBdbRwJBALfi
401 +C2QvA32Zv/0PEXibKXy996WSC4G3ShwXZKtHHKHvCxY5BDSbehk59VesZrVPyG2e
402 +NYdOBxD0cIlCzJE56/ECQAndVkxvO8hwyEFGGwF3faHIAe/OxVb+MjaU25//Pe1/
403 +h/e6tlCk4w9CODpyV685gV394eYwMcGDcIkipTNUDZs=
404 +-----END RSA PRIVATE KEY-----
405 diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub b/regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub
407 index 00000000..47451968
409 +++ b/regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub
411 +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg/bUEmnMYHxlv1N7iXvnYPYdzDjlTRKoaIGEPkaQQQDwAAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wAAAAAAAAABAAAAAQAAAARodWdvAAAAEgAAAAV1c2VyMQAAAAV1c2VyMgAAAAA2i4NgAAAAAE0d4eAAAABEAAAADWZvcmNlLWNvbW1hbmQAAAALAAAABy9iaW4vbHMAAAAOc291cmNlLWFkZHJlc3MAAAAOAAAACjEwLjAuMC4wLzgAAABkAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQD00RRenvxICSYvj54CPiYHM86OT5xwI9XORNH6Zkl3JPCQkAEdQ3hyfhraROaHsSv43wJcKyKrEg5XUZ8fZ/BoKIGU4Rd5AmL9wyPGv2RVY7gWELqXVSpu89R2tQJRmMVMD38CH0wqCTuoZirlKMTen6yfgYuFEpuqar0uOIeAyaQG6/9rVKWK36tcfM7YXx8fmGSN4eK/JhWDDjlo28YJ7ZFF9umh5baZG2Ai/vL3BJ7C3pqaEQNdKj8XqaSoDvFWKfOujk1620Rcuj3W0D0dvp/rH8xz8YkM1dMqGlYIZ4nrF5acB58Nk5FYBjtj1hu4DGEQlWL1Avk1agU4DQLrAAABFAAAAAxyc2Etc2hhMi01MTIAAAEA7/GoZsJqrq4xYotsRbpM8arZDjCzT6kohXeD/GVy26s5E/YWXRYCrOMIzSZxjuN5rAaNRW8ffxq14JyI94566Kg2OeoxQ6rK/dTqkk7I1RyypSXunT3I4++RPs1Q+hu9eS/WBzur0/D3dMejhuc3IBg6iB0481I4pGBGcD8/KjQFfhlCuGVXwB1ALk2zfXFT1HYYrs6bYZuQqjgvArnjYJ0do3fTSDC20/ydV4BHnI3fVAY2THVjX45V2ppPadl/rpczaJqW1ZtpnpJkV8Un316stQSD0xLHUDjp89O6d9Yq5S0kDdfwTRJIPm9f2cGNakJwN5qzmmmdDroRKODYcg== RSA test key #1
412 diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha512.pub b/regress/unittests/sshkey/testdata/rsa_1_sha512.pub
414 index 00000000..23ef872e
416 +++ b/regress/unittests/sshkey/testdata/rsa_1_sha512.pub
418 +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+w== RSA test key #1
419 commit 482d23bcacdd3664f21cc82a5135f66fc598275f
420 Author: djm@openbsd.org <djm@openbsd.org>
421 Date: Thu Sep 13 02:08:33 2018 +0000
423 upstream: hold our collective noses and use the openssl-1.1.x API in
425 OpenSSH; feedback and ok tb@ jsing@ markus@
427 OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
429 diff --git a/auth2.c b/auth2.c
430 index ab879589..4d19957a 100644
433 @@ -706,7 +706,7 @@ auth2_record_key(Authctxt *authctxt, int authenticated,
434 struct sshkey **tmp, *dup;
437 - if ((r = sshkey_demote(key, &dup)) != 0)
438 + if ((r = sshkey_from_private(key, &dup)) != 0)
439 fatal("%s: copy key: %s", __func__, ssh_err(r));
440 sshkey_free(authctxt->auth_method_key);
441 authctxt->auth_method_key = dup;
442 @@ -715,7 +715,7 @@ auth2_record_key(Authctxt *authctxt, int authenticated,
445 /* If authenticated, make sure we don't accept this key again */
446 - if ((r = sshkey_demote(key, &dup)) != 0)
447 + if ((r = sshkey_from_private(key, &dup)) != 0)
448 fatal("%s: copy key: %s", __func__, ssh_err(r));
449 if (authctxt->nprev_keys >= INT_MAX ||
450 (tmp = recallocarray(authctxt->prev_keys, authctxt->nprev_keys,
451 diff --git a/cipher.c b/cipher.c
452 index a72682a8..df43826e 100644
455 @@ -446,7 +446,7 @@ cipher_get_keyiv_len(const struct sshcipher_ctx *cc)
459 -cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
460 +cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, size_t len)
463 const struct sshcipher *c = cc->cipher;
464 @@ -473,7 +473,7 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
467 return SSH_ERR_LIBCRYPTO_ERROR;
468 - if ((u_int)evplen != len)
469 + if ((size_t)evplen != len)
470 return SSH_ERR_INVALID_ARGUMENT;
471 #ifndef OPENSSL_HAVE_EVPCTR
472 if (c->evptype == evp_aes_128_ctr)
473 @@ -484,14 +484,14 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
474 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
476 return SSH_ERR_LIBCRYPTO_ERROR;
478 - memcpy(iv, cc->evp->iv, len);
479 + } else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len))
480 + return SSH_ERR_LIBCRYPTO_ERROR;
486 -cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
487 +cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len)
490 const struct sshcipher *c = cc->cipher;
491 @@ -507,6 +507,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
492 evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
494 return SSH_ERR_LIBCRYPTO_ERROR;
495 + if ((size_t)evplen != len)
496 + return SSH_ERR_INVALID_ARGUMENT;
497 #ifndef OPENSSL_HAVE_EVPCTR
498 /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */
499 if (c->evptype == evp_aes_128_ctr)
500 @@ -518,8 +520,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
501 if (!EVP_CIPHER_CTX_ctrl(cc->evp,
502 EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv))
503 return SSH_ERR_LIBCRYPTO_ERROR;
505 - memcpy(cc->evp->iv, iv, evplen);
506 + } else if (!EVP_CIPHER_CTX_set_iv(cc->evp, iv, evplen))
507 + return SSH_ERR_LIBCRYPTO_ERROR;
511 diff --git a/cipher.h b/cipher.h
512 index dc7ecf11..dc1571d2 100644
515 @@ -68,8 +68,8 @@ u_int cipher_is_cbc(const struct sshcipher *);
517 u_int cipher_ctx_is_plaintext(struct sshcipher_ctx *);
519 -int cipher_get_keyiv(struct sshcipher_ctx *, u_char *, u_int);
520 -int cipher_set_keyiv(struct sshcipher_ctx *, const u_char *);
521 +int cipher_get_keyiv(struct sshcipher_ctx *, u_char *, size_t);
522 +int cipher_set_keyiv(struct sshcipher_ctx *, const u_char *, size_t);
523 int cipher_get_keyiv_len(const struct sshcipher_ctx *);
525 #endif /* CIPHER_H */
526 diff --git a/dh.c b/dh.c
527 index ac8d5a0a..d0d4527b 100644
530 @@ -216,14 +216,17 @@ choose_dh(int min, int wantbits, int max)
531 /* diffie-hellman-groupN-sha1 */
534 -dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
535 +dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub)
538 int n = BN_num_bits(dh_pub);
541 + const BIGNUM *dh_p;
544 + DH_get0_pqg(dh, &dh_p, NULL, NULL);
546 + if (BN_is_negative(dh_pub)) {
547 logit("invalid public DH value: negative");
550 @@ -236,7 +239,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
551 error("%s: BN_new failed", __func__);
554 - if (!BN_sub(tmp, dh->p, BN_value_one()) ||
555 + if (!BN_sub(tmp, dh_p, BN_value_one()) ||
556 BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */
558 logit("invalid public DH value: >= p-1");
559 @@ -247,14 +250,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
560 for (i = 0; i <= n; i++)
561 if (BN_is_bit_set(dh_pub, i))
563 - debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
564 + debug2("bits set: %d/%d", bits_set, BN_num_bits(dh_p));
567 * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial
570 logit("invalid public DH value (%d/%d)",
571 - bits_set, BN_num_bits(dh->p));
572 + bits_set, BN_num_bits(dh_p));
576 @@ -264,9 +267,12 @@ int
577 dh_gen_key(DH *dh, int need)
580 + const BIGNUM *dh_p, *pub_key;
582 + DH_get0_pqg(dh, &dh_p, NULL, NULL);
584 - if (need < 0 || dh->p == NULL ||
585 - (pbits = BN_num_bits(dh->p)) <= 0 ||
586 + if (need < 0 || dh_p == NULL ||
587 + (pbits = BN_num_bits(dh_p)) <= 0 ||
588 need > INT_MAX / 2 || 2 * need > pbits)
589 return SSH_ERR_INVALID_ARGUMENT;
591 @@ -275,13 +281,14 @@ dh_gen_key(DH *dh, int need)
592 * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
593 * so double requested need here.
595 - dh->length = MINIMUM(need * 2, pbits - 1);
596 - if (DH_generate_key(dh) == 0 ||
597 - !dh_pub_is_valid(dh, dh->pub_key)) {
598 - BN_clear_free(dh->priv_key);
599 - dh->priv_key = NULL;
600 + if (!DH_set_length(dh, MINIMUM(need * 2, pbits - 1)))
601 return SSH_ERR_LIBCRYPTO_ERROR;
604 + if (DH_generate_key(dh) == 0)
605 + return SSH_ERR_LIBCRYPTO_ERROR;
606 + DH_get0_key(dh, &pub_key, NULL);
607 + if (!dh_pub_is_valid(dh, pub_key))
608 + return SSH_ERR_INVALID_FORMAT;
612 @@ -289,22 +296,27 @@ DH *
613 dh_new_group_asc(const char *gen, const char *modulus)
616 + BIGNUM *dh_p = NULL, *dh_g = NULL;
618 if ((dh = DH_new()) == NULL)
620 - if (BN_hex2bn(&dh->p, modulus) == 0 ||
621 - BN_hex2bn(&dh->g, gen) == 0) {
626 + if (BN_hex2bn(&dh_p, modulus) == 0 ||
627 + BN_hex2bn(&dh_g, gen) == 0)
629 + if (!DH_set0_pqg(dh, dh_p, NULL, dh_g))
634 + BN_clear_free(dh_p);
635 + BN_clear_free(dh_g);
640 * This just returns the group, we still need to generate the exchange
645 dh_new_group(BIGNUM *gen, BIGNUM *modulus)
647 @@ -312,10 +324,12 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus)
649 if ((dh = DH_new()) == NULL)
653 + if (!DH_set0_pqg(dh, modulus, NULL, gen)) {
662 /* rfc2409 "Second Oakley Group" (1024 bits) */
663 diff --git a/dh.h b/dh.h
664 index bcd485cf..344b29e3 100644
667 @@ -42,7 +42,7 @@ DH *dh_new_group18(void);
668 DH *dh_new_group_fallback(int);
670 int dh_gen_key(DH *, int);
671 -int dh_pub_is_valid(DH *, BIGNUM *);
672 +int dh_pub_is_valid(const DH *, const BIGNUM *);
674 u_int dh_estimate(int);
676 diff --git a/digest-openssl.c b/digest-openssl.c
677 index 27709992..da7ed72b 100644
678 --- a/digest-openssl.c
679 +++ b/digest-openssl.c
682 struct ssh_digest_ctx {
689 @@ -106,7 +106,7 @@ ssh_digest_bytes(int alg)
691 ssh_digest_blocksize(struct ssh_digest_ctx *ctx)
693 - return EVP_MD_CTX_block_size(&ctx->mdctx);
694 + return EVP_MD_CTX_block_size(ctx->mdctx);
697 struct ssh_digest_ctx *
698 @@ -118,11 +118,14 @@ ssh_digest_start(int alg)
699 if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL))
702 - EVP_MD_CTX_init(&ret->mdctx);
703 - if (EVP_DigestInit_ex(&ret->mdctx, digest->mdfunc(), NULL) != 1) {
704 + if ((ret->mdctx = EVP_MD_CTX_new()) == NULL) {
708 + if (EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) {
709 + ssh_digest_free(ret);
715 @@ -132,7 +135,7 @@ ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to)
716 if (from->alg != to->alg)
717 return SSH_ERR_INVALID_ARGUMENT;
718 /* we have bcopy-style order while openssl has memcpy-style */
719 - if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx))
720 + if (!EVP_MD_CTX_copy_ex(to->mdctx, from->mdctx))
721 return SSH_ERR_LIBCRYPTO_ERROR;
724 @@ -140,7 +143,7 @@ ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to)
726 ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen)
728 - if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1)
729 + if (EVP_DigestUpdate(ctx->mdctx, m, mlen) != 1)
730 return SSH_ERR_LIBCRYPTO_ERROR;
733 @@ -161,7 +164,7 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
734 return SSH_ERR_INVALID_ARGUMENT;
735 if (dlen < digest->digest_len) /* No truncation allowed */
736 return SSH_ERR_INVALID_ARGUMENT;
737 - if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1)
738 + if (EVP_DigestFinal_ex(ctx->mdctx, d, &l) != 1)
739 return SSH_ERR_LIBCRYPTO_ERROR;
740 if (l != digest->digest_len) /* sanity */
741 return SSH_ERR_INTERNAL_ERROR;
742 @@ -171,11 +174,10 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
744 ssh_digest_free(struct ssh_digest_ctx *ctx)
747 - EVP_MD_CTX_cleanup(&ctx->mdctx);
748 - explicit_bzero(ctx, sizeof(*ctx));
753 + EVP_MD_CTX_free(ctx->mdctx);
754 + freezero(ctx, sizeof(*ctx));
758 diff --git a/kexdhc.c b/kexdhc.c
759 index 9a9f1ea7..a8b74247 100644
762 @@ -56,6 +56,7 @@ kexdh_client(struct ssh *ssh)
764 struct kex *kex = ssh->kex;
766 + const BIGNUM *pub_key;
768 /* generate and send 'e', client DH public key */
769 switch (kex->kex_type) {
770 @@ -81,15 +82,17 @@ kexdh_client(struct ssh *ssh)
773 debug("sending SSH2_MSG_KEXDH_INIT");
774 - if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 ||
775 - (r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 ||
776 - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||
777 + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
779 + DH_get0_key(kex->dh, &pub_key, NULL);
780 + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 ||
781 + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||
782 (r = sshpkt_send(ssh)) != 0)
785 DHparams_print_fp(stderr, kex->dh);
786 fprintf(stderr, "pub= ");
787 - BN_print_fp(stderr, kex->dh->pub_key);
788 + BN_print_fp(stderr, pub_key);
789 fprintf(stderr, "\n");
791 debug("expecting SSH2_MSG_KEXDH_REPLY");
792 @@ -104,6 +107,7 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh)
794 struct kex *kex = ssh->kex;
795 BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
796 + const BIGNUM *pub_key;
797 struct sshkey *server_host_key = NULL;
798 u_char *kbuf = NULL, *server_host_key_blob = NULL, *signature = NULL;
799 u_char hash[SSH_DIGEST_MAX_LENGTH];
800 @@ -168,6 +172,7 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh)
803 /* calc and verify H */
804 + DH_get0_key(kex->dh, &pub_key, NULL);
805 hashlen = sizeof(hash);
806 if ((r = kex_dh_hash(
808 @@ -176,7 +181,7 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh)
809 sshbuf_ptr(kex->my), sshbuf_len(kex->my),
810 sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
811 server_host_key_blob, sbloblen,
816 hash, &hashlen)) != 0)
817 diff --git a/kexdhs.c b/kexdhs.c
818 index 5dfca0a2..8367c6c3 100644
821 @@ -95,6 +95,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
823 struct kex *kex = ssh->kex;
824 BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
825 + const BIGNUM *pub_key;
826 struct sshkey *server_host_public, *server_host_private;
827 u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL;
828 u_char hash[SSH_DIGEST_MAX_LENGTH];
829 @@ -121,6 +122,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
830 r = SSH_ERR_ALLOC_FAIL;
833 + DH_get0_key(kex->dh, &pub_key, NULL);
834 if ((r = sshpkt_get_bignum2(ssh, dh_client_pub)) != 0 ||
835 (r = sshpkt_get_end(ssh)) != 0)
837 @@ -130,12 +132,9 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
838 BN_print_fp(stderr, dh_client_pub);
839 fprintf(stderr, "\n");
840 debug("bits %d", BN_num_bits(dh_client_pub));
844 DHparams_print_fp(stderr, kex->dh);
845 fprintf(stderr, "pub= ");
846 - BN_print_fp(stderr, kex->dh->pub_key);
847 + BN_print_fp(stderr, pub_key);
848 fprintf(stderr, "\n");
850 if (!dh_pub_is_valid(kex->dh, dh_client_pub)) {
851 @@ -171,7 +170,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
852 sshbuf_ptr(kex->my), sshbuf_len(kex->my),
853 server_host_key_blob, sbloblen,
858 hash, &hashlen)) != 0)
860 @@ -197,7 +196,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
861 /* send server hostkey, DH pubkey 'f' and signed H */
862 if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 ||
863 (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
864 - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */
865 + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */
866 (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
867 (r = sshpkt_send(ssh)) != 0)
869 diff --git a/kexgexc.c b/kexgexc.c
870 index 762a9a32..955bc837 100644
873 @@ -93,6 +93,7 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh)
875 struct kex *kex = ssh->kex;
876 BIGNUM *p = NULL, *g = NULL;
877 + const BIGNUM *pub_key;
880 debug("got SSH2_MSG_KEX_DH_GEX_GROUP");
881 @@ -118,16 +119,18 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh)
882 p = g = NULL; /* belong to kex->dh now */
884 /* generate and send 'e', client DH public key */
885 - if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 ||
886 - (r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 ||
887 - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||
888 + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
890 + DH_get0_key(kex->dh, &pub_key, NULL);
891 + if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 ||
892 + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||
893 (r = sshpkt_send(ssh)) != 0)
895 debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
897 DHparams_print_fp(stderr, kex->dh);
898 fprintf(stderr, "pub= ");
899 - BN_print_fp(stderr, kex->dh->pub_key);
900 + BN_print_fp(stderr, pub_key);
901 fprintf(stderr, "\n");
903 ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, NULL);
904 @@ -144,6 +147,7 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
906 struct kex *kex = ssh->kex;
907 BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
908 + const BIGNUM *pub_key, *dh_p, *dh_g;
909 struct sshkey *server_host_key = NULL;
910 u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL;
911 u_char hash[SSH_DIGEST_MAX_LENGTH];
912 @@ -211,6 +215,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
913 kex->min = kex->max = -1;
915 /* calc and verify H */
916 + DH_get0_key(kex->dh, &pub_key, NULL);
917 + DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
918 hashlen = sizeof(hash);
919 if ((r = kexgex_hash(
921 @@ -220,8 +226,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
922 sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
923 server_host_key_blob, sbloblen,
924 kex->min, kex->nbits, kex->max,
925 - kex->dh->p, kex->dh->g,
931 hash, &hashlen)) != 0)
932 diff --git a/kexgexs.c b/kexgexs.c
933 index f6983fd6..2a4aa7e8 100644
936 @@ -72,6 +72,7 @@ input_kex_dh_gex_request(int type, u_int32_t seq, struct ssh *ssh)
937 struct kex *kex = ssh->kex;
939 u_int min = 0, max = 0, nbits = 0;
940 + const BIGNUM *dh_p, *dh_g;
942 debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
943 if ((r = sshpkt_get_u32(ssh, &min)) != 0 ||
944 @@ -101,9 +102,10 @@ input_kex_dh_gex_request(int type, u_int32_t seq, struct ssh *ssh)
947 debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
948 + DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
949 if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 ||
950 - (r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 ||
951 - (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 ||
952 + (r = sshpkt_put_bignum2(ssh, dh_p)) != 0 ||
953 + (r = sshpkt_put_bignum2(ssh, dh_g)) != 0 ||
954 (r = sshpkt_send(ssh)) != 0)
957 @@ -123,6 +125,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
959 struct kex *kex = ssh->kex;
960 BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
961 + const BIGNUM *pub_key, *dh_p, *dh_g;
962 struct sshkey *server_host_public, *server_host_private;
963 u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL;
964 u_char hash[SSH_DIGEST_MAX_LENGTH];
965 @@ -153,17 +156,17 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
966 (r = sshpkt_get_end(ssh)) != 0)
969 + DH_get0_key(kex->dh, &pub_key, NULL);
970 + DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
973 fprintf(stderr, "dh_client_pub= ");
974 BN_print_fp(stderr, dh_client_pub);
975 fprintf(stderr, "\n");
976 debug("bits %d", BN_num_bits(dh_client_pub));
980 DHparams_print_fp(stderr, kex->dh);
981 fprintf(stderr, "pub= ");
982 - BN_print_fp(stderr, kex->dh->pub_key);
983 + BN_print_fp(stderr, pub_key);
984 fprintf(stderr, "\n");
986 if (!dh_pub_is_valid(kex->dh, dh_client_pub)) {
987 @@ -199,9 +202,9 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
988 sshbuf_ptr(kex->my), sshbuf_len(kex->my),
989 server_host_key_blob, sbloblen,
990 kex->min, kex->nbits, kex->max,
991 - kex->dh->p, kex->dh->g,
997 hash, &hashlen)) != 0)
999 @@ -227,7 +230,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
1000 /* send server hostkey, DH pubkey 'f' and signed H */
1001 if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 ||
1002 (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
1003 - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */
1004 + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */
1005 (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
1006 (r = sshpkt_send(ssh)) != 0)
1008 diff --git a/monitor.c b/monitor.c
1009 index d4b4b047..b30813b4 100644
1012 @@ -566,6 +566,7 @@ int
1013 mm_answer_moduli(int sock, struct sshbuf *m)
1016 + const BIGNUM *dh_p, *dh_g;
1018 u_int min, want, max;
1020 @@ -590,9 +591,10 @@ mm_answer_moduli(int sock, struct sshbuf *m)
1023 /* Send first bignum */
1024 + DH_get0_pqg(dh, &dh_p, NULL, &dh_g);
1025 if ((r = sshbuf_put_u8(m, 1)) != 0 ||
1026 - (r = sshbuf_put_bignum2(m, dh->p)) != 0 ||
1027 - (r = sshbuf_put_bignum2(m, dh->g)) != 0)
1028 + (r = sshbuf_put_bignum2(m, dh_p)) != 0 ||
1029 + (r = sshbuf_put_bignum2(m, dh_g)) != 0)
1030 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1033 diff --git a/ssh-dss.c b/ssh-dss.c
1034 index 9f832ee2..631b1571 100644
1037 @@ -51,6 +51,7 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
1038 const u_char *data, size_t datalen, u_int compat)
1040 DSA_SIG *sig = NULL;
1041 + const BIGNUM *sig_r, *sig_s;
1042 u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN];
1043 size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
1044 struct sshbuf *b = NULL;
1045 @@ -76,15 +77,16 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
1049 - rlen = BN_num_bytes(sig->r);
1050 - slen = BN_num_bytes(sig->s);
1051 + DSA_SIG_get0(sig, &sig_r, &sig_s);
1052 + rlen = BN_num_bytes(sig_r);
1053 + slen = BN_num_bytes(sig_s);
1054 if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
1055 ret = SSH_ERR_INTERNAL_ERROR;
1058 explicit_bzero(sigblob, SIGBLOB_LEN);
1059 - BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
1060 - BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen);
1061 + BN_bn2bin(sig_r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
1062 + BN_bn2bin(sig_s, sigblob + SIGBLOB_LEN - slen);
1064 if ((b = sshbuf_new()) == NULL) {
1065 ret = SSH_ERR_ALLOC_FAIL;
1066 @@ -118,6 +120,7 @@ ssh_dss_verify(const struct sshkey *key,
1067 const u_char *data, size_t datalen, u_int compat)
1069 DSA_SIG *sig = NULL;
1070 + BIGNUM *sig_r = NULL, *sig_s = NULL;
1071 u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob = NULL;
1072 size_t len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
1073 int ret = SSH_ERR_INTERNAL_ERROR;
1074 @@ -155,16 +158,21 @@ ssh_dss_verify(const struct sshkey *key,
1076 /* parse signature */
1077 if ((sig = DSA_SIG_new()) == NULL ||
1078 - (sig->r = BN_new()) == NULL ||
1079 - (sig->s = BN_new()) == NULL) {
1080 + (sig_r = BN_new()) == NULL ||
1081 + (sig_s = BN_new()) == NULL) {
1082 ret = SSH_ERR_ALLOC_FAIL;
1085 - if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) ||
1086 - (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) {
1087 + if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig_r) == NULL) ||
1088 + (BN_bin2bn(sigblob + INTBLOB_LEN, INTBLOB_LEN, sig_s) == NULL)) {
1089 ret = SSH_ERR_LIBCRYPTO_ERROR;
1092 + if (!DSA_SIG_set0(sig, sig_r, sig_s)) {
1093 + ret = SSH_ERR_LIBCRYPTO_ERROR;
1096 + sig_r = sig_s = NULL; /* transferred */
1099 if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
1100 @@ -186,6 +194,8 @@ ssh_dss_verify(const struct sshkey *key,
1102 explicit_bzero(digest, sizeof(digest));
1104 + BN_clear_free(sig_r);
1105 + BN_clear_free(sig_s);
1108 if (sigblob != NULL) {
1109 diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
1110 index 3d3b78d7..9e92af04 100644
1113 @@ -49,6 +49,7 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
1114 const u_char *data, size_t datalen, u_int compat)
1116 ECDSA_SIG *sig = NULL;
1117 + const BIGNUM *sig_r, *sig_s;
1119 u_char digest[SSH_DIGEST_MAX_LENGTH];
1121 @@ -80,8 +81,9 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
1122 ret = SSH_ERR_ALLOC_FAIL;
1125 - if ((ret = sshbuf_put_bignum2(bb, sig->r)) != 0 ||
1126 - (ret = sshbuf_put_bignum2(bb, sig->s)) != 0)
1127 + ECDSA_SIG_get0(sig, &sig_r, &sig_s);
1128 + if ((ret = sshbuf_put_bignum2(bb, sig_r)) != 0 ||
1129 + (ret = sshbuf_put_bignum2(bb, sig_s)) != 0)
1131 if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 ||
1132 (ret = sshbuf_put_stringb(b, bb)) != 0)
1133 @@ -112,6 +114,7 @@ ssh_ecdsa_verify(const struct sshkey *key,
1134 const u_char *data, size_t datalen, u_int compat)
1136 ECDSA_SIG *sig = NULL;
1137 + BIGNUM *sig_r = NULL, *sig_s = NULL;
1139 u_char digest[SSH_DIGEST_MAX_LENGTH];
1141 @@ -146,15 +149,23 @@ ssh_ecdsa_verify(const struct sshkey *key,
1144 /* parse signature */
1145 - if ((sig = ECDSA_SIG_new()) == NULL) {
1146 + if ((sig = ECDSA_SIG_new()) == NULL ||
1147 + (sig_r = BN_new()) == NULL ||
1148 + (sig_s = BN_new()) == NULL) {
1149 ret = SSH_ERR_ALLOC_FAIL;
1152 - if (sshbuf_get_bignum2(sigbuf, sig->r) != 0 ||
1153 - sshbuf_get_bignum2(sigbuf, sig->s) != 0) {
1154 + if (sshbuf_get_bignum2(sigbuf, sig_r) != 0 ||
1155 + sshbuf_get_bignum2(sigbuf, sig_s) != 0) {
1156 ret = SSH_ERR_INVALID_FORMAT;
1159 + if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) {
1160 + ret = SSH_ERR_LIBCRYPTO_ERROR;
1163 + sig_r = sig_s = NULL; /* transferred */
1165 if (sshbuf_len(sigbuf) != 0) {
1166 ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
1168 @@ -180,6 +191,8 @@ ssh_ecdsa_verify(const struct sshkey *key,
1169 sshbuf_free(sigbuf);
1171 ECDSA_SIG_free(sig);
1172 + BN_clear_free(sig_r);
1173 + BN_clear_free(sig_s);
1177 diff --git a/ssh-keygen.c b/ssh-keygen.c
1178 index 748ce37d..a70fd1f8 100644
1181 @@ -450,7 +450,10 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
1182 u_int magic, i1, i2, i3, i4;
1186 + BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL;
1187 + BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL;
1188 + BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;
1189 + BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL;
1190 if ((b = sshbuf_from(blob, blen)) == NULL)
1191 fatal("%s: sshbuf_from failed", __func__);
1192 if ((r = sshbuf_get_u32(b, &magic)) != 0)
1193 @@ -494,11 +497,23 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
1195 switch (key->type) {
1197 - buffer_get_bignum_bits(b, key->dsa->p);
1198 - buffer_get_bignum_bits(b, key->dsa->g);
1199 - buffer_get_bignum_bits(b, key->dsa->q);
1200 - buffer_get_bignum_bits(b, key->dsa->pub_key);
1201 - buffer_get_bignum_bits(b, key->dsa->priv_key);
1202 + if ((dsa_p = BN_new()) == NULL ||
1203 + (dsa_q = BN_new()) == NULL ||
1204 + (dsa_g = BN_new()) == NULL ||
1205 + (dsa_pub_key = BN_new()) == NULL ||
1206 + (dsa_priv_key = BN_new()) == NULL)
1207 + fatal("%s: BN_new", __func__);
1208 + buffer_get_bignum_bits(b, dsa_p);
1209 + buffer_get_bignum_bits(b, dsa_g);
1210 + buffer_get_bignum_bits(b, dsa_q);
1211 + buffer_get_bignum_bits(b, dsa_pub_key);
1212 + buffer_get_bignum_bits(b, dsa_priv_key);
1213 + if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g))
1214 + fatal("%s: DSA_set0_pqg failed", __func__);
1215 + dsa_p = dsa_q = dsa_g = NULL; /* transferred */
1216 + if (!DSA_set0_key(key->dsa, dsa_pub_key, dsa_priv_key))
1217 + fatal("%s: DSA_set0_key failed", __func__);
1218 + dsa_pub_key = dsa_priv_key = NULL; /* transferred */
1221 if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
1222 @@ -515,18 +530,34 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
1226 - if (!BN_set_word(key->rsa->e, e)) {
1227 + if ((rsa_e = BN_new()) == NULL)
1228 + fatal("%s: BN_new", __func__);
1229 + if (!BN_set_word(rsa_e, e)) {
1230 + BN_clear_free(rsa_e);
1235 - buffer_get_bignum_bits(b, key->rsa->d);
1236 - buffer_get_bignum_bits(b, key->rsa->n);
1237 - buffer_get_bignum_bits(b, key->rsa->iqmp);
1238 - buffer_get_bignum_bits(b, key->rsa->q);
1239 - buffer_get_bignum_bits(b, key->rsa->p);
1240 - if ((r = ssh_rsa_generate_additional_parameters(key)) != 0)
1241 + if ((rsa_n = BN_new()) == NULL ||
1242 + (rsa_d = BN_new()) == NULL ||
1243 + (rsa_p = BN_new()) == NULL ||
1244 + (rsa_q = BN_new()) == NULL ||
1245 + (rsa_iqmp = BN_new()) == NULL)
1246 + fatal("%s: BN_new", __func__);
1247 + buffer_get_bignum_bits(b, rsa_d);
1248 + buffer_get_bignum_bits(b, rsa_n);
1249 + buffer_get_bignum_bits(b, rsa_iqmp);
1250 + buffer_get_bignum_bits(b, rsa_q);
1251 + buffer_get_bignum_bits(b, rsa_p);
1252 + if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, rsa_d))
1253 + fatal("%s: RSA_set0_key failed", __func__);
1254 + rsa_n = rsa_e = rsa_d = NULL; /* transferred */
1255 + if (!RSA_set0_factors(key->rsa, rsa_p, rsa_q))
1256 + fatal("%s: RSA_set0_factors failed", __func__);
1257 + rsa_p = rsa_q = NULL; /* transferred */
1258 + if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0)
1259 fatal("generate RSA parameters failed: %s", ssh_err(r));
1260 + BN_clear_free(rsa_iqmp);
1263 rlen = sshbuf_len(b);
1264 @@ -634,7 +665,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private)
1268 - switch (EVP_PKEY_type(pubkey->type)) {
1269 + switch (EVP_PKEY_base_id(pubkey)) {
1271 if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
1272 fatal("sshkey_new failed");
1273 @@ -658,7 +689,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private)
1276 fatal("%s: unsupported pubkey type %d", __func__,
1277 - EVP_PKEY_type(pubkey->type));
1278 + EVP_PKEY_base_id(pubkey));
1280 EVP_PKEY_free(pubkey);
1282 diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
1283 index 028b272c..bcc18c6b 100644
1284 --- a/ssh-pkcs11-client.c
1285 +++ b/ssh-pkcs11-client.c
1286 @@ -156,12 +156,14 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
1290 - static RSA_METHOD helper_rsa;
1291 + static RSA_METHOD *helper_rsa;
1293 - memcpy(&helper_rsa, RSA_get_default_method(), sizeof(helper_rsa));
1294 - helper_rsa.name = "ssh-pkcs11-helper";
1295 - helper_rsa.rsa_priv_enc = pkcs11_rsa_private_encrypt;
1296 - RSA_set_method(rsa, &helper_rsa);
1297 + if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)
1298 + fatal("%s: RSA_meth_dup failed", __func__);
1299 + if (!RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper") ||
1300 + !RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt))
1301 + fatal("%s: failed to prepare method", __func__);
1302 + RSA_set_method(rsa, helper_rsa);
1306 diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
1307 index 65a7b589..c35f9415 100644
1310 @@ -67,7 +67,7 @@ struct pkcs11_key {
1311 struct pkcs11_provider *provider;
1313 int (*orig_finish)(RSA *rsa);
1314 - RSA_METHOD rsa_method;
1315 + RSA_METHOD *rsa_method;
1319 @@ -182,6 +182,7 @@ pkcs11_rsa_finish(RSA *rsa)
1320 rv = k11->orig_finish(rsa);
1322 pkcs11_provider_unref(k11->provider);
1323 + RSA_meth_free(k11->rsa_method);
1327 @@ -326,13 +327,18 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,
1328 k11->keyid = xmalloc(k11->keyid_len);
1329 memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
1331 - k11->orig_finish = def->finish;
1332 - memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method));
1333 - k11->rsa_method.name = "pkcs11";
1334 - k11->rsa_method.rsa_priv_enc = pkcs11_rsa_private_encrypt;
1335 - k11->rsa_method.rsa_priv_dec = pkcs11_rsa_private_decrypt;
1336 - k11->rsa_method.finish = pkcs11_rsa_finish;
1337 - RSA_set_method(rsa, &k11->rsa_method);
1338 + k11->rsa_method = RSA_meth_dup(def);
1339 + if (k11->rsa_method == NULL)
1340 + fatal("%s: RSA_meth_dup failed", __func__);
1341 + k11->orig_finish = RSA_meth_get_finish(def);
1342 + if (!RSA_meth_set1_name(k11->rsa_method, "pkcs11") ||
1343 + !RSA_meth_set_priv_enc(k11->rsa_method,
1344 + pkcs11_rsa_private_encrypt) ||
1345 + !RSA_meth_set_priv_dec(k11->rsa_method,
1346 + pkcs11_rsa_private_decrypt) ||
1347 + !RSA_meth_set_finish(k11->rsa_method, pkcs11_rsa_finish))
1348 + fatal("%s: setup pkcs11 method failed", __func__);
1349 + RSA_set_method(rsa, k11->rsa_method);
1350 RSA_set_app_data(rsa, k11);
1353 @@ -444,6 +450,15 @@ pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key)
1358 +have_rsa_key(const RSA *rsa)
1360 + const BIGNUM *rsa_n, *rsa_e;
1362 + RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL);
1363 + return rsa_n != NULL && rsa_e != NULL;
1367 pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
1368 CK_ATTRIBUTE filter[], CK_ATTRIBUTE attribs[3],
1369 @@ -512,10 +527,20 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
1370 if ((rsa = RSA_new()) == NULL) {
1371 error("RSA_new failed");
1373 - rsa->n = BN_bin2bn(attribs[1].pValue,
1374 + BIGNUM *rsa_n, *rsa_e;
1376 + rsa_n = BN_bin2bn(attribs[1].pValue,
1377 attribs[1].ulValueLen, NULL);
1378 - rsa->e = BN_bin2bn(attribs[2].pValue,
1379 + rsa_e = BN_bin2bn(attribs[2].pValue,
1380 attribs[2].ulValueLen, NULL);
1381 + if (rsa_n != NULL && rsa_e != NULL) {
1382 + if (!RSA_set0_key(rsa,
1383 + rsa_n, rsa_e, NULL))
1384 + fatal("%s: set key", __func__);
1385 + rsa_n = rsa_e = NULL; /* transferred */
1391 cp = attribs[2].pValue;
1392 @@ -525,16 +550,16 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
1394 error("d2i_X509 failed");
1395 } else if ((evp = X509_get_pubkey(x509)) == NULL ||
1396 - evp->type != EVP_PKEY_RSA ||
1397 - evp->pkey.rsa == NULL) {
1398 + EVP_PKEY_base_id(evp) != EVP_PKEY_RSA ||
1399 + EVP_PKEY_get0_RSA(evp) == NULL) {
1400 debug("X509_get_pubkey failed or no rsa");
1401 - } else if ((rsa = RSAPublicKey_dup(evp->pkey.rsa))
1403 + } else if ((rsa = RSAPublicKey_dup(
1404 + EVP_PKEY_get0_RSA(evp))) == NULL) {
1405 error("RSAPublicKey_dup");
1409 - if (rsa && rsa->n && rsa->e &&
1410 + if (rsa && have_rsa_key(rsa) &&
1411 pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
1412 if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
1413 fatal("sshkey_new failed");
1414 diff --git a/ssh-rsa.c b/ssh-rsa.c
1415 index 1756315b..2788f334 100644
1418 @@ -104,38 +104,55 @@ rsa_hash_alg_nid(int type)
1422 -ssh_rsa_generate_additional_parameters(struct sshkey *key)
1423 +ssh_rsa_complete_crt_parameters(struct sshkey *key, const BIGNUM *iqmp)
1425 - BIGNUM *aux = NULL;
1426 + const BIGNUM *rsa_p, *rsa_q, *rsa_d;
1427 + BIGNUM *aux = NULL, *d_consttime = NULL;
1428 + BIGNUM *rsa_dmq1 = NULL, *rsa_dmp1 = NULL, *rsa_iqmp = NULL;
1433 if (key == NULL || key->rsa == NULL ||
1434 sshkey_type_plain(key->type) != KEY_RSA)
1435 return SSH_ERR_INVALID_ARGUMENT;
1437 + RSA_get0_key(key->rsa, NULL, NULL, &rsa_d);
1438 + RSA_get0_factors(key->rsa, &rsa_p, &rsa_q);
1440 if ((ctx = BN_CTX_new()) == NULL)
1441 return SSH_ERR_ALLOC_FAIL;
1442 - if ((aux = BN_new()) == NULL) {
1443 + if ((aux = BN_new()) == NULL ||
1444 + (rsa_dmq1 = BN_new()) == NULL ||
1445 + (rsa_dmp1 = BN_new()) == NULL)
1446 + return SSH_ERR_ALLOC_FAIL;
1447 + if ((d_consttime = BN_dup(rsa_d)) == NULL ||
1448 + (rsa_iqmp = BN_dup(iqmp)) == NULL) {
1449 r = SSH_ERR_ALLOC_FAIL;
1452 BN_set_flags(aux, BN_FLG_CONSTTIME);
1453 + BN_set_flags(d_consttime, BN_FLG_CONSTTIME);
1456 - BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME);
1458 - if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) ||
1459 - (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) ||
1460 - (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) ||
1461 - (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) {
1462 + if ((BN_sub(aux, rsa_q, BN_value_one()) == 0) ||
1463 + (BN_mod(rsa_dmq1, d_consttime, aux, ctx) == 0) ||
1464 + (BN_sub(aux, rsa_p, BN_value_one()) == 0) ||
1465 + (BN_mod(rsa_dmp1, d_consttime, aux, ctx) == 0)) {
1466 + r = SSH_ERR_LIBCRYPTO_ERROR;
1469 + if (!RSA_set0_crt_params(key->rsa, rsa_dmp1, rsa_dmq1, rsa_iqmp)) {
1470 r = SSH_ERR_LIBCRYPTO_ERROR;
1473 + rsa_dmp1 = rsa_dmq1 = rsa_iqmp = NULL; /* transferred */
1478 + BN_clear_free(d_consttime);
1479 + BN_clear_free(rsa_dmp1);
1480 + BN_clear_free(rsa_dmq1);
1481 + BN_clear_free(rsa_iqmp);
1485 @@ -145,6 +162,7 @@ int
1486 ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
1487 const u_char *data, size_t datalen, const char *alg_ident)
1489 + const BIGNUM *rsa_n;
1490 u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL;
1493 @@ -163,7 +181,8 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
1494 if (key == NULL || key->rsa == NULL || hash_alg == -1 ||
1495 sshkey_type_plain(key->type) != KEY_RSA)
1496 return SSH_ERR_INVALID_ARGUMENT;
1497 - if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
1498 + RSA_get0_key(key->rsa, &rsa_n, NULL, NULL);
1499 + if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
1500 return SSH_ERR_KEY_LENGTH;
1501 slen = RSA_size(key->rsa);
1502 if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
1503 @@ -225,6 +244,7 @@ ssh_rsa_verify(const struct sshkey *key,
1504 const u_char *sig, size_t siglen, const u_char *data, size_t datalen,
1507 + const BIGNUM *rsa_n;
1508 char *sigtype = NULL;
1509 int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR;
1510 size_t len = 0, diff, modlen, dlen;
1511 @@ -235,7 +255,8 @@ ssh_rsa_verify(const struct sshkey *key,
1512 sshkey_type_plain(key->type) != KEY_RSA ||
1513 sig == NULL || siglen == 0)
1514 return SSH_ERR_INVALID_ARGUMENT;
1515 - if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
1516 + RSA_get0_key(key->rsa, &rsa_n, NULL, NULL);
1517 + if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
1518 return SSH_ERR_KEY_LENGTH;
1520 if ((b = sshbuf_from(sig, siglen)) == NULL)
1521 diff --git a/sshd.c b/sshd.c
1522 index a738c3ab..98beb1ed 100644
1525 @@ -493,8 +493,8 @@ demote_sensitive_data(void)
1527 for (i = 0; i < options.num_host_key_files; i++) {
1528 if (sensitive_data.host_keys[i]) {
1529 - if ((r = sshkey_demote(sensitive_data.host_keys[i],
1531 + if ((r = sshkey_from_private(
1532 + sensitive_data.host_keys[i], &tmp)) != 0)
1533 fatal("could not demote host %s key: %s",
1534 sshkey_type(sensitive_data.host_keys[i]),
1536 @@ -1772,7 +1772,7 @@ main(int ac, char **av)
1537 error("Error loading host key \"%s\": %s",
1538 options.host_key_files[i], ssh_err(r));
1539 if (pubkey == NULL && key != NULL)
1540 - if ((r = sshkey_demote(key, &pubkey)) != 0)
1541 + if ((r = sshkey_from_private(key, &pubkey)) != 0)
1542 fatal("Could not demote key: \"%s\": %s",
1543 options.host_key_files[i], ssh_err(r));
1544 sensitive_data.host_keys[i] = key;
1545 diff --git a/sshkey.c b/sshkey.c
1546 index 50ebdc25..085f1707 100644
1549 @@ -289,14 +289,24 @@ sshkey_names_valid2(const char *names, int allow_wildcard)
1551 sshkey_size(const struct sshkey *k)
1553 +#ifdef WITH_OPENSSL
1554 + const BIGNUM *rsa_n, *dsa_p;
1555 +#endif /* WITH_OPENSSL */
1561 - return BN_num_bits(k->rsa->n);
1562 + if (k->rsa == NULL)
1564 + RSA_get0_key(k->rsa, &rsa_n, NULL, NULL);
1565 + return BN_num_bits(rsa_n);
1568 - return BN_num_bits(k->dsa->p);
1569 + if (k->dsa == NULL)
1571 + DSA_get0_pqg(k->dsa, &dsa_p, NULL, NULL);
1572 + return BN_num_bits(dsa_p);
1574 case KEY_ECDSA_CERT:
1575 return sshkey_curve_nid_to_bits(k->ecdsa_nid);
1576 @@ -503,10 +513,7 @@ sshkey_new(int type)
1580 - if ((rsa = RSA_new()) == NULL ||
1581 - (rsa->n = BN_new()) == NULL ||
1582 - (rsa->e = BN_new()) == NULL) {
1584 + if ((rsa = RSA_new()) == NULL) {
1588 @@ -514,12 +521,7 @@ sshkey_new(int type)
1592 - if ((dsa = DSA_new()) == NULL ||
1593 - (dsa->p = BN_new()) == NULL ||
1594 - (dsa->q = BN_new()) == NULL ||
1595 - (dsa->g = BN_new()) == NULL ||
1596 - (dsa->pub_key = BN_new()) == NULL) {
1598 + if ((dsa = DSA_new()) == NULL) {
1602 @@ -553,47 +555,7 @@ sshkey_new(int type)
1607 -sshkey_add_private(struct sshkey *k)
1609 - switch (k->type) {
1610 -#ifdef WITH_OPENSSL
1612 - case KEY_RSA_CERT:
1613 -#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL)
1614 - if (bn_maybe_alloc_failed(k->rsa->d) ||
1615 - bn_maybe_alloc_failed(k->rsa->iqmp) ||
1616 - bn_maybe_alloc_failed(k->rsa->q) ||
1617 - bn_maybe_alloc_failed(k->rsa->p) ||
1618 - bn_maybe_alloc_failed(k->rsa->dmq1) ||
1619 - bn_maybe_alloc_failed(k->rsa->dmp1))
1620 - return SSH_ERR_ALLOC_FAIL;
1623 - case KEY_DSA_CERT:
1624 - if (bn_maybe_alloc_failed(k->dsa->priv_key))
1625 - return SSH_ERR_ALLOC_FAIL;
1627 -#undef bn_maybe_alloc_failed
1629 - case KEY_ECDSA_CERT:
1630 - /* Cannot do anything until we know the group */
1632 -#endif /* WITH_OPENSSL */
1634 - case KEY_ED25519_CERT:
1636 - case KEY_XMSS_CERT:
1637 - /* no need to prealloc */
1642 - return SSH_ERR_INVALID_ARGUMENT;
1647 +/* XXX garbage-collect this API */
1649 sshkey_new_private(int type)
1651 @@ -601,10 +563,6 @@ sshkey_new_private(int type)
1655 - if (sshkey_add_private(k) != 0) {
1662 @@ -686,9 +644,15 @@ cert_compare(struct sshkey_cert *a, struct sshkey_cert *b)
1664 sshkey_equal_public(const struct sshkey *a, const struct sshkey *b)
1666 -#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
1667 +#if defined(WITH_OPENSSL)
1668 + const BIGNUM *rsa_e_a, *rsa_n_a;
1669 + const BIGNUM *rsa_e_b, *rsa_n_b;
1670 + const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a;
1671 + const BIGNUM *dsa_p_b, *dsa_q_b, *dsa_g_b, *dsa_pub_key_b;
1672 +# if defined(OPENSSL_HAS_ECC)
1674 -#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */
1675 +# endif /* OPENSSL_HAS_ECC */
1676 +#endif /* WITH_OPENSSL */
1678 if (a == NULL || b == NULL ||
1679 sshkey_type_plain(a->type) != sshkey_type_plain(b->type))
1680 @@ -698,16 +662,24 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b)
1684 - return a->rsa != NULL && b->rsa != NULL &&
1685 - BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
1686 - BN_cmp(a->rsa->n, b->rsa->n) == 0;
1687 + if (a->rsa == NULL || b->rsa == NULL)
1689 + RSA_get0_key(a->rsa, &rsa_n_a, &rsa_e_a, NULL);
1690 + RSA_get0_key(b->rsa, &rsa_n_b, &rsa_e_b, NULL);
1691 + return BN_cmp(rsa_e_a, rsa_e_b) == 0 &&
1692 + BN_cmp(rsa_n_a, rsa_n_b) == 0;
1695 - return a->dsa != NULL && b->dsa != NULL &&
1696 - BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
1697 - BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
1698 - BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
1699 - BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
1700 + if (a->dsa == NULL || b->dsa == NULL)
1702 + DSA_get0_pqg(a->dsa, &dsa_p_a, &dsa_q_a, &dsa_g_a);
1703 + DSA_get0_pqg(b->dsa, &dsa_p_b, &dsa_q_b, &dsa_g_b);
1704 + DSA_get0_key(a->dsa, &dsa_pub_key_a, NULL);
1705 + DSA_get0_key(b->dsa, &dsa_pub_key_b, NULL);
1706 + return BN_cmp(dsa_p_a, dsa_p_b) == 0 &&
1707 + BN_cmp(dsa_q_a, dsa_q_b) == 0 &&
1708 + BN_cmp(dsa_g_a, dsa_g_b) == 0 &&
1709 + BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0;
1710 # ifdef OPENSSL_HAS_ECC
1711 case KEY_ECDSA_CERT:
1713 @@ -764,6 +736,9 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain,
1715 int type, ret = SSH_ERR_INTERNAL_ERROR;
1716 const char *typename;
1717 +#ifdef WITH_OPENSSL
1718 + const BIGNUM *rsa_n, *rsa_e, *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key;
1719 +#endif /* WITH_OPENSSL */
1722 return SSH_ERR_INVALID_ARGUMENT;
1723 @@ -796,11 +771,13 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain,
1725 if (key->dsa == NULL)
1726 return SSH_ERR_INVALID_ARGUMENT;
1727 + DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g);
1728 + DSA_get0_key(key->dsa, &dsa_pub_key, NULL);
1729 if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||
1730 - (ret = sshbuf_put_bignum2(b, key->dsa->p)) != 0 ||
1731 - (ret = sshbuf_put_bignum2(b, key->dsa->q)) != 0 ||
1732 - (ret = sshbuf_put_bignum2(b, key->dsa->g)) != 0 ||
1733 - (ret = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0)
1734 + (ret = sshbuf_put_bignum2(b, dsa_p)) != 0 ||
1735 + (ret = sshbuf_put_bignum2(b, dsa_q)) != 0 ||
1736 + (ret = sshbuf_put_bignum2(b, dsa_g)) != 0 ||
1737 + (ret = sshbuf_put_bignum2(b, dsa_pub_key)) != 0)
1740 # ifdef OPENSSL_HAS_ECC
1741 @@ -817,9 +794,10 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain,
1743 if (key->rsa == NULL)
1744 return SSH_ERR_INVALID_ARGUMENT;
1745 + RSA_get0_key(key->rsa, &rsa_n, &rsa_e, NULL);
1746 if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||
1747 - (ret = sshbuf_put_bignum2(b, key->rsa->e)) != 0 ||
1748 - (ret = sshbuf_put_bignum2(b, key->rsa->n)) != 0)
1749 + (ret = sshbuf_put_bignum2(b, rsa_e)) != 0 ||
1750 + (ret = sshbuf_put_bignum2(b, rsa_n)) != 0)
1753 #endif /* WITH_OPENSSL */
1754 @@ -1767,59 +1745,95 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
1756 struct sshkey *n = NULL;
1757 int ret = SSH_ERR_INTERNAL_ERROR;
1758 + int r = SSH_ERR_INTERNAL_ERROR;
1759 +#ifdef WITH_OPENSSL
1760 + const BIGNUM *rsa_n, *rsa_e;
1761 + BIGNUM *rsa_n_dup = NULL, *rsa_e_dup = NULL;
1762 + const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key;
1763 + BIGNUM *dsa_p_dup = NULL, *dsa_q_dup = NULL, *dsa_g_dup = NULL;
1764 + BIGNUM *dsa_pub_key_dup = NULL;
1765 +#endif /* WITH_OPENSSL */
1772 - if ((n = sshkey_new(k->type)) == NULL)
1773 - return SSH_ERR_ALLOC_FAIL;
1774 - if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
1775 - (BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
1776 - (BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
1777 - (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) {
1779 - return SSH_ERR_ALLOC_FAIL;
1780 + if ((n = sshkey_new(k->type)) == NULL) {
1781 + r = SSH_ERR_ALLOC_FAIL;
1785 + DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g);
1786 + DSA_get0_key(k->dsa, &dsa_pub_key, NULL);
1787 + if ((dsa_p_dup = BN_dup(dsa_p)) == NULL ||
1788 + (dsa_q_dup = BN_dup(dsa_q)) == NULL ||
1789 + (dsa_g_dup = BN_dup(dsa_g)) == NULL ||
1790 + (dsa_pub_key_dup = BN_dup(dsa_pub_key)) == NULL) {
1791 + r = SSH_ERR_ALLOC_FAIL;
1794 + if (!DSA_set0_pqg(n->dsa, dsa_p_dup, dsa_q_dup, dsa_g_dup)) {
1795 + r = SSH_ERR_LIBCRYPTO_ERROR;
1798 + dsa_p_dup = dsa_q_dup = dsa_g_dup = NULL; /* transferred */
1799 + if (!DSA_set0_key(n->dsa, dsa_pub_key_dup, NULL)) {
1800 + r = SSH_ERR_LIBCRYPTO_ERROR;
1803 + dsa_pub_key_dup = NULL; /* transferred */
1806 # ifdef OPENSSL_HAS_ECC
1808 case KEY_ECDSA_CERT:
1809 - if ((n = sshkey_new(k->type)) == NULL)
1810 - return SSH_ERR_ALLOC_FAIL;
1811 + if ((n = sshkey_new(k->type)) == NULL) {
1812 + r = SSH_ERR_ALLOC_FAIL;
1815 n->ecdsa_nid = k->ecdsa_nid;
1816 n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
1817 if (n->ecdsa == NULL) {
1819 - return SSH_ERR_ALLOC_FAIL;
1820 + r = SSH_ERR_ALLOC_FAIL;
1823 if (EC_KEY_set_public_key(n->ecdsa,
1824 EC_KEY_get0_public_key(k->ecdsa)) != 1) {
1826 - return SSH_ERR_LIBCRYPTO_ERROR;
1827 + r = SSH_ERR_LIBCRYPTO_ERROR;
1831 # endif /* OPENSSL_HAS_ECC */
1834 - if ((n = sshkey_new(k->type)) == NULL)
1835 - return SSH_ERR_ALLOC_FAIL;
1836 - if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
1837 - (BN_copy(n->rsa->e, k->rsa->e) == NULL)) {
1839 - return SSH_ERR_ALLOC_FAIL;
1840 + if ((n = sshkey_new(k->type)) == NULL) {
1841 + r = SSH_ERR_ALLOC_FAIL;
1844 + RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL);
1845 + if ((rsa_n_dup = BN_dup(rsa_n)) == NULL ||
1846 + (rsa_e_dup = BN_dup(rsa_e)) == NULL) {
1847 + r = SSH_ERR_ALLOC_FAIL;
1850 + if (!RSA_set0_key(n->rsa, rsa_n_dup, rsa_e_dup, NULL)) {
1851 + r = SSH_ERR_LIBCRYPTO_ERROR;
1854 + rsa_n_dup = rsa_e_dup = NULL; /* transferred */
1856 #endif /* WITH_OPENSSL */
1858 case KEY_ED25519_CERT:
1859 - if ((n = sshkey_new(k->type)) == NULL)
1860 - return SSH_ERR_ALLOC_FAIL;
1861 + if ((n = sshkey_new(k->type)) == NULL) {
1862 + r = SSH_ERR_ALLOC_FAIL;
1865 if (k->ed25519_pk != NULL) {
1866 if ((n->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) {
1868 - return SSH_ERR_ALLOC_FAIL;
1869 + r = SSH_ERR_ALLOC_FAIL;
1872 memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
1874 @@ -1827,37 +1841,46 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
1878 - if ((n = sshkey_new(k->type)) == NULL)
1879 - return SSH_ERR_ALLOC_FAIL;
1880 - if ((ret = sshkey_xmss_init(n, k->xmss_name)) != 0) {
1883 + if ((n = sshkey_new(k->type)) == NULL) {
1884 + r = SSH_ERR_ALLOC_FAIL;
1887 + if ((r = sshkey_xmss_init(n, k->xmss_name)) != 0)
1889 if (k->xmss_pk != NULL) {
1890 size_t pklen = sshkey_xmss_pklen(k);
1891 if (pklen == 0 || sshkey_xmss_pklen(n) != pklen) {
1893 - return SSH_ERR_INTERNAL_ERROR;
1894 + r = SSH_ERR_INTERNAL_ERROR;
1897 if ((n->xmss_pk = malloc(pklen)) == NULL) {
1899 - return SSH_ERR_ALLOC_FAIL;
1900 + r = SSH_ERR_ALLOC_FAIL;
1903 memcpy(n->xmss_pk, k->xmss_pk, pklen);
1906 #endif /* WITH_XMSS */
1908 - return SSH_ERR_KEY_TYPE_UNKNOWN;
1910 - if (sshkey_is_cert(k)) {
1911 - if ((ret = sshkey_cert_copy(k, n)) != 0) {
1915 + r = SSH_ERR_KEY_TYPE_UNKNOWN;
1918 + if (sshkey_is_cert(k) && (r = sshkey_cert_copy(k, n)) != 0)
1927 + BN_clear_free(rsa_n_dup);
1928 + BN_clear_free(rsa_e_dup);
1929 + BN_clear_free(dsa_p_dup);
1930 + BN_clear_free(dsa_q_dup);
1931 + BN_clear_free(dsa_g_dup);
1932 + BN_clear_free(dsa_pub_key_dup);
1938 @@ -1985,6 +2008,17 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf)
1943 +check_rsa_length(const RSA *rsa)
1945 + const BIGNUM *rsa_n;
1947 + RSA_get0_key(rsa, &rsa_n, NULL, NULL);
1948 + if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
1949 + return SSH_ERR_KEY_LENGTH;
1954 sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
1956 @@ -1995,9 +2029,13 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
1959 struct sshbuf *copy;
1960 -#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
1961 +#if defined(WITH_OPENSSL)
1962 + BIGNUM *rsa_n = NULL, *rsa_e = NULL;
1963 + BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL, *dsa_pub_key = NULL;
1964 +# if defined(OPENSSL_HAS_ECC)
1966 -#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */
1967 +# endif /* OPENSSL_HAS_ECC */
1968 +#endif /* WITH_OPENSSL */
1970 #ifdef DEBUG_PK /* XXX */
1971 sshbuf_dump(b, stderr);
1972 @@ -2032,15 +2070,23 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
1973 ret = SSH_ERR_ALLOC_FAIL;
1976 - if (sshbuf_get_bignum2(b, key->rsa->e) != 0 ||
1977 - sshbuf_get_bignum2(b, key->rsa->n) != 0) {
1978 + if ((rsa_e = BN_new()) == NULL ||
1979 + (rsa_n = BN_new()) == NULL) {
1980 + ret = SSH_ERR_ALLOC_FAIL;
1983 + if (sshbuf_get_bignum2(b, rsa_e) != 0 ||
1984 + sshbuf_get_bignum2(b, rsa_n) != 0) {
1985 ret = SSH_ERR_INVALID_FORMAT;
1988 - if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
1989 - ret = SSH_ERR_KEY_LENGTH;
1990 + if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, NULL)) {
1991 + ret = SSH_ERR_LIBCRYPTO_ERROR;
1994 + rsa_n = rsa_e = NULL; /* transferred */
1995 + if ((ret = check_rsa_length(key->rsa)) != 0)
1998 RSA_print_fp(stderr, key->rsa, 8);
2000 @@ -2057,13 +2103,30 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
2001 ret = SSH_ERR_ALLOC_FAIL;
2004 - if (sshbuf_get_bignum2(b, key->dsa->p) != 0 ||
2005 - sshbuf_get_bignum2(b, key->dsa->q) != 0 ||
2006 - sshbuf_get_bignum2(b, key->dsa->g) != 0 ||
2007 - sshbuf_get_bignum2(b, key->dsa->pub_key) != 0) {
2008 + if ((dsa_p = BN_new()) == NULL ||
2009 + (dsa_q = BN_new()) == NULL ||
2010 + (dsa_g = BN_new()) == NULL ||
2011 + (dsa_pub_key = BN_new()) == NULL) {
2012 + ret = SSH_ERR_ALLOC_FAIL;
2015 + if (sshbuf_get_bignum2(b, dsa_p) != 0 ||
2016 + sshbuf_get_bignum2(b, dsa_q) != 0 ||
2017 + sshbuf_get_bignum2(b, dsa_g) != 0 ||
2018 + sshbuf_get_bignum2(b, dsa_pub_key) != 0) {
2019 ret = SSH_ERR_INVALID_FORMAT;
2022 + if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g)) {
2023 + ret = SSH_ERR_LIBCRYPTO_ERROR;
2026 + dsa_p = dsa_q = dsa_g = NULL; /* transferred */
2027 + if (!DSA_set0_key(key->dsa, dsa_pub_key, NULL)) {
2028 + ret = SSH_ERR_LIBCRYPTO_ERROR;
2031 + dsa_pub_key = NULL; /* transferred */
2033 DSA_print_fp(stderr, key->dsa, 8);
2035 @@ -2197,9 +2260,17 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
2039 -#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
2040 +#if defined(WITH_OPENSSL)
2041 + BN_clear_free(rsa_n);
2042 + BN_clear_free(rsa_e);
2043 + BN_clear_free(dsa_p);
2044 + BN_clear_free(dsa_q);
2045 + BN_clear_free(dsa_g);
2046 + BN_clear_free(dsa_pub_key);
2047 +# if defined(OPENSSL_HAS_ECC)
2049 -#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */
2050 +# endif /* OPENSSL_HAS_ECC */
2051 +#endif /* WITH_OPENSSL */
2055 @@ -2401,120 +2472,6 @@ sshkey_verify(const struct sshkey *key,
2059 -/* Converts a private to a public key */
2061 -sshkey_demote(const struct sshkey *k, struct sshkey **dkp)
2063 - struct sshkey *pk;
2064 - int ret = SSH_ERR_INTERNAL_ERROR;
2067 - if ((pk = calloc(1, sizeof(*pk))) == NULL)
2068 - return SSH_ERR_ALLOC_FAIL;
2069 - pk->type = k->type;
2070 - pk->flags = k->flags;
2071 - pk->ecdsa_nid = k->ecdsa_nid;
2075 - pk->ed25519_pk = NULL;
2076 - pk->ed25519_sk = NULL;
2077 - pk->xmss_pk = NULL;
2078 - pk->xmss_sk = NULL;
2080 - switch (k->type) {
2081 -#ifdef WITH_OPENSSL
2082 - case KEY_RSA_CERT:
2083 - if ((ret = sshkey_cert_copy(k, pk)) != 0)
2087 - if ((pk->rsa = RSA_new()) == NULL ||
2088 - (pk->rsa->e = BN_dup(k->rsa->e)) == NULL ||
2089 - (pk->rsa->n = BN_dup(k->rsa->n)) == NULL) {
2090 - ret = SSH_ERR_ALLOC_FAIL;
2094 - case KEY_DSA_CERT:
2095 - if ((ret = sshkey_cert_copy(k, pk)) != 0)
2099 - if ((pk->dsa = DSA_new()) == NULL ||
2100 - (pk->dsa->p = BN_dup(k->dsa->p)) == NULL ||
2101 - (pk->dsa->q = BN_dup(k->dsa->q)) == NULL ||
2102 - (pk->dsa->g = BN_dup(k->dsa->g)) == NULL ||
2103 - (pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) {
2104 - ret = SSH_ERR_ALLOC_FAIL;
2108 - case KEY_ECDSA_CERT:
2109 - if ((ret = sshkey_cert_copy(k, pk)) != 0)
2112 -# ifdef OPENSSL_HAS_ECC
2114 - pk->ecdsa = EC_KEY_new_by_curve_name(pk->ecdsa_nid);
2115 - if (pk->ecdsa == NULL) {
2116 - ret = SSH_ERR_ALLOC_FAIL;
2119 - if (EC_KEY_set_public_key(pk->ecdsa,
2120 - EC_KEY_get0_public_key(k->ecdsa)) != 1) {
2121 - ret = SSH_ERR_LIBCRYPTO_ERROR;
2125 -# endif /* OPENSSL_HAS_ECC */
2126 -#endif /* WITH_OPENSSL */
2127 - case KEY_ED25519_CERT:
2128 - if ((ret = sshkey_cert_copy(k, pk)) != 0)
2132 - if (k->ed25519_pk != NULL) {
2133 - if ((pk->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) {
2134 - ret = SSH_ERR_ALLOC_FAIL;
2137 - memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
2141 - case KEY_XMSS_CERT:
2142 - if ((ret = sshkey_cert_copy(k, pk)) != 0)
2146 - if ((ret = sshkey_xmss_init(pk, k->xmss_name)) != 0)
2148 - if (k->xmss_pk != NULL) {
2149 - size_t pklen = sshkey_xmss_pklen(k);
2151 - if (pklen == 0 || sshkey_xmss_pklen(pk) != pklen) {
2152 - ret = SSH_ERR_INTERNAL_ERROR;
2155 - if ((pk->xmss_pk = malloc(pklen)) == NULL) {
2156 - ret = SSH_ERR_ALLOC_FAIL;
2159 - memcpy(pk->xmss_pk, k->xmss_pk, pklen);
2162 -#endif /* WITH_XMSS */
2164 - ret = SSH_ERR_KEY_TYPE_UNKNOWN;
2173 /* Convert a plain key to their _CERT equivalent */
2175 sshkey_to_certified(struct sshkey *k)
2176 @@ -2573,6 +2530,9 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
2177 int ret = SSH_ERR_INTERNAL_ERROR;
2178 struct sshbuf *cert = NULL;
2179 char *sigtype = NULL;
2180 +#ifdef WITH_OPENSSL
2181 + const BIGNUM *rsa_n, *rsa_e, *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key;
2182 +#endif /* WITH_OPENSSL */
2184 if (k == NULL || k->cert == NULL ||
2185 k->cert->certblob == NULL || ca == NULL)
2186 @@ -2609,10 +2569,12 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
2190 - if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 ||
2191 - (ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 ||
2192 - (ret = sshbuf_put_bignum2(cert, k->dsa->g)) != 0 ||
2193 - (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0)
2194 + DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g);
2195 + DSA_get0_key(k->dsa, &dsa_pub_key, NULL);
2196 + if ((ret = sshbuf_put_bignum2(cert, dsa_p)) != 0 ||
2197 + (ret = sshbuf_put_bignum2(cert, dsa_q)) != 0 ||
2198 + (ret = sshbuf_put_bignum2(cert, dsa_g)) != 0 ||
2199 + (ret = sshbuf_put_bignum2(cert, dsa_pub_key)) != 0)
2202 # ifdef OPENSSL_HAS_ECC
2203 @@ -2626,8 +2588,9 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
2205 # endif /* OPENSSL_HAS_ECC */
2207 - if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 ||
2208 - (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0)
2209 + RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL);
2210 + if ((ret = sshbuf_put_bignum2(cert, rsa_e)) != 0 ||
2211 + (ret = sshbuf_put_bignum2(cert, rsa_n)) != 0)
2214 #endif /* WITH_OPENSSL */
2215 @@ -2820,18 +2783,25 @@ sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *b,
2216 enum sshkey_serialize_rep opts)
2218 int r = SSH_ERR_INTERNAL_ERROR;
2219 +#ifdef WITH_OPENSSL
2220 + const BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_iqmp, *rsa_p, *rsa_q;
2221 + const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key, *dsa_priv_key;
2222 +#endif /* WITH_OPENSSL */
2224 if ((r = sshbuf_put_cstring(b, sshkey_ssh_name(key))) != 0)
2226 switch (key->type) {
2229 - if ((r = sshbuf_put_bignum2(b, key->rsa->n)) != 0 ||
2230 - (r = sshbuf_put_bignum2(b, key->rsa->e)) != 0 ||
2231 - (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 ||
2232 - (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 ||
2233 - (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 ||
2234 - (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0)
2235 + RSA_get0_key(key->rsa, &rsa_n, &rsa_e, &rsa_d);
2236 + RSA_get0_factors(key->rsa, &rsa_p, &rsa_q);
2237 + RSA_get0_crt_params(key->rsa, NULL, NULL, &rsa_iqmp);
2238 + if ((r = sshbuf_put_bignum2(b, rsa_n)) != 0 ||
2239 + (r = sshbuf_put_bignum2(b, rsa_e)) != 0 ||
2240 + (r = sshbuf_put_bignum2(b, rsa_d)) != 0 ||
2241 + (r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 ||
2242 + (r = sshbuf_put_bignum2(b, rsa_p)) != 0 ||
2243 + (r = sshbuf_put_bignum2(b, rsa_q)) != 0)
2247 @@ -2839,19 +2809,24 @@ sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *b,
2248 r = SSH_ERR_INVALID_ARGUMENT;
2251 + RSA_get0_key(key->rsa, NULL, NULL, &rsa_d);
2252 + RSA_get0_factors(key->rsa, &rsa_p, &rsa_q);
2253 + RSA_get0_crt_params(key->rsa, NULL, NULL, &rsa_iqmp);
2254 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
2255 - (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 ||
2256 - (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 ||
2257 - (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 ||
2258 - (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0)
2259 + (r = sshbuf_put_bignum2(b, rsa_d)) != 0 ||
2260 + (r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 ||
2261 + (r = sshbuf_put_bignum2(b, rsa_p)) != 0 ||
2262 + (r = sshbuf_put_bignum2(b, rsa_q)) != 0)
2266 - if ((r = sshbuf_put_bignum2(b, key->dsa->p)) != 0 ||
2267 - (r = sshbuf_put_bignum2(b, key->dsa->q)) != 0 ||
2268 - (r = sshbuf_put_bignum2(b, key->dsa->g)) != 0 ||
2269 - (r = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0 ||
2270 - (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0)
2271 + DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g);
2272 + DSA_get0_key(key->dsa, &dsa_pub_key, &dsa_priv_key);
2273 + if ((r = sshbuf_put_bignum2(b, dsa_p)) != 0 ||
2274 + (r = sshbuf_put_bignum2(b, dsa_q)) != 0 ||
2275 + (r = sshbuf_put_bignum2(b, dsa_g)) != 0 ||
2276 + (r = sshbuf_put_bignum2(b, dsa_pub_key)) != 0 ||
2277 + (r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0)
2281 @@ -2859,8 +2834,9 @@ sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *b,
2282 r = SSH_ERR_INVALID_ARGUMENT;
2285 + DSA_get0_key(key->dsa, NULL, &dsa_priv_key);
2286 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
2287 - (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0)
2288 + (r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0)
2291 # ifdef OPENSSL_HAS_ECC
2292 @@ -2961,6 +2937,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2293 u_char *xmss_pk = NULL, *xmss_sk = NULL;
2295 BIGNUM *exponent = NULL;
2296 + BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;
2297 + BIGNUM *rsa_iqmp = NULL, *rsa_p = NULL, *rsa_q = NULL;
2298 + BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL;
2299 + BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL;
2300 #endif /* WITH_OPENSSL */
2303 @@ -2975,18 +2955,44 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2304 r = SSH_ERR_ALLOC_FAIL;
2307 - if ((r = sshbuf_get_bignum2(buf, k->dsa->p)) != 0 ||
2308 - (r = sshbuf_get_bignum2(buf, k->dsa->q)) != 0 ||
2309 - (r = sshbuf_get_bignum2(buf, k->dsa->g)) != 0 ||
2310 - (r = sshbuf_get_bignum2(buf, k->dsa->pub_key)) != 0 ||
2311 - (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0)
2312 + if ((dsa_p = BN_new()) == NULL ||
2313 + (dsa_q = BN_new()) == NULL ||
2314 + (dsa_g = BN_new()) == NULL ||
2315 + (dsa_pub_key = BN_new()) == NULL ||
2316 + (dsa_priv_key = BN_new()) == NULL) {
2317 + r = SSH_ERR_ALLOC_FAIL;
2320 + if ((r = sshbuf_get_bignum2(buf, dsa_p)) != 0 ||
2321 + (r = sshbuf_get_bignum2(buf, dsa_q)) != 0 ||
2322 + (r = sshbuf_get_bignum2(buf, dsa_g)) != 0 ||
2323 + (r = sshbuf_get_bignum2(buf, dsa_pub_key)) != 0 ||
2324 + (r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0)
2326 + if (!DSA_set0_pqg(k->dsa, dsa_p, dsa_q, dsa_g)) {
2327 + r = SSH_ERR_LIBCRYPTO_ERROR;
2330 + dsa_p = dsa_q = dsa_g = NULL; /* transferred */
2331 + if (!DSA_set0_key(k->dsa, dsa_pub_key, dsa_priv_key)) {
2332 + r = SSH_ERR_LIBCRYPTO_ERROR;
2335 + dsa_pub_key = dsa_priv_key = NULL; /* transferred */
2338 + if ((dsa_priv_key = BN_new()) == NULL) {
2339 + r = SSH_ERR_ALLOC_FAIL;
2342 if ((r = sshkey_froms(buf, &k)) != 0 ||
2343 - (r = sshkey_add_private(k)) != 0 ||
2344 - (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0)
2345 + (r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0)
2347 + if (!DSA_set0_key(k->dsa, NULL, dsa_priv_key)) {
2348 + r = SSH_ERR_LIBCRYPTO_ERROR;
2351 + dsa_priv_key = NULL; /* transferred */
2353 # ifdef OPENSSL_HAS_ECC
2355 @@ -3027,7 +3033,6 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2358 if ((r = sshkey_froms(buf, &k)) != 0 ||
2359 - (r = sshkey_add_private(k)) != 0 ||
2360 (r = sshbuf_get_bignum2(buf, exponent)) != 0)
2362 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) {
2363 @@ -3045,32 +3050,65 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2364 r = SSH_ERR_ALLOC_FAIL;
2367 - if ((r = sshbuf_get_bignum2(buf, k->rsa->n)) != 0 ||
2368 - (r = sshbuf_get_bignum2(buf, k->rsa->e)) != 0 ||
2369 - (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 ||
2370 - (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 ||
2371 - (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 ||
2372 - (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 ||
2373 - (r = ssh_rsa_generate_additional_parameters(k)) != 0)
2374 + if ((rsa_n = BN_new()) == NULL ||
2375 + (rsa_e = BN_new()) == NULL ||
2376 + (rsa_d = BN_new()) == NULL ||
2377 + (rsa_iqmp = BN_new()) == NULL ||
2378 + (rsa_p = BN_new()) == NULL ||
2379 + (rsa_q = BN_new()) == NULL) {
2380 + r = SSH_ERR_ALLOC_FAIL;
2383 + if ((r = sshbuf_get_bignum2(buf, rsa_n)) != 0 ||
2384 + (r = sshbuf_get_bignum2(buf, rsa_e)) != 0 ||
2385 + (r = sshbuf_get_bignum2(buf, rsa_d)) != 0 ||
2386 + (r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 ||
2387 + (r = sshbuf_get_bignum2(buf, rsa_p)) != 0 ||
2388 + (r = sshbuf_get_bignum2(buf, rsa_q)) != 0)
2390 - if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
2391 - r = SSH_ERR_KEY_LENGTH;
2392 + if (!RSA_set0_key(k->rsa, rsa_n, rsa_e, rsa_d)) {
2393 + r = SSH_ERR_LIBCRYPTO_ERROR;
2396 + rsa_n = rsa_e = rsa_d = NULL; /* transferred */
2397 + if (!RSA_set0_factors(k->rsa, rsa_p, rsa_q)) {
2398 + r = SSH_ERR_LIBCRYPTO_ERROR;
2401 + rsa_p = rsa_q = NULL; /* transferred */
2402 + if ((r = check_rsa_length(k->rsa)) != 0)
2404 + if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0)
2408 + if ((rsa_d = BN_new()) == NULL ||
2409 + (rsa_iqmp = BN_new()) == NULL ||
2410 + (rsa_p = BN_new()) == NULL ||
2411 + (rsa_q = BN_new()) == NULL) {
2412 + r = SSH_ERR_ALLOC_FAIL;
2415 if ((r = sshkey_froms(buf, &k)) != 0 ||
2416 - (r = sshkey_add_private(k)) != 0 ||
2417 - (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 ||
2418 - (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 ||
2419 - (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 ||
2420 - (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 ||
2421 - (r = ssh_rsa_generate_additional_parameters(k)) != 0)
2422 + (r = sshbuf_get_bignum2(buf, rsa_d)) != 0 ||
2423 + (r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 ||
2424 + (r = sshbuf_get_bignum2(buf, rsa_p)) != 0 ||
2425 + (r = sshbuf_get_bignum2(buf, rsa_q)) != 0)
2427 + if (!RSA_set0_key(k->rsa, NULL, NULL, rsa_d)) {
2428 + r = SSH_ERR_LIBCRYPTO_ERROR;
2430 - if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
2431 - r = SSH_ERR_KEY_LENGTH;
2433 + rsa_d = NULL; /* transferred */
2434 + if (!RSA_set0_factors(k->rsa, rsa_p, rsa_q)) {
2435 + r = SSH_ERR_LIBCRYPTO_ERROR;
2438 + rsa_p = rsa_q = NULL; /* transferred */
2439 + if ((r = check_rsa_length(k->rsa)) != 0)
2441 + if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0)
2444 #endif /* WITH_OPENSSL */
2446 @@ -3091,7 +3129,6 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2448 case KEY_ED25519_CERT:
2449 if ((r = sshkey_froms(buf, &k)) != 0 ||
2450 - (r = sshkey_add_private(k)) != 0 ||
2451 (r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 ||
2452 (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0)
2454 @@ -3128,7 +3165,6 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2457 if ((r = sshkey_froms(buf, &k)) != 0 ||
2458 - (r = sshkey_add_private(k)) != 0 ||
2459 (r = sshbuf_get_cstring(buf, &xmss_name, NULL)) != 0 ||
2460 (r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 ||
2461 (r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0)
2462 @@ -3177,6 +3213,17 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2465 BN_clear_free(exponent);
2466 + BN_clear_free(dsa_p);
2467 + BN_clear_free(dsa_q);
2468 + BN_clear_free(dsa_g);
2469 + BN_clear_free(dsa_pub_key);
2470 + BN_clear_free(dsa_priv_key);
2471 + BN_clear_free(rsa_n);
2472 + BN_clear_free(rsa_e);
2473 + BN_clear_free(rsa_d);
2474 + BN_clear_free(rsa_p);
2475 + BN_clear_free(rsa_q);
2476 + BN_clear_free(rsa_iqmp);
2477 #endif /* WITH_OPENSSL */
2479 freezero(ed25519_pk, pklen);
2480 @@ -3831,7 +3878,9 @@ translate_libcrypto_error(unsigned long pem_err)
2481 switch (pem_reason) {
2482 case EVP_R_BAD_DECRYPT:
2483 return SSH_ERR_KEY_WRONG_PASSPHRASE;
2484 +#ifdef EVP_R_BN_DECODE_ERROR
2485 case EVP_R_BN_DECODE_ERROR:
2487 case EVP_R_DECODE_ERROR:
2488 #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
2489 case EVP_R_PRIVATE_KEY_DECODE_ERROR:
2490 @@ -3896,7 +3945,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
2491 r = convert_libcrypto_error();
2494 - if (pk->type == EVP_PKEY_RSA &&
2495 + if (EVP_PKEY_base_id(pk) == EVP_PKEY_RSA &&
2496 (type == KEY_UNSPEC || type == KEY_RSA)) {
2497 if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
2498 r = SSH_ERR_ALLOC_FAIL;
2499 @@ -3911,11 +3960,9 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
2500 r = SSH_ERR_LIBCRYPTO_ERROR;
2503 - if (BN_num_bits(prv->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
2504 - r = SSH_ERR_KEY_LENGTH;
2505 + if ((r = check_rsa_length(prv->rsa)) != 0)
2508 - } else if (pk->type == EVP_PKEY_DSA &&
2509 + } else if (EVP_PKEY_base_id(pk) == EVP_PKEY_DSA &&
2510 (type == KEY_UNSPEC || type == KEY_DSA)) {
2511 if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
2512 r = SSH_ERR_ALLOC_FAIL;
2513 @@ -3927,7 +3974,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
2514 DSA_print_fp(stderr, prv->dsa, 8);
2516 #ifdef OPENSSL_HAS_ECC
2517 - } else if (pk->type == EVP_PKEY_EC &&
2518 + } else if (EVP_PKEY_base_id(pk) == EVP_PKEY_EC &&
2519 (type == KEY_UNSPEC || type == KEY_ECDSA)) {
2520 if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
2521 r = SSH_ERR_ALLOC_FAIL;
2522 diff --git a/sshkey.h b/sshkey.h
2523 index 5a22a66f..4147ad92 100644
2527 # define EC_POINT void
2528 # endif /* OPENSSL_HAS_ECC */
2529 #else /* WITH_OPENSSL */
2530 +# define BIGNUM void
2533 # define EC_KEY void
2534 @@ -127,10 +128,8 @@ struct sshkey {
2535 #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES
2537 struct sshkey *sshkey_new(int);
2538 -int sshkey_add_private(struct sshkey *);
2539 -struct sshkey *sshkey_new_private(int);
2540 +struct sshkey *sshkey_new_private(int); /* XXX garbage collect */
2541 void sshkey_free(struct sshkey *);
2542 -int sshkey_demote(const struct sshkey *, struct sshkey **);
2543 int sshkey_equal_public(const struct sshkey *,
2544 const struct sshkey *);
2545 int sshkey_equal(const struct sshkey *, const struct sshkey *);
2546 @@ -220,7 +219,7 @@ int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
2547 const char *passphrase, struct sshkey **keyp, char **commentp);
2549 /* XXX should be internal, but used by ssh-keygen */
2550 -int ssh_rsa_generate_additional_parameters(struct sshkey *);
2551 +int ssh_rsa_complete_crt_parameters(struct sshkey *, const BIGNUM *);
2553 /* stateful keys (e.g. XMSS) */
2554 #ifdef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS
2556 commit 86112951d63d48839f035b5795be62635a463f99
2557 Author: Damien Miller <djm@mindrot.org>
2558 Date: Thu Sep 13 12:12:42 2018 +1000
2560 forgot to stage these test files in commit d70d061
2562 diff --git a/regress/unittests/sshkey/mktestdata.sh b/regress/unittests/sshkey/mktestdata.sh
2563 index 8047bc62..93da34c6 100755
2564 --- a/regress/unittests/sshkey/mktestdata.sh
2565 +++ b/regress/unittests/sshkey/mktestdata.sh
2568 -# $OpenBSD: mktestdata.sh,v 1.6 2017/04/30 23:33:48 djm Exp $
2569 +# $OpenBSD: mktestdata.sh,v 1.7 2018/09/12 01:36:45 djm Exp $
2573 @@ -128,6 +128,18 @@ ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
2574 -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
2575 -V 19990101:20110101 -z 4 ed25519_1.pub
2577 +# Make a few RSA variant signature too.
2578 +cp rsa_1 rsa_1_sha1
2579 +cp rsa_1 rsa_1_sha512
2580 +cp rsa_1.pub rsa_1_sha1.pub
2581 +cp rsa_1.pub rsa_1_sha512.pub
2582 +ssh-keygen -s rsa_2 -I hugo -n user1,user2 -t ssh-rsa \
2583 + -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
2584 + -V 19990101:20110101 -z 1 rsa_1_sha1.pub
2585 +ssh-keygen -s rsa_2 -I hugo -n user1,user2 -t rsa-sha2-512 \
2586 + -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
2587 + -V 19990101:20110101 -z 1 rsa_1_sha512.pub
2589 ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \
2590 -V 19990101:20110101 -z 5 rsa_1.pub
2591 ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \
2592 diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c
2593 index 99b7e21c..0636e84b 100644
2594 --- a/regress/unittests/sshkey/test_file.c
2595 +++ b/regress/unittests/sshkey/test_file.c
2597 -/* $OpenBSD: test_file.c,v 1.6 2017/04/30 23:33:48 djm Exp $ */
2598 +/* $OpenBSD: test_file.c,v 1.7 2018/09/12 01:36:45 djm Exp $ */
2600 * Regress test for sshkey.h key management API
2602 @@ -105,6 +105,24 @@ sshkey_file_tests(void)
2606 + TEST_START("load RSA cert with SHA1 signature");
2607 + ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha1"), &k2), 0);
2608 + ASSERT_PTR_NE(k2, NULL);
2609 + ASSERT_INT_EQ(k2->type, KEY_RSA_CERT);
2610 + ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
2611 + ASSERT_STRING_EQ(k2->cert->signature_type, "ssh-rsa");
2615 + TEST_START("load RSA cert with SHA512 signature");
2616 + ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha512"), &k2), 0);
2617 + ASSERT_PTR_NE(k2, NULL);
2618 + ASSERT_INT_EQ(k2->type, KEY_RSA_CERT);
2619 + ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
2620 + ASSERT_STRING_EQ(k2->cert->signature_type, "rsa-sha2-512");
2624 TEST_START("load RSA cert");
2625 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0);
2626 ASSERT_PTR_NE(k2, NULL);
2628 commit 48f54b9d12c1c79fba333bc86d455d8f4cda8cfc
2629 Author: Damien Miller <djm@mindrot.org>
2630 Date: Thu Sep 13 12:13:50 2018 +1000
2632 adapt -portable to OpenSSL 1.1x API
2634 Polyfill missing API with replacement functions extracted from LibreSSL
2636 diff --git a/auth-pam.c b/auth-pam.c
2637 index 8c013836..1dec53e9 100644
2640 @@ -128,6 +128,10 @@ extern u_int utmp_len;
2641 typedef pthread_t sp_pthread_t;
2643 typedef pid_t sp_pthread_t;
2644 +#define pthread_exit fake_pthread_exit
2645 +#define pthread_create fake_pthread_create
2646 +#define pthread_cancel fake_pthread_cancel
2647 +#define pthread_join fake_pthread_join
2651 diff --git a/cipher.c b/cipher.c
2652 index df43826e..12c59888 100644
2655 @@ -525,41 +525,3 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len)
2660 -#ifdef WITH_OPENSSL
2661 -#define EVP_X_STATE(evp) (evp)->cipher_data
2662 -#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size
2666 -cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat)
2668 -#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
2669 - const struct sshcipher *c = cc->cipher;
2672 - if (c->evptype == EVP_rc4) {
2673 - plen = EVP_X_STATE_LEN(cc->evp);
2676 - memcpy(dat, EVP_X_STATE(cc->evp), plen);
2685 -cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat)
2687 -#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
2688 - const struct sshcipher *c = cc->cipher;
2691 - if (c->evptype == EVP_rc4) {
2692 - plen = EVP_X_STATE_LEN(cc->evp);
2693 - memcpy(EVP_X_STATE(cc->evp), dat, plen);
2697 diff --git a/configure.ac b/configure.ac
2698 index 83e53075..c0e120fe 100644
2701 @@ -2602,9 +2602,10 @@ if test "x$openssl" = "xyes" ; then
2702 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
2708 - AC_MSG_ERROR([OpenSSL >= 1.1.0 is not yet supported (have "$ssl_library_ver")])
2709 + AC_MSG_ERROR([OpenSSL > 1.1.x is not yet supported (have "$ssl_library_ver")])
2712 AC_MSG_RESULT([$ssl_library_ver])
2713 @@ -2777,6 +2778,115 @@ if test "x$openssl" = "xyes" ; then
2714 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2715 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2717 + # LibreSSL/OpenSSL 1.1x API
2718 + AC_SEARCH_LIBS([DH_get0_key], [crypto],
2719 + [AC_DEFINE([HAVE_DH_GET0_KEY], [1],
2720 + [Define if libcrypto has DH_get0_key])])
2721 + AC_SEARCH_LIBS([DH_get0_pqg], [crypto],
2722 + [AC_DEFINE([HAVE_DH_GET0_PQG], [1],
2723 + [Define if libcrypto has DH_get0_pqg])])
2724 + AC_SEARCH_LIBS([DH_set0_key], [crypto],
2725 + [AC_DEFINE([HAVE_DH_SET0_KEY], [1],
2726 + [Define if libcrypto has DH_set0_key])])
2727 + AC_SEARCH_LIBS([DH_set_length], [crypto],
2728 + [AC_DEFINE([HAVE_DH_SET_LENGTH], [1],
2729 + [Define if libcrypto has DH_set_length])])
2730 + AC_SEARCH_LIBS([DH_set0_pqg], [crypto],
2731 + [AC_DEFINE([HAVE_DH_SET0_PQG], [1],
2732 + [Define if libcrypto has DH_set0_pqg])])
2734 + AC_SEARCH_LIBS([DSA_get0_key], [crypto],
2735 + [AC_DEFINE([HAVE_DSA_GET0_KEY], [1],
2736 + [Define if libcrypto has DSA_get0_key])])
2737 + AC_SEARCH_LIBS([DSA_get0_pqg], [crypto],
2738 + [AC_DEFINE([HAVE_DSA_GET0_PQG], [1],
2739 + [Define if libcrypto has DSA_get0_pqg])])
2740 + AC_SEARCH_LIBS([DSA_set0_key], [crypto],
2741 + [AC_DEFINE([HAVE_DSA_SET0_KEY], [1],
2742 + [Define if libcrypto has DSA_set0_key])])
2743 + AC_SEARCH_LIBS([DSA_set0_pqg], [crypto],
2744 + [AC_DEFINE([HAVE_DSA_SET0_PQG], [1],
2745 + [Define if libcrypto has DSA_set0_pqg])])
2747 + AC_SEARCH_LIBS([DSA_SIG_get0], [crypto],
2748 + [AC_DEFINE([HAVE_DSA_SIG_GET0], [1],
2749 + [Define if libcrypto has DSA_SIG_get0])])
2750 + AC_SEARCH_LIBS([DSA_SIG_set0], [crypto],
2751 + [AC_DEFINE([HAVE_DSA_SIG_SET0], [1],
2752 + [Define if libcrypto has DSA_SIG_set0])])
2754 + AC_SEARCH_LIBS([ECDSA_SIG_get0], [crypto],
2755 + [AC_DEFINE([HAVE_ECDSA_SIG_GET0], [1],
2756 + [Define if libcrypto has ECDSA_SIG_get0])])
2757 + AC_SEARCH_LIBS([ECDSA_SIG_set0], [crypto],
2758 + [AC_DEFINE([HAVE_ECDSA_SIG_SET0], [1],
2759 + [Define if libcrypto has ECDSA_SIG_set0])])
2761 + AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv], [crypto],
2762 + [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV], [1],
2763 + [Define if libcrypto has EVP_CIPHER_CTX_iv])])
2764 + AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv_noconst], [crypto],
2765 + [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV_NOCONST], [1],
2766 + [Define if libcrypto has EVP_CIPHER_CTX_iv_noconst])])
2767 + AC_SEARCH_LIBS([EVP_CIPHER_CTX_get_iv], [crypto],
2768 + [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1],
2769 + [Define if libcrypto has EVP_CIPHER_CTX_get_iv])])
2770 + AC_SEARCH_LIBS([EVP_CIPHER_CTX_set_iv], [crypto],
2771 + [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1],
2772 + [Define if libcrypto has EVP_CIPHER_CTX_set_iv])])
2774 + AC_SEARCH_LIBS([RSA_get0_crt_params], [crypto],
2775 + [AC_DEFINE([HAVE_RSA_GET0_CRT_PARAMS], [1],
2776 + [Define if libcrypto has RSA_get0_crt_params])])
2777 + AC_SEARCH_LIBS([RSA_get0_factors], [crypto],
2778 + [AC_DEFINE([HAVE_RSA_GET0_FACTORS], [1],
2779 + [Define if libcrypto has RSA_get0_factors])])
2780 + AC_SEARCH_LIBS([RSA_get0_key], [crypto],
2781 + [AC_DEFINE([HAVE_RSA_GET0_KEY], [1],
2782 + [Define if libcrypto has RSA_get0_key])])
2783 + AC_SEARCH_LIBS([RSA_set0_crt_params], [crypto],
2784 + [AC_DEFINE([HAVE_RSA_SET0_CRT_PARAMS], [1],
2785 + [Define if libcrypto has RSA_get0_srt_params])])
2786 + AC_SEARCH_LIBS([RSA_set0_factors], [crypto],
2787 + [AC_DEFINE([HAVE_RSA_SET0_FACTORS], [1],
2788 + [Define if libcrypto has RSA_set0_factors])])
2789 + AC_SEARCH_LIBS([RSA_set0_key], [crypto],
2790 + [AC_DEFINE([HAVE_RSA_SET0_KEY], [1],
2791 + [Define if libcrypto has RSA_set0_key])])
2793 + AC_SEARCH_LIBS([RSA_meth_free], [crypto],
2794 + [AC_DEFINE([HAVE_RSA_METH_FREE], [1],
2795 + [Define if libcrypto has RSA_meth_free])])
2796 + AC_SEARCH_LIBS([RSA_meth_dup], [crypto],
2797 + [AC_DEFINE([HAVE_RSA_METH_DUP], [1],
2798 + [Define if libcrypto has RSA_meth_dup])])
2799 + AC_SEARCH_LIBS([RSA_meth_set1_name], [crypto],
2800 + [AC_DEFINE([HAVE_RSA_METH_SET1_NAME], [1],
2801 + [Define if libcrypto has RSA_meth_set1_name])])
2802 + AC_SEARCH_LIBS([RSA_meth_get_finish], [crypto],
2803 + [AC_DEFINE([HAVE_RSA_METH_GET_FINISH], [1],
2804 + [Define if libcrypto has RSA_meth_get_finish])])
2805 + AC_SEARCH_LIBS([RSA_meth_set_priv_enc], [crypto],
2806 + [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_ENC], [1],
2807 + [Define if libcrypto has RSA_meth_set_priv_enc])])
2808 + AC_SEARCH_LIBS([RSA_meth_set_priv_dec], [crypto],
2809 + [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_DEC], [1],
2810 + [Define if libcrypto has RSA_meth_set_priv_dec])])
2811 + AC_SEARCH_LIBS([RSA_meth_set_finish], [crypto],
2812 + [AC_DEFINE([HAVE_RSA_METH_SET_FINISH], [1],
2813 + [Define if libcrypto has RSA_meth_set_finish])])
2815 + AC_SEARCH_LIBS([EVP_PKEY_get0_RSA], [crypto],
2816 + [AC_DEFINE([HAVE_EVP_PKEY_GET0_RSA], [1],
2817 + [Define if libcrypto has EVP_PKEY_get0_RSA])])
2819 + AC_SEARCH_LIBS([EVP_MD_CTX_new], [crypto],
2820 + [AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1],
2821 + [Define if libcrypto has EVP_MD_CTX_new])])
2822 + AC_SEARCH_LIBS([EVP_MD_CTX_free], [crypto],
2823 + [AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1],
2824 + [Define if libcrypto has EVP_MD_CTX_free])])
2826 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2829 diff --git a/dh.c b/dh.c
2830 index d0d4527b..f3ed3882 100644
2837 +#include "openbsd-compat/openssl-compat.h"
2840 parse_prime(int linenum, char *line, struct dhgroup *dhg)
2842 diff --git a/kexdh.c b/kexdh.c
2843 index 0bf0dc13..e6925b18 100644
2848 #include <openssl/evp.h>
2850 +#include "openbsd-compat/openssl-compat.h"
2855 diff --git a/kexdhc.c b/kexdhc.c
2856 index a8b74247..8b56377a 100644
2863 +#include "openbsd-compat/openssl-compat.h"
2868 diff --git a/kexdhs.c b/kexdhs.c
2869 index 8367c6c3..337aab5b 100644
2874 #include <openssl/dh.h>
2876 +#include "openbsd-compat/openssl-compat.h"
2881 diff --git a/kexgex.c b/kexgex.c
2882 index 8b0d8333..3ca4bd37 100644
2886 #include <openssl/evp.h>
2889 +#include "openbsd-compat/openssl-compat.h"
2894 diff --git a/kexgexc.c b/kexgexc.c
2895 index 955bc837..0d07f73c 100644
2902 +#include "openbsd-compat/openssl-compat.h"
2907 diff --git a/kexgexs.c b/kexgexs.c
2908 index 2a4aa7e8..ce934f88 100644
2913 #include <openssl/dh.h>
2915 +#include "openbsd-compat/openssl-compat.h"
2920 diff --git a/monitor.c b/monitor.c
2921 index b30813b4..531b2993 100644
2926 #include <sys/types.h>
2927 #include <sys/socket.h>
2928 -#include "openbsd-compat/sys-tree.h"
2929 #include <sys/wait.h>
2933 #include <openssl/dh.h>
2936 +#include "openbsd-compat/sys-tree.h"
2937 #include "openbsd-compat/sys-queue.h"
2938 +#include "openbsd-compat/openssl-compat.h"
2940 #include "atomicio.h"
2941 #include "xmalloc.h"
2943 diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
2944 index 2fd9b952..c1e14cbd 100644
2945 --- a/openbsd-compat/Makefile.in
2946 +++ b/openbsd-compat/Makefile.in
2947 @@ -85,6 +85,7 @@ COMPAT= arc4random.o \
2948 getrrsetbyname-ldns.o \
2951 + libressl-api-compat.o \
2955 diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c
2956 new file mode 100644
2957 index 00000000..de3e64a6
2959 +++ b/openbsd-compat/libressl-api-compat.c
2961 +/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */
2962 +/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */
2963 +/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */
2964 +/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */
2965 +/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */
2966 +/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
2967 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2968 + * All rights reserved.
2970 + * This package is an SSL implementation written
2971 + * by Eric Young (eay@cryptsoft.com).
2972 + * The implementation was written so as to conform with Netscapes SSL.
2974 + * This library is free for commercial and non-commercial use as long as
2975 + * the following conditions are aheared to. The following conditions
2976 + * apply to all code found in this distribution, be it the RC4, RSA,
2977 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
2978 + * included with this distribution is covered by the same copyright terms
2979 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
2981 + * Copyright remains Eric Young's, and as such any Copyright notices in
2982 + * the code are not to be removed.
2983 + * If this package is used in a product, Eric Young should be given attribution
2984 + * as the author of the parts of the library used.
2985 + * This can be in the form of a textual message at program startup or
2986 + * in documentation (online or textual) provided with the package.
2988 + * Redistribution and use in source and binary forms, with or without
2989 + * modification, are permitted provided that the following conditions
2991 + * 1. Redistributions of source code must retain the copyright
2992 + * notice, this list of conditions and the following disclaimer.
2993 + * 2. Redistributions in binary form must reproduce the above copyright
2994 + * notice, this list of conditions and the following disclaimer in the
2995 + * documentation and/or other materials provided with the distribution.
2996 + * 3. All advertising materials mentioning features or use of this software
2997 + * must display the following acknowledgement:
2998 + * "This product includes cryptographic software written by
2999 + * Eric Young (eay@cryptsoft.com)"
3000 + * The word 'cryptographic' can be left out if the rouines from the library
3001 + * being used are not cryptographic related :-).
3002 + * 4. If you include any Windows specific code (or a derivative thereof) from
3003 + * the apps directory (application code) you must include an acknowledgement:
3004 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
3006 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
3007 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3008 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
3009 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
3010 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
3011 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
3012 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3013 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
3014 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
3015 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
3018 + * The licence and distribution terms for any publically available version or
3019 + * derivative of this code cannot be changed. i.e. this code cannot simply be
3020 + * copied and put under another distribution licence
3021 + * [including the GNU Public Licence.]
3024 +/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */
3025 +/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */
3026 +/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
3027 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3030 +/* ====================================================================
3031 + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
3033 + * Redistribution and use in source and binary forms, with or without
3034 + * modification, are permitted provided that the following conditions
3037 + * 1. Redistributions of source code must retain the above copyright
3038 + * notice, this list of conditions and the following disclaimer.
3040 + * 2. Redistributions in binary form must reproduce the above copyright
3041 + * notice, this list of conditions and the following disclaimer in
3042 + * the documentation and/or other materials provided with the
3045 + * 3. All advertising materials mentioning features or use of this
3046 + * software must display the following acknowledgment:
3047 + * "This product includes software developed by the OpenSSL Project
3048 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
3050 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
3051 + * endorse or promote products derived from this software without
3052 + * prior written permission. For written permission, please contact
3053 + * licensing@OpenSSL.org.
3055 + * 5. Products derived from this software may not be called "OpenSSL"
3056 + * nor may "OpenSSL" appear in their names without prior written
3057 + * permission of the OpenSSL Project.
3059 + * 6. Redistributions of any form whatsoever must retain the following
3061 + * "This product includes software developed by the OpenSSL Project
3062 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
3064 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
3065 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3066 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
3067 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
3068 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
3069 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
3070 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
3071 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3072 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
3073 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
3074 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
3075 + * OF THE POSSIBILITY OF SUCH DAMAGE.
3076 + * ====================================================================
3078 + * This product includes cryptographic software written by Eric Young
3079 + * (eay@cryptsoft.com). This product includes software written by Tim
3080 + * Hudson (tjh@cryptsoft.com).
3084 +/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */
3086 + * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
3088 + * Permission to use, copy, modify, and distribute this software for any
3089 + * purpose with or without fee is hereby granted, provided that the above
3090 + * copyright notice and this permission notice appear in all copies.
3092 + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
3093 + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
3094 + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
3095 + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
3096 + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
3097 + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
3098 + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
3101 +#include "includes.h"
3103 +#ifdef WITH_OPENSSL
3105 +#include <sys/types.h>
3107 +#include <stdlib.h>
3108 +#include <string.h>
3110 +#include <openssl/err.h>
3111 +#include <openssl/bn.h>
3112 +#include <openssl/dsa.h>
3113 +#include <openssl/rsa.h>
3114 +#include <openssl/evp.h>
3115 +#include <openssl/ecdsa.h>
3116 +#include <openssl/dh.h>
3118 +#ifndef HAVE_DSA_GET0_PQG
3120 +DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
3129 +#endif /* HAVE_DSA_GET0_PQG */
3131 +#ifndef HAVE_DSA_SET0_PQG
3133 +DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
3135 + if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) ||
3136 + (d->g == NULL && g == NULL))
3154 +#endif /* HAVE_DSA_SET0_PQG */
3156 +#ifndef HAVE_DSA_GET0_KEY
3158 +DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
3160 + if (pub_key != NULL)
3161 + *pub_key = d->pub_key;
3162 + if (priv_key != NULL)
3163 + *priv_key = d->priv_key;
3165 +#endif /* HAVE_DSA_GET0_KEY */
3167 +#ifndef HAVE_DSA_SET0_KEY
3169 +DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
3171 + if (d->pub_key == NULL && pub_key == NULL)
3174 + if (pub_key != NULL) {
3175 + BN_free(d->pub_key);
3176 + d->pub_key = pub_key;
3178 + if (priv_key != NULL) {
3179 + BN_free(d->priv_key);
3180 + d->priv_key = priv_key;
3185 +#endif /* HAVE_DSA_SET0_KEY */
3187 +#ifndef HAVE_RSA_GET0_KEY
3189 +RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
3198 +#endif /* HAVE_RSA_GET0_KEY */
3200 +#ifndef HAVE_RSA_SET0_KEY
3202 +RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
3204 + if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
3222 +#endif /* HAVE_RSA_SET0_KEY */
3224 +#ifndef HAVE_RSA_GET0_CRT_PARAMS
3226 +RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
3227 + const BIGNUM **iqmp)
3236 +#endif /* HAVE_RSA_GET0_CRT_PARAMS */
3238 +#ifndef HAVE_RSA_SET0_CRT_PARAMS
3240 +RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
3242 + if ((r->dmp1 == NULL && dmp1 == NULL) ||
3243 + (r->dmq1 == NULL && dmq1 == NULL) ||
3244 + (r->iqmp == NULL && iqmp == NULL))
3247 + if (dmp1 != NULL) {
3251 + if (dmq1 != NULL) {
3255 + if (iqmp != NULL) {
3262 +#endif /* HAVE_RSA_SET0_CRT_PARAMS */
3264 +#ifndef HAVE_RSA_GET0_FACTORS
3266 +RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
3273 +#endif /* HAVE_RSA_GET0_FACTORS */
3275 +#ifndef HAVE_RSA_SET0_FACTORS
3277 +RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
3279 + if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
3293 +#endif /* HAVE_RSA_SET0_FACTORS */
3295 +#ifndef HAVE_EVP_CIPHER_CTX_GET_IV
3297 +EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len)
3301 + if (EVP_CIPHER_CTX_iv_length(ctx) < 0)
3303 + if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx))
3305 + if (len > EVP_MAX_IV_LENGTH)
3306 + return 0; /* sanity check; shouldn't happen */
3308 + * Skip the memcpy entirely when the requested IV length is zero,
3309 + * since the iv pointer may be NULL or invalid.
3314 +# ifdef HAVE_EVP_CIPHER_CTX_IV
3315 + memcpy(iv, EVP_CIPHER_CTX_iv(ctx), len);
3317 + memcpy(iv, ctx->iv, len);
3318 +# endif /* HAVE_EVP_CIPHER_CTX_IV */
3322 +#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
3324 +#ifndef HAVE_EVP_CIPHER_CTX_SET_IV
3326 +EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len)
3330 + if (EVP_CIPHER_CTX_iv_length(ctx) < 0)
3332 + if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx))
3334 + if (len > EVP_MAX_IV_LENGTH)
3335 + return 0; /* sanity check; shouldn't happen */
3337 + * Skip the memcpy entirely when the requested IV length is zero,
3338 + * since the iv pointer may be NULL or invalid.
3343 +# ifdef HAVE_EVP_CIPHER_CTX_IV_NOCONST
3344 + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, len);
3346 + memcpy(ctx->iv, iv, len);
3347 +# endif /* HAVE_EVP_CIPHER_CTX_IV_NOCONST */
3351 +#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
3353 +#ifndef HAVE_DSA_SIG_GET0
3355 +DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
3362 +#endif /* HAVE_DSA_SIG_GET0 */
3364 +#ifndef HAVE_DSA_SIG_SET0
3366 +DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
3368 + if (r == NULL || s == NULL)
3371 + BN_clear_free(sig->r);
3373 + BN_clear_free(sig->s);
3378 +#endif /* HAVE_DSA_SIG_SET0 */
3380 +#ifndef HAVE_ECDSA_SIG_GET0
3382 +ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
3389 +#endif /* HAVE_ECDSA_SIG_GET0 */
3391 +#ifndef HAVE_ECDSA_SIG_SET0
3393 +ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
3395 + if (r == NULL || s == NULL)
3398 + BN_clear_free(sig->r);
3399 + BN_clear_free(sig->s);
3404 +#endif /* HAVE_ECDSA_SIG_SET0 */
3406 +#ifndef HAVE_DH_GET0_PQG
3408 +DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
3417 +#endif /* HAVE_DH_GET0_PQG */
3419 +#ifndef HAVE_DH_SET0_PQG
3421 +DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
3423 + if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
3441 +#endif /* HAVE_DH_SET0_PQG */
3443 +#ifndef HAVE_DH_GET0_KEY
3445 +DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
3447 + if (pub_key != NULL)
3448 + *pub_key = dh->pub_key;
3449 + if (priv_key != NULL)
3450 + *priv_key = dh->priv_key;
3452 +#endif /* HAVE_DH_GET0_KEY */
3454 +#ifndef HAVE_DH_SET0_KEY
3456 +DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
3458 + if (pub_key != NULL) {
3459 + BN_free(dh->pub_key);
3460 + dh->pub_key = pub_key;
3462 + if (priv_key != NULL) {
3463 + BN_free(dh->priv_key);
3464 + dh->priv_key = priv_key;
3469 +#endif /* HAVE_DH_SET0_KEY */
3471 +#ifndef HAVE_DH_SET_LENGTH
3473 +DH_set_length(DH *dh, long length)
3475 + if (length < 0 || length > INT_MAX)
3478 + dh->length = length;
3481 +#endif /* HAVE_DH_SET_LENGTH */
3483 +#ifndef HAVE_RSA_METH_FREE
3485 +RSA_meth_free(RSA_METHOD *meth)
3487 + if (meth != NULL) {
3488 + free((char *)meth->name);
3492 +#endif /* HAVE_RSA_METH_FREE */
3494 +#ifndef HAVE_RSA_METH_DUP
3496 +RSA_meth_dup(const RSA_METHOD *meth)
3500 + if ((copy = calloc(1, sizeof(*copy))) == NULL)
3502 + memcpy(copy, meth, sizeof(*copy));
3503 + if ((copy->name = strdup(meth->name)) == NULL) {
3510 +#endif /* HAVE_RSA_METH_DUP */
3512 +#ifndef HAVE_RSA_METH_SET1_NAME
3514 +RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
3518 + if ((copy = strdup(name)) == NULL)
3520 + free((char *)meth->name);
3521 + meth->name = copy;
3524 +#endif /* HAVE_RSA_METH_SET1_NAME */
3526 +#ifndef HAVE_RSA_METH_GET_FINISH
3528 +(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa)
3530 + return meth->finish;
3532 +#endif /* HAVE_RSA_METH_GET_FINISH */
3534 +#ifndef HAVE_RSA_METH_SET_PRIV_ENC
3536 +RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
3537 + const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
3539 + meth->rsa_priv_enc = priv_enc;
3542 +#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
3544 +#ifndef HAVE_RSA_METH_SET_PRIV_DEC
3546 +RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
3547 + const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
3549 + meth->rsa_priv_dec = priv_dec;
3552 +#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
3554 +#ifndef HAVE_RSA_METH_SET_FINISH
3556 +RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
3558 + meth->finish = finish;
3561 +#endif /* HAVE_RSA_METH_SET_FINISH */
3563 +#ifndef HAVE_EVP_PKEY_GET0_RSA
3565 +EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
3567 + if (pkey->type != EVP_PKEY_RSA) {
3568 + /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */
3571 + return pkey->pkey.rsa;
3573 +#endif /* HAVE_EVP_PKEY_GET0_RSA */
3575 +#ifndef HAVE_EVP_MD_CTX_NEW
3577 +EVP_MD_CTX_new(void)
3579 + return calloc(1, sizeof(EVP_MD_CTX));
3581 +#endif /* HAVE_EVP_MD_CTX_NEW */
3583 +#ifndef HAVE_EVP_MD_CTX_FREE
3585 +EVP_MD_CTX_free(EVP_MD_CTX *ctx)
3590 + EVP_MD_CTX_cleanup(ctx);
3594 +#endif /* HAVE_EVP_MD_CTX_FREE */
3596 +#endif /* WITH_OPENSSL */
3597 diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
3598 index 2ae42bac..9e0264c0 100644
3599 --- a/openbsd-compat/openssl-compat.h
3600 +++ b/openbsd-compat/openssl-compat.h
3602 #include <openssl/evp.h>
3603 #include <openssl/rsa.h>
3604 #include <openssl/dsa.h>
3605 +#include <openssl/ecdsa.h>
3606 +#include <openssl/dh.h>
3608 int ssh_compatible_openssl(long, long);
3610 @@ -96,5 +98,139 @@ void ssh_OpenSSL_add_all_algorithms(void);
3612 #endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */
3614 +/* LibreSSL/OpenSSL 1.1x API compat */
3615 +#ifndef HAVE_DSA_GET0_PQG
3616 +void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
3617 + const BIGNUM **g);
3618 +#endif /* HAVE_DSA_GET0_PQG */
3620 +#ifndef HAVE_DSA_SET0_PQG
3621 +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
3622 +#endif /* HAVE_DSA_SET0_PQG */
3624 +#ifndef HAVE_DSA_GET0_KEY
3625 +void DSA_get0_key(const DSA *d, const BIGNUM **pub_key,
3626 + const BIGNUM **priv_key);
3627 +#endif /* HAVE_DSA_GET0_KEY */
3629 +#ifndef HAVE_DSA_SET0_KEY
3630 +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
3631 +#endif /* HAVE_DSA_SET0_KEY */
3633 +#ifndef HAVE_EVP_CIPHER_CTX_GET_IV
3634 +int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx,
3635 + unsigned char *iv, size_t len);
3636 +#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
3638 +#ifndef HAVE_EVP_CIPHER_CTX_SET_IV
3639 +int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
3640 + const unsigned char *iv, size_t len);
3641 +#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
3643 +#ifndef HAVE_RSA_GET0_KEY
3644 +void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e,
3645 + const BIGNUM **d);
3646 +#endif /* HAVE_RSA_GET0_KEY */
3648 +#ifndef HAVE_RSA_SET0_KEY
3649 +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
3650 +#endif /* HAVE_RSA_SET0_KEY */
3652 +#ifndef HAVE_RSA_GET0_CRT_PARAMS
3653 +void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
3654 + const BIGNUM **iqmp);
3655 +#endif /* HAVE_RSA_GET0_CRT_PARAMS */
3657 +#ifndef HAVE_RSA_SET0_CRT_PARAMS
3658 +int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
3659 +#endif /* HAVE_RSA_SET0_CRT_PARAMS */
3661 +#ifndef HAVE_RSA_GET0_FACTORS
3662 +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
3663 +#endif /* HAVE_RSA_GET0_FACTORS */
3665 +#ifndef HAVE_RSA_SET0_FACTORS
3666 +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
3667 +#endif /* HAVE_RSA_SET0_FACTORS */
3669 +#ifndef DSA_SIG_GET0
3670 +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
3671 +#endif /* DSA_SIG_GET0 */
3673 +#ifndef DSA_SIG_SET0
3674 +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
3675 +#endif /* DSA_SIG_SET0 */
3677 +#ifndef HAVE_ECDSA_SIG_GET0
3678 +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
3679 +#endif /* HAVE_ECDSA_SIG_GET0 */
3681 +#ifndef HAVE_ECDSA_SIG_SET0
3682 +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
3683 +#endif /* HAVE_ECDSA_SIG_SET0 */
3685 +#ifndef HAVE_DH_GET0_PQG
3686 +void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
3687 + const BIGNUM **g);
3688 +#endif /* HAVE_DH_GET0_PQG */
3690 +#ifndef HAVE_DH_SET0_PQG
3691 +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
3692 +#endif /* HAVE_DH_SET0_PQG */
3694 +#ifndef HAVE_DH_GET0_KEY
3695 +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
3696 +#endif /* HAVE_DH_GET0_KEY */
3698 +#ifndef HAVE_DH_SET0_KEY
3699 +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
3700 +#endif /* HAVE_DH_SET0_KEY */
3702 +#ifndef HAVE_DH_SET_LENGTH
3703 +int DH_set_length(DH *dh, long length);
3704 +#endif /* HAVE_DH_SET_LENGTH */
3706 +#ifndef HAVE_RSA_METH_FREE
3707 +void RSA_meth_free(RSA_METHOD *meth);
3708 +#endif /* HAVE_RSA_METH_FREE */
3710 +#ifndef HAVE_RSA_METH_DUP
3711 +RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
3712 +#endif /* HAVE_RSA_METH_DUP */
3714 +#ifndef HAVE_RSA_METH_SET1_NAME
3715 +int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
3716 +#endif /* HAVE_RSA_METH_SET1_NAME */
3718 +#ifndef HAVE_RSA_METH_GET_FINISH
3719 +int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
3720 +#endif /* HAVE_RSA_METH_GET_FINISH */
3722 +#ifndef HAVE_RSA_METH_SET_PRIV_ENC
3723 +int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
3724 + const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
3725 +#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
3727 +#ifndef HAVE_RSA_METH_SET_PRIV_DEC
3728 +int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
3729 + const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
3730 +#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
3732 +#ifndef HAVE_RSA_METH_SET_FINISH
3733 +int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
3734 +#endif /* HAVE_RSA_METH_SET_FINISH */
3736 +#ifndef HAVE_EVP_PKEY_GET0_RSA
3737 +RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
3738 +#endif /* HAVE_EVP_PKEY_GET0_RSA */
3740 +#ifndef HAVE_EVP_MD_CTX_new
3741 +EVP_MD_CTX *EVP_MD_CTX_new(void);
3742 +#endif /* HAVE_EVP_MD_CTX_new */
3744 +#ifndef HAVE_EVP_MD_CTX_free
3745 +void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
3746 +#endif /* HAVE_EVP_MD_CTX_free */
3748 #endif /* WITH_OPENSSL */
3749 #endif /* _OPENSSL_COMPAT_H */
3750 diff --git a/ssh-dss.c b/ssh-dss.c
3751 index 631b1571..a23c383d 100644
3755 #define SSHKEY_INTERNAL
3758 +#include "openbsd-compat/openssl-compat.h"
3760 #define INTBLOB_LEN 20
3761 #define SIGBLOB_LEN (2*INTBLOB_LEN)
3763 diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
3764 index 9e92af04..2f553175 100644
3768 #define SSHKEY_INTERNAL
3771 +#include "openbsd-compat/openssl-compat.h"
3775 ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
3776 diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
3777 index bcc18c6b..d1241ce6 100644
3778 --- a/ssh-pkcs11-client.c
3779 +++ b/ssh-pkcs11-client.c
3782 #include <openssl/rsa.h>
3784 +#include "openbsd-compat/openssl-compat.h"
3786 #include "pathnames.h"
3787 #include "xmalloc.h"
3789 diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
3790 index c35f9415..775de964 100644
3796 #include "openbsd-compat/sys-queue.h"
3797 +#include "openbsd-compat/openssl-compat.h"
3799 #include <openssl/x509.h>
3801 diff --git a/ssh-rsa.c b/ssh-rsa.c
3802 index 2788f334..9b14f9a9 100644
3809 +#include "openbsd-compat/openssl-compat.h"
3811 static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *);
3814 diff --git a/sshkey.c b/sshkey.c
3815 index 085f1707..6f2c9d44 100644
3820 #include "xmss_fast.h"
3822 +#include "openbsd-compat/openssl-compat.h"
3824 /* openssh private key file format */
3825 #define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n"
3826 #define MARK_END "-----END OPENSSH PRIVATE KEY-----\n"
3827 @@ -1744,7 +1746,6 @@ int
3828 sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
3830 struct sshkey *n = NULL;
3831 - int ret = SSH_ERR_INTERNAL_ERROR;
3832 int r = SSH_ERR_INTERNAL_ERROR;
3834 const BIGNUM *rsa_n, *rsa_e;
3836 commit 86e0a9f3d249d5580390daf58e015e68b01cef10
3837 Author: djm@openbsd.org <djm@openbsd.org>
3838 Date: Thu Sep 13 05:06:51 2018 +0000
3840 upstream: use only openssl-1.1.x API here too
3842 OpenBSD-Regress-ID: ae877064597c349954b1b443769723563cecbc8f
3844 diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
3845 index 7e03b7e5..8e35f441 100644
3846 --- a/regress/unittests/sshkey/test_sshkey.c
3847 +++ b/regress/unittests/sshkey/test_sshkey.c
3849 -/* $OpenBSD: test_sshkey.c,v 1.15 2018/09/12 01:22:43 djm Exp $ */
3850 +/* $OpenBSD: test_sshkey.c,v 1.16 2018/09/13 05:06:51 djm Exp $ */
3852 * Regress test for sshkey.h key management API
3854 @@ -173,6 +173,61 @@ get_private(const char *n)
3858 +static const BIGNUM *
3859 +rsa_n(struct sshkey *k)
3861 + const BIGNUM *n = NULL;
3863 + ASSERT_PTR_NE(k, NULL);
3864 + ASSERT_PTR_NE(k->rsa, NULL);
3865 + RSA_get0_key(k->rsa, &n, NULL, NULL);
3869 +static const BIGNUM *
3870 +rsa_e(struct sshkey *k)
3872 + const BIGNUM *e = NULL;
3874 + ASSERT_PTR_NE(k, NULL);
3875 + ASSERT_PTR_NE(k->rsa, NULL);
3876 + RSA_get0_key(k->rsa, NULL, &e, NULL);
3880 +static const BIGNUM *
3881 +rsa_p(struct sshkey *k)
3883 + const BIGNUM *p = NULL;
3885 + ASSERT_PTR_NE(k, NULL);
3886 + ASSERT_PTR_NE(k->rsa, NULL);
3887 + RSA_get0_factors(k->rsa, &p, NULL);
3891 +static const BIGNUM *
3892 +dsa_g(struct sshkey *k)
3894 + const BIGNUM *g = NULL;
3896 + ASSERT_PTR_NE(k, NULL);
3897 + ASSERT_PTR_NE(k->dsa, NULL);
3898 + DSA_get0_pqg(k->dsa, NULL, NULL, &g);
3902 +static const BIGNUM *
3903 +dsa_priv_key(struct sshkey *k)
3905 + const BIGNUM *priv_key = NULL;
3907 + ASSERT_PTR_NE(k, NULL);
3908 + ASSERT_PTR_NE(k->dsa, NULL);
3909 + DSA_get0_key(k->dsa, NULL, &priv_key);
3916 @@ -197,9 +252,6 @@ sshkey_tests(void)
3917 k1 = sshkey_new(KEY_RSA);
3918 ASSERT_PTR_NE(k1, NULL);
3919 ASSERT_PTR_NE(k1->rsa, NULL);
3920 - ASSERT_PTR_NE(k1->rsa->n, NULL);
3921 - ASSERT_PTR_NE(k1->rsa->e, NULL);
3922 - ASSERT_PTR_EQ(k1->rsa->p, NULL);
3926 @@ -207,8 +259,6 @@ sshkey_tests(void)
3927 k1 = sshkey_new(KEY_DSA);
3928 ASSERT_PTR_NE(k1, NULL);
3929 ASSERT_PTR_NE(k1->dsa, NULL);
3930 - ASSERT_PTR_NE(k1->dsa->g, NULL);
3931 - ASSERT_PTR_EQ(k1->dsa->priv_key, NULL);
3935 @@ -230,27 +280,6 @@ sshkey_tests(void)
3939 - TEST_START("new_private KEY_RSA");
3940 - k1 = sshkey_new_private(KEY_RSA);
3941 - ASSERT_PTR_NE(k1, NULL);
3942 - ASSERT_PTR_NE(k1->rsa, NULL);
3943 - ASSERT_PTR_NE(k1->rsa->n, NULL);
3944 - ASSERT_PTR_NE(k1->rsa->e, NULL);
3945 - ASSERT_PTR_NE(k1->rsa->p, NULL);
3946 - ASSERT_INT_EQ(sshkey_add_private(k1), 0);
3950 - TEST_START("new_private KEY_DSA");
3951 - k1 = sshkey_new_private(KEY_DSA);
3952 - ASSERT_PTR_NE(k1, NULL);
3953 - ASSERT_PTR_NE(k1->dsa, NULL);
3954 - ASSERT_PTR_NE(k1->dsa->g, NULL);
3955 - ASSERT_PTR_NE(k1->dsa->priv_key, NULL);
3956 - ASSERT_INT_EQ(sshkey_add_private(k1), 0);
3960 TEST_START("generate KEY_RSA too small modulus");
3961 ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 128, &k1),
3962 SSH_ERR_KEY_LENGTH);
3963 @@ -285,18 +314,18 @@ sshkey_tests(void)
3964 ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0);
3965 ASSERT_PTR_NE(kr, NULL);
3966 ASSERT_PTR_NE(kr->rsa, NULL);
3967 - ASSERT_PTR_NE(kr->rsa->n, NULL);
3968 - ASSERT_PTR_NE(kr->rsa->e, NULL);
3969 - ASSERT_PTR_NE(kr->rsa->p, NULL);
3970 - ASSERT_INT_EQ(BN_num_bits(kr->rsa->n), 1024);
3971 + ASSERT_PTR_NE(rsa_n(kr), NULL);
3972 + ASSERT_PTR_NE(rsa_e(kr), NULL);
3973 + ASSERT_PTR_NE(rsa_p(kr), NULL);
3974 + ASSERT_INT_EQ(BN_num_bits(rsa_n(kr)), 1024);
3977 TEST_START("generate KEY_DSA");
3978 ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0);
3979 ASSERT_PTR_NE(kd, NULL);
3980 ASSERT_PTR_NE(kd->dsa, NULL);
3981 - ASSERT_PTR_NE(kd->dsa->g, NULL);
3982 - ASSERT_PTR_NE(kd->dsa->priv_key, NULL);
3983 + ASSERT_PTR_NE(dsa_g(kd), NULL);
3984 + ASSERT_PTR_NE(dsa_priv_key(kd), NULL);
3987 #ifdef OPENSSL_HAS_ECC
3988 @@ -323,9 +352,9 @@ sshkey_tests(void)
3989 ASSERT_PTR_NE(kr, k1);
3990 ASSERT_INT_EQ(k1->type, KEY_RSA);
3991 ASSERT_PTR_NE(k1->rsa, NULL);
3992 - ASSERT_PTR_NE(k1->rsa->n, NULL);
3993 - ASSERT_PTR_NE(k1->rsa->e, NULL);
3994 - ASSERT_PTR_EQ(k1->rsa->p, NULL);
3995 + ASSERT_PTR_NE(rsa_n(k1), NULL);
3996 + ASSERT_PTR_NE(rsa_e(k1), NULL);
3997 + ASSERT_PTR_EQ(rsa_p(k1), NULL);
4000 TEST_START("equal KEY_RSA/demoted KEY_RSA");
4001 @@ -339,8 +368,8 @@ sshkey_tests(void)
4002 ASSERT_PTR_NE(kd, k1);
4003 ASSERT_INT_EQ(k1->type, KEY_DSA);
4004 ASSERT_PTR_NE(k1->dsa, NULL);
4005 - ASSERT_PTR_NE(k1->dsa->g, NULL);
4006 - ASSERT_PTR_EQ(k1->dsa->priv_key, NULL);
4007 + ASSERT_PTR_NE(dsa_g(k1), NULL);
4008 + ASSERT_PTR_EQ(dsa_priv_key(k1), NULL);
4011 TEST_START("equal KEY_DSA/demoted KEY_DSA");
4013 commit a3fd8074e2e2f06602e25618721f9556c731312c
4014 Author: djm@openbsd.org <djm@openbsd.org>
4015 Date: Thu Sep 13 09:03:20 2018 +0000
4017 upstream: missed a bit of openssl-1.0.x API in this unittest
4019 OpenBSD-Regress-ID: a73a54d7f7381856a3f3a2d25947bee7a9a5dbc9
4021 diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c
4022 index b598f05c..548da684 100644
4023 --- a/regress/unittests/sshkey/common.c
4024 +++ b/regress/unittests/sshkey/common.c
4026 -/* $OpenBSD: common.c,v 1.2 2015/01/08 13:10:58 djm Exp $ */
4027 +/* $OpenBSD: common.c,v 1.3 2018/09/13 09:03:20 djm Exp $ */
4029 * Helpers for key API tests
4031 @@ -82,3 +82,80 @@ load_bignum(const char *name)
4036 +rsa_n(struct sshkey *k)
4038 + const BIGNUM *n = NULL;
4040 + ASSERT_PTR_NE(k, NULL);
4041 + ASSERT_PTR_NE(k->rsa, NULL);
4042 + RSA_get0_key(k->rsa, &n, NULL, NULL);
4047 +rsa_e(struct sshkey *k)
4049 + const BIGNUM *e = NULL;
4051 + ASSERT_PTR_NE(k, NULL);
4052 + ASSERT_PTR_NE(k->rsa, NULL);
4053 + RSA_get0_key(k->rsa, NULL, &e, NULL);
4058 +rsa_p(struct sshkey *k)
4060 + const BIGNUM *p = NULL;
4062 + ASSERT_PTR_NE(k, NULL);
4063 + ASSERT_PTR_NE(k->rsa, NULL);
4064 + RSA_get0_factors(k->rsa, &p, NULL);
4069 +rsa_q(struct sshkey *k)
4071 + const BIGNUM *q = NULL;
4073 + ASSERT_PTR_NE(k, NULL);
4074 + ASSERT_PTR_NE(k->rsa, NULL);
4075 + RSA_get0_factors(k->rsa, NULL, &q);
4080 +dsa_g(struct sshkey *k)
4082 + const BIGNUM *g = NULL;
4084 + ASSERT_PTR_NE(k, NULL);
4085 + ASSERT_PTR_NE(k->dsa, NULL);
4086 + DSA_get0_pqg(k->dsa, NULL, NULL, &g);
4091 +dsa_pub_key(struct sshkey *k)
4093 + const BIGNUM *pub_key = NULL;
4095 + ASSERT_PTR_NE(k, NULL);
4096 + ASSERT_PTR_NE(k->dsa, NULL);
4097 + DSA_get0_key(k->dsa, &pub_key, NULL);
4102 +dsa_priv_key(struct sshkey *k)
4104 + const BIGNUM *priv_key = NULL;
4106 + ASSERT_PTR_NE(k, NULL);
4107 + ASSERT_PTR_NE(k->dsa, NULL);
4108 + DSA_get0_key(k->dsa, NULL, &priv_key);
4112 diff --git a/regress/unittests/sshkey/common.h b/regress/unittests/sshkey/common.h
4113 index bf7d19dc..7a514fdc 100644
4114 --- a/regress/unittests/sshkey/common.h
4115 +++ b/regress/unittests/sshkey/common.h
4117 -/* $OpenBSD: common.h,v 1.1 2014/06/24 01:14:18 djm Exp $ */
4118 +/* $OpenBSD: common.h,v 1.2 2018/09/13 09:03:20 djm Exp $ */
4120 * Helpers for key API tests
4122 @@ -14,3 +14,12 @@ struct sshbuf *load_text_file(const char *name);
4123 /* Load a bignum from a file */
4124 BIGNUM *load_bignum(const char *name);
4126 +/* Accessors for key components */
4127 +const BIGNUM *rsa_n(struct sshkey *k);
4128 +const BIGNUM *rsa_e(struct sshkey *k);
4129 +const BIGNUM *rsa_p(struct sshkey *k);
4130 +const BIGNUM *rsa_q(struct sshkey *k);
4131 +const BIGNUM *dsa_g(struct sshkey *k);
4132 +const BIGNUM *dsa_pub_key(struct sshkey *k);
4133 +const BIGNUM *dsa_priv_key(struct sshkey *k);
4135 diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c
4136 index 0636e84b..65610dac 100644
4137 --- a/regress/unittests/sshkey/test_file.c
4138 +++ b/regress/unittests/sshkey/test_file.c
4140 -/* $OpenBSD: test_file.c,v 1.7 2018/09/12 01:36:45 djm Exp $ */
4141 +/* $OpenBSD: test_file.c,v 1.8 2018/09/13 09:03:20 djm Exp $ */
4143 * Regress test for sshkey.h key management API
4145 @@ -60,9 +60,9 @@ sshkey_file_tests(void)
4146 a = load_bignum("rsa_1.param.n");
4147 b = load_bignum("rsa_1.param.p");
4148 c = load_bignum("rsa_1.param.q");
4149 - ASSERT_BIGNUM_EQ(k1->rsa->n, a);
4150 - ASSERT_BIGNUM_EQ(k1->rsa->p, b);
4151 - ASSERT_BIGNUM_EQ(k1->rsa->q, c);
4152 + ASSERT_BIGNUM_EQ(rsa_n(k1), a);
4153 + ASSERT_BIGNUM_EQ(rsa_p(k1), b);
4154 + ASSERT_BIGNUM_EQ(rsa_q(k1), c);
4158 @@ -169,9 +169,9 @@ sshkey_file_tests(void)
4159 a = load_bignum("dsa_1.param.g");
4160 b = load_bignum("dsa_1.param.priv");
4161 c = load_bignum("dsa_1.param.pub");
4162 - ASSERT_BIGNUM_EQ(k1->dsa->g, a);
4163 - ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b);
4164 - ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c);
4165 + ASSERT_BIGNUM_EQ(dsa_g(k1), a);
4166 + ASSERT_BIGNUM_EQ(dsa_priv_key(k1), b);
4167 + ASSERT_BIGNUM_EQ(dsa_pub_key(k1), c);
4171 diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
4172 index 8e35f441..47a03fad 100644
4173 --- a/regress/unittests/sshkey/test_sshkey.c
4174 +++ b/regress/unittests/sshkey/test_sshkey.c
4176 -/* $OpenBSD: test_sshkey.c,v 1.16 2018/09/13 05:06:51 djm Exp $ */
4177 +/* $OpenBSD: test_sshkey.c,v 1.17 2018/09/13 09:03:20 djm Exp $ */
4179 * Regress test for sshkey.h key management API
4181 @@ -173,61 +173,6 @@ get_private(const char *n)
4185 -static const BIGNUM *
4186 -rsa_n(struct sshkey *k)
4188 - const BIGNUM *n = NULL;
4190 - ASSERT_PTR_NE(k, NULL);
4191 - ASSERT_PTR_NE(k->rsa, NULL);
4192 - RSA_get0_key(k->rsa, &n, NULL, NULL);
4196 -static const BIGNUM *
4197 -rsa_e(struct sshkey *k)
4199 - const BIGNUM *e = NULL;
4201 - ASSERT_PTR_NE(k, NULL);
4202 - ASSERT_PTR_NE(k->rsa, NULL);
4203 - RSA_get0_key(k->rsa, NULL, &e, NULL);
4207 -static const BIGNUM *
4208 -rsa_p(struct sshkey *k)
4210 - const BIGNUM *p = NULL;
4212 - ASSERT_PTR_NE(k, NULL);
4213 - ASSERT_PTR_NE(k->rsa, NULL);
4214 - RSA_get0_factors(k->rsa, &p, NULL);
4218 -static const BIGNUM *
4219 -dsa_g(struct sshkey *k)
4221 - const BIGNUM *g = NULL;
4223 - ASSERT_PTR_NE(k, NULL);
4224 - ASSERT_PTR_NE(k->dsa, NULL);
4225 - DSA_get0_pqg(k->dsa, NULL, NULL, &g);
4229 -static const BIGNUM *
4230 -dsa_priv_key(struct sshkey *k)
4232 - const BIGNUM *priv_key = NULL;
4234 - ASSERT_PTR_NE(k, NULL);
4235 - ASSERT_PTR_NE(k->dsa, NULL);
4236 - DSA_get0_key(k->dsa, NULL, &priv_key);
4244 commit d64e78526596f098096113fcf148216798c327ff
4245 Author: Damien Miller <djm@mindrot.org>
4246 Date: Thu Sep 13 19:05:48 2018 +1000
4250 diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c
4251 index 548da684..e63465c4 100644
4252 --- a/regress/unittests/sshkey/common.c
4253 +++ b/regress/unittests/sshkey/common.c
4255 # include <openssl/ec.h>
4258 +#include "openbsd-compat/openssl-compat.h"
4260 #include "../test_helper/test_helper.h"