=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/authfile.c,v retrieving revision 1.32.2.2 retrieving revision 1.32.2.3 diff -u -r1.32.2.2 -r1.32.2.3 --- src/usr.bin/ssh/authfile.c 2001/11/15 00:15:19 1.32.2.2 +++ src/usr.bin/ssh/authfile.c 2002/03/09 00:20:44 1.32.2.3 @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.32.2.2 2001/11/15 00:15:19 miod Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.32.2.3 2002/03/09 00:20:44 miod Exp $"); #include #include @@ -50,6 +50,7 @@ #include "ssh.h" #include "log.h" #include "authfile.h" +#include "rsa.h" /* Version identification string for SSH v1 identity files. */ static const char authfile_id_string[] = @@ -67,8 +68,8 @@ const char *comment) { Buffer buffer, encrypted; - char buf[100], *cp; - int fd, i; + u_char buf[100], *cp; + int fd, i, cipher_num; CipherContext ciphercontext; Cipher *cipher; u_int32_t rand; @@ -77,11 +78,9 @@ * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting * to another cipher; otherwise use SSH_AUTHFILE_CIPHER. */ - if (strcmp(passphrase, "") == 0) - cipher = cipher_by_number(SSH_CIPHER_NONE); - else - cipher = cipher_by_number(SSH_AUTHFILE_CIPHER); - if (cipher == NULL) + cipher_num = (strcmp(passphrase, "") == 0) ? + SSH_CIPHER_NONE : SSH_AUTHFILE_CIPHER; + if ((cipher = cipher_by_number(cipher_num)) == NULL) fatal("save_private_key_rsa: bad cipher"); /* This buffer is used to built the secret part of the private key. */ @@ -118,7 +117,7 @@ buffer_put_char(&encrypted, 0); /* Store cipher type. */ - buffer_put_char(&encrypted, cipher->number); + buffer_put_char(&encrypted, cipher_num); buffer_put_int(&encrypted, 0); /* For future extension */ /* Store public key. This will be in plain text. */ @@ -128,11 +127,13 @@ buffer_put_cstring(&encrypted, comment); /* Allocate space for the private part of the key in the buffer. */ - buffer_append_space(&encrypted, &cp, buffer_len(&buffer)); + cp = buffer_append_space(&encrypted, buffer_len(&buffer)); - cipher_set_key_string(&ciphercontext, cipher, passphrase); - cipher_encrypt(&ciphercontext, (u_char *) cp, - (u_char *) buffer_ptr(&buffer), buffer_len(&buffer)); + cipher_set_key_string(&ciphercontext, cipher, passphrase, + CIPHER_ENCRYPT); + cipher_crypt(&ciphercontext, cp, + buffer_ptr(&buffer), buffer_len(&buffer)); + cipher_cleanup(&ciphercontext); memset(&ciphercontext, 0, sizeof(ciphercontext)); /* Destroy temporary data. */ @@ -147,7 +148,7 @@ if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) != buffer_len(&encrypted)) { error("write to key file %s failed: %s", filename, - strerror(errno)); + strerror(errno)); buffer_free(&encrypted); close(fd); unlink(filename); @@ -167,8 +168,8 @@ int fd; int success = 0; int len = strlen(_passphrase); - char *passphrase = (len > 0) ? (char *)_passphrase : NULL; - EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL; + u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL; + const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL; if (len > 0 && len <= 4) { error("passphrase too short: have %d bytes, need > 4", len); @@ -239,7 +240,7 @@ lseek(fd, (off_t) 0, SEEK_SET); buffer_init(&buffer); - buffer_append_space(&buffer, &cp, len); + cp = buffer_append_space(&buffer, len); if (read(fd, cp, (size_t) len) != (size_t) len) { debug("Read from key file %.200s failed: %.100s", filename, @@ -313,18 +314,16 @@ int i, check1, check2, cipher_type; off_t len; Buffer buffer, decrypted; - char *cp; + u_char *cp; CipherContext ciphercontext; Cipher *cipher; - BN_CTX *ctx; - BIGNUM *aux; Key *prv = NULL; len = lseek(fd, (off_t) 0, SEEK_END); lseek(fd, (off_t) 0, SEEK_SET); buffer_init(&buffer); - buffer_append_space(&buffer, &cp, len); + cp = buffer_append_space(&buffer, len); if (read(fd, cp, (size_t) len) != (size_t) len) { debug("Read from key file %.200s failed: %.100s", filename, @@ -378,12 +377,14 @@ } /* Initialize space for decrypted data. */ buffer_init(&decrypted); - buffer_append_space(&decrypted, &cp, buffer_len(&buffer)); + cp = buffer_append_space(&decrypted, buffer_len(&buffer)); /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ - cipher_set_key_string(&ciphercontext, cipher, passphrase); - cipher_decrypt(&ciphercontext, (u_char *) cp, - (u_char *) buffer_ptr(&buffer), buffer_len(&buffer)); + cipher_set_key_string(&ciphercontext, cipher, passphrase, + CIPHER_DECRYPT); + cipher_crypt(&ciphercontext, cp, + buffer_ptr(&buffer), buffer_len(&buffer)); + cipher_cleanup(&ciphercontext); memset(&ciphercontext, 0, sizeof(ciphercontext)); buffer_free(&buffer); @@ -406,18 +407,8 @@ buffer_get_bignum(&decrypted, prv->rsa->p); /* q */ /* calculate p-1 and q-1 */ - ctx = BN_CTX_new(); - aux = BN_new(); + rsa_generate_additional_parameters(prv->rsa); - BN_sub(aux, prv->rsa->q, BN_value_one()); - BN_mod(prv->rsa->dmq1, prv->rsa->d, aux, ctx); - - BN_sub(aux, prv->rsa->p, BN_value_one()); - BN_mod(prv->rsa->dmp1, prv->rsa->d, aux, ctx); - - BN_clear_free(aux); - BN_CTX_free(ctx); - buffer_free(&decrypted); close(fd); return prv; @@ -450,7 +441,7 @@ debug("PEM_read_PrivateKey failed"); (void)ERR_get_error(); } else if (pk->type == EVP_PKEY_RSA && - (type == KEY_UNSPEC||type==KEY_RSA)) { + (type == KEY_UNSPEC||type==KEY_RSA)) { prv = key_new(KEY_UNSPEC); prv->rsa = EVP_PKEY_get1_RSA(pk); prv->type = KEY_RSA; @@ -459,7 +450,7 @@ RSA_print_fp(stderr, prv->rsa, 8); #endif } else if (pk->type == EVP_PKEY_DSA && - (type == KEY_UNSPEC||type==KEY_DSA)) { + (type == KEY_UNSPEC||type==KEY_DSA)) { prv = key_new(KEY_UNSPEC); prv->dsa = EVP_PKEY_get1_DSA(pk); prv->type = KEY_DSA; @@ -583,7 +574,7 @@ while (fgets(line, sizeof(line), f)) { line[sizeof(line)-1] = '\0'; cp = line; - switch(*cp){ + switch (*cp) { case '#': case '\n': case '\0':