version 1.74, 2014/02/02 03:44:32 |
version 1.75, 2014/06/24 01:13:21 |
|
|
|
|
/* Decrypt the challenge using the private key. */ |
/* Decrypt the challenge using the private key. */ |
/* XXX think about Bleichenbacher, too */ |
/* XXX think about Bleichenbacher, too */ |
if (rsa_private_decrypt(challenge, challenge, prv) <= 0) |
if (rsa_private_decrypt(challenge, challenge, prv) != 0) |
packet_disconnect( |
packet_disconnect( |
"respond_to_rsa_challenge: rsa_private_decrypt failed"); |
"respond_to_rsa_challenge: rsa_private_decrypt failed"); |
|
|
|
|
* load the private key. Try first with empty passphrase; if it |
* load the private key. Try first with empty passphrase; if it |
* fails, ask for a passphrase. |
* fails, ask for a passphrase. |
*/ |
*/ |
if (public->flags & KEY_FLAG_EXT) |
if (public->flags & SSHKEY_FLAG_EXT) |
private = public; |
private = public; |
else |
else |
private = key_load_private_type(KEY_RSA1, authfile, "", NULL, |
private = key_load_private_type(KEY_RSA1, authfile, "", NULL, |
|
|
respond_to_rsa_challenge(challenge, private->rsa); |
respond_to_rsa_challenge(challenge, private->rsa); |
|
|
/* Destroy the private key unless it in external hardware. */ |
/* Destroy the private key unless it in external hardware. */ |
if (!(private->flags & KEY_FLAG_EXT)) |
if (!(private->flags & SSHKEY_FLAG_EXT)) |
key_free(private); |
key_free(private); |
|
|
/* We no longer need the challenge. */ |
/* We no longer need the challenge. */ |
|
|
BN_num_bits(server_key->rsa->n), |
BN_num_bits(server_key->rsa->n), |
SSH_KEY_BITS_RESERVED); |
SSH_KEY_BITS_RESERVED); |
} |
} |
rsa_public_encrypt(key, key, server_key->rsa); |
if (rsa_public_encrypt(key, key, server_key->rsa) != 0 || |
rsa_public_encrypt(key, key, host_key->rsa); |
rsa_public_encrypt(key, key, host_key->rsa) != 0) |
|
fatal("%s: rsa_public_encrypt failed", __func__); |
} else { |
} else { |
/* Host key has smaller modulus (or they are equal). */ |
/* Host key has smaller modulus (or they are equal). */ |
if (BN_num_bits(server_key->rsa->n) < |
if (BN_num_bits(server_key->rsa->n) < |
|
|
BN_num_bits(host_key->rsa->n), |
BN_num_bits(host_key->rsa->n), |
SSH_KEY_BITS_RESERVED); |
SSH_KEY_BITS_RESERVED); |
} |
} |
rsa_public_encrypt(key, key, host_key->rsa); |
if (rsa_public_encrypt(key, key, host_key->rsa) != 0 || |
rsa_public_encrypt(key, key, server_key->rsa); |
rsa_public_encrypt(key, key, server_key->rsa) != 0) |
|
fatal("%s: rsa_public_encrypt failed", __func__); |
} |
} |
|
|
/* Destroy the public keys since we no longer need them. */ |
/* Destroy the public keys since we no longer need them. */ |