X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/1e608e420beaca67ca6bc6bef308f9f9f6132a66..d7ffeb3534dbecb84340356c6c5038120410bfde:/openssh/auth-rsa.c diff --git a/openssh/auth-rsa.c b/openssh/auth-rsa.c index f7ae03c..701d8bd 100644 --- a/openssh/auth-rsa.c +++ b/openssh/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.50 2001/12/28 14:50:54 markus Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.44 2001/07/23 18:14:58 stevesk Exp $"); #include #include @@ -31,7 +31,6 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.50 2001/12/28 14:50:54 markus Exp $"); #include "log.h" #include "servconf.h" #include "auth.h" -#include "hostfile.h" /* import */ extern ServerOptions options; @@ -66,17 +65,14 @@ auth_rsa_challenge_dialog(RSA *pk) u_char buf[32], mdbuf[16], response[16]; MD5_CTX md; u_int i; - int len; + int plen, len; - if ((encrypted_challenge = BN_new()) == NULL) - fatal("auth_rsa_challenge_dialog: BN_new() failed"); - if ((challenge = BN_new()) == NULL) - fatal("auth_rsa_challenge_dialog: BN_new() failed"); + encrypted_challenge = BN_new(); + challenge = BN_new(); /* Generate a random challenge. */ BN_rand(challenge, 256, 0, 0); - if ((ctx = BN_CTX_new()) == NULL) - fatal("auth_rsa_challenge_dialog: BN_CTX_new() failed"); + ctx = BN_CTX_new(); BN_mod(challenge, challenge, pk->n, ctx); BN_CTX_free(ctx); @@ -91,10 +87,10 @@ auth_rsa_challenge_dialog(RSA *pk) packet_write_wait(); /* Wait for a response. */ - packet_read_expect(SSH_CMSG_AUTH_RSA_RESPONSE); + packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE); + packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE); for (i = 0; i < 16; i++) response[i] = packet_get_char(); - packet_check_eom(); /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); @@ -132,8 +128,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) FILE *f; u_long linenum = 0; struct stat st; - Key *key; - char *fp; + RSA *pk; /* no user given */ if (pw == NULL) @@ -175,7 +170,9 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* Flag indicating whether authentication has succeeded. */ authenticated = 0; - key = key_new(KEY_RSA1); + pk = RSA_new(); + pk->e = BN_new(); + pk->n = BN_new(); /* * Go though the accepted keys, looking for the current key. If @@ -213,7 +210,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) options = NULL; /* Parse the key from the line. */ - if (hostfile_read_key(&cp, &bits, key) == 0) { + if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { debug("%.100s, line %lu: non ssh1 key syntax", file, linenum); continue; @@ -221,14 +218,14 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* cp now points to the comment part. */ /* Check if the we have found the desired key (identified by its modulus). */ - if (BN_cmp(key->rsa->n, client_n) != 0) + if (BN_cmp(pk->n, client_n) != 0) continue; /* check the real bits */ - if (bits != BN_num_bits(key->rsa->n)) + if (bits != BN_num_bits(pk->n)) log("Warning: %s, line %lu: keysize mismatch: " "actual %d vs. announced %d.", - file, linenum, BN_num_bits(key->rsa->n), bits); + file, linenum, BN_num_bits(pk->n), bits); /* We have found the desired key. */ /* @@ -239,15 +236,11 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) continue; /* Perform the challenge-response dialog for this key. */ - if (!auth_rsa_challenge_dialog(key->rsa)) { + if (!auth_rsa_challenge_dialog(pk)) { /* Wrong response. */ verbose("Wrong response to RSA authentication challenge."); packet_send_debug("Wrong response to RSA authentication challenge."); - /* - * Break out of the loop. Otherwise we might send - * another challenge and break the protocol. - */ - break; + continue; } /* * Correct response. The client has been successfully @@ -258,12 +251,6 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) * otherwise continue searching. */ authenticated = 1; - - fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); - verbose("Found matching %s key: %s", - key_type(key), fp); - xfree(fp); - break; } @@ -274,7 +261,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) xfree(file); fclose(f); - key_free(key); + RSA_free(pk); if (authenticated) packet_send_debug("RSA authentication accepted.");