diff options
author | Damien Miller <djm@mindrot.org> | 2000-03-09 21:27:49 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-03-09 21:27:49 +1100 |
commit | 98c7ad60ec5725d91da9f9f6d26cd9fe477398c0 (patch) | |
tree | 104c3e3474be8e308d05e22d79715c833c6cf837 /auth-rsa.c | |
parent | 1a07ebd4d8d39c6814bbd84c1aec4ebf2bd005a2 (diff) | |
download | openssh-git-98c7ad60ec5725d91da9f9f6d26cd9fe477398c0.tar.gz |
- OpenBSD CVS updates to v1.2.3
[ssh.h atomicio.c]
- int atomicio -> ssize_t (for alpha). ok deraadt@
[auth-rsa.c]
- delay MD5 computation until client sends response, free() early, cleanup.
[cipher.c]
- void* -> unsigned char*, ok niels@
[hostfile.c]
- remove unused variable 'len'. fix comments.
- remove unused variable
[log-client.c log-server.c]
- rename a cpp symbol, to avoid param.h collision
[packet.c]
- missing xfree()
- getsockname() requires initialized tolen; andy@guildsoftware.com
- use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
from Holger.Trapp@Informatik.TU-Chemnitz.DE
[pty.c pty.h]
- register cleanup for pty earlier. move code for pty-owner handling to
pty.c ok provos@, dugsong@
[readconf.c]
- turn off x11-fwd for the client, too.
[rsa.c]
- PKCS#1 padding
[scp.c]
- allow '.' in usernames; from jedgar@fxp.org
[servconf.c]
- typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
- sync with sshd_config
[ssh-keygen.c]
- enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
[ssh.1]
- Change invalid 'CHAT' loglevel to 'VERBOSE'
[ssh.c]
- suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
- turn off x11-fwd for the client, too.
[sshconnect.c]
- missing xfree()
- retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
- read error vs. "Connection closed by remote host"
[sshd.8]
- ie. -> i.e.,
- do not link to a commercial page..
- sync with sshd_config
[sshd.c]
- no need for poll.h; from bright@wintelcom.net
- log with level log() not fatal() if peer behaves badly.
- don't panic if client behaves strange. ok deraadt@
- make no-port-forwarding for RSA keys deny both -L and -R style fwding
- delay close() of pty until the pty has been chowned back to root
- oops, fix comment, too.
- missing xfree()
- move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
(http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
- register cleanup for pty earlier. move code for pty-owner handling to
pty.c ok provos@, dugsong@
- create x11 cookie file
- fix pr 1113, fclose() -> pclose(), todo: remote popen()
- version 1.2.3
- Cleaned up
Diffstat (limited to 'auth-rsa.c')
-rw-r--r-- | auth-rsa.c | 27 |
1 files changed, 12 insertions, 15 deletions
@@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: auth-rsa.c,v 1.12 2000/01/20 11:44:09 damien Exp $"); +RCSID("$Id: auth-rsa.c,v 1.13 2000/03/09 10:27:50 damien Exp $"); #include "rsa.h" #include "packet.h" @@ -68,9 +68,9 @@ extern unsigned char session_id[16]; int auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) { - BIGNUM *challenge, *encrypted_challenge, *aux; + BIGNUM *challenge, *encrypted_challenge; RSA *pk; - BN_CTX *ctx = BN_CTX_new(); + BN_CTX *ctx; unsigned char buf[32], mdbuf[16], response[16]; MD5_CTX md; unsigned int i; @@ -78,11 +78,12 @@ auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) encrypted_challenge = BN_new(); challenge = BN_new(); - aux = BN_new(); /* Generate a random challenge. */ BN_rand(challenge, 256, 0, 0); + ctx = BN_CTX_new(); BN_mod(challenge, challenge, n, ctx); + BN_CTX_free(ctx); /* Create the public key data structure. */ pk = RSA_new(); @@ -99,8 +100,15 @@ auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); packet_put_bignum(encrypted_challenge); packet_send(); + BN_clear_free(encrypted_challenge); packet_write_wait(); + /* Wait for a response. */ + packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE); + packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE); + for (i = 0; i < 16; i++) + response[i] = packet_get_char(); + /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); if (len <= 0 || len > 32) @@ -111,18 +119,7 @@ auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) MD5_Update(&md, buf, 32); MD5_Update(&md, session_id, 16); MD5_Final(mdbuf, &md); - - /* We will no longer need these. */ - BN_clear_free(encrypted_challenge); BN_clear_free(challenge); - BN_clear_free(aux); - BN_CTX_free(ctx); - - /* Wait for a response. */ - packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE); - packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE); - for (i = 0; i < 16; i++) - response[i] = packet_get_char(); /* Verify that the response is the original challenge. */ if (memcmp(response, mdbuf, 16) != 0) { |