Christoph Biedl wrote... > The patch attached:
Now really attached.
diff --git a/ssh.c b/ssh.c index bb73ff3..ee6cb58 100644 --- a/ssh.c +++ b/ssh.c @@ -234,6 +234,8 @@ SSH_accept(SSH *ssh) u_char *p, cipher, cookie[8], msg[1024]; u_int32_t num; int i; + const BIGNUM *servkey_e, *servkey_n; + const BIGNUM *hostkey_e, *hostkey_n; /* Generate anti-spoofing cookie. */ RAND_bytes(cookie, sizeof(cookie)); @@ -243,11 +245,13 @@ SSH_accept(SSH *ssh) *p++ = SSH_SMSG_PUBLIC_KEY; /* type */ memcpy(p, cookie, 8); p += 8; /* cookie */ num = 768; PUTLONG(num, p); /* servkey bits */ - put_bn(ssh->ctx->servkey->e, &p); /* servkey exponent */ - put_bn(ssh->ctx->servkey->n, &p); /* servkey modulus */ + RSA_get0_key(ssh->ctx->servkey, &servkey_n, &servkey_e, NULL); + put_bn(servkey_e, &p); /* servkey exponent */ + put_bn(servkey_n, &p); /* servkey modulus */ num = 1024; PUTLONG(num, p); /* hostkey bits */ - put_bn(ssh->ctx->hostkey->e, &p); /* hostkey exponent */ - put_bn(ssh->ctx->hostkey->n, &p); /* hostkey modulus */ + RSA_get0_key(ssh->ctx->hostkey, &hostkey_n, &hostkey_e, NULL); + put_bn(hostkey_e, &p); /* hostkey exponent */ + put_bn(hostkey_n, &p); /* hostkey modulus */ num = 0; PUTLONG(num, p); /* protocol flags */ num = ssh->ctx->encmask; PUTLONG(num, p); /* ciphers */ num = ssh->ctx->authmask; PUTLONG(num, p); /* authmask */ @@ -298,7 +302,7 @@ SSH_accept(SSH *ssh) SKIP(p, i, 4); /* Decrypt session key. */ - if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) { + if (BN_cmp(servkey_n, hostkey_n) > 0) { rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey); rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey); } @@ -318,8 +322,8 @@ SSH_accept(SSH *ssh) BN_clear_free(enckey); /* Derive real session key using session id. */ - if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n, - ssh->ctx->servkey->n)) == NULL) { + if ((p = ssh_session_id(cookie, hostkey_n, + servkey_n)) == NULL) { warn("ssh_session_id"); return (-1); } @@ -328,10 +332,8 @@ SSH_accept(SSH *ssh) } /* Set cipher. */ if (cipher == SSH_CIPHER_3DES) { - ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); - ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); - ssh->encrypt = des3_encrypt; - ssh->decrypt = des3_decrypt; + warnx("cipher 3des no longer supported"); + return (-1); } else if (cipher == SSH_CIPHER_BLOWFISH) { ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey)); @@ -357,6 +359,8 @@ SSH_connect(SSH *ssh) u_char *p, cipher, cookie[8], msg[1024]; u_int32_t num; int i; + BIGNUM *servkey_n, *servkey_e; + BIGNUM *hostkey_n, *hostkey_e; /* Get public key. */ if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) { @@ -379,21 +383,23 @@ SSH_connect(SSH *ssh) /* Get servkey. */ ssh->ctx->servkey = RSA_new(); - ssh->ctx->servkey->n = BN_new(); - ssh->ctx->servkey->e = BN_new(); + servkey_n = BN_new(); + servkey_e = BN_new(); + RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL); SKIP(p, i, 4); - get_bn(ssh->ctx->servkey->e, &p, &i); - get_bn(ssh->ctx->servkey->n, &p, &i); + get_bn(servkey_e, &p, &i); + get_bn(servkey_n, &p, &i); /* Get hostkey. */ ssh->ctx->hostkey = RSA_new(); - ssh->ctx->hostkey->n = BN_new(); - ssh->ctx->hostkey->e = BN_new(); + hostkey_n = BN_new(); + hostkey_e = BN_new(); + RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL); SKIP(p, i, 4); - get_bn(ssh->ctx->hostkey->e, &p, &i); - get_bn(ssh->ctx->hostkey->n, &p, &i); + get_bn(hostkey_e, &p, &i); + get_bn(hostkey_n, &p, &i); /* Get cipher, auth masks. */ SKIP(p, i, 4); @@ -405,8 +411,8 @@ SSH_connect(SSH *ssh) RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey)); /* Obfuscate with session id. */ - if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n, - ssh->ctx->servkey->n)) == NULL) { + if ((p = ssh_session_id(cookie, hostkey_n, + servkey_n)) == NULL) { warn("ssh_session_id"); return (-1); } @@ -422,7 +428,7 @@ SSH_connect(SSH *ssh) else BN_add_word(bn, ssh->sesskey[i]); } /* Encrypt session key. */ - if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) { + if (BN_cmp(servkey_n, hostkey_n) < 0) { rsa_public_encrypt(bn, bn, ssh->ctx->servkey); rsa_public_encrypt(bn, bn, ssh->ctx->hostkey); } @@ -470,10 +476,8 @@ SSH_connect(SSH *ssh) ssh->decrypt = blowfish_decrypt; } else if (cipher == SSH_CIPHER_3DES) { - ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); - ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); - ssh->encrypt = des3_encrypt; - ssh->decrypt = des3_decrypt; + warnx("cipher 3des no longer supported"); + return (-1); } /* Get server response. */ if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) { diff --git a/sshcrypto.c b/sshcrypto.c index 09a04e7..f66202d 100644 --- a/sshcrypto.c +++ b/sshcrypto.c @@ -28,10 +28,12 @@ struct blowfish_state { u_char iv[8]; }; +#if 0 struct des3_state { des_key_schedule k1, k2, k3; des_cblock iv1, iv2, iv3; }; +#endif void rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) @@ -39,10 +41,12 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) u_char *inbuf, *outbuf; int len, ilen, olen; - if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) + const BIGNUM *n, *e; + RSA_get0_key(key, &n, &e, NULL); + if (BN_num_bits(e) < 2 || !BN_is_odd(e)) errx(1, "rsa_public_encrypt() exponent too small or not odd"); - olen = BN_num_bytes(key->n); + olen = BN_num_bytes(n); outbuf = malloc(olen); ilen = BN_num_bytes(in); @@ -71,7 +75,9 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) u_char *inbuf, *outbuf; int len, ilen, olen; - olen = BN_num_bytes(key->n); + const BIGNUM *n; + RSA_get0_key(key, &n, NULL, NULL); + olen = BN_num_bytes(n); outbuf = malloc(olen); ilen = BN_num_bytes(in); @@ -146,6 +152,7 @@ blowfish_decrypt(u_char *src, u_char *dst, int len, void *state) swap_bytes(dst, dst, len); } +#if 0 /* XXX - SSH1's weirdo 3DES... */ void * des3_init(u_char *sesskey, int len) @@ -194,3 +201,4 @@ des3_decrypt(u_char *src, u_char *dst, int len, void *state) des_ncbc_encrypt(dst, dst, len, dstate->k2, &dstate->iv2, DES_ENCRYPT); des_ncbc_encrypt(dst, dst, len, dstate->k1, &dstate->iv1, DES_DECRYPT); } +#endif
signature.asc
Description: Digital signature