diff options
| author | Damien Miller <djm@mindrot.org> | 1999-11-16 13:37:16 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 1999-11-16 13:37:16 +1100 |
| commit | 7e8e820153a620ab1dcd81857a7de0969c41d043 (patch) | |
| tree | 226cc4185feae97f4069ad60b4c18d259aa5df2f /authfd.c | |
| parent | 4874c79a3a05fc18678d7a85d7091f5139630fac (diff) | |
- Merged OpenBSD CVS changes:
- [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
[mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
the keysize of rsa-parameter 'n' is passed implizit,
a few more checks and warnings about 'pretended' keysizes.
- [cipher.c cipher.h packet.c packet.h sshd.c]
remove support for cipher RC4
- [ssh.c]
a note for legay systems about secuity issues with permanently_set_uid(),
the private hostkey and ptrace()
- [sshconnect.c]
more detailed messages about adding and checking hostkeys
Diffstat (limited to 'authfd.c')
| -rw-r--r-- | authfd.c | 20 |
1 files changed, 13 insertions, 7 deletions
@@ -14,7 +14,7 @@ Functions for connecting the local authentication agent. */ #include "includes.h" -RCSID("$Id: authfd.c,v 1.3 1999/11/12 23:51:58 damien Exp $"); +RCSID("$Id: authfd.c,v 1.4 1999/11/16 02:37:16 damien Exp $"); #include "ssh.h" #include "rsa.h" @@ -117,7 +117,7 @@ void ssh_close_authentication_connection(AuthenticationConnection *ac) int ssh_get_first_identity(AuthenticationConnection *auth, - int *bitsp, BIGNUM *e, BIGNUM *n, char **comment) + BIGNUM *e, BIGNUM *n, char **comment) { unsigned char msg[8192]; int len, l; @@ -179,7 +179,7 @@ ssh_get_first_identity(AuthenticationConnection *auth, fatal("Too many identities in authentication reply: %d\n", auth->howmany); /* Return the first entry (if any). */ - return ssh_get_next_identity(auth, bitsp, e, n, comment); + return ssh_get_next_identity(auth, e, n, comment); } /* Returns the next authentication identity for the agent. Other functions @@ -189,19 +189,25 @@ ssh_get_first_identity(AuthenticationConnection *auth, int ssh_get_next_identity(AuthenticationConnection *auth, - int *bitsp, BIGNUM *e, BIGNUM *n, char **comment) + BIGNUM *e, BIGNUM *n, char **comment) { + unsigned int bits; + /* Return failure if no more entries. */ if (auth->howmany <= 0) return 0; /* Get the next entry from the packet. These will abort with a fatal error if the packet is too short or contains corrupt data. */ - *bitsp = buffer_get_int(&auth->identities); + bits = buffer_get_int(&auth->identities); buffer_get_bignum(&auth->identities, e); buffer_get_bignum(&auth->identities, n); *comment = buffer_get_string(&auth->identities, NULL); + if (bits != BN_num_bits(n)) + error("Warning: keysize mismatch: actual %d, announced %s", + BN_num_bits(n), bits); + /* Decrement the number of remaining entries. */ auth->howmany--; @@ -216,7 +222,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, int ssh_decrypt_challenge(AuthenticationConnection *auth, - int bits, BIGNUM *e, BIGNUM *n, BIGNUM *challenge, + BIGNUM *e, BIGNUM *n, BIGNUM *challenge, unsigned char session_id[16], unsigned int response_type, unsigned char response[16]) @@ -233,7 +239,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, buf[0] = SSH_AGENTC_RSA_CHALLENGE; buffer_init(&buffer); buffer_append(&buffer, (char *)buf, 1); - buffer_put_int(&buffer, bits); + buffer_put_int(&buffer, BN_num_bits(n)); buffer_put_bignum(&buffer, e); buffer_put_bignum(&buffer, n); buffer_put_bignum(&buffer, challenge); |