X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/396c147ea738ee28fd1103b5bf36d60263287028..HEAD:/authfile.c diff --git a/authfile.c b/authfile.c index b4b985c9..2c615709 100644 --- a/authfile.c +++ b/authfile.c @@ -1,3 +1,4 @@ +/* $OpenBSD: authfile.c,v 1.79 2010/01/12 00:16:47 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -36,20 +37,37 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.37 2001/06/23 15:12:17 itojun Exp $"); + +#include +#include +#include +#include #include #include #include -#include "cipher.h" +/* compatibility with old or broken OpenSSL versions */ +#include "openbsd-compat/openssl-compat.h" + +#include +#include +#include +#include +#include +#include +#include + #include "xmalloc.h" +#include "cipher.h" #include "buffer.h" -#include "bufaux.h" #include "key.h" #include "ssh.h" #include "log.h" #include "authfile.h" +#include "rsa.h" +#include "misc.h" +#include "atomicio.h" /* Version identification string for SSH v1 identity files. */ static const char authfile_id_string[] = @@ -67,30 +85,28 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase, const char *comment) { Buffer buffer, encrypted; - char buf[100], *cp; - int fd, i; + u_char buf[100], *cp; + int fd, i, cipher_num; CipherContext ciphercontext; Cipher *cipher; - u_int32_t rand; + u_int32_t rnd; /* * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting * to another cipher; otherwise use SSH_AUTHFILE_CIPHER. */ - if (strcmp(passphrase, "") == 0) - cipher = cipher_by_number(SSH_CIPHER_NONE); - else - cipher = cipher_by_number(SSH_AUTHFILE_CIPHER); - if (cipher == NULL) + cipher_num = (strcmp(passphrase, "") == 0) ? + SSH_CIPHER_NONE : SSH_AUTHFILE_CIPHER; + if ((cipher = cipher_by_number(cipher_num)) == NULL) fatal("save_private_key_rsa: bad cipher"); /* This buffer is used to built the secret part of the private key. */ buffer_init(&buffer); /* Put checkbytes for checking passphrase validity. */ - rand = arc4random(); - buf[0] = rand & 0xff; - buf[1] = (rand >> 8) & 0xff; + rnd = arc4random(); + buf[0] = rnd & 0xff; + buf[1] = (rnd >> 8) & 0xff; buf[2] = buf[0]; buf[3] = buf[1]; buffer_append(&buffer, buf, 4); @@ -118,7 +134,7 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase, buffer_put_char(&encrypted, 0); /* Store cipher type. */ - buffer_put_char(&encrypted, cipher->number); + buffer_put_char(&encrypted, cipher_num); buffer_put_int(&encrypted, 0); /* For future extension */ /* Store public key. This will be in plain text. */ @@ -128,11 +144,13 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase, buffer_put_cstring(&encrypted, comment); /* Allocate space for the private part of the key in the buffer. */ - buffer_append_space(&encrypted, &cp, buffer_len(&buffer)); + cp = buffer_append_space(&encrypted, buffer_len(&buffer)); - cipher_set_key_string(&ciphercontext, cipher, passphrase); - cipher_encrypt(&ciphercontext, (u_char *) cp, - (u_char *) buffer_ptr(&buffer), buffer_len(&buffer)); + cipher_set_key_string(&ciphercontext, cipher, passphrase, + CIPHER_ENCRYPT); + cipher_crypt(&ciphercontext, cp, + buffer_ptr(&buffer), buffer_len(&buffer)); + cipher_cleanup(&ciphercontext); memset(&ciphercontext, 0, sizeof(ciphercontext)); /* Destroy temporary data. */ @@ -142,12 +160,13 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase, fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (fd < 0) { error("open %s failed: %s.", filename, strerror(errno)); + buffer_free(&encrypted); return 0; } - if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) != - buffer_len(&encrypted)) { + if (atomicio(vwrite, fd, buffer_ptr(&encrypted), + buffer_len(&encrypted)) != buffer_len(&encrypted)) { error("write to key file %s failed: %s", filename, - strerror(errno)); + strerror(errno)); buffer_free(&encrypted); close(fd); unlink(filename); @@ -167,8 +186,12 @@ key_save_private_pem(Key *key, const char *filename, const char *_passphrase, int fd; int success = 0; int len = strlen(_passphrase); - char *passphrase = (len > 0) ? (char *)_passphrase : NULL; - EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL; + u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL; +#if (OPENSSL_VERSION_NUMBER < 0x00907000L) + const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL; +#else + const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; +#endif if (len > 0 && len <= 4) { error("passphrase too short: have %d bytes, need > 4", len); @@ -180,7 +203,7 @@ key_save_private_pem(Key *key, const char *filename, const char *_passphrase, return 0; } fp = fdopen(fd, "w"); - if (fp == NULL ) { + if (fp == NULL) { error("fdopen %s failed: %s.", filename, strerror(errno)); close(fd); return 0; @@ -207,12 +230,10 @@ key_save_private(Key *key, const char *filename, const char *passphrase, case KEY_RSA1: return key_save_private_rsa1(key, filename, passphrase, comment); - break; case KEY_DSA: case KEY_RSA: return key_save_private_pem(key, filename, passphrase, comment); - break; default: break; } @@ -231,17 +252,26 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) { Buffer buffer; Key *pub; + struct stat st; char *cp; - int i; - off_t len; + u_int i; + size_t len; - len = lseek(fd, (off_t) 0, SEEK_END); - lseek(fd, (off_t) 0, SEEK_SET); + if (fstat(fd, &st) < 0) { + error("fstat for key file %.200s failed: %.100s", + filename, strerror(errno)); + return NULL; + } + if (st.st_size > 1*1024*1024) { + error("key file %.200s too large", filename); + return NULL; + } + len = (size_t)st.st_size; /* truncated */ buffer_init(&buffer); - buffer_append_space(&buffer, &cp, len); + cp = buffer_append_space(&buffer, len); - if (read(fd, cp, (size_t) len) != (size_t) len) { + if (atomicio(read, fd, cp, len) != len) { debug("Read from key file %.200s failed: %.100s", filename, strerror(errno)); buffer_free(&buffer); @@ -250,7 +280,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) /* Check that it is at least big enough to contain the ID string. */ if (len < sizeof(authfile_id_string)) { - debug3("No RSA1 key file %.200s.", filename); + debug3("Not a RSA1 key file %.200s.", filename); buffer_free(&buffer); return NULL; } @@ -260,7 +290,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) */ for (i = 0; i < sizeof(authfile_id_string); i++) if (buffer_get_char(&buffer) != authfile_id_string[i]) { - debug3("No RSA1 key file %.200s.", filename); + debug3("Not a RSA1 key file %.200s.", filename); buffer_free(&buffer); return NULL; } @@ -269,7 +299,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) (void) buffer_get_int(&buffer); /* reserved */ /* Read the public key from the buffer. */ - buffer_get_int(&buffer); + (void) buffer_get_int(&buffer); pub = key_new(KEY_RSA1); buffer_get_bignum(&buffer, pub->rsa->n); buffer_get_bignum(&buffer, pub->rsa->e); @@ -310,23 +340,33 @@ static Key * key_load_private_rsa1(int fd, const char *filename, const char *passphrase, char **commentp) { - int i, check1, check2, cipher_type; - off_t len; + u_int i; + int check1, check2, cipher_type; + size_t len; Buffer buffer, decrypted; - char *cp; + u_char *cp; CipherContext ciphercontext; Cipher *cipher; - BN_CTX *ctx; - BIGNUM *aux; Key *prv = NULL; + struct stat st; - len = lseek(fd, (off_t) 0, SEEK_END); - lseek(fd, (off_t) 0, SEEK_SET); + if (fstat(fd, &st) < 0) { + error("fstat for key file %.200s failed: %.100s", + filename, strerror(errno)); + close(fd); + return NULL; + } + if (st.st_size > 1*1024*1024) { + error("key file %.200s too large", filename); + close(fd); + return (NULL); + } + len = (size_t)st.st_size; /* truncated */ buffer_init(&buffer); - buffer_append_space(&buffer, &cp, len); + cp = buffer_append_space(&buffer, len); - if (read(fd, cp, (size_t) len) != (size_t) len) { + if (atomicio(read, fd, cp, len) != len) { debug("Read from key file %.200s failed: %.100s", filename, strerror(errno)); buffer_free(&buffer); @@ -336,7 +376,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, /* Check that it is at least big enough to contain the ID string. */ if (len < sizeof(authfile_id_string)) { - debug3("No RSA1 key file %.200s.", filename); + debug3("Not a RSA1 key file %.200s.", filename); buffer_free(&buffer); close(fd); return NULL; @@ -347,7 +387,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, */ for (i = 0; i < sizeof(authfile_id_string); i++) if (buffer_get_char(&buffer) != authfile_id_string[i]) { - debug3("No RSA1 key file %.200s.", filename); + debug3("Not a RSA1 key file %.200s.", filename); buffer_free(&buffer); close(fd); return NULL; @@ -358,7 +398,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, (void) buffer_get_int(&buffer); /* Reserved data. */ /* Read the public key from the buffer. */ - buffer_get_int(&buffer); + (void) buffer_get_int(&buffer); prv = key_new_private(KEY_RSA1); buffer_get_bignum(&buffer, prv->rsa->n); @@ -378,12 +418,14 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, } /* Initialize space for decrypted data. */ buffer_init(&decrypted); - buffer_append_space(&decrypted, &cp, buffer_len(&buffer)); + cp = buffer_append_space(&decrypted, buffer_len(&buffer)); /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ - cipher_set_key_string(&ciphercontext, cipher, passphrase); - cipher_decrypt(&ciphercontext, (u_char *) cp, - (u_char *) buffer_ptr(&buffer), buffer_len(&buffer)); + cipher_set_key_string(&ciphercontext, cipher, passphrase, + CIPHER_DECRYPT); + cipher_crypt(&ciphercontext, cp, + buffer_ptr(&buffer), buffer_len(&buffer)); + cipher_cleanup(&ciphercontext); memset(&ciphercontext, 0, sizeof(ciphercontext)); buffer_free(&buffer); @@ -406,19 +448,15 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, buffer_get_bignum(&decrypted, prv->rsa->p); /* q */ /* calculate p-1 and q-1 */ - ctx = BN_CTX_new(); - aux = BN_new(); - - BN_sub(aux, prv->rsa->q, BN_value_one()); - BN_mod(prv->rsa->dmq1, prv->rsa->d, aux, ctx); - - BN_sub(aux, prv->rsa->p, BN_value_one()); - BN_mod(prv->rsa->dmp1, prv->rsa->d, aux, ctx); - - BN_clear_free(aux); - BN_CTX_free(ctx); + rsa_generate_additional_parameters(prv->rsa); buffer_free(&decrypted); + + /* enable blinding */ + if (RSA_blinding_on(prv->rsa, NULL) != 1) { + error("key_load_private_rsa1: RSA_blinding_on failed"); + goto fail; + } close(fd); return prv; @@ -430,7 +468,7 @@ fail: return NULL; } -static Key * +Key * key_load_private_pem(int fd, int type, const char *passphrase, char **commentp) { @@ -450,7 +488,7 @@ key_load_private_pem(int fd, int type, const char *passphrase, debug("PEM_read_PrivateKey failed"); (void)ERR_get_error(); } else if (pk->type == EVP_PKEY_RSA && - (type == KEY_UNSPEC||type==KEY_RSA)) { + (type == KEY_UNSPEC||type==KEY_RSA)) { prv = key_new(KEY_UNSPEC); prv->rsa = EVP_PKEY_get1_RSA(pk); prv->type = KEY_RSA; @@ -458,8 +496,13 @@ key_load_private_pem(int fd, int type, const char *passphrase, #ifdef DEBUG_PK RSA_print_fp(stderr, prv->rsa, 8); #endif + if (RSA_blinding_on(prv->rsa, NULL) != 1) { + error("key_load_private_pem: RSA_blinding_on failed"); + key_free(prv); + prv = NULL; + } } else if (pk->type == EVP_PKEY_DSA && - (type == KEY_UNSPEC||type==KEY_DSA)) { + (type == KEY_UNSPEC||type==KEY_DSA)) { prv = key_new(KEY_UNSPEC); prv->dsa = EVP_PKEY_get1_DSA(pk); prv->type = KEY_DSA; @@ -481,24 +524,27 @@ key_load_private_pem(int fd, int type, const char *passphrase, return prv; } -static int +int key_perm_ok(int fd, const char *filename) { struct stat st; - /* check owner and modes */ + if (fstat(fd, &st) < 0) + return 0; + /* + * if a key owned by the user is accessed, then we check the + * permissions of the file. if the key owned by a different user, + * then we don't care. + */ #ifdef HAVE_CYGWIN if (check_ntsec(filename)) #endif - if (fstat(fd, &st) < 0 || - (st.st_uid != 0 && getuid() != 0 && st.st_uid != getuid()) || - (st.st_mode & 077) != 0) { - close(fd); + if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("Bad ownership or mode(0%3.3o) for '%s'.", - st.st_mode & 0777, filename); + error("Permissions 0%3.3o for '%s' are too open.", + (u_int)st.st_mode & 0777, filename); error("It is recommended that your private key files are NOT accessible by others."); error("This private key will be ignored."); return 0; @@ -508,30 +554,37 @@ key_perm_ok(int fd, const char *filename) Key * key_load_private_type(int type, const char *filename, const char *passphrase, - char **commentp) + char **commentp, int *perm_ok) { int fd; fd = open(filename, O_RDONLY); - if (fd < 0) + if (fd < 0) { + debug("could not open key file '%s': %s", filename, + strerror(errno)); + if (perm_ok != NULL) + *perm_ok = 0; return NULL; + } if (!key_perm_ok(fd, filename)) { + if (perm_ok != NULL) + *perm_ok = 0; error("bad permissions: ignore key: %s", filename); close(fd); return NULL; } + if (perm_ok != NULL) + *perm_ok = 1; switch (type) { case KEY_RSA1: return key_load_private_rsa1(fd, filename, passphrase, commentp); /* closes fd */ - break; case KEY_DSA: case KEY_RSA: case KEY_UNSPEC: return key_load_private_pem(fd, type, passphrase, commentp); /* closes fd */ - break; default: close(fd); break; @@ -547,8 +600,11 @@ key_load_private(const char *filename, const char *passphrase, int fd; fd = open(filename, O_RDONLY); - if (fd < 0) + if (fd < 0) { + debug("could not open key file '%s': %s", filename, + strerror(errno)); return NULL; + } if (!key_perm_ok(fd, filename)) { error("bad permissions: ignore key: %s", filename); close(fd); @@ -575,15 +631,16 @@ static int key_try_load_public(Key *k, const char *filename, char **commentp) { FILE *f; - char line[4096]; + char line[SSH_MAX_PUBKEY_BYTES]; char *cp; + u_long linenum = 0; f = fopen(filename, "r"); if (f != NULL) { - while (fgets(line, sizeof(line), f)) { - line[sizeof(line)-1] = '\0'; + while (read_keyfile_line(f, filename, line, sizeof(line), + &linenum) != -1) { cp = line; - switch(*cp){ + switch (*cp) { case '#': case '\n': case '\0': @@ -613,9 +670,18 @@ key_load_public(const char *filename, char **commentp) Key *pub; char file[MAXPATHLEN]; + /* try rsa1 private key */ pub = key_load_public_type(KEY_RSA1, filename, commentp); if (pub != NULL) return pub; + + /* try rsa1 public key */ + pub = key_new(KEY_RSA1); + if (key_try_load_public(pub, filename, commentp) == 1) + return pub; + key_free(pub); + + /* try ssh2 public key */ pub = key_new(KEY_UNSPEC); if (key_try_load_public(pub, filename, commentp) == 1) return pub;