[openssh-commits] [openssh] 01/09: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Jul 21 14:17:48 AEST 2017
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 83fa3a044891887369ce8b487ce88d713a04df48
Author: djm at openbsd.org <djm at openbsd.org>
Date: Sat Jul 1 13:50:45 2017 +0000
upstream commit
remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus
Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
---
Makefile.in | 2 +-
authfd.c | 3 +-
authfile.c | 3 +-
rsa.c | 188 -----------------------------------------------------------
rsa.h | 26 ---------
ssh-add.c | 3 +-
ssh-agent.c | 3 +-
ssh-keygen.c | 5 +-
ssh-rsa.c | 37 +++++++++++-
sshconnect.c | 3 +-
sshd.c | 3 +-
sshkey.c | 7 +--
sshkey.h | 5 +-
13 files changed, 52 insertions(+), 236 deletions(-)
diff --git a/Makefile.in b/Makefile.in
index 29d539a7..ac3907b1 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -81,7 +81,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
cipher-ctr.o cleanup.o \
compat.o crc32.o fatal.o hostfile.o \
log.o match.o moduli.o nchan.o packet.o opacket.o \
- readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
+ readpass.o ttymodes.o xmalloc.o addrmatch.o \
atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
diff --git a/authfd.c b/authfd.c
index 6c9843c8..a460fa35 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.104 2017/06/28 01:09:22 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.105 2017/07/01 13:50:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -51,7 +51,6 @@
#include "xmalloc.h"
#include "ssh.h"
-#include "rsa.h"
#include "sshbuf.h"
#include "sshkey.h"
#include "authfd.h"
diff --git a/authfile.c b/authfile.c
index 3481e0b0..d09b700d 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.126 2017/05/31 09:15:42 deraadt Exp $ */
+/* $OpenBSD: authfile.c,v 1.127 2017/07/01 13:50:45 djm Exp $ */
/*
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
*
@@ -42,7 +42,6 @@
#include "ssh.h"
#include "log.h"
#include "authfile.h"
-#include "rsa.h"
#include "misc.h"
#include "atomicio.h"
#include "sshkey.h"
diff --git a/rsa.c b/rsa.c
deleted file mode 100644
index 5ecacef9..00000000
--- a/rsa.c
+++ /dev/null
@@ -1,188 +0,0 @@
-/* $OpenBSD: rsa.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */
-/*
- * Author: Tatu Ylonen <ylo at cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
- * All rights reserved
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose. Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- *
- *
- * Copyright (c) 1999 Niels Provos. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- *
- * Description of the RSA algorithm can be found e.g. from the following
- * sources:
- *
- * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1994.
- *
- * Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to
- * Computer Security. Prentice-Hall, 1989.
- *
- * Man Young Rhee: Cryptography and Secure Data Communications. McGraw-Hill,
- * 1994.
- *
- * R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications
- * System and Method. US Patent 4,405,829, 1983.
- *
- * Hans Riesel: Prime Numbers and Computer Methods for Factorization.
- * Birkhauser, 1994.
- *
- * The RSA Frequently Asked Questions document by RSA Data Security,
- * Inc., 1995.
- *
- * RSA in 3 lines of perl by Adam Back <aba at atlax.ex.ac.uk>, 1995, as
- * included below:
- *
- * [gone - had to be deleted - what a pity]
- */
-
-#include "includes.h"
-
-#include <sys/types.h>
-
-#include <stdarg.h>
-#include <string.h>
-
-#include "rsa.h"
-#include "log.h"
-#include "ssherr.h"
-
-int
-rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
-{
- u_char *inbuf = NULL, *outbuf = NULL;
- int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR;
-
- if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
- return SSH_ERR_INVALID_ARGUMENT;
-
- olen = BN_num_bytes(key->n);
- if ((outbuf = malloc(olen)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
-
- ilen = BN_num_bytes(in);
- if ((inbuf = malloc(ilen)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
- BN_bn2bin(in, inbuf);
-
- if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key,
- RSA_PKCS1_PADDING)) <= 0) {
- r = SSH_ERR_LIBCRYPTO_ERROR;
- goto out;
- }
-
- if (BN_bin2bn(outbuf, len, out) == NULL) {
- r = SSH_ERR_LIBCRYPTO_ERROR;
- goto out;
- }
- r = 0;
-
- out:
- if (outbuf != NULL) {
- explicit_bzero(outbuf, olen);
- free(outbuf);
- }
- if (inbuf != NULL) {
- explicit_bzero(inbuf, ilen);
- free(inbuf);
- }
- return r;
-}
-
-int
-rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
-{
- u_char *inbuf = NULL, *outbuf = NULL;
- int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR;
-
- olen = BN_num_bytes(key->n);
- if ((outbuf = malloc(olen)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
-
- ilen = BN_num_bytes(in);
- if ((inbuf = malloc(ilen)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
- BN_bn2bin(in, inbuf);
-
- if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
- RSA_PKCS1_PADDING)) <= 0) {
- r = SSH_ERR_LIBCRYPTO_ERROR;
- goto out;
- } else if (BN_bin2bn(outbuf, len, out) == NULL) {
- r = SSH_ERR_LIBCRYPTO_ERROR;
- goto out;
- }
- r = 0;
- out:
- if (outbuf != NULL) {
- explicit_bzero(outbuf, olen);
- free(outbuf);
- }
- if (inbuf != NULL) {
- explicit_bzero(inbuf, ilen);
- free(inbuf);
- }
- return r;
-}
-
-/* calculate p-1 and q-1 */
-int
-rsa_generate_additional_parameters(RSA *rsa)
-{
- BIGNUM *aux = NULL;
- BN_CTX *ctx = NULL;
- int r;
-
- if ((ctx = BN_CTX_new()) == NULL)
- return SSH_ERR_ALLOC_FAIL;
- if ((aux = BN_new()) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
-
- if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
- (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
- (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
- (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
- r = SSH_ERR_LIBCRYPTO_ERROR;
- goto out;
- }
- r = 0;
- out:
- BN_clear_free(aux);
- BN_CTX_free(ctx);
- return r;
-}
-
diff --git a/rsa.h b/rsa.h
deleted file mode 100644
index c476707d..00000000
--- a/rsa.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/* $OpenBSD: rsa.h,v 1.17 2014/06/24 01:13:21 djm Exp $ */
-
-/*
- * Author: Tatu Ylonen <ylo at cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
- * All rights reserved
- * RSA key generation, encryption and decryption.
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose. Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- */
-
-#ifndef RSA_H
-#define RSA_H
-
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-
-int rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *);
-int rsa_private_decrypt(BIGNUM *, BIGNUM *, RSA *);
-int rsa_generate_additional_parameters(RSA *);
-
-#endif /* RSA_H */
diff --git a/ssh-add.c b/ssh-add.c
index 438c1c25..72d89db4 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.132 2017/05/30 14:16:41 markus Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.133 2017/07/01 13:50:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -55,7 +55,6 @@
#include "xmalloc.h"
#include "ssh.h"
-#include "rsa.h"
#include "log.h"
#include "sshkey.h"
#include "sshbuf.h"
diff --git a/ssh-agent.c b/ssh-agent.c
index 2ef8367b..eb8c2043 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.221 2017/04/30 23:29:10 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.222 2017/07/01 13:50:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -73,7 +73,6 @@
#include "xmalloc.h"
#include "ssh.h"
-#include "rsa.h"
#include "sshbuf.h"
#include "sshkey.h"
#include "authfd.h"
diff --git a/ssh-keygen.c b/ssh-keygen.c
index b6b69005..d8f942f5 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.305 2017/06/28 01:09:22 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.306 2017/07/01 13:50:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -41,7 +41,6 @@
#include "xmalloc.h"
#include "sshkey.h"
-#include "rsa.h"
#include "authfile.h"
#include "uuencode.h"
#include "sshbuf.h"
@@ -528,7 +527,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
buffer_get_bignum_bits(b, key->rsa->iqmp);
buffer_get_bignum_bits(b, key->rsa->q);
buffer_get_bignum_bits(b, key->rsa->p);
- if ((r = rsa_generate_additional_parameters(key->rsa)) != 0)
+ if ((r = ssh_rsa_generate_additional_parameters(key)) != 0)
fatal("generate RSA parameters failed: %s", ssh_err(r));
break;
}
diff --git a/ssh-rsa.c b/ssh-rsa.c
index e8acc01f..f570ae6d 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-rsa.c,v 1.61 2017/05/07 23:15:59 djm Exp $ */
+/* $OpenBSD: ssh-rsa.c,v 1.62 2017/07/01 13:50:45 djm Exp $ */
/*
* Copyright (c) 2000, 2003 Markus Friedl <markus at openbsd.org>
*
@@ -78,6 +78,41 @@ rsa_hash_alg_nid(int type)
}
}
+/* calculate p-1 and q-1 */
+int
+ssh_rsa_generate_additional_parameters(struct sshkey *key)
+{
+ RSA *rsa;
+ BIGNUM *aux = NULL;
+ BN_CTX *ctx = NULL;
+ int r;
+
+ if (key == NULL || key->rsa == NULL ||
+ sshkey_type_plain(key->type) != KEY_RSA)
+ return SSH_ERR_INVALID_ARGUMENT;
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ return SSH_ERR_ALLOC_FAIL;
+ if ((aux = BN_new()) == NULL) {
+ r = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
+ rsa = key->rsa;
+
+ if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
+ (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
+ (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
+ (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
+ r = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ r = 0;
+ out:
+ BN_clear_free(aux);
+ BN_CTX_free(ctx);
+ return r;
+}
+
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
int
ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
diff --git a/sshconnect.c b/sshconnect.c
index 8f527aa4..aaae5fc9 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.282 2017/06/24 05:37:44 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.283 2017/07/01 13:50:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -48,7 +48,6 @@
#include "key.h"
#include "hostfile.h"
#include "ssh.h"
-#include "rsa.h"
#include "buffer.h"
#include "packet.h"
#include "uidswap.h"
diff --git a/sshd.c b/sshd.c
index 06cb81f2..1d19ce67 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.490 2017/05/31 08:09:45 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.491 2017/07/01 13:50:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -88,7 +88,6 @@
#include "xmalloc.h"
#include "ssh.h"
#include "ssh2.h"
-#include "rsa.h"
#include "sshpty.h"
#include "packet.h"
#include "log.h"
diff --git a/sshkey.c b/sshkey.c
index acc6e3f2..acc39632 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.53 2017/06/28 01:09:22 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.54 2017/07/01 13:50:45 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -51,7 +51,6 @@
#include "ssherr.h"
#include "misc.h"
#include "sshbuf.h"
-#include "rsa.h"
#include "cipher.h"
#include "digest.h"
#define SSHKEY_INTERNAL
@@ -2667,7 +2666,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
(r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 ||
(r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 ||
(r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 ||
- (r = rsa_generate_additional_parameters(k->rsa)) != 0)
+ (r = ssh_rsa_generate_additional_parameters(k)) != 0)
goto out;
if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
r = SSH_ERR_KEY_LENGTH;
@@ -2681,7 +2680,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
(r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 ||
(r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 ||
(r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 ||
- (r = rsa_generate_additional_parameters(k->rsa)) != 0)
+ (r = ssh_rsa_generate_additional_parameters(k)) != 0)
goto out;
if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
r = SSH_ERR_KEY_LENGTH;
diff --git a/sshkey.h b/sshkey.h
index d8346a57..9093eac5 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.h,v 1.20 2017/06/28 01:09:22 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.21 2017/07/01 13:50:45 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -196,6 +196,9 @@ int sshkey_parse_private_fileblob(struct sshbuf *buffer,
int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
const char *passphrase, struct sshkey **keyp, char **commentp);
+/* XXX should be internal, but used by ssh-keygen */
+int ssh_rsa_generate_additional_parameters(struct sshkey *);
+
#ifdef SSHKEY_INTERNAL
int ssh_rsa_sign(const struct sshkey *key,
u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list