diff options
| author | Damien Miller <djm@mindrot.org> | 2000-03-26 13:04:51 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2000-03-26 13:04:51 +1000 |
| commit | 450a7a1ff40fe7c2d84c93b83cf2df53445d807d (patch) | |
| tree | db6d08bdea65edd34ba2e323a31e2b1ca5e5fbd4 /auth-rsa.c | |
| parent | 2c9279fa667827384fceb243f890cba1dbe480de (diff) | |
- OpenBSD CVS update
- [auth-krb4.c]
-Wall
- [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
[match.h ssh.c ssh.h sshconnect.c sshd.c]
initial support for DSA keys. ok deraadt@, niels@
- [cipher.c cipher.h]
remove unused cipher_attack_detected code
- [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
Fix some formatting problems I missed before.
- [ssh.1 sshd.8]
fix spelling errors, From: FreeBSD
- [ssh.c]
switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
Diffstat (limited to 'auth-rsa.c')
| -rw-r--r-- | auth-rsa.c | 37 |
1 files changed, 15 insertions, 22 deletions
@@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: auth-rsa.c,v 1.13 2000/03/09 10:27:50 damien Exp $"); +RCSID("$Id: auth-rsa.c,v 1.14 2000/03/26 03:04:52 damien Exp $"); #include "rsa.h" #include "packet.h" @@ -24,6 +24,7 @@ RCSID("$Id: auth-rsa.c,v 1.13 2000/03/09 10:27:50 damien Exp $"); #include "ssh.h" #include "mpaux.h" #include "uidswap.h" +#include "match.h" #include "servconf.h" #ifdef HAVE_OPENSSL @@ -66,10 +67,9 @@ extern unsigned char session_id[16]; */ int -auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) +auth_rsa_challenge_dialog(RSA *pk) { BIGNUM *challenge, *encrypted_challenge; - RSA *pk; BN_CTX *ctx; unsigned char buf[32], mdbuf[16], response[16]; MD5_CTX md; @@ -82,19 +82,11 @@ auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) /* Generate a random challenge. */ BN_rand(challenge, 256, 0, 0); ctx = BN_CTX_new(); - BN_mod(challenge, challenge, n, ctx); + BN_mod(challenge, challenge, pk->n, ctx); BN_CTX_free(ctx); - /* Create the public key data structure. */ - pk = RSA_new(); - pk->e = BN_new(); - BN_copy(pk->e, e); - pk->n = BN_new(); - BN_copy(pk->n, n); - /* Encrypt the challenge with the public key. */ rsa_public_encrypt(encrypted_challenge, challenge, pk); - RSA_free(pk); /* Send the encrypted challenge to the client. */ packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); @@ -146,7 +138,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) FILE *f; unsigned long linenum = 0; struct stat st; - BIGNUM *e, *n; + RSA *pk; /* Temporarily use the user's uid. */ temporarily_use_uid(pw->pw_uid); @@ -208,8 +200,9 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* Flag indicating whether authentication has succeeded. */ authenticated = 0; - e = BN_new(); - n = BN_new(); + pk = RSA_new(); + pk->e = BN_new(); + pk->n = BN_new(); /* * Go though the accepted keys, looking for the current key. If @@ -247,7 +240,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) options = NULL; /* Parse the key from the line. */ - if (!auth_rsa_read_key(&cp, &bits, e, n)) { + if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { debug("%.100s, line %lu: bad key syntax", SSH_USER_PERMITTED_KEYS, linenum); packet_send_debug("%.100s, line %lu: bad key syntax", @@ -257,19 +250,20 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* cp now points to the comment part. */ /* Check if the we have found the desired key (identified by its modulus). */ - if (BN_cmp(n, client_n) != 0) + if (BN_cmp(pk->n, client_n) != 0) continue; /* check the real bits */ - if (bits != BN_num_bits(n)) + if (bits != BN_num_bits(pk->n)) log("Warning: %s, line %ld: keysize mismatch: " "actual %d vs. announced %d.", - file, linenum, BN_num_bits(n), bits); + file, linenum, BN_num_bits(pk->n), bits); /* We have found the desired key. */ + /* Perform the challenge-response dialog for this key. */ - if (!auth_rsa_challenge_dialog(e, n)) { + if (!auth_rsa_challenge_dialog(pk)) { /* Wrong response. */ verbose("Wrong response to RSA authentication challenge."); packet_send_debug("Wrong response to RSA authentication challenge."); @@ -472,8 +466,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* Close the file. */ fclose(f); - BN_clear_free(n); - BN_clear_free(e); + RSA_free(pk); if (authenticated) packet_send_debug("RSA authentication accepted."); |