Christoph Biedl wrote... > The patch attached:
Now really attached.
diff --git a/ssh.c b/ssh.c
index bb73ff3..ee6cb58 100644
--- a/ssh.c
+++ b/ssh.c
@@ -234,6 +234,8 @@ SSH_accept(SSH *ssh)
u_char *p, cipher, cookie[8], msg[1024];
u_int32_t num;
int i;
+ const BIGNUM *servkey_e, *servkey_n;
+ const BIGNUM *hostkey_e, *hostkey_n;
/* Generate anti-spoofing cookie. */
RAND_bytes(cookie, sizeof(cookie));
@@ -243,11 +245,13 @@ SSH_accept(SSH *ssh)
*p++ = SSH_SMSG_PUBLIC_KEY; /* type */
memcpy(p, cookie, 8); p += 8; /* cookie */
num = 768; PUTLONG(num, p); /* servkey bits */
- put_bn(ssh->ctx->servkey->e, &p); /* servkey exponent */
- put_bn(ssh->ctx->servkey->n, &p); /* servkey modulus */
+ RSA_get0_key(ssh->ctx->servkey, &servkey_n, &servkey_e, NULL);
+ put_bn(servkey_e, &p); /* servkey exponent */
+ put_bn(servkey_n, &p); /* servkey modulus */
num = 1024; PUTLONG(num, p); /* hostkey bits */
- put_bn(ssh->ctx->hostkey->e, &p); /* hostkey exponent */
- put_bn(ssh->ctx->hostkey->n, &p); /* hostkey modulus */
+ RSA_get0_key(ssh->ctx->hostkey, &hostkey_n, &hostkey_e, NULL);
+ put_bn(hostkey_e, &p); /* hostkey exponent */
+ put_bn(hostkey_n, &p); /* hostkey modulus */
num = 0; PUTLONG(num, p); /* protocol flags */
num = ssh->ctx->encmask; PUTLONG(num, p); /* ciphers */
num = ssh->ctx->authmask; PUTLONG(num, p); /* authmask */
@@ -298,7 +302,7 @@ SSH_accept(SSH *ssh)
SKIP(p, i, 4);
/* Decrypt session key. */
- if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) {
+ if (BN_cmp(servkey_n, hostkey_n) > 0) {
rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey);
rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey);
}
@@ -318,8 +322,8 @@ SSH_accept(SSH *ssh)
BN_clear_free(enckey);
/* Derive real session key using session id. */
- if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
- ssh->ctx->servkey->n)) == NULL) {
+ if ((p = ssh_session_id(cookie, hostkey_n,
+ servkey_n)) == NULL) {
warn("ssh_session_id");
return (-1);
}
@@ -328,10 +332,8 @@ SSH_accept(SSH *ssh)
}
/* Set cipher. */
if (cipher == SSH_CIPHER_3DES) {
- ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
- ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
- ssh->encrypt = des3_encrypt;
- ssh->decrypt = des3_decrypt;
+ warnx("cipher 3des no longer supported");
+ return (-1);
}
else if (cipher == SSH_CIPHER_BLOWFISH) {
ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey));
@@ -357,6 +359,8 @@ SSH_connect(SSH *ssh)
u_char *p, cipher, cookie[8], msg[1024];
u_int32_t num;
int i;
+ BIGNUM *servkey_n, *servkey_e;
+ BIGNUM *hostkey_n, *hostkey_e;
/* Get public key. */
if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
@@ -379,21 +383,23 @@ SSH_connect(SSH *ssh)
/* Get servkey. */
ssh->ctx->servkey = RSA_new();
- ssh->ctx->servkey->n = BN_new();
- ssh->ctx->servkey->e = BN_new();
+ servkey_n = BN_new();
+ servkey_e = BN_new();
+ RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL);
SKIP(p, i, 4);
- get_bn(ssh->ctx->servkey->e, &p, &i);
- get_bn(ssh->ctx->servkey->n, &p, &i);
+ get_bn(servkey_e, &p, &i);
+ get_bn(servkey_n, &p, &i);
/* Get hostkey. */
ssh->ctx->hostkey = RSA_new();
- ssh->ctx->hostkey->n = BN_new();
- ssh->ctx->hostkey->e = BN_new();
+ hostkey_n = BN_new();
+ hostkey_e = BN_new();
+ RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL);
SKIP(p, i, 4);
- get_bn(ssh->ctx->hostkey->e, &p, &i);
- get_bn(ssh->ctx->hostkey->n, &p, &i);
+ get_bn(hostkey_e, &p, &i);
+ get_bn(hostkey_n, &p, &i);
/* Get cipher, auth masks. */
SKIP(p, i, 4);
@@ -405,8 +411,8 @@ SSH_connect(SSH *ssh)
RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey));
/* Obfuscate with session id. */
- if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
- ssh->ctx->servkey->n)) == NULL) {
+ if ((p = ssh_session_id(cookie, hostkey_n,
+ servkey_n)) == NULL) {
warn("ssh_session_id");
return (-1);
}
@@ -422,7 +428,7 @@ SSH_connect(SSH *ssh)
else BN_add_word(bn, ssh->sesskey[i]);
}
/* Encrypt session key. */
- if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) {
+ if (BN_cmp(servkey_n, hostkey_n) < 0) {
rsa_public_encrypt(bn, bn, ssh->ctx->servkey);
rsa_public_encrypt(bn, bn, ssh->ctx->hostkey);
}
@@ -470,10 +476,8 @@ SSH_connect(SSH *ssh)
ssh->decrypt = blowfish_decrypt;
}
else if (cipher == SSH_CIPHER_3DES) {
- ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
- ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
- ssh->encrypt = des3_encrypt;
- ssh->decrypt = des3_decrypt;
+ warnx("cipher 3des no longer supported");
+ return (-1);
}
/* Get server response. */
if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
diff --git a/sshcrypto.c b/sshcrypto.c
index 09a04e7..f66202d 100644
--- a/sshcrypto.c
+++ b/sshcrypto.c
@@ -28,10 +28,12 @@ struct blowfish_state {
u_char iv[8];
};
+#if 0
struct des3_state {
des_key_schedule k1, k2, k3;
des_cblock iv1, iv2, iv3;
};
+#endif
void
rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
@@ -39,10 +41,12 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
u_char *inbuf, *outbuf;
int len, ilen, olen;
- if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
+ const BIGNUM *n, *e;
+ RSA_get0_key(key, &n, &e, NULL);
+ if (BN_num_bits(e) < 2 || !BN_is_odd(e))
errx(1, "rsa_public_encrypt() exponent too small or not odd");
- olen = BN_num_bytes(key->n);
+ olen = BN_num_bytes(n);
outbuf = malloc(olen);
ilen = BN_num_bytes(in);
@@ -71,7 +75,9 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
u_char *inbuf, *outbuf;
int len, ilen, olen;
- olen = BN_num_bytes(key->n);
+ const BIGNUM *n;
+ RSA_get0_key(key, &n, NULL, NULL);
+ olen = BN_num_bytes(n);
outbuf = malloc(olen);
ilen = BN_num_bytes(in);
@@ -146,6 +152,7 @@ blowfish_decrypt(u_char *src, u_char *dst, int len, void *state)
swap_bytes(dst, dst, len);
}
+#if 0
/* XXX - SSH1's weirdo 3DES... */
void *
des3_init(u_char *sesskey, int len)
@@ -194,3 +201,4 @@ des3_decrypt(u_char *src, u_char *dst, int len, void *state)
des_ncbc_encrypt(dst, dst, len, dstate->k2, &dstate->iv2, DES_ENCRYPT);
des_ncbc_encrypt(dst, dst, len, dstate->k1, &dstate->iv1, DES_DECRYPT);
}
+#endif
signature.asc
Description: Digital signature
