On 05/22/18 08:52 PM, Jerome BENOIT wrote:
> Hello,
>
>
>
> On 22/05/18 23:52, Moritz Muehlenhoff wrote:
> > Hi Jerome,
> >
> > On Fri, Oct 13, 2017 at 07:05:26PM +0400, Jerome BENOIT wrote:
> >> Dear Sebastian, thanks for your warning.
> >>
> >> The amount of change might be too heavy for me.
> >> Second, pam_ssh seems no more maintained.
> >>
> >> I have just contacted the upstream maintainer.
> >
> > Did you get a reply?
>
> No.
>
> I will have a look if time permit.
> And, of course, any patch is welcome.
>
> Cheers,
> Jerome
OpenSUSE has an OpenSSL 1.1 patch in their package:
https://build.opensuse.org/package/view_file/openSUSE:Factory/pam_ssh/pam_ssh-openssl11.patch
Changelog here:
https://build.opensuse.org/request/show/547009
I'm attaching the patch. It will try to modify `configure' which isn't
in Debian's source tarball, but if you remove that bit, it applies
cleanly. It seems to work OK on my locally-built package.
John
===================================================================
Index: pam_ssh-2.1/cipher.c
===================================================================
--- pam_ssh-2.1.orig/cipher.c 2015-05-03 13:30:39.000000000 +0200
+++ pam_ssh-2.1/cipher.c 2017-11-30 15:31:05.770390639 +0100
@@ -326,26 +326,26 @@ cipher_init(struct sshcipher_ctx *cc, co
return SSH_ERR_INVALID_ARGUMENT;
#else
type = (*cipher->evptype)();
- EVP_CIPHER_CTX_init(&cc->evp);
- if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv,
+ cc->evp = EVP_CIPHER_CTX_new();
+ if (EVP_CipherInit(cc->evp, type, NULL, (u_char *)iv,
(do_encrypt == CIPHER_ENCRYPT)) == 0) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto bad;
}
if (cipher_authlen(cipher) &&
- !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_IV_FIXED,
+ !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED,
-1, (u_char *)iv)) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto bad;
}
- klen = EVP_CIPHER_CTX_key_length(&cc->evp);
+ klen = EVP_CIPHER_CTX_key_length(cc->evp);
if (klen > 0 && keylen != (u_int)klen) {
- if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0) {
+ if (EVP_CIPHER_CTX_set_key_length(cc->evp, keylen) == 0) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto bad;
}
}
- if (EVP_CipherInit(&cc->evp, NULL, (u_char *)key, NULL, -1) == 0) {
+ if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto bad;
}
@@ -358,14 +358,14 @@ cipher_init(struct sshcipher_ctx *cc, co
ret = SSH_ERR_ALLOC_FAIL;
goto bad;
}
- ret = EVP_Cipher(&cc->evp, discard, junk, cipher->discard_len);
+ ret = EVP_Cipher(cc->evp, discard, junk, cipher->discard_len);
explicit_bzero(discard, cipher->discard_len);
free(junk);
free(discard);
if (ret != 1) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
bad:
- EVP_CIPHER_CTX_cleanup(&cc->evp);
+ EVP_CIPHER_CTX_cleanup(cc->evp);
return ret;
}
}
@@ -412,33 +412,33 @@ cipher_crypt(struct sshcipher_ctx *cc, u
if (authlen != cipher_authlen(cc->cipher))
return SSH_ERR_INVALID_ARGUMENT;
/* increment IV */
- if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN,
+ if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
1, lastiv))
return SSH_ERR_LIBCRYPTO_ERROR;
/* set tag on decyption */
if (!cc->encrypt &&
- !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_TAG,
+ !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG,
authlen, (u_char *)src + aadlen + len))
return SSH_ERR_LIBCRYPTO_ERROR;
}
if (aadlen) {
if (authlen &&
- EVP_Cipher(&cc->evp, NULL, (u_char *)src, aadlen) < 0)
+ EVP_Cipher(cc->evp, NULL, (u_char *)src, aadlen) < 0)
return SSH_ERR_LIBCRYPTO_ERROR;
memcpy(dest, src, aadlen);
}
if (len % cc->cipher->block_size)
return SSH_ERR_INVALID_ARGUMENT;
- if (EVP_Cipher(&cc->evp, dest + aadlen, (u_char *)src + aadlen,
+ if (EVP_Cipher(cc->evp, dest + aadlen, (u_char *)src + aadlen,
len) < 0)
return SSH_ERR_LIBCRYPTO_ERROR;
if (authlen) {
/* compute tag (on encrypt) or verify tag (on decrypt) */
- if (EVP_Cipher(&cc->evp, NULL, NULL, 0) < 0)
+ if (EVP_Cipher(cc->evp, NULL, NULL, 0) < 0)
return cc->encrypt ?
SSH_ERR_LIBCRYPTO_ERROR : SSH_ERR_MAC_INVALID;
if (cc->encrypt &&
- !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG,
+ !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_GET_TAG,
authlen, dest + aadlen + len))
return SSH_ERR_LIBCRYPTO_ERROR;
}
@@ -471,7 +471,7 @@ cipher_cleanup(struct sshcipher_ctx *cc)
else if ((cc->cipher->flags & CFLAG_AESCTR) != 0)
explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx));
#ifdef WITH_OPENSSL
- else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
+ else if (EVP_CIPHER_CTX_cleanup(cc->evp) == 0)
return SSH_ERR_LIBCRYPTO_ERROR;
#endif
return 0;
@@ -518,7 +518,7 @@ cipher_get_keyiv_len(const struct sshcip
ivlen = 0;
#ifdef WITH_OPENSSL
else
- ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp);
+ ivlen = EVP_CIPHER_CTX_iv_length(cc->evp);
#endif /* WITH_OPENSSL */
return (ivlen);
}
@@ -544,7 +544,7 @@ cipher_get_keyiv(struct sshcipher_ctx *c
case SSH_CIPHER_SSH2:
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
- evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
+ evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
if (evplen == 0)
return 0;
else if (evplen < 0)
@@ -553,20 +553,20 @@ cipher_get_keyiv(struct sshcipher_ctx *c
return SSH_ERR_INVALID_ARGUMENT;
#ifndef OPENSSL_HAVE_EVPCTR
if (c->evptype == evp_aes_128_ctr)
- ssh_aes_ctr_iv(&cc->evp, 0, iv, len);
+ ssh_aes_ctr_iv(cc->evp, 0, iv, len);
else
#endif
if (cipher_authlen(c)) {
- if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN,
+ if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
len, iv))
return SSH_ERR_LIBCRYPTO_ERROR;
} else
- memcpy(iv, cc->evp.iv, len);
+ memcpy(iv, EVP_CIPHER_CTX_iv(cc->evp), len);
break;
#endif
#ifdef WITH_SSH1
case SSH_CIPHER_3DES:
- return ssh1_3des_iv(&cc->evp, 0, iv, 24);
+ return ssh1_3des_iv(cc->evp, 0, iv, 24);
#endif
default:
return SSH_ERR_INVALID_ARGUMENT;
@@ -592,21 +592,21 @@ cipher_set_keyiv(struct sshcipher_ctx *c
case SSH_CIPHER_SSH2:
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
- evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
+ evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
if (evplen <= 0)
return SSH_ERR_LIBCRYPTO_ERROR;
if (cipher_authlen(c)) {
/* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */
- if (!EVP_CIPHER_CTX_ctrl(&cc->evp,
+ if (!EVP_CIPHER_CTX_ctrl(cc->evp,
EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv))
return SSH_ERR_LIBCRYPTO_ERROR;
} else
- memcpy(cc->evp.iv, iv, evplen);
+ memcpy(EVP_CIPHER_CTX_iv_noconst(cc->evp), iv, evplen);
break;
#endif
#ifdef WITH_SSH1
case SSH_CIPHER_3DES:
- return ssh1_3des_iv(&cc->evp, 1, (u_char *)iv, 24);
+ return ssh1_3des_iv(cc->evp, 1, (u_char *)iv, 24);
#endif
default:
return SSH_ERR_INVALID_ARGUMENT;
@@ -615,8 +615,8 @@ cipher_set_keyiv(struct sshcipher_ctx *c
}
#ifdef WITH_OPENSSL
-#define EVP_X_STATE(evp) (evp).cipher_data
-#define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size
+#define EVP_X_STATE(evp) EVP_CIPHER_CTX_get_cipher_data(evp)
+#define EVP_X_STATE_LEN(evp) EVP_CIPHER_impl_ctx_size(EVP_CIPHER_CTX_cipher(evp))
#endif
int
Index: pam_ssh-2.1/cipher.h
===================================================================
--- pam_ssh-2.1.orig/cipher.h 2015-05-03 13:30:39.000000000 +0200
+++ pam_ssh-2.1/cipher.h 2017-11-30 15:31:05.770390639 +0100
@@ -66,7 +66,7 @@ struct sshcipher;
struct sshcipher_ctx {
int plaintext;
int encrypt;
- EVP_CIPHER_CTX evp;
+ EVP_CIPHER_CTX *evp;
struct chachapoly_ctx cp_ctx; /* XXX union with evp? */
struct aesctr_ctx ac_ctx; /* XXX union with evp? */
const struct sshcipher *cipher;
Index: pam_ssh-2.1/cipher-3des1.c
===================================================================
--- pam_ssh-2.1.orig/cipher-3des1.c 2015-05-03 13:30:39.000000000 +0200
+++ pam_ssh-2.1/cipher-3des1.c 2017-11-30 15:46:13.340754169 +0100
@@ -59,7 +59,7 @@
*/
struct ssh1_3des_ctx
{
- EVP_CIPHER_CTX k1, k2, k3;
+ EVP_CIPHER_CTX *k1, *k2, *k3;
};
const EVP_CIPHER * evp_ssh1_3des(void);
@@ -80,7 +80,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, cons
if (key == NULL)
return 1;
if (enc == -1)
- enc = ctx->encrypt;
+ enc = EVP_CIPHER_CTX_encrypting(ctx);
k1 = k2 = k3 = (u_char *) key;
k2 += 8;
if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) {
@@ -89,12 +89,17 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, cons
else
k1 += 16;
}
- EVP_CIPHER_CTX_init(&c->k1);
- EVP_CIPHER_CTX_init(&c->k2);
- EVP_CIPHER_CTX_init(&c->k3);
- if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
- EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
- EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
+ c->k1 = c->k2 = c->k3 = NULL;
+ c->k1 = EVP_CIPHER_CTX_new();
+ c->k2 = EVP_CIPHER_CTX_new();
+ c->k3 = EVP_CIPHER_CTX_new();
+ if (c->k1 == NULL || c->k2 == NULL || c->k3 == NULL ||
+ EVP_CipherInit(c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
+ EVP_CipherInit(c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
+ EVP_CipherInit(c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
+ EVP_CIPHER_CTX_free(c->k1);
+ EVP_CIPHER_CTX_free(c->k2);
+ EVP_CIPHER_CTX_free(c->k3);
explicit_bzero(c, sizeof(*c));
free(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
@@ -110,9 +115,9 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_cha
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
return 0;
- if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 ||
- EVP_Cipher(&c->k2, dest, dest, len) == 0 ||
- EVP_Cipher(&c->k3, dest, dest, len) == 0)
+ if (EVP_Cipher(c->k1, dest, (u_char *)src, len) == 0 ||
+ EVP_Cipher(c->k2, dest, dest, len) == 0 ||
+ EVP_Cipher(c->k3, dest, dest, len) == 0)
return 0;
return 1;
}
@@ -123,9 +128,9 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
struct ssh1_3des_ctx *c;
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
- EVP_CIPHER_CTX_cleanup(&c->k1);
- EVP_CIPHER_CTX_cleanup(&c->k2);
- EVP_CIPHER_CTX_cleanup(&c->k3);
+ EVP_CIPHER_CTX_free(c->k1);
+ EVP_CIPHER_CTX_free(c->k2);
+ EVP_CIPHER_CTX_free(c->k3);
explicit_bzero(c, sizeof(*c));
free(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
@@ -143,13 +148,13 @@ ssh1_3des_iv(EVP_CIPHER_CTX *evp, int do
if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
return SSH_ERR_INTERNAL_ERROR;
if (doset) {
- memcpy(c->k1.iv, iv, 8);
- memcpy(c->k2.iv, iv + 8, 8);
- memcpy(c->k3.iv, iv + 16, 8);
+ memcpy(EVP_CIPHER_CTX_iv_noconst(c->k1), iv, 8);
+ memcpy(EVP_CIPHER_CTX_iv_noconst(c->k2), iv + 8, 8);
+ memcpy(EVP_CIPHER_CTX_iv_noconst(c->k3), iv + 16, 8);
} else {
- memcpy(iv, c->k1.iv, 8);
- memcpy(iv + 8, c->k2.iv, 8);
- memcpy(iv + 16, c->k3.iv, 8);
+ memcpy(iv, EVP_CIPHER_CTX_iv(c->k1), 8);
+ memcpy(iv + 8, EVP_CIPHER_CTX_iv(c->k2), 8);
+ memcpy(iv + 16, EVP_CIPHER_CTX_iv(c->k3), 8);
}
return 0;
}
@@ -157,16 +162,13 @@ ssh1_3des_iv(EVP_CIPHER_CTX *evp, int do
const EVP_CIPHER *
evp_ssh1_3des(void)
{
- static EVP_CIPHER ssh1_3des;
+ static EVP_CIPHER *ssh1_3des_p;
- memset(&ssh1_3des, 0, sizeof(EVP_CIPHER));
- ssh1_3des.nid = NID_undef;
- ssh1_3des.block_size = 8;
- ssh1_3des.iv_len = 0;
- ssh1_3des.key_len = 16;
- ssh1_3des.init = ssh1_3des_init;
- ssh1_3des.cleanup = ssh1_3des_cleanup;
- ssh1_3des.do_cipher = ssh1_3des_cbc;
- ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH;
- return &ssh1_3des;
+ ssh1_3des_p = EVP_CIPHER_meth_new(NID_undef, /*block_size*/8, /*key_len*/16); /*XXX check return*/
+ EVP_CIPHER_meth_set_iv_length(ssh1_3des_p, 0);
+ EVP_CIPHER_meth_set_init(ssh1_3des_p, ssh1_3des_init);
+ EVP_CIPHER_meth_set_cleanup(ssh1_3des_p, ssh1_3des_cleanup);
+ EVP_CIPHER_meth_set_do_cipher(ssh1_3des_p, ssh1_3des_cbc);
+ EVP_CIPHER_meth_set_flags(ssh1_3des_p, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH);
+ return ssh1_3des_p;
}
Index: pam_ssh-2.1/configure.ac
===================================================================
--- pam_ssh-2.1.orig/configure.ac 2015-05-05 16:15:23.000000000 +0200
+++ pam_ssh-2.1/configure.ac 2017-11-30 15:31:05.770390639 +0100
@@ -227,7 +227,7 @@ AC_MSG_CHECKING([whether OpenSSL's heade
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include <string.h>
#include <openssl/opensslv.h>
-int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
+int main(void) { return(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
]])],[
AC_MSG_RESULT(yes)
],[
Index: pam_ssh-2.1/configure
===================================================================
--- pam_ssh-2.1.orig/configure 2015-05-05 16:23:18.000000000 +0200
+++ pam_ssh-2.1/configure 2017-11-30 15:31:05.770390639 +0100
@@ -11799,7 +11799,7 @@ else
#include <string.h>
#include <openssl/opensslv.h>
-int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
+int main(void) { return(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
_ACEOF
if ac_fn_c_try_run "$LINENO"; then :
Index: pam_ssh-2.1/digest-openssl.c
===================================================================
--- pam_ssh-2.1.orig/digest-openssl.c 2015-05-03 13:30:39.000000000 +0200
+++ pam_ssh-2.1/digest-openssl.c 2017-11-30 15:31:05.770390639 +0100
@@ -41,7 +41,7 @@
struct ssh_digest_ctx {
int alg;
- EVP_MD_CTX mdctx;
+ EVP_MD_CTX *mdctx;
};
struct ssh_digest {
Index: pam_ssh-2.1/rsa.c
===================================================================
--- pam_ssh-2.1.orig/rsa.c 2015-05-03 13:30:39.000000000 +0200
+++ pam_ssh-2.1/rsa.c 2017-11-30 15:31:05.770390639 +0100
@@ -76,11 +76,14 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *
{
u_char *inbuf = NULL, *outbuf = NULL;
int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR;
+ const BIGNUM *n, *e;
- if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
+ RSA_get0_key(key, &n, &e, NULL);
+
+ if (BN_num_bits(e) < 2 || !BN_is_odd(e))
return SSH_ERR_INVALID_ARGUMENT;
- olen = BN_num_bytes(key->n);
+ olen = BN_num_bytes(n);
if ((outbuf = malloc(olen)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
@@ -122,8 +125,11 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM
{
u_char *inbuf = NULL, *outbuf = NULL;
int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR;
+ const BIGNUM *n;
+
+ RSA_get0_key(key, &n, NULL, NULL);
- olen = BN_num_bytes(key->n);
+ olen = BN_num_bytes(n);
if ((outbuf = malloc(olen)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
@@ -159,26 +165,37 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM
/* calculate p-1 and q-1 */
int
-rsa_generate_additional_parameters(RSA *rsa)
+rsa_generate_additional_parameters(RSA *rsa, BIGNUM *iqmp)
{
BIGNUM *aux = NULL;
+ BIGNUM *dmp1 = NULL;
+ BIGNUM *dmq1 = NULL;
+ const BIGNUM *p, *q, *d;
BN_CTX *ctx = NULL;
int r;
+ RSA_get0_factors(rsa, &p, &q);
+ RSA_get0_key(rsa, NULL, NULL, &d);
+
if ((ctx = BN_CTX_new()) == NULL)
return SSH_ERR_ALLOC_FAIL;
- if ((aux = BN_new()) == NULL) {
+ if ((aux = BN_new()) == NULL ||
+ (dmp1 = BN_new()) == NULL ||
+ (dmq1 = BN_new()) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
- if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
- (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
- (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
- (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
+ if ((BN_sub(aux, q, BN_value_one()) == 0) ||
+ (BN_mod(dmq1, d, aux, ctx) == 0) ||
+ (BN_sub(aux, p, BN_value_one()) == 0) ||
+ (BN_mod(dmp1, d, aux, ctx) == 0) ||
+ (RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp) == 0)) {
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
+ dmp1 = NULL;
+ dmq1 = NULL;
r = 0;
out:
BN_clear_free(aux);
Index: pam_ssh-2.1/rsa.h
===================================================================
--- pam_ssh-2.1.orig/rsa.h 2015-05-03 13:30:39.000000000 +0200
+++ pam_ssh-2.1/rsa.h 2017-11-30 15:31:05.774390701 +0100
@@ -21,6 +21,6 @@
int rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *);
int rsa_private_decrypt(BIGNUM *, BIGNUM *, RSA *);
-int rsa_generate_additional_parameters(RSA *);
+int rsa_generate_additional_parameters(RSA *, BIGNUM *);
#endif /* RSA_H */
Index: pam_ssh-2.1/ssh-ecdsa.c
===================================================================
--- pam_ssh-2.1.orig/ssh-ecdsa.c 2015-05-03 13:30:39.000000000 +0200
+++ pam_ssh-2.1/ssh-ecdsa.c 2017-11-30 15:31:05.774390701 +0100
@@ -123,6 +123,7 @@ ssh_ecdsa_verify(const struct sshkey *ke
int ret = SSH_ERR_INTERNAL_ERROR;
struct sshbuf *b = NULL, *sigbuf = NULL;
char *ktype = NULL;
+ BIGNUM *r = NULL, *s = NULL;
if (key == NULL || key->ecdsa == NULL ||
sshkey_type_plain(key->type) != KEY_ECDSA)
@@ -150,15 +151,23 @@ ssh_ecdsa_verify(const struct sshkey *ke
}
/* parse signature */
- if ((sig = ECDSA_SIG_new()) == NULL) {
+ if ((sig = ECDSA_SIG_new()) == NULL ||
+ (r = BN_new()) == NULL ||
+ (s = BN_new()) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
- if (sshbuf_get_bignum2(sigbuf, sig->r) != 0 ||
- sshbuf_get_bignum2(sigbuf, sig->s) != 0) {
+ if (sshbuf_get_bignum2(sigbuf, r) != 0 ||
+ sshbuf_get_bignum2(sigbuf, s) != 0) {
ret = SSH_ERR_INVALID_FORMAT;
goto out;
}
+ if (ECDSA_SIG_set0(sig, r, s) == 0) {
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ r = NULL;
+ s = NULL;
if (sshbuf_len(sigbuf) != 0) {
ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
goto out;
@@ -185,6 +194,8 @@ ssh_ecdsa_verify(const struct sshkey *ke
sshbuf_free(sigbuf);
if (b != NULL)
sshbuf_free(b);
+ BN_free(r);
+ BN_free(s);
if (sig != NULL)
ECDSA_SIG_free(sig);
free(ktype);
Index: pam_ssh-2.1/ssh-dss.c
===================================================================
--- pam_ssh-2.1.orig/ssh-dss.c 2015-05-03 13:30:39.000000000 +0200
+++ pam_ssh-2.1/ssh-dss.c 2017-11-30 15:31:05.774390701 +0100
@@ -139,6 +139,7 @@ ssh_dss_verify(const struct sshkey *key,
int ret = SSH_ERR_INTERNAL_ERROR;
struct sshbuf *b = NULL;
char *ktype = NULL;
+ BIGNUM *r = NULL, *s = NULL;
if (key == NULL || key->dsa == NULL ||
sshkey_type_plain(key->type) != KEY_DSA)
@@ -178,16 +179,19 @@ ssh_dss_verify(const struct sshkey *key,
/* parse signature */
if ((sig = DSA_SIG_new()) == NULL ||
- (sig->r = BN_new()) == NULL ||
- (sig->s = BN_new()) == NULL) {
+ (r = BN_new()) == NULL ||
+ (s = BN_new()) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
- if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) ||
- (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) {
+ if ((BN_bin2bn(sigblob, INTBLOB_LEN, r) == NULL) ||
+ (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, s) == NULL) ||
+ (DSA_SIG_set0(sig, r, s) == 0)) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
+ r = NULL;
+ s = NULL;
/* sha1 the data */
if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
@@ -208,6 +212,8 @@ ssh_dss_verify(const struct sshkey *key,
out:
explicit_bzero(digest, sizeof(digest));
+ BN_free(r);
+ BN_free(s);
if (sig != NULL)
DSA_SIG_free(sig);
if (b != NULL)
Index: pam_ssh-2.1/ssh-rsa.c
===================================================================
--- pam_ssh-2.1.orig/ssh-rsa.c 2015-05-03 13:30:39.000000000 +0200
+++ pam_ssh-2.1/ssh-rsa.c 2017-11-30 15:31:05.774390701 +0100
@@ -129,7 +129,7 @@ ssh_rsa_verify(const struct sshkey *key,
if (key == NULL || key->rsa == NULL ||
sshkey_type_plain(key->type) != KEY_RSA ||
- BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
+ RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE)
return SSH_ERR_INVALID_ARGUMENT;
if ((b = sshbuf_from(signature, signaturelen)) == NULL)
Index: pam_ssh-2.1/sshkey.c
===================================================================
--- pam_ssh-2.1.orig/sshkey.c 2015-05-03 13:36:07.000000000 +0200
+++ pam_ssh-2.1/sshkey.c 2017-11-30 15:31:05.774390701 +0100
@@ -492,11 +492,7 @@ sshkey_new(int type)
case KEY_RSA:
case KEY_RSA_CERT_V00:
case KEY_RSA_CERT:
- if ((rsa = RSA_new()) == NULL ||
- (rsa->n = BN_new()) == NULL ||
- (rsa->e = BN_new()) == NULL) {
- if (rsa != NULL)
- RSA_free(rsa);
+ if ((rsa = RSA_new()) == NULL) {
free(k);
return NULL;
}
@@ -505,13 +501,7 @@ sshkey_new(int type)
case KEY_DSA:
case KEY_DSA_CERT_V00:
case KEY_DSA_CERT:
- if ((dsa = DSA_new()) == NULL ||
- (dsa->p = BN_new()) == NULL ||
- (dsa->q = BN_new()) == NULL ||
- (dsa->g = BN_new()) == NULL ||
- (dsa->pub_key = BN_new()) == NULL) {
- if (dsa != NULL)
- DSA_free(dsa);
+ if ((dsa = DSA_new()) == NULL) {
free(k);
return NULL;
}
@@ -553,22 +543,11 @@ sshkey_add_private(struct sshkey *k)
case KEY_RSA:
case KEY_RSA_CERT_V00:
case KEY_RSA_CERT:
-#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL)
- if (bn_maybe_alloc_failed(k->rsa->d) ||
- bn_maybe_alloc_failed(k->rsa->iqmp) ||
- bn_maybe_alloc_failed(k->rsa->q) ||
- bn_maybe_alloc_failed(k->rsa->p) ||
- bn_maybe_alloc_failed(k->rsa->dmq1) ||
- bn_maybe_alloc_failed(k->rsa->dmp1))
- return SSH_ERR_ALLOC_FAIL;
break;
case KEY_DSA:
case KEY_DSA_CERT_V00:
case KEY_DSA_CERT:
- if (bn_maybe_alloc_failed(k->dsa->priv_key))
- return SSH_ERR_ALLOC_FAIL;
break;
-#undef bn_maybe_alloc_failed
case KEY_ECDSA:
case KEY_ECDSA_CERT:
/* Cannot do anything until we know the group */
@@ -1762,15 +1741,32 @@ sshkey_from_private(const struct sshkey
#ifdef WITH_OPENSSL
case KEY_DSA:
case KEY_DSA_CERT_V00:
- case KEY_DSA_CERT:
- if ((n = sshkey_new(k->type)) == NULL)
- return SSH_ERR_ALLOC_FAIL;
- if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
- (BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
- (BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
- (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) {
- sshkey_free(n);
- return SSH_ERR_ALLOC_FAIL;
+ case KEY_DSA_CERT: {
+ const BIGNUM *k_p, *k_q, *k_g, *k_pub_key;
+ BIGNUM *n_p = NULL, *n_q = NULL, *n_g = NULL, *n_pub_key = NULL;
+
+ if ((n = sshkey_new(k->type)) == NULL)
+ return SSH_ERR_ALLOC_FAIL;
+
+ DSA_get0_pqg(k->dsa, &k_p, &k_q, &k_g);
+ DSA_get0_key(k->dsa, &k_pub_key, NULL);
+
+ if (((n_p = BN_dup(k_p)) == NULL) ||
+ ((n_q = BN_dup(k_q)) == NULL) ||
+ ((n_g = BN_dup(k_g)) == NULL) ||
+ (DSA_set0_pqg(n->dsa, n_p, n_q, n_g) == 0)) {
+ sshkey_free(n);
+ BN_free(n_p);
+ BN_free(n_q);
+ BN_free(n_g);
+ return SSH_ERR_ALLOC_FAIL;
+ }
+ if (((n_pub_key = BN_dup(k_pub_key)) == NULL) ||
+ (DSA_set0_key(n->dsa, n_pub_key, NULL) == 0)) {
+ sshkey_free(n);
+ BN_free(n_pub_key);
+ return SSH_ERR_ALLOC_FAIL;
+ }
}
break;
# ifdef OPENSSL_HAS_ECC
@@ -1794,13 +1790,22 @@ sshkey_from_private(const struct sshkey
case KEY_RSA:
case KEY_RSA1:
case KEY_RSA_CERT_V00:
- case KEY_RSA_CERT:
- if ((n = sshkey_new(k->type)) == NULL)
- return SSH_ERR_ALLOC_FAIL;
- if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
- (BN_copy(n->rsa->e, k->rsa->e) == NULL)) {
- sshkey_free(n);
- return SSH_ERR_ALLOC_FAIL;
+ case KEY_RSA_CERT: {
+ const BIGNUM *k_n, *k_e;
+ BIGNUM *n_n = NULL, *n_e = NULL;
+
+ if ((n = sshkey_new(k->type)) == NULL)
+ return SSH_ERR_ALLOC_FAIL;
+
+ RSA_get0_key(k->rsa, &k_n, &k_e, NULL);
+ if (((n_n = BN_dup(k_n)) == NULL) ||
+ ((n_e = BN_dup(k_e)) == NULL) ||
+ RSA_set0_key(n->rsa, n_n, n_e, NULL) == 0) {
+ sshkey_free(n);
+ BN_free(n_n);
+ BN_free(n_e);
+ return SSH_ERR_ALLOC_FAIL;
+ }
}
break;
#endif /* WITH_OPENSSL */
@@ -2009,10 +2014,20 @@ sshkey_from_blob_internal(const u_char *
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
- if (sshbuf_get_bignum2(b, key->rsa->e) == -1 ||
- sshbuf_get_bignum2(b, key->rsa->n) == -1) {
- ret = SSH_ERR_INVALID_FORMAT;
- goto out;
+ {
+ BIGNUM *e, *n;
+
+ e = BN_new();
+ n = BN_new();
+ if (e == NULL || n == NULL ||
+ sshbuf_get_bignum2(b, e) != 0 ||
+ sshbuf_get_bignum2(b, n) != 0 ||
+ RSA_set0_key(key->rsa, n, e, NULL) == 0) {
+ BN_free(e);
+ BN_free(n);
+ ret = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
}
#ifdef DEBUG_PK
RSA_print_fp(stderr, key->rsa, 8);
@@ -2030,12 +2045,34 @@ sshkey_from_blob_internal(const u_char *
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
- if (sshbuf_get_bignum2(b, key->dsa->p) == -1 ||
- sshbuf_get_bignum2(b, key->dsa->q) == -1 ||
- sshbuf_get_bignum2(b, key->dsa->g) == -1 ||
- sshbuf_get_bignum2(b, key->dsa->pub_key) == -1) {
- ret = SSH_ERR_INVALID_FORMAT;
- goto out;
+ {
+ BIGNUM *p, *q, *g, *pub_key;
+
+ p = BN_new();
+ q = BN_new();
+ g = BN_new();
+ pub_key = BN_new();
+
+ if (p == NULL || q == NULL || g == NULL ||
+ pub_key == NULL ||
+ sshbuf_get_bignum2(b, p) != 0 ||
+ sshbuf_get_bignum2(b, q) != 0 ||
+ sshbuf_get_bignum2(b, g) != 0 ||
+ sshbuf_get_bignum2(b, pub_key) != 0 ||
+ DSA_set0_pqg(key->dsa, p, q, g) == 0) {
+ BN_free(p);
+ BN_free(q);
+ BN_free(g);
+ BN_free(pub_key);
+ ret = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
+
+ if (DSA_set0_key(key->dsa, pub_key, NULL) == 0) {
+ BN_free(pub_key);
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
}
#ifdef DEBUG_PK
DSA_print_fp(stderr, key->dsa, 8);
@@ -2114,11 +2151,6 @@ sshkey_from_blob_internal(const u_char *
pk = NULL;
break;
case KEY_UNSPEC:
- if ((key = sshkey_new(type)) == NULL) {
- ret = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
- break;
default:
ret = SSH_ERR_KEY_TYPE_UNKNOWN;
goto out;
@@ -2263,27 +2295,54 @@ sshkey_demote(const struct sshkey *k, st
goto fail;
/* FALLTHROUGH */
case KEY_RSA1:
- case KEY_RSA:
- if ((pk->rsa = RSA_new()) == NULL ||
- (pk->rsa->e = BN_dup(k->rsa->e)) == NULL ||
- (pk->rsa->n = BN_dup(k->rsa->n)) == NULL) {
- ret = SSH_ERR_ALLOC_FAIL;
- goto fail;
+ case KEY_RSA: {
+ const BIGNUM *k_e, *k_n;
+ BIGNUM *pk_e = NULL, *pk_n = NULL;
+
+ RSA_get0_key(k->rsa, &k_n, &k_e, NULL);
+ if ((pk->rsa = RSA_new()) == NULL ||
+ (pk_e = BN_dup(k_e)) == NULL ||
+ (pk_n = BN_dup(k_n)) == NULL ||
+ RSA_set0_key(pk->rsa, pk_n, pk_e, NULL) == 0) {
+ BN_free(pk_e);
+ BN_free(pk_n);
+ ret = SSH_ERR_ALLOC_FAIL;
+ goto fail;
}
+ }
break;
case KEY_DSA_CERT_V00:
case KEY_DSA_CERT:
if ((ret = sshkey_cert_copy(k, pk)) != 0)
goto fail;
/* FALLTHROUGH */
- case KEY_DSA:
- if ((pk->dsa = DSA_new()) == NULL ||
- (pk->dsa->p = BN_dup(k->dsa->p)) == NULL ||
- (pk->dsa->q = BN_dup(k->dsa->q)) == NULL ||
- (pk->dsa->g = BN_dup(k->dsa->g)) == NULL ||
- (pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) {
- ret = SSH_ERR_ALLOC_FAIL;
- goto fail;
+ case KEY_DSA: {
+ const BIGNUM *k_p, *k_q, *k_g, *k_pub_key;
+ BIGNUM *pk_p = NULL, *pk_q = NULL, *pk_g = NULL;
+ BIGNUM *pk_pub_key = NULL;
+
+ DSA_get0_pqg(k->dsa, &k_p, &k_q, &k_g);
+ DSA_get0_key(k->dsa, &k_pub_key, NULL);
+
+ if ((pk->dsa = DSA_new()) == NULL ||
+ (pk_p = BN_dup(k_p)) == NULL ||
+ (pk_q = BN_dup(k_q)) == NULL ||
+ (pk_g = BN_dup(k_g)) == NULL ||
+ (pk_pub_key = BN_dup(k_pub_key)) == NULL ||
+ DSA_set0_pqg(pk->dsa, pk_p, pk_q, pk_g) == 0) {
+ BN_free(pk_p);
+ BN_free(pk_q);
+ BN_free(pk_g);
+ BN_free(pk_pub_key);
+ ret = SSH_ERR_ALLOC_FAIL;
+ goto fail;
+ }
+
+ if (DSA_set0_key(pk->dsa, pk_pub_key, NULL) == 0) {
+ BN_free(pk_pub_key);
+ ret = SSH_ERR_LIBCRYPTO_ERROR;
+ goto fail;
+ }
}
break;
case KEY_ECDSA_CERT:
@@ -2576,14 +2635,19 @@ sshkey_private_serialize(const struct ss
goto out;
switch (key->type) {
#ifdef WITH_OPENSSL
- case KEY_RSA:
- if ((r = sshbuf_put_bignum2(b, key->rsa->n)) != 0 ||
- (r = sshbuf_put_bignum2(b, key->rsa->e)) != 0 ||
- (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 ||
- (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 ||
- (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 ||
- (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0)
- goto out;
+ case KEY_RSA: {
+ const BIGNUM *n, *e, *d, *iqmp, *p, *q;
+ RSA_get0_key(key->rsa, &n, &e, &d);
+ RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp);
+ RSA_get0_factors(key->rsa, &p, &q);
+ if ((r = sshbuf_put_bignum2(b, n)) != 0 ||
+ (r = sshbuf_put_bignum2(b, e)) != 0 ||
+ (r = sshbuf_put_bignum2(b, d)) != 0 ||
+ (r = sshbuf_put_bignum2(b, iqmp)) != 0 ||
+ (r = sshbuf_put_bignum2(b, p)) != 0 ||
+ (r = sshbuf_put_bignum2(b, q)) != 0)
+ goto out;
+ }
break;
case KEY_RSA_CERT_V00:
case KEY_RSA_CERT:
@@ -2591,20 +2655,32 @@ sshkey_private_serialize(const struct ss
r = SSH_ERR_INVALID_ARGUMENT;
goto out;
}
- if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
- (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 ||
- (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 ||
- (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 ||
- (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0)
- goto out;
+ {
+ const BIGNUM *d, *iqmp, *p, *q;
+
+ RSA_get0_key(key->rsa, NULL, NULL, &d);
+ RSA_get0_factors(key->rsa, &p, &q);
+ RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp);
+ if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
+ (r = sshbuf_put_bignum2(b, d)) != 0 ||
+ (r = sshbuf_put_bignum2(b, iqmp)) != 0 ||
+ (r = sshbuf_put_bignum2(b, p)) != 0 ||
+ (r = sshbuf_put_bignum2(b, q)) != 0)
+ goto out;
+ }
break;
- case KEY_DSA:
- if ((r = sshbuf_put_bignum2(b, key->dsa->p)) != 0 ||
- (r = sshbuf_put_bignum2(b, key->dsa->q)) != 0 ||
- (r = sshbuf_put_bignum2(b, key->dsa->g)) != 0 ||
- (r = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0 ||
- (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0)
- goto out;
+ case KEY_DSA: {
+ const BIGNUM *p, *q, *g, *pub_key, *priv_key;
+
+ DSA_get0_pqg(key->dsa, &p, &q, &g);
+ DSA_get0_key(key->dsa, &pub_key, &priv_key);
+ if ((r = sshbuf_put_bignum2(b, p)) != 0 ||
+ (r = sshbuf_put_bignum2(b, q)) != 0 ||
+ (r = sshbuf_put_bignum2(b, g)) != 0 ||
+ (r = sshbuf_put_bignum2(b, pub_key)) != 0 ||
+ (r = sshbuf_put_bignum2(b, priv_key)) != 0)
+ goto out;
+ }
break;
case KEY_DSA_CERT_V00:
case KEY_DSA_CERT:
@@ -2612,9 +2688,14 @@ sshkey_private_serialize(const struct ss
r = SSH_ERR_INVALID_ARGUMENT;
goto out;
}
- if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
- (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0)
- goto out;
+ {
+ const BIGNUM *priv_key;
+
+ DSA_get0_key(key->dsa, NULL, &priv_key);
+ if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
+ (r = sshbuf_put_bignum2(b, priv_key)) != 0)
+ goto out;
+ }
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
@@ -2692,20 +2773,53 @@ sshkey_private_deserialize(struct sshbuf
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
- if ((r = sshbuf_get_bignum2(buf, k->dsa->p)) != 0 ||
- (r = sshbuf_get_bignum2(buf, k->dsa->q)) != 0 ||
- (r = sshbuf_get_bignum2(buf, k->dsa->g)) != 0 ||
- (r = sshbuf_get_bignum2(buf, k->dsa->pub_key)) != 0 ||
- (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0)
- goto out;
+ {
+ BIGNUM *p, *q, *g, *pub_key, *priv_key;
+
+ p = BN_new();
+ q = BN_new();
+ g = BN_new();
+ pub_key = BN_new();
+ priv_key = BN_new();
+ if (p == NULL || q == NULL || g == NULL ||
+ pub_key == NULL || priv_key == NULL ||
+ (r = sshbuf_get_bignum2(buf, p)) != 0 ||
+ (r = sshbuf_get_bignum2(buf, q)) != 0 ||
+ (r = sshbuf_get_bignum2(buf, g)) != 0 ||
+ (r = sshbuf_get_bignum2(buf, pub_key)) != 0 ||
+ (r = sshbuf_get_bignum2(buf, priv_key)) != 0 ||
+ (r = ((DSA_set0_pqg(k->dsa, p, q, g) == 0)
+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0) {
+ BN_free(p);
+ BN_free(q);
+ BN_free(g);
+ BN_free(pub_key);
+ BN_free(priv_key);
+ goto out;
+ }
+ if (DSA_set0_key(k->dsa, pub_key, priv_key) == 0) {
+ r = SSH_ERR_LIBCRYPTO_ERROR;
+ BN_free(pub_key);
+ BN_free(priv_key);
+ goto out;
+ }
+ }
break;
case KEY_DSA_CERT_V00:
- case KEY_DSA_CERT:
- if ((r = sshbuf_get_string_direct(buf, &cert, &len)) != 0 ||
- (r = sshkey_from_blob(cert, len, &k)) != 0 ||
- (r = sshkey_add_private(k)) != 0 ||
- (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0)
- goto out;
+ case KEY_DSA_CERT: {
+ BIGNUM *priv_key = BN_new();
+
+ if (priv_key == NULL ||
+ (r = sshbuf_get_string_direct(buf, &cert, &len)) != 0 ||
+ (r = sshkey_from_blob(cert, len, &k)) != 0 ||
+ (r = sshkey_add_private(k)) != 0 ||
+ (r = sshbuf_get_bignum2(buf, priv_key)) != 0 ||
+ (r = ((DSA_set0_key(k->dsa, NULL, priv_key) == 0)
+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0) {
+ BN_free(priv_key);
+ goto out;
+ }
+ }
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
@@ -2765,26 +2879,86 @@ sshkey_private_deserialize(struct sshbuf
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
- if ((r = sshbuf_get_bignum2(buf, k->rsa->n)) != 0 ||
- (r = sshbuf_get_bignum2(buf, k->rsa->e)) != 0 ||
- (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 ||
- (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 ||
- (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 ||
- (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 ||
- (r = rsa_generate_additional_parameters(k->rsa)) != 0)
- goto out;
+ {
+ BIGNUM *n, *e, *d, *iqmp, *p, *q;
+
+ n = BN_new();
+ e = BN_new();
+ d = BN_new();
+ iqmp = BN_new();
+ p = BN_new();
+ q = BN_new();
+
+ if (n == NULL || e == NULL || d == NULL ||
+ iqmp == NULL || p == NULL || q == NULL ||
+ (r = sshbuf_get_bignum2(buf, n)) != 0 ||
+ (r = sshbuf_get_bignum2(buf, e)) != 0 ||
+ (r = sshbuf_get_bignum2(buf, d)) != 0 ||
+ (r = sshbuf_get_bignum2(buf, iqmp)) != 0 ||
+ (r = sshbuf_get_bignum2(buf, p)) != 0 ||
+ (r = sshbuf_get_bignum2(buf, q)) != 0 ||
+ (r = ((RSA_set0_key(k->rsa, n, e, d) == 0)
+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0) {
+ BN_free(n);
+ BN_free(e);
+ BN_free(d);
+ BN_free(iqmp);
+ BN_free(p);
+ BN_free(q);
+ goto out;
+ }
+ if (RSA_set0_factors(k->rsa, p, q) == 0) {
+ r = SSH_ERR_LIBCRYPTO_ERROR;
+ BN_free(iqmp);
+ BN_free(p);
+ BN_free(q);
+ goto out;
+ }
+ if ((r = rsa_generate_additional_parameters(k->rsa, iqmp)) != 0) {
+ BN_free(iqmp);
+ goto out;
+ }
+ }
break;
case KEY_RSA_CERT_V00:
- case KEY_RSA_CERT:
- if ((r = sshbuf_get_string_direct(buf, &cert, &len)) != 0 ||
- (r = sshkey_from_blob(cert, len, &k)) != 0 ||
- (r = sshkey_add_private(k)) != 0 ||
- (r = sshbuf_get_bignum2(buf, k->rsa->d) != 0) ||
- (r = sshbuf_get_bignum2(buf, k->rsa->iqmp) != 0) ||
- (r = sshbuf_get_bignum2(buf, k->rsa->p) != 0) ||
- (r = sshbuf_get_bignum2(buf, k->rsa->q) != 0) ||
- (r = rsa_generate_additional_parameters(k->rsa)) != 0)
- goto out;
+ case KEY_RSA_CERT: {
+ BIGNUM *d, *iqmp, *p, *q;
+
+ /* N and E are already set so make sure we will not overwrite them */
+ d = BN_new();
+ iqmp = BN_new();
+ p = BN_new();
+ q = BN_new();
+
+ if (d == NULL || iqmp == NULL || p == NULL ||
+ q == NULL ||
+ (r = sshbuf_get_string_direct(buf, &cert, &len)) != 0 ||
+ (r = sshkey_from_blob(cert, len, &k)) != 0 ||
+ (r = sshkey_add_private(k)) != 0 ||
+ (r = sshbuf_get_bignum2(buf, d)) != 0 ||
+ (r = sshbuf_get_bignum2(buf, iqmp)) != 0 ||
+ (r = sshbuf_get_bignum2(buf, p)) != 0 ||
+ (r = sshbuf_get_bignum2(buf, q)) != 0 ||
+ (r = ((RSA_set0_key(k->rsa, NULL, NULL, d) == 0)
+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0) {
+ BN_free(d);
+ BN_free(iqmp);
+ BN_free(p);
+ BN_free(q);
+ goto out;
+ }
+ if (RSA_set0_factors(k->rsa, p, q) == 0) {
+ r = SSH_ERR_LIBCRYPTO_ERROR;
+ BN_free(iqmp);
+ BN_free(p);
+ BN_free(q);
+ goto out;
+ }
+ if ((r = rsa_generate_additional_parameters(k->rsa, iqmp)) != 0) {
+ BN_free(iqmp);
+ goto out;
+ }
+ }
break;
#endif /* WITH_OPENSSL */
case KEY_ED25519:
@@ -3636,11 +3810,20 @@ sshkey_parse_public_rsa1_fileblob(struct
(r = sshbuf_get_u32(copy, NULL)) != 0) /* key bits */
goto out;
+ BIGNUM *n, *e;
+ e = BN_new();
+ n = BN_new();
+
/* Read the public key from the buffer. */
if ((pub = sshkey_new(KEY_RSA1)) == NULL ||
- (r = sshbuf_get_bignum1(copy, pub->rsa->n)) != 0 ||
- (r = sshbuf_get_bignum1(copy, pub->rsa->e)) != 0)
+ (r = sshbuf_get_bignum1(copy, n)) != 0 ||
+ (r = sshbuf_get_bignum1(copy, e)) != 0 ||
+ RSA_set0_key(pub->rsa, n, e, NULL) == 0) {
+ BN_free(e);
+ BN_free(n);
+ r = SSH_ERR_ALLOC_FAIL;
goto out;
+ }
/* Finally, the comment */
if ((r = sshbuf_get_string(copy, (u_char**)commentp, NULL)) != 0)
@@ -3710,12 +3893,21 @@ sshkey_parse_private_rsa1(struct sshbuf
(r = sshbuf_get_u32(copy, NULL)) != 0) /* reserved */
goto out;
+ BIGNUM *n, *e;
+ e = BN_new();
+ n = BN_new();
+
/* Read the public key and comment from the buffer. */
if ((r = sshbuf_get_u32(copy, NULL)) != 0 || /* key bits */
- (r = sshbuf_get_bignum1(copy, prv->rsa->n)) != 0 ||
- (r = sshbuf_get_bignum1(copy, prv->rsa->e)) != 0 ||
- (r = sshbuf_get_cstring(copy, &comment, NULL)) != 0)
+ (r = sshbuf_get_bignum1(copy, n)) != 0 ||
+ (r = sshbuf_get_bignum1(copy, e)) != 0 ||
+ (r = sshbuf_get_cstring(copy, &comment, NULL)) != 0 ||
+ RSA_set0_key(prv->rsa, n, e, NULL) == 0) {
+ BN_free(e);
+ BN_free(n);
+ r = SSH_ERR_ALLOC_FAIL;
goto out;
+ }
/* Check that it is a supported cipher. */
cipher = cipher_by_number(cipher_type);
@@ -3747,15 +3939,36 @@ sshkey_parse_private_rsa1(struct sshbuf
goto out;
}
+ BIGNUM *d, *iqmp, *p, *q;
+ d = BN_new();
+ iqmp = BN_new();
+ p = BN_new();
+ q = BN_new();
+
/* Read the rest of the private key. */
- if ((r = sshbuf_get_bignum1(decrypted, prv->rsa->d)) != 0 ||
- (r = sshbuf_get_bignum1(decrypted, prv->rsa->iqmp)) != 0 ||
- (r = sshbuf_get_bignum1(decrypted, prv->rsa->q)) != 0 ||
- (r = sshbuf_get_bignum1(decrypted, prv->rsa->p)) != 0)
+ if (d == NULL || iqmp == NULL || p == NULL || q == NULL ||
+ (r = sshbuf_get_bignum1(decrypted, d)) != 0 ||
+ (r = sshbuf_get_bignum1(decrypted, iqmp)) != 0 ||
+ (r = sshbuf_get_bignum1(decrypted, q)) != 0 ||
+ (r = sshbuf_get_bignum1(decrypted, p)) != 0 ||
+ (r = ((RSA_set0_key(prv->rsa, NULL, NULL, d) == 0)
+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0) {
+ BN_free(d);
+ BN_free(iqmp);
+ BN_free(p);
+ BN_free(q);
goto out;
+ }
+ if (RSA_set0_factors(prv->rsa, p, q) == 0) {
+ r = SSH_ERR_LIBCRYPTO_ERROR;
+ BN_free(iqmp);
+ BN_free(p);
+ BN_free(q);
+ goto out;
+ }
/* calculate p-1 and q-1 */
- if ((r = rsa_generate_additional_parameters(prv->rsa)) != 0)
+ if ((r = rsa_generate_additional_parameters(prv->rsa, iqmp)) != 0)
goto out;
/* enable blinding */
@@ -3814,7 +4027,7 @@ sshkey_parse_private_pem_fileblob(struct
r = SSH_ERR_KEY_WRONG_PASSPHRASE;
goto out;
}
- if (pk->type == EVP_PKEY_RSA &&
+ if (EVP_PKEY_id(pk) == EVP_PKEY_RSA &&
(type == KEY_UNSPEC || type == KEY_RSA)) {
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
@@ -3830,7 +4043,7 @@ sshkey_parse_private_pem_fileblob(struct
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
- } else if (pk->type == EVP_PKEY_DSA &&
+ } else if (EVP_PKEY_id(pk) == EVP_PKEY_DSA &&
(type == KEY_UNSPEC || type == KEY_DSA)) {
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
@@ -3843,7 +4056,7 @@ sshkey_parse_private_pem_fileblob(struct
DSA_print_fp(stderr, prv->dsa, 8);
#endif
#ifdef OPENSSL_HAS_ECC
- } else if (pk->type == EVP_PKEY_EC &&
+ } else if (EVP_PKEY_id(pk) == EVP_PKEY_EC &&
(type == KEY_UNSPEC || type == KEY_ECDSA)) {
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
Index: pam_ssh-2.1/authfd.c
===================================================================
--- pam_ssh-2.1.orig/authfd.c 2015-05-03 13:30:39.000000000 +0200
+++ pam_ssh-2.1/authfd.c 2017-11-30 15:50:28.036813324 +0100
@@ -548,14 +548,17 @@ ssh_agent_sign(AuthenticationConnection
static void
ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
{
- buffer_put_int(b, BN_num_bits(key->n));
- buffer_put_bignum(b, key->n);
- buffer_put_bignum(b, key->e);
- buffer_put_bignum(b, key->d);
+ const BIGNUM *n, *e, *d, *p, *q, *iqmp;
+ RSA_get0_key(key,&n,&e,&d);
+ buffer_put_int(b, BN_num_bits(n));
+ buffer_put_bignum(b, n);
+ buffer_put_bignum(b, e);
+ buffer_put_bignum(b, d);
+ RSA_get0_crt_params(key, &p, &q, &iqmp);
/* To keep within the protocol: p < q for ssh. in SSL p > q */
- buffer_put_bignum(b, key->iqmp); /* ssh key->u */
- buffer_put_bignum(b, key->q); /* ssh key->p, SSL key->q */
- buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */
+ buffer_put_bignum(b, iqmp); /* ssh key->u */
+ buffer_put_bignum(b, q); /* ssh key->p, SSL key->q */
+ buffer_put_bignum(b, p); /* ssh key->q, SSL key->p */
buffer_put_cstring(b, comment);
}
#endif
Index: pam_ssh-2.1/cipher-bf1.c
===================================================================
--- pam_ssh-2.1.orig/cipher-bf1.c 2013-11-18 10:01:24.000000000 +0100
+++ pam_ssh-2.1/cipher-bf1.c 2017-11-30 15:33:40.416761878 +0100
@@ -28,6 +28,7 @@
#include <sys/types.h>
#include <openssl/evp.h>
+#include <openssl/blowfish.h> /*BF_KEY*/
#include <stdarg.h>
#include <string.h>
@@ -99,15 +100,25 @@ bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_ch
const EVP_CIPHER *
evp_ssh1_bf(void)
{
- static EVP_CIPHER ssh1_bf;
+ static EVP_CIPHER *ssh1_bfp;
- memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER));
- orig_bf = ssh1_bf.do_cipher;
- ssh1_bf.nid = NID_undef;
+ ssh1_bfp = EVP_CIPHER_meth_new(NID_undef, /*block_size*/8, /*key_len*/32);
+
+ orig_bf = EVP_CIPHER_meth_get_do_cipher(EVP_bf_cbc());
#ifdef SSH_OLD_EVP
ssh1_bf.init = bf_ssh1_init;
#endif
- ssh1_bf.do_cipher = bf_ssh1_cipher;
- ssh1_bf.key_len = 32;
- return (&ssh1_bf);
+ EVP_CIPHER_meth_set_do_cipher(ssh1_bfp, bf_ssh1_cipher);
+
+ /* set remaining members... */
+ EVP_CIPHER_meth_set_iv_length(ssh1_bfp, 8);
+ EVP_CIPHER_meth_set_flags(ssh1_bfp, EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE);
+ EVP_CIPHER_meth_set_init(ssh1_bfp, EVP_CIPHER_meth_get_init(EVP_bf_cbc()));
+ EVP_CIPHER_meth_set_cleanup(ssh1_bfp, EVP_CIPHER_meth_get_cleanup(EVP_bf_cbc()));
+ EVP_CIPHER_meth_set_impl_ctx_size(ssh1_bfp, /*sizeof(EVP_BF_KEY) == */sizeof(BF_KEY));
+ EVP_CIPHER_meth_set_set_asn1_params(ssh1_bfp, EVP_CIPHER_set_asn1_iv);
+ EVP_CIPHER_meth_set_get_asn1_params(ssh1_bfp, EVP_CIPHER_get_asn1_iv);
+ EVP_CIPHER_meth_set_ctrl(ssh1_bfp, NULL);
+ /*app_data = NULL*/
+ return (ssh1_bfp);
}
