Patch for OpenSSH-7.4p1 to compile with OpenSSL-1.1.0c

This is a patch for OpenSSH-7.4p1 to build with OpenSSL-1.1.0c . By default OpenSSH-7.4p1 only supports up to OpenSSL-1.0.x versions. This patch will build and pass all "make tests" regressions.

Some obsolete OS may not pass the last test_utf8 test; use env TEST_SSH_UTF8=no ./configure ... to skip the test.

This patch does not support OpenSSL 1.0.x, so don't if. This patch doesn't introduce new functions to emulate 1.1.x API on 1.0.x .

Similar, but independent approaches:

Kurt Roeckx's patch

Fedora's patch based on Kurt patch

Comments:

OpenSSL 1.0.x support is dropped for simplicity; else it needs tons of #ifdefs which was minimal in origial OpenSSH code.

I do agree with Kurt's comment that checking for allocated non NULL BIGNUMs in regression tests is pointless. My patch does allocate dummy BIGNUMs, but this shouldn't be necessary under OpenSSL 1.1.x API.

LibreSSL used by OpenBSD has different API, so this patch is unlikely to be merged upstream.

Index: cipher-3des1.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/cipher-3des1.c,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 cipher-3des1.c --- cipher-3des1.c 23 Dec 2016 02:49:10 -0000 1.1.1.2 +++ cipher-3des1.c 23 Dec 2016 06:54:21 -0000 @@ -44,7 +44,7 @@ */ struct ssh1_3des_ctx { - EVP_CIPHER_CTX k1, k2, k3; + EVP_CIPHER_CTX *k1, *k2, *k3; }; const EVP_CIPHER * evp_ssh1_3des(void); @@ -65,7 +65,7 @@ if (key == NULL) return 1; if (enc == -1) - enc = ctx->encrypt; + enc = EVP_CIPHER_CTX_encrypting(ctx); k1 = k2 = k3 = (u_char *) key; k2 += 8; if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) { @@ -74,12 +74,17 @@ else k1 += 16; } - EVP_CIPHER_CTX_init(&c->k1); - EVP_CIPHER_CTX_init(&c->k2); - EVP_CIPHER_CTX_init(&c->k3); - if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || - EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || - EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { + c->k1 = c->k2 = c->k3 = NULL; + c->k1 = EVP_CIPHER_CTX_new(); + c->k2 = EVP_CIPHER_CTX_new(); + c->k3 = EVP_CIPHER_CTX_new(); + if (c->k1 == NULL || c->k2 == NULL || c->k3 == NULL || + EVP_CipherInit(c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || + EVP_CipherInit(c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || + EVP_CipherInit(c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { + EVP_CIPHER_CTX_free(c->k1); + EVP_CIPHER_CTX_free(c->k2); + EVP_CIPHER_CTX_free(c->k3); explicit_bzero(c, sizeof(*c)); free(c); EVP_CIPHER_CTX_set_app_data(ctx, NULL); @@ -95,9 +100,9 @@ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) return 0; - if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 || - EVP_Cipher(&c->k2, dest, dest, len) == 0 || - EVP_Cipher(&c->k3, dest, dest, len) == 0) + if (EVP_Cipher(c->k1, dest, (u_char *)src, len) == 0 || + EVP_Cipher(c->k2, dest, dest, len) == 0 || + EVP_Cipher(c->k3, dest, dest, len) == 0) return 0; return 1; } @@ -108,9 +113,9 @@ struct ssh1_3des_ctx *c; if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { - EVP_CIPHER_CTX_cleanup(&c->k1); - EVP_CIPHER_CTX_cleanup(&c->k2); - EVP_CIPHER_CTX_cleanup(&c->k3); + EVP_CIPHER_CTX_free(c->k1); + EVP_CIPHER_CTX_free(c->k2); + EVP_CIPHER_CTX_free(c->k3); explicit_bzero(c, sizeof(*c)); free(c); EVP_CIPHER_CTX_set_app_data(ctx, NULL); @@ -128,13 +133,13 @@ if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) return SSH_ERR_INTERNAL_ERROR; if (doset) { - memcpy(c->k1.iv, iv, 8); - memcpy(c->k2.iv, iv + 8, 8); - memcpy(c->k3.iv, iv + 16, 8); + memcpy(EVP_CIPHER_CTX_iv_noconst(c->k1), iv, 8); + memcpy(EVP_CIPHER_CTX_iv_noconst(c->k2), iv + 8, 8); + memcpy(EVP_CIPHER_CTX_iv_noconst(c->k3), iv + 16, 8); } else { - memcpy(iv, c->k1.iv, 8); - memcpy(iv + 8, c->k2.iv, 8); - memcpy(iv + 16, c->k3.iv, 8); + memcpy(iv, EVP_CIPHER_CTX_iv(c->k1), 8); + memcpy(iv + 8, EVP_CIPHER_CTX_iv(c->k2), 8); + memcpy(iv + 16, EVP_CIPHER_CTX_iv(c->k3), 8); } return 0; } @@ -142,6 +147,7 @@ const EVP_CIPHER * evp_ssh1_3des(void) { +#if OPENSSL_VERSION_NUMBER < 0x10100000UL /*{*/ static EVP_CIPHER ssh1_3des; memset(&ssh1_3des, 0, sizeof(ssh1_3des)); @@ -154,5 +160,15 @@ ssh1_3des.do_cipher = ssh1_3des_cbc; ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH; return &ssh1_3des; +#else /*}{*/ + static EVP_CIPHER *ssh1_3des_p; + ssh1_3des_p = EVP_CIPHER_meth_new(NID_undef, /*block_size*/8, /*key_len*/16); /*XXX check return*/ + EVP_CIPHER_meth_set_iv_length(ssh1_3des_p, 0); + EVP_CIPHER_meth_set_init(ssh1_3des_p, ssh1_3des_init); + EVP_CIPHER_meth_set_cleanup(ssh1_3des_p, ssh1_3des_cleanup); + EVP_CIPHER_meth_set_do_cipher(ssh1_3des_p, ssh1_3des_cbc); + EVP_CIPHER_meth_set_flags(ssh1_3des_p, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH); + return ssh1_3des_p; +#endif /*}*/ } #endif /* WITH_SSH1 */ Index: cipher-bf1.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/cipher-bf1.c,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 cipher-bf1.c --- cipher-bf1.c 23 Dec 2016 02:49:10 -0000 1.1.1.2 +++ cipher-bf1.c 23 Dec 2016 06:54:21 -0000 @@ -29,6 +29,7 @@ #include <string.h> #include <openssl/evp.h> +#include <openssl/blowfish.h> /*BF_KEY*/ #include "openbsd-compat/openssl-compat.h" @@ -89,17 +90,27 @@ const EVP_CIPHER * evp_ssh1_bf(void) { - static EVP_CIPHER ssh1_bf; + static EVP_CIPHER *ssh1_bfp; - memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER)); - orig_bf = ssh1_bf.do_cipher; - ssh1_bf.nid = NID_undef; + ssh1_bfp = EVP_CIPHER_meth_new(NID_undef, /*block_size*/8, /*key_len*/32); + + orig_bf = EVP_CIPHER_meth_get_do_cipher(EVP_bf_cbc()); #ifdef SSH_OLD_EVP ssh1_bf.init = bf_ssh1_init; #endif - ssh1_bf.do_cipher = bf_ssh1_cipher; - ssh1_bf.key_len = 32; - return (&ssh1_bf); + EVP_CIPHER_meth_set_do_cipher(ssh1_bfp, bf_ssh1_cipher); + + /* set remaining members... */ + EVP_CIPHER_meth_set_iv_length(ssh1_bfp, 8); + EVP_CIPHER_meth_set_flags(ssh1_bfp, EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE); + EVP_CIPHER_meth_set_init(ssh1_bfp, EVP_CIPHER_meth_get_init(EVP_bf_cbc())); + EVP_CIPHER_meth_set_cleanup(ssh1_bfp, EVP_CIPHER_meth_get_cleanup(EVP_bf_cbc())); + EVP_CIPHER_meth_set_impl_ctx_size(ssh1_bfp, /*sizeof(EVP_BF_KEY) == */sizeof(BF_KEY)); + EVP_CIPHER_meth_set_set_asn1_params(ssh1_bfp, EVP_CIPHER_set_asn1_iv); + EVP_CIPHER_meth_set_get_asn1_params(ssh1_bfp, EVP_CIPHER_get_asn1_iv); + EVP_CIPHER_meth_set_ctrl(ssh1_bfp, NULL); + /*app_data = NULL*/ + return (ssh1_bfp); } #endif /* defined(WITH_OPENSSL) && !defined(OPENSSL_NO_BF) */ Index: cipher.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/cipher.c,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 cipher.c --- cipher.c 23 Dec 2016 02:49:10 -0000 1.1.1.2 +++ cipher.c 23 Dec 2016 07:53:57 -0000 @@ -390,7 +390,10 @@ goto out; } } - if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) { + /* in OpenSSL 1.1.0, EVP_CipherInit clears all previous setups; + use EVP_CipherInit_ex for augmenting */ + if (EVP_CipherInit_ex(cc->evp, NULL, NULL, (u_char *)key, NULL, -1) == 0) + { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -625,7 +628,7 @@ len, iv)) return SSH_ERR_LIBCRYPTO_ERROR; } else - memcpy(iv, cc->evp->iv, len); + memcpy(iv, EVP_CIPHER_CTX_iv(cc->evp), len); break; #endif #ifdef WITH_SSH1 @@ -671,7 +674,7 @@ EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) return SSH_ERR_LIBCRYPTO_ERROR; } else - memcpy(cc->evp->iv, iv, evplen); + memcpy(EVP_CIPHER_CTX_iv_noconst(cc->evp), iv, evplen); /*XXX using EVP_CIPHER_CTX_iv_noconst as LHS*/ break; #endif #ifdef WITH_SSH1 @@ -685,8 +688,13 @@ } #ifdef WITH_OPENSSL -#define EVP_X_STATE(evp) (evp)->cipher_data -#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size +# if OPENSSL_VERSION_NUMBER >= 0x10100000UL +#define EVP_X_STATE(evp) EVP_CIPHER_CTX_get_cipher_data(evp) +#define EVP_X_STATE_LEN(evp) EVP_CIPHER_impl_ctx_size(EVP_CIPHER_CTX_cipher(evp)) +# else +#define EVP_X_STATE(evp) (evp).cipher_data +#define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size +# endif #endif int Index: cipher.h =================================================================== RCS file: /home/kabe/cvsroot/openssh/cipher.h,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 cipher.h --- cipher.h 23 Dec 2016 02:49:10 -0000 1.1.1.2 +++ cipher.h 23 Dec 2016 07:56:59 -0000 @@ -63,7 +63,18 @@ #define CIPHER_DECRYPT 0 struct sshcipher; +#if 0 +struct sshcipher_ctx { + int plaintext; + int encrypt; + EVP_CIPHER_CTX *evp; + struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ + struct aesctr_ctx ac_ctx; /* XXX union with evp? */ + const struct sshcipher *cipher; +}; +#else struct sshcipher_ctx; +#endif u_int cipher_mask_ssh1(int); const struct sshcipher *cipher_by_name(const char *); Index: dh.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/dh.c,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 dh.c --- dh.c 23 Dec 2016 02:49:11 -0000 1.1.1.2 +++ dh.c 23 Dec 2016 07:58:44 -0000 @@ -212,14 +212,15 @@ /* diffie-hellman-groupN-sha1 */ int -dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) +dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub) { int i; int n = BN_num_bits(dh_pub); int bits_set = 0; BIGNUM *tmp; + const BIGNUM *p; - if (dh_pub->neg) { + if (BN_is_negative(dh_pub)) { logit("invalid public DH value: negative"); return 0; } @@ -232,7 +233,8 @@ error("%s: BN_new failed", __func__); return 0; } - if (!BN_sub(tmp, dh->p, BN_value_one()) || + DH_get0_pqg(dh, &p, NULL, NULL); + if (!BN_sub(tmp, p, BN_value_one()) || BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ BN_clear_free(tmp); logit("invalid public DH value: >= p-1"); @@ -243,14 +245,14 @@ for (i = 0; i <= n; i++) if (BN_is_bit_set(dh_pub, i)) bits_set++; - debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); + debug2("bits set: %d/%d", bits_set, BN_num_bits(p)); /* * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ if (bits_set < 4) { logit("invalid public DH value (%d/%d)", - bits_set, BN_num_bits(dh->p)); + bits_set, BN_num_bits(p)); return 0; } return 1; @@ -260,9 +262,13 @@ dh_gen_key(DH *dh, int need) { int pbits; + const BIGNUM *p, *pub_key; + BIGNUM *priv_key; - if (need < 0 || dh->p == NULL || - (pbits = BN_num_bits(dh->p)) <= 0 || + DH_get0_pqg(dh, &p, NULL, NULL); + + if (need < 0 || p == NULL || + (pbits = BN_num_bits(p)) <= 0 || need > INT_MAX / 2 || 2 * need > pbits) return SSH_ERR_INVALID_ARGUMENT; if (need < 256) @@ -271,10 +277,13 @@ * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)), * so double requested need here. */ - dh->length = MINIMUM(need * 2, pbits - 1); - if (DH_generate_key(dh) == 0 || - !dh_pub_is_valid(dh, dh->pub_key)) { - BN_clear_free(dh->priv_key); + DH_set_length(dh, MIN(need * 2, pbits - 1)); + if (DH_generate_key(dh) == 0) { + return SSH_ERR_LIBCRYPTO_ERROR; + } + DH_get0_key(dh, &pub_key, &priv_key); + if (!dh_pub_is_valid(dh, pub_key)) { + BN_clear(priv_key); return SSH_ERR_LIBCRYPTO_ERROR; } return 0; @@ -283,16 +292,27 @@ DH * dh_new_group_asc(const char *gen, const char *modulus) { - DH *dh; + DH *dh = NULL; + BIGNUM *p=NULL, *g=NULL; - if ((dh = DH_new()) == NULL) - return NULL; - if (BN_hex2bn(&dh->p, modulus) == 0 || - BN_hex2bn(&dh->g, gen) == 0) { - DH_free(dh); - return NULL; + if ((dh = DH_new()) == NULL || + (p = BN_new()) == NULL || + (g = BN_new()) == NULL) + goto null; + if (BN_hex2bn(&p, modulus) == 0 || + BN_hex2bn(&g, gen) == 0) { + goto null; } + if (DH_set0_pqg(dh, p, NULL, g) == 0) { + goto null; + } + p = g = NULL; return (dh); +null: + BN_free(p); + BN_free(g); + DH_free(dh); + return NULL; } /* @@ -307,8 +327,8 @@ if ((dh = DH_new()) == NULL) return NULL; - dh->p = modulus; - dh->g = gen; + if (DH_set0_pqg(dh, modulus, NULL, gen) == 0) + return NULL; return (dh); } Index: dh.h =================================================================== RCS file: /home/kabe/cvsroot/openssh/dh.h,v retrieving revision 1.1.1.1 retrieving revision 1.3 diff -u -r1.1.1.1 -r1.3 --- dh.h 3 Nov 2016 07:51:56 -0000 1.1.1.1 +++ dh.h 22 Dec 2016 01:04:12 -0000 1.3 @@ -42,7 +42,7 @@ DH *dh_new_group_fallback(int); int dh_gen_key(DH *, int); -int dh_pub_is_valid(DH *, BIGNUM *); +int dh_pub_is_valid(const DH *, const BIGNUM *); u_int dh_estimate(int); Index: digest-openssl.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/digest-openssl.c,v retrieving revision 1.1.1.1 retrieving revision 1.3 diff -u -r1.1.1.1 -r1.3 --- digest-openssl.c 3 Nov 2016 07:51:56 -0000 1.1.1.1 +++ digest-openssl.c 22 Dec 2016 01:04:12 -0000 1.3 @@ -43,7 +43,7 @@ struct ssh_digest_ctx { int alg; - EVP_MD_CTX mdctx; + EVP_MD_CTX *mdctx; }; struct ssh_digest { @@ -107,20 +107,21 @@ size_t ssh_digest_blocksize(struct ssh_digest_ctx *ctx) { - return EVP_MD_CTX_block_size(&ctx->mdctx); + return EVP_MD_CTX_block_size(ctx->mdctx); } struct ssh_digest_ctx * ssh_digest_start(int alg) { const struct ssh_digest *digest = ssh_digest_by_alg(alg); - struct ssh_digest_ctx *ret; + struct ssh_digest_ctx *ret = NULL; if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL)) return NULL; ret->alg = alg; - EVP_MD_CTX_init(&ret->mdctx); - if (EVP_DigestInit_ex(&ret->mdctx, digest->mdfunc(), NULL) != 1) { + if ((ret->mdctx = EVP_MD_CTX_new()) == NULL || + EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) { + EVP_MD_CTX_free(ret->mdctx); free(ret); return NULL; } @@ -133,7 +134,7 @@ if (from->alg != to->alg) return SSH_ERR_INVALID_ARGUMENT; /* we have bcopy-style order while openssl has memcpy-style */ - if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx)) + if (!EVP_MD_CTX_copy_ex(to->mdctx, from->mdctx)) return SSH_ERR_LIBCRYPTO_ERROR; return 0; } @@ -141,7 +142,7 @@ int ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) { - if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1) + if (EVP_DigestUpdate(ctx->mdctx, m, mlen) != 1) return SSH_ERR_LIBCRYPTO_ERROR; return 0; } @@ -162,7 +163,7 @@ return SSH_ERR_INVALID_ARGUMENT; if (dlen < digest->digest_len) /* No truncation allowed */ return SSH_ERR_INVALID_ARGUMENT; - if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1) + if (EVP_DigestFinal_ex(ctx->mdctx, d, &l) != 1) return SSH_ERR_LIBCRYPTO_ERROR; if (l != digest->digest_len) /* sanity */ return SSH_ERR_INTERNAL_ERROR; @@ -173,7 +174,7 @@ ssh_digest_free(struct ssh_digest_ctx *ctx) { if (ctx != NULL) { - EVP_MD_CTX_cleanup(&ctx->mdctx); + EVP_MD_CTX_free(ctx->mdctx); explicit_bzero(ctx, sizeof(*ctx)); free(ctx); } Index: kexdhc.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/kexdhc.c,v retrieving revision 1.1.1.1 retrieving revision 1.3 diff -u -r1.1.1.1 -r1.3 --- kexdhc.c 3 Nov 2016 07:51:56 -0000 1.1.1.1 +++ kexdhc.c 22 Dec 2016 01:04:12 -0000 1.3 @@ -81,11 +81,16 @@ goto out; } debug("sending SSH2_MSG_KEXDH_INIT"); - if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || - (r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || + { + const BIGNUM *pub_key; + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) + goto out; + DH_get0_key(kex->dh, &pub_key, NULL); + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || (r = sshpkt_send(ssh)) != 0) goto out; + } #ifdef DEBUG_KEXDH DHparams_print_fp(stderr, kex->dh); fprintf(stderr, "pub= "); @@ -170,6 +175,9 @@ /* calc and verify H */ hashlen = sizeof(hash); + { + const BIGNUM *pub_key; + DH_get0_key(kex->dh, &pub_key, NULL); if ((r = kex_dh_hash( kex->hash_alg, kex->client_version_string, @@ -177,11 +185,13 @@ sshbuf_ptr(kex->my), sshbuf_len(kex->my), sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), server_host_key_blob, sbloblen, - kex->dh->pub_key, + pub_key, dh_server_pub, shared_secret, - hash, &hashlen)) != 0) + hash, &hashlen)) != 0) { goto out; + } + } if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, ssh->compat)) != 0) Index: kexdhs.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/kexdhs.c,v retrieving revision 1.1.1.1 retrieving revision 1.3 diff -u -r1.1.1.1 -r1.3 --- kexdhs.c 3 Nov 2016 07:51:56 -0000 1.1.1.1 +++ kexdhs.c 22 Dec 2016 01:04:12 -0000 1.3 @@ -87,6 +87,10 @@ ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init); r = 0; out: + if (r != 0) { + if (kex->dh) DH_free(kex->dh); + kex->dh = NULL; + } return r; } @@ -164,6 +168,9 @@ goto out; /* calc H */ hashlen = sizeof(hash); + { + const BIGNUM *pub_key; + DH_get0_key(kex->dh, &pub_key, NULL); if ((r = kex_dh_hash( kex->hash_alg, kex->client_version_string, @@ -172,10 +179,12 @@ sshbuf_ptr(kex->my), sshbuf_len(kex->my), server_host_key_blob, sbloblen, dh_client_pub, - kex->dh->pub_key, + pub_key, shared_secret, - hash, &hashlen)) != 0) + hash, &hashlen)) != 0) { goto out; + } + } /* save session id := H */ if (kex->session_id == NULL) { @@ -196,12 +205,17 @@ /* destroy_sensitive_data(); */ /* send server hostkey, DH pubkey 'f' and singed H */ + { + const BIGNUM *pub_key; + DH_get0_key(kex->dh, &pub_key, NULL); if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_send(ssh)) != 0) { goto out; + } + } if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); Index: kexgexc.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/kexgexc.c,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 kexgexc.c --- kexgexc.c 23 Dec 2016 02:49:11 -0000 1.1.1.2 +++ kexgexc.c 23 Dec 2016 06:54:21 -0000 @@ -119,11 +119,17 @@ p = g = NULL; /* belong to kex->dh now */ /* generate and send 'e', client DH public key */ - if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || - (r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || - (r = sshpkt_send(ssh)) != 0) + { + const BIGNUM *pub_key; + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) + goto out; + DH_get0_key(kex->dh, &pub_key, NULL); + if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || + (r = sshpkt_send(ssh)) != 0) { goto out; + } + } debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); #ifdef DEBUG_KEXDH DHparams_print_fp(stderr, kex->dh); @@ -135,10 +141,12 @@ ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply); r = 0; out: - if (p) + if (r != 0) { BN_clear_free(p); - if (g) BN_clear_free(g); + DH_free(kex->dh); + kex->dh = NULL; + } return r; } @@ -220,6 +228,10 @@ /* calc and verify H */ hashlen = sizeof(hash); + { + const BIGNUM *p, *g, *pub_key; + DH_get0_pqg(kex->dh, &p, NULL, &g); + DH_get0_key(kex->dh, &pub_key, NULL); if ((r = kexgex_hash( kex->hash_alg, kex->client_version_string, @@ -228,12 +240,14 @@ sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), server_host_key_blob, sbloblen, kex->min, kex->nbits, kex->max, - kex->dh->p, kex->dh->g, - kex->dh->pub_key, + p, g, + pub_key, dh_server_pub, shared_secret, - hash, &hashlen)) != 0) + hash, &hashlen)) != 0) { goto out; + } + } if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, ssh->compat)) != 0) Index: kexgexs.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/kexgexs.c,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 kexgexs.c --- kexgexs.c 23 Dec 2016 02:49:11 -0000 1.1.1.2 +++ kexgexs.c 23 Dec 2016 06:54:21 -0000 @@ -102,11 +102,16 @@ goto out; } debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); + { + const BIGNUM *p, *g; + DH_get0_pqg(kex->dh, &p, NULL, &g); if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 || - (r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 || - (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_put_bignum2(ssh, p)) != 0 || + (r = sshpkt_put_bignum2(ssh, g)) != 0 || + (r = sshpkt_send(ssh)) != 0) { goto out; + } + } /* Compute our exchange value in parallel with the client */ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) @@ -116,6 +121,10 @@ ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init); r = 0; out: + if (r != 0) { + DH_free(kex->dh); + kex->dh = NULL; + } return r; } @@ -193,6 +202,10 @@ goto out; /* calc H */ hashlen = sizeof(hash); + { + const BIGNUM *p, *g, *pub_key; + DH_get0_pqg(kex->dh, &p, NULL, &g); + DH_get0_key(kex->dh, &pub_key, NULL); if ((r = kexgex_hash( kex->hash_alg, kex->client_version_string, @@ -201,12 +214,14 @@ sshbuf_ptr(kex->my), sshbuf_len(kex->my), server_host_key_blob, sbloblen, kex->min, kex->nbits, kex->max, - kex->dh->p, kex->dh->g, + p, g, dh_client_pub, - kex->dh->pub_key, + pub_key, shared_secret, - hash, &hashlen)) != 0) + hash, &hashlen)) != 0) { goto out; + } + } /* save session id := H */ if (kex->session_id == NULL) { @@ -227,12 +242,17 @@ /* destroy_sensitive_data(); */ /* send server hostkey, DH pubkey 'f' and singed H */ + { + const BIGNUM *pub_key; + DH_get0_key(kex->dh, &pub_key, NULL); if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_send(ssh)) != 0) { goto out; + } + } if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); Index: monitor.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/monitor.c,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 monitor.c --- monitor.c 23 Dec 2016 02:49:12 -0000 1.1.1.2 +++ monitor.c 23 Dec 2016 06:54:21 -0000 @@ -578,10 +578,12 @@ buffer_put_char(m, 0); return (0); } else { + const BIGNUM *p, *g; + DH_get0_pqg(dh, &p, NULL, &g); /* Send first bignum */ buffer_put_char(m, 1); - buffer_put_bignum2(m, dh->p); - buffer_put_bignum2(m, dh->g); + buffer_put_bignum2(m, p); + buffer_put_bignum2(m, g); DH_free(dh); } Index: rsa.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/rsa.c,v retrieving revision 1.1.1.1 retrieving revision 1.3 diff -u -r1.1.1.1 -r1.3 --- rsa.c 3 Nov 2016 07:51:56 -0000 1.1.1.1 +++ rsa.c 22 Dec 2016 01:04:12 -0000 1.3 @@ -76,11 +76,14 @@ { u_char *inbuf = NULL, *outbuf = NULL; int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR; + const BIGNUM *e, *n; - if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) + RSA_get0_key(key, &n, &e, NULL); + + if (BN_num_bits(e) < 2 || !BN_is_odd(e)) return SSH_ERR_INVALID_ARGUMENT; - olen = BN_num_bytes(key->n); + olen = BN_num_bytes(n); if ((outbuf = malloc(olen)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; @@ -123,7 +126,7 @@ u_char *inbuf = NULL, *outbuf = NULL; int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR; - olen = BN_num_bytes(key->n); + olen = RSA_size(key); if ((outbuf = malloc(olen)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; @@ -172,13 +175,27 @@ goto out; } - if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) || - (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) || - (BN_sub(aux, rsa->p, BN_value_one()) == 0) || - (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) { + { + const BIGNUM *q, *d, *p; + BIGNUM *dmq1=NULL, *dmp1=NULL; + if ((dmq1 = BN_new()) == NULL || + (dmp1 = BN_new()) == NULL ) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + RSA_get0_key(rsa, NULL, NULL, &d); + RSA_get0_factors(rsa, &p, &q); + if ((BN_sub(aux, q, BN_value_one()) == 0) || + (BN_mod(dmq1, d, aux, ctx) == 0) || + (BN_sub(aux, p, BN_value_one()) == 0) || + (BN_mod(dmp1, d, aux, ctx) == 0) || + RSA_set0_crt_params(rsa, dmp1, dmq1, NULL) == 0) { r = SSH_ERR_LIBCRYPTO_ERROR; + BN_clear_free(dmp1); + BN_clear_free(dmq1); goto out; } + } r = 0; out: BN_clear_free(aux); Index: ssh-dss.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/ssh-dss.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ssh-dss.c 3 Nov 2016 07:51:56 -0000 1.1.1.1 +++ ssh-dss.c 3 Nov 2016 07:55:47 -0000 1.2 @@ -53,6 +53,7 @@ DSA_SIG *sig = NULL; u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); + const BIGNUM *r, *s; struct sshbuf *b = NULL; int ret = SSH_ERR_INVALID_ARGUMENT; @@ -76,15 +77,16 @@ goto out; } - rlen = BN_num_bytes(sig->r); - slen = BN_num_bytes(sig->s); + DSA_SIG_get0(sig, &r, &s); + rlen = BN_num_bytes(r); + slen = BN_num_bytes(s); if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { ret = SSH_ERR_INTERNAL_ERROR; goto out; } explicit_bzero(sigblob, SIGBLOB_LEN); - BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); - BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen); + BN_bn2bin(r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); + BN_bn2bin(s, sigblob + SIGBLOB_LEN - slen); if (compat & SSH_BUG_SIGBLOB) { if (sigp != NULL) { @@ -176,17 +178,26 @@ } /* parse signature */ + { + BIGNUM *r=NULL, *s=NULL; if ((sig = DSA_SIG_new()) == NULL || - (sig->r = BN_new()) == NULL || - (sig->s = BN_new()) == NULL) { + (r = BN_new()) == NULL || + (s = BN_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; + BN_free(r); + BN_free(s); goto out; } - if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || - (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) { + if ((BN_bin2bn(sigblob, INTBLOB_LEN, r) == NULL) || + (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, s) == NULL)) { ret = SSH_ERR_LIBCRYPTO_ERROR; + BN_free(r); + BN_free(s); goto out; } + DSA_SIG_set0(sig, r, s); + r = s = NULL; + } /* sha1 the data */ if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, Index: ssh-ecdsa.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/ssh-ecdsa.c,v retrieving revision 1.1.1.1 retrieving revision 1.3 diff -u -r1.1.1.1 -r1.3 --- ssh-ecdsa.c 3 Nov 2016 07:51:56 -0000 1.1.1.1 +++ ssh-ecdsa.c 22 Dec 2016 01:04:12 -0000 1.3 @@ -80,9 +80,14 @@ ret = SSH_ERR_ALLOC_FAIL; goto out; } - if ((ret = sshbuf_put_bignum2(bb, sig->r)) != 0 || - (ret = sshbuf_put_bignum2(bb, sig->s)) != 0) + { + const BIGNUM *r, *s; + ECDSA_SIG_get0(sig, &r, &s); + if ((ret = sshbuf_put_bignum2(bb, r)) != 0 || + (ret = sshbuf_put_bignum2(bb, s)) != 0) { goto out; + } + } if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 || (ret = sshbuf_put_stringb(b, bb)) != 0) goto out; @@ -151,11 +156,27 @@ ret = SSH_ERR_ALLOC_FAIL; goto out; } - if (sshbuf_get_bignum2(sigbuf, sig->r) != 0 || - sshbuf_get_bignum2(sigbuf, sig->s) != 0) { + { + BIGNUM *r=NULL, *s=NULL; + if ((r = BN_new()) == NULL || + (s = BN_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out_rs; + } + if (sshbuf_get_bignum2(sigbuf, r) != 0 || + sshbuf_get_bignum2(sigbuf, s) != 0) { ret = SSH_ERR_INVALID_FORMAT; + goto out_rs; + } + if (ECDSA_SIG_set0(sig, r, s) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; +out_rs: + BN_free(r); + BN_free(s); goto out; } + r = s = NULL; + } if (sshbuf_len(sigbuf) != 0) { ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; goto out; Index: ssh-keygen.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/ssh-keygen.c,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 ssh-keygen.c --- ssh-keygen.c 23 Dec 2016 02:49:13 -0000 1.1.1.2 +++ ssh-keygen.c 23 Dec 2016 06:54:21 -0000 @@ -481,11 +481,33 @@ switch (key->type) { case KEY_DSA: - buffer_get_bignum_bits(b, key->dsa->p); - buffer_get_bignum_bits(b, key->dsa->g); - buffer_get_bignum_bits(b, key->dsa->q); - buffer_get_bignum_bits(b, key->dsa->pub_key); - buffer_get_bignum_bits(b, key->dsa->priv_key); + { + BIGNUM *p=NULL, *g=NULL, *q=NULL, *pub_key=NULL, *priv_key=NULL; + if ((p=BN_new()) == NULL || + (g=BN_new()) == NULL || + (q=BN_new()) == NULL || + (pub_key=BN_new()) == NULL || + (priv_key=BN_new()) == NULL) { + BN_free(p); + BN_free(g); + BN_free(q); + BN_free(pub_key); + BN_free(priv_key); + return NULL; + } + buffer_get_bignum_bits(b, p); + buffer_get_bignum_bits(b, g); + buffer_get_bignum_bits(b, q); + buffer_get_bignum_bits(b, pub_key); + buffer_get_bignum_bits(b, priv_key); + if (DSA_set0_pqg(key->dsa, p, q, g) == 0 || + DSA_set0_key(key->dsa, pub_key, priv_key) == 0) { + fatal("failed to set DSA key"); + BN_free(p); BN_free(g); BN_free(q); + BN_free(pub_key); BN_free(priv_key); + return NULL; + } + } break; case KEY_RSA: if ((r = sshbuf_get_u8(b, &e1)) != 0 || @@ -502,16 +524,52 @@ e += e3; debug("e %lx", e); } - if (!BN_set_word(key->rsa->e, e)) { + { + BIGNUM *rsa_e = NULL; + BIGNUM *d=NULL, *n=NULL, *iqmp=NULL, *q=NULL, *p=NULL; + BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy input to set in RSA_set0_crt_params */ + rsa_e = BN_new(); + if (!rsa_e || !BN_set_word(rsa_e, e)) { + if (rsa_e) BN_free(rsa_e); sshbuf_free(b); sshkey_free(key); return NULL; } - buffer_get_bignum_bits(b, key->rsa->d); - buffer_get_bignum_bits(b, key->rsa->n); - buffer_get_bignum_bits(b, key->rsa->iqmp); - buffer_get_bignum_bits(b, key->rsa->q); - buffer_get_bignum_bits(b, key->rsa->p); + if ((d=BN_new()) == NULL || + (n=BN_new()) == NULL || + (iqmp=BN_new()) == NULL || + (q=BN_new()) == NULL || + (p=BN_new()) == NULL || + (dmp1=BN_new()) == NULL || + (dmq1=BN_new()) == NULL) { + BN_free(d); BN_free(n); BN_free(iqmp); + BN_free(q); BN_free(p); + BN_free(dmp1); BN_free(dmq1); + return NULL; + } + BN_clear(dmp1); BN_clear(dmq1); + buffer_get_bignum_bits(b, d); + buffer_get_bignum_bits(b, n); + buffer_get_bignum_bits(b, iqmp); + buffer_get_bignum_bits(b, q); + buffer_get_bignum_bits(b, p); + if (RSA_set0_key(key->rsa, n, rsa_e, d) == 0) + goto null; + n = d = NULL; + if (RSA_set0_factors(key->rsa, p, q) == 0) + goto null; + p = q = NULL; + /* dmp1, dmq1 should not be NULL for initial set0 */ + if (RSA_set0_crt_params(key->rsa, dmp1, dmq1, iqmp) == 0) { +null: + fatal("Failed to set RSA parameters"); + BN_free(d); BN_free(n); BN_free(iqmp); + BN_free(q); BN_free(p); + BN_free(dmp1); BN_free(dmq1); + return NULL; + } + dmp1 = dmq1 = iqmp = NULL; + } if ((r = rsa_generate_additional_parameters(key->rsa)) != 0) fatal("generate RSA parameters failed: %s", ssh_err(r)); break; @@ -621,7 +679,7 @@ identity_file); } fclose(fp); - switch (EVP_PKEY_type(pubkey->type)) { + switch (EVP_PKEY_type(EVP_PKEY_id(pubkey))) { case EVP_PKEY_RSA: if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) fatal("sshkey_new failed"); @@ -645,7 +703,7 @@ #endif default: fatal("%s: unsupported pubkey type %d", __func__, - EVP_PKEY_type(pubkey->type)); + EVP_PKEY_type(EVP_PKEY_id(pubkey))); } EVP_PKEY_free(pubkey); return; Index: ssh-pkcs11-client.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/ssh-pkcs11-client.c,v retrieving revision 1.1.1.1 retrieving revision 1.3 diff -u -r1.1.1.1 -r1.3 --- ssh-pkcs11-client.c 3 Nov 2016 07:51:56 -0000 1.1.1.1 +++ ssh-pkcs11-client.c 22 Dec 2016 01:04:12 -0000 1.3 @@ -143,12 +143,13 @@ static int wrap_key(RSA *rsa) { - static RSA_METHOD helper_rsa; + static RSA_METHOD *helper_rsa; - memcpy(&helper_rsa, RSA_get_default_method(), sizeof(helper_rsa)); - helper_rsa.name = "ssh-pkcs11-helper"; - helper_rsa.rsa_priv_enc = pkcs11_rsa_private_encrypt; - RSA_set_method(rsa, &helper_rsa); + if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL) + return (-1); /* XXX but caller isn't checking */ + RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper"); + RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt); + RSA_set_method(rsa, helper_rsa); return (0); } Index: ssh-pkcs11.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/ssh-pkcs11.c,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 ssh-pkcs11.c --- ssh-pkcs11.c 23 Dec 2016 02:49:13 -0000 1.1.1.2 +++ ssh-pkcs11.c 23 Dec 2016 06:54:21 -0000 @@ -67,7 +67,7 @@ struct pkcs11_provider *provider; CK_ULONG slotidx; int (*orig_finish)(RSA *rsa); - RSA_METHOD rsa_method; + RSA_METHOD *rsa_method; char *keyid; int keyid_len; }; @@ -326,13 +326,15 @@ k11->keyid = xmalloc(k11->keyid_len); memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); } - k11->orig_finish = def->finish; - memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method)); - k11->rsa_method.name = "pkcs11"; - k11->rsa_method.rsa_priv_enc = pkcs11_rsa_private_encrypt; - k11->rsa_method.rsa_priv_dec = pkcs11_rsa_private_decrypt; - k11->rsa_method.finish = pkcs11_rsa_finish; - RSA_set_method(rsa, &k11->rsa_method); + k11->orig_finish = RSA_meth_get_finish(def); + + if ((k11->rsa_method = RSA_meth_new("pkcs11", RSA_meth_get_flags(def))) == NULL) + return -1; + RSA_meth_set_priv_enc(k11->rsa_method, pkcs11_rsa_private_encrypt); + RSA_meth_set_priv_dec(k11->rsa_method, pkcs11_rsa_private_decrypt); + RSA_meth_set_finish(k11->rsa_method, pkcs11_rsa_finish); + + RSA_set_method(rsa, k11->rsa_method); RSA_set_app_data(rsa, k11); return (0); } @@ -512,10 +514,19 @@ if ((rsa = RSA_new()) == NULL) { error("RSA_new failed"); } else { - rsa->n = BN_bin2bn(attribs[1].pValue, - attribs[1].ulValueLen, NULL); - rsa->e = BN_bin2bn(attribs[2].pValue, - attribs[2].ulValueLen, NULL); + BIGNUM *n=NULL, *e=NULL; + n = BN_new(); + e = BN_new(); + if (n == NULL || e == NULL) + error("BN_new alloc failed"); + if (BN_bin2bn(attribs[1].pValue, + attribs[1].ulValueLen, n) == NULL || + BN_bin2bn(attribs[2].pValue, + attribs[2].ulValueLen, e) == NULL) + error("BN_bin2bn failed"); + if (RSA_set0_key(rsa, n, e, NULL) == 0) + error("RSA_set0_key failed"); + n = e = NULL; } } else { cp = attribs[2].pValue; @@ -525,17 +536,20 @@ == NULL) { error("d2i_X509 failed"); } else if ((evp = X509_get_pubkey(x509)) == NULL || - evp->type != EVP_PKEY_RSA || - evp->pkey.rsa == NULL) { + EVP_PKEY_id(evp) != EVP_PKEY_RSA || + EVP_PKEY_get0_RSA(evp) == NULL) { debug("X509_get_pubkey failed or no rsa"); - } else if ((rsa = RSAPublicKey_dup(evp->pkey.rsa)) + } else if ((rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(evp))) == NULL) { error("RSAPublicKey_dup"); } if (x509) X509_free(x509); } - if (rsa && rsa->n && rsa->e && + { + const BIGNUM *n, *e; + RSA_get0_key(rsa, &n, &e, NULL); + if (rsa && n && e && pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { key = sshkey_new(KEY_UNSPEC); key->rsa = rsa; @@ -554,6 +568,7 @@ } else if (rsa) { RSA_free(rsa); } + } for (i = 0; i < 3; i++) free(attribs[i].pValue); } Index: ssh-rsa.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/ssh-rsa.c,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 ssh-rsa.c --- ssh-rsa.c 23 Dec 2016 02:49:13 -0000 1.1.1.2 +++ ssh-rsa.c 23 Dec 2016 06:54:21 -0000 @@ -100,7 +100,7 @@ hash_alg = rsa_hash_alg_from_ident(alg_ident); if (key == NULL || key->rsa == NULL || hash_alg == -1 || sshkey_type_plain(key->type) != KEY_RSA || - BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) + RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) return SSH_ERR_INVALID_ARGUMENT; slen = RSA_size(key->rsa); if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) @@ -172,7 +172,7 @@ if (key == NULL || key->rsa == NULL || sshkey_type_plain(key->type) != KEY_RSA || - BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE || + RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE || sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; Index: sshkey.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/sshkey.c,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 sshkey.c --- sshkey.c 23 Dec 2016 02:49:14 -0000 1.1.1.2 +++ sshkey.c 23 Dec 2016 06:54:22 -0000 @@ -271,10 +271,18 @@ case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT: +#if OPENSSL_VERSION_NUMBER >= 0x10100000UL + return RSA_bits(k->rsa); +#else return BN_num_bits(k->rsa->n); +#endif case KEY_DSA: case KEY_DSA_CERT: +#if OPENSSL_VERSION_NUMBER >= 0x10100000UL + return DSA_bits(k->dsa); +#else return BN_num_bits(k->dsa->p); +#endif case KEY_ECDSA: case KEY_ECDSA_CERT: return sshkey_curve_nid_to_bits(k->ecdsa_nid); @@ -474,28 +482,55 @@ case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT: + { + BIGNUM *n=NULL, *e=NULL; /* just allocate */ if ((rsa = RSA_new()) == NULL || - (rsa->n = BN_new()) == NULL || - (rsa->e = BN_new()) == NULL) { + (n = BN_new()) == NULL || + (e = BN_new()) == NULL) { + BN_free(n); + BN_free(e); if (rsa != NULL) RSA_free(rsa); free(k); return NULL; } + BN_clear(n); BN_clear(e); + if (RSA_set0_key(rsa, n, e, NULL) == 0) + return NULL; + n = e = NULL; + } k->rsa = rsa; break; case KEY_DSA: case KEY_DSA_CERT: + { + BIGNUM *p=NULL, *q=NULL, *g=NULL, *pubkey=NULL; /* just allocate */ if ((dsa = DSA_new()) == NULL || - (dsa->p = BN_new()) == NULL || - (dsa->q = BN_new()) == NULL || - (dsa->g = BN_new()) == NULL || - (dsa->pub_key = BN_new()) == NULL) { + (p = BN_new()) == NULL || + (q = BN_new()) == NULL || + (g = BN_new()) == NULL || + (pubkey = BN_new()) == NULL) { + BN_free(p); + BN_free(q); + BN_free(g); + BN_free(pubkey); if (dsa != NULL) DSA_free(dsa); free(k); return NULL; } + if (DSA_set0_pqg(dsa, p, q, g) == 0) { + BN_free(p); BN_free(q); BN_free(g); + BN_free(pubkey); + return NULL; + } + p = q = g = NULL; + if (DSA_set0_key(dsa, pubkey, NULL) == 0) { + BN_free(pubkey); + return NULL; + } + pubkey = NULL; + } k->dsa = dsa; break; case KEY_ECDSA: @@ -532,6 +567,51 @@ case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT: +#if OPENSSL_VERSION_NUMBER >= 0x10100000UL + /* Allocate BIGNUM. This is a mess. + For OpenSSL 1.1.x API these shouldn't be mandatory, + but some regression tests for non-NULL pointer of + the data. */ +#define new_or_dup(bn, nbn) \ + if (bn == NULL) { \ + if ((nbn = BN_new()) == NULL) \ + return SSH_ERR_ALLOC_FAIL; \ + } else { \ + /* otherwise use-after-free will occur */ \ + if ((nbn = BN_dup(bn)) == NULL) \ + return SSH_ERR_ALLOC_FAIL; \ + } + { + const BIGNUM *d, *iqmp, *q, *p, *dmq1, *dmp1; /* allocate if NULL */ + BIGNUM *nd, *niqmp, *nq, *np, *ndmq1, *ndmp1; + + RSA_get0_key(k->rsa, NULL, NULL, &d); + RSA_get0_factors(k->rsa, &p, &q); + RSA_get0_crt_params(k->rsa, &dmp1, &dmq1, &iqmp); + + new_or_dup(d, nd); + new_or_dup(iqmp, niqmp); + new_or_dup(q, nq); + new_or_dup(p, np); + new_or_dup(dmq1, ndmq1); + new_or_dup(dmp1, ndmp1); + + if (RSA_set0_key(k->rsa, NULL, NULL, nd) == 0) + goto error1; + nd = NULL; + if (RSA_set0_factors(k->rsa, np, nq) == 0) + goto error1; + np = nq = NULL; + if (RSA_set0_crt_params(k->rsa, ndmp1, ndmq1, niqmp) == 0) { +error1: + BN_free(nd); + BN_free(np); BN_free(nq); + BN_free(ndmp1); BN_free(ndmq1); BN_free(niqmp); + return SSH_ERR_LIBCRYPTO_ERROR; + } + ndmp1 = ndmq1 = niqmp = NULL; + } +#else #define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) if (bn_maybe_alloc_failed(k->rsa->d) || bn_maybe_alloc_failed(k->rsa->iqmp) || @@ -540,13 +620,28 @@ bn_maybe_alloc_failed(k->rsa->dmq1) || bn_maybe_alloc_failed(k->rsa->dmp1)) return SSH_ERR_ALLOC_FAIL; +#endif break; case KEY_DSA: case KEY_DSA_CERT: +#if OPENSSL_VERSION_NUMBER >= 0x10100000UL + { + const BIGNUM *priv_key; + BIGNUM *npriv_key; + DSA_get0_key(k->dsa, NULL, &priv_key); + new_or_dup(priv_key, npriv_key); + if (DSA_set0_key(k->dsa, NULL, npriv_key) == 0) { + BN_free(npriv_key); + return SSH_ERR_LIBCRYPTO_ERROR; + } + } +#else if (bn_maybe_alloc_failed(k->dsa->priv_key)) return SSH_ERR_ALLOC_FAIL; +#endif break; #undef bn_maybe_alloc_failed +#undef new_or_dup case KEY_ECDSA: case KEY_ECDSA_CERT: /* Cannot do anything until we know the group */ @@ -666,16 +761,34 @@ case KEY_RSA1: case KEY_RSA_CERT: case KEY_RSA: - return a->rsa != NULL && b->rsa != NULL && - BN_cmp(a->rsa->e, b->rsa->e) == 0 && - BN_cmp(a->rsa->n, b->rsa->n) == 0; + { + const BIGNUM *a_e, *b_e, *a_n, *b_n; + const BIGNUM *a_d, *b_d; + if (a->rsa == NULL) return 0; + if (b->rsa == NULL) return 0; + RSA_get0_key(a->rsa, &a_n, &a_e, &a_d); + RSA_get0_key(b->rsa, &b_n, &b_e, &b_d); + return + BN_cmp(a_e, b_e) == 0 && + BN_cmp(a_n, b_n) == 0; + } case KEY_DSA_CERT: case KEY_DSA: - return a->dsa != NULL && b->dsa != NULL && - BN_cmp(a->dsa->p, b->dsa->p) == 0 && - BN_cmp(a->dsa->q, b->dsa->q) == 0 && - BN_cmp(a->dsa->g, b->dsa->g) == 0 && - BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; + { + const BIGNUM *a_p, *a_q, *a_g, *a_pub_key; + const BIGNUM *b_p, *b_q, *b_g, *b_pub_key; + if (a->dsa == NULL) return 0; + if (b->dsa == NULL) return 0; + DSA_get0_pqg(a->dsa, &a_p, &a_q, &a_g); + DSA_get0_pqg(b->dsa, &b_p, &b_q, &b_g); + DSA_get0_key(a->dsa, &a_pub_key, NULL); + DSA_get0_key(b->dsa, &b_pub_key, NULL); + return + BN_cmp(a_p, b_p) == 0 && + BN_cmp(a_q, b_q) == 0 && + BN_cmp(a_g, b_g) == 0 && + BN_cmp(a_pub_key, b_pub_key) == 0; + } # ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: @@ -753,12 +866,17 @@ case KEY_DSA: if (key->dsa == NULL) return SSH_ERR_INVALID_ARGUMENT; + { + const BIGNUM *p, *q, *g, *pub_key; + DSA_get0_pqg(key->dsa, &p, &q, &g); + DSA_get0_key(key->dsa, &pub_key, NULL); if ((ret = sshbuf_put_cstring(b, typename)) != 0 || - (ret = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || - (ret = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || - (ret = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || - (ret = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0) + (ret = sshbuf_put_bignum2(b, p)) != 0 || + (ret = sshbuf_put_bignum2(b, q)) != 0 || + (ret = sshbuf_put_bignum2(b, g)) != 0 || + (ret = sshbuf_put_bignum2(b, pub_key)) != 0) return ret; + } break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: @@ -774,10 +892,14 @@ case KEY_RSA: if (key->rsa == NULL) return SSH_ERR_INVALID_ARGUMENT; + { + const BIGNUM *e, *n; + RSA_get0_key(key->rsa, &n, &e, NULL); if ((ret = sshbuf_put_cstring(b, typename)) != 0 || - (ret = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || - (ret = sshbuf_put_bignum2(b, key->rsa->n)) != 0) + (ret = sshbuf_put_bignum2(b, e)) != 0 || + (ret = sshbuf_put_bignum2(b, n)) != 0) return ret; + } break; #endif /* WITH_OPENSSL */ case KEY_ED25519: @@ -883,8 +1005,16 @@ if (k->type == KEY_RSA1) { #ifdef WITH_OPENSSL - int nlen = BN_num_bytes(k->rsa->n); - int elen = BN_num_bytes(k->rsa->e); + int nlen, elen; +#if OPENSSL_VERSION_NUMBER >= 0x10100000UL + const BIGNUM *n, *e; + RSA_get0_key(k->rsa, &n, &e, NULL); + nlen = BN_num_bytes(n); + elen = BN_num_bytes(e); +#else + nlen = BN_num_bytes(k->rsa->n); + elen = BN_num_bytes(k->rsa->e); +#endif if (nlen < 0 || elen < 0 || nlen >= INT_MAX - elen) { r = SSH_ERR_INVALID_FORMAT; @@ -895,8 +1025,13 @@ r = SSH_ERR_ALLOC_FAIL; goto out; } +#if OPENSSL_VERSION_NUMBER >= 0x10100000UL + BN_bn2bin(n, blob); + BN_bn2bin(e, blob + nlen); +#else BN_bn2bin(k->rsa->n, blob); BN_bn2bin(k->rsa->e, blob + nlen); +#endif #endif /* WITH_OPENSSL */ } else if ((r = to_blob(k, &blob, &blob_len, 1)) != 0) goto out; @@ -1765,13 +1900,32 @@ case KEY_DSA_CERT: if ((n = sshkey_new(k->type)) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || - (BN_copy(n->dsa->q, k->dsa->q) == NULL) || - (BN_copy(n->dsa->g, k->dsa->g) == NULL) || - (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) { + { + const BIGNUM *p, *q, *g, *pub_key, *priv_key; + BIGNUM *cp=NULL, *cq=NULL, *cg=NULL, *cpub_key=NULL; + DSA_get0_pqg(k->dsa, &p, &q, &g); + DSA_get0_key(k->dsa, &pub_key, &priv_key); + if ((cp = BN_dup(p)) == NULL || + (cq = BN_dup(q)) == NULL || + (cg = BN_dup(g)) == NULL || + (cpub_key = BN_dup(pub_key)) == NULL) { + BN_free(cp); BN_free(cq); BN_free(cg); + BN_free(cpub_key); sshkey_free(n); return SSH_ERR_ALLOC_FAIL; } + if (DSA_set0_pqg(n->dsa, cp, cq, cg) == 0) + goto error1; + cp = cq = cg = NULL; + if (DSA_set0_key(n->dsa, cpub_key, NULL) == 0) { +error1: + BN_free(cp); BN_free(cq); BN_free(cg); + BN_free(cpub_key); + sshkey_free(n); + return SSH_ERR_LIBCRYPTO_ERROR; + } + cpub_key = NULL; + } break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: @@ -1796,11 +1950,23 @@ case KEY_RSA_CERT: if ((n = sshkey_new(k->type)) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || - (BN_copy(n->rsa->e, k->rsa->e) == NULL)) { + { + const BIGNUM *nn, *e, *d; + BIGNUM *cn=NULL, *ce=NULL; + RSA_get0_key(k->rsa, &nn, &e, &d); + if ((cn = BN_dup(nn)) == NULL || + (ce = BN_dup(e)) == NULL ) { + BN_free(cn); BN_free(ce); sshkey_free(n); return SSH_ERR_ALLOC_FAIL; } + if (RSA_set0_key(n->rsa, cn, ce, NULL) == 0) { + BN_free(cn); BN_free(ce); + sshkey_free(n); + return SSH_ERR_LIBCRYPTO_ERROR; + } + cn = ce = NULL; + } break; #endif /* WITH_OPENSSL */ case KEY_ED25519: @@ -1997,11 +2163,26 @@ ret = SSH_ERR_ALLOC_FAIL; goto out; } - if (sshbuf_get_bignum2(b, key->rsa->e) != 0 || - sshbuf_get_bignum2(b, key->rsa->n) != 0) { + { + BIGNUM *e=NULL, *n=NULL; + if ((e = BN_new()) == NULL || + (n = BN_new()) == NULL ) { + ret = SSH_ERR_ALLOC_FAIL; + BN_free(e); BN_free(n); + goto out; + } + if (sshbuf_get_bignum2(b, e) != 0 || + sshbuf_get_bignum2(b, n) != 0) { ret = SSH_ERR_INVALID_FORMAT; + BN_free(e); BN_free(n); goto out; } + if (RSA_set0_key(key->rsa, n, e, NULL) == 0) { + BN_free(e); BN_free(n); + return SSH_ERR_LIBCRYPTO_ERROR; + } + n = e = NULL; + } #ifdef DEBUG_PK RSA_print_fp(stderr, key->rsa, 8); #endif @@ -2018,13 +2199,36 @@ ret = SSH_ERR_ALLOC_FAIL; goto out; } - if (sshbuf_get_bignum2(b, key->dsa->p) != 0 || - sshbuf_get_bignum2(b, key->dsa->q) != 0 || - sshbuf_get_bignum2(b, key->dsa->g) != 0 || - sshbuf_get_bignum2(b, key->dsa->pub_key) != 0) { + { + BIGNUM *p=NULL, *q=NULL, *g=NULL, *pub_key=NULL; + if ((p = BN_new()) == NULL || + (q = BN_new()) == NULL || + (g = BN_new()) == NULL || + (pub_key = BN_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto error1; + } + if (sshbuf_get_bignum2(b, p) != 0 || + sshbuf_get_bignum2(b, q) != 0 || + sshbuf_get_bignum2(b, g) != 0 || + sshbuf_get_bignum2(b, pub_key) != 0) { ret = SSH_ERR_INVALID_FORMAT; + goto error1; + } + if (DSA_set0_pqg(key->dsa, p, q, g) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto error1; + } + p = q = g = NULL; + if (DSA_set0_key(key->dsa, pub_key, NULL) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; +error1: + BN_free(p); BN_free(q); BN_free(g); + BN_free(pub_key); goto out; } + pub_key = NULL; + } #ifdef DEBUG_PK DSA_print_fp(stderr, key->dsa, 8); #endif @@ -2264,26 +2468,63 @@ /* FALLTHROUGH */ case KEY_RSA1: case KEY_RSA: - if ((pk->rsa = RSA_new()) == NULL || - (pk->rsa->e = BN_dup(k->rsa->e)) == NULL || - (pk->rsa->n = BN_dup(k->rsa->n)) == NULL) { + if ((pk->rsa = RSA_new()) == NULL ){ + ret = SSH_ERR_ALLOC_FAIL; + goto fail; + } + { + const BIGNUM *ke, *kn; + BIGNUM *pke=NULL, *pkn=NULL; + RSA_get0_key(k->rsa, &kn, &ke, NULL); + if ((pke = BN_dup(ke)) == NULL || + (pkn = BN_dup(kn)) == NULL) { ret = SSH_ERR_ALLOC_FAIL; + BN_free(pke); BN_free(pkn); goto fail; } + if (RSA_set0_key(pk->rsa, pkn, pke, NULL) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + BN_free(pke); BN_free(pkn); + goto fail; + } + pkn = pke = NULL; + } break; case KEY_DSA_CERT: if ((ret = sshkey_cert_copy(k, pk)) != 0) goto fail; /* FALLTHROUGH */ case KEY_DSA: - if ((pk->dsa = DSA_new()) == NULL || - (pk->dsa->p = BN_dup(k->dsa->p)) == NULL || - (pk->dsa->q = BN_dup(k->dsa->q)) == NULL || - (pk->dsa->g = BN_dup(k->dsa->g)) == NULL || - (pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) { + if ((pk->dsa = DSA_new()) == NULL ) { ret = SSH_ERR_ALLOC_FAIL; goto fail; } + { + const BIGNUM *kp, *kq, *kg, *kpub_key; + BIGNUM *pkp=NULL, *pkq=NULL, *pkg=NULL, *pkpub_key=NULL; + DSA_get0_pqg(k->dsa, &kp, &kq, &kg); + DSA_get0_key(k->dsa, &kpub_key, NULL); + if ((pkp = BN_dup(kp)) == NULL || + (pkq = BN_dup(kq)) == NULL || + (pkg = BN_dup(kg)) == NULL || + (pkpub_key = BN_dup(kpub_key)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto error1; + } + if (DSA_set0_pqg(pk->dsa, pkp, pkq, pkg) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto error1; + } + pkp = pkq = pkg = NULL; + if (DSA_set0_key(pk->dsa, pkpub_key, NULL) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; +error1: + BN_free(pkp); BN_free(pkq); BN_free(pkg); + BN_free(pkpub_key); + goto fail; + } + pkpub_key = NULL; + } break; case KEY_ECDSA_CERT: if ((ret = sshkey_cert_copy(k, pk)) != 0) @@ -2404,11 +2645,17 @@ switch (k->type) { #ifdef WITH_OPENSSL case KEY_DSA_CERT: - if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 || - (ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 || - (ret = sshbuf_put_bignum2(cert, k->dsa->g)) != 0 || - (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0) + { + const BIGNUM *p, *q, *g, *pub_key; + DSA_get0_pqg(k->dsa, &p, &q, &g); + DSA_get0_key(k->dsa, &pub_key, NULL); + if ((ret = sshbuf_put_bignum2(cert, p)) != 0 || + (ret = sshbuf_put_bignum2(cert, q)) != 0 || + (ret = sshbuf_put_bignum2(cert, g)) != 0 || + (ret = sshbuf_put_bignum2(cert, pub_key)) != 0) { goto out; + } + } break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: @@ -2421,9 +2668,15 @@ break; # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: - if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 || - (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0) + { + const BIGNUM *e, *n; + RSA_get0_key(k->rsa, &n, &e, NULL); + if (n == NULL || e == NULL || + (ret = sshbuf_put_bignum2(cert, e)) != 0 || + (ret = sshbuf_put_bignum2(cert, n)) != 0) { goto out; + } + } break; #endif /* WITH_OPENSSL */ case KEY_ED25519_CERT: @@ -2581,42 +2834,67 @@ switch (key->type) { #ifdef WITH_OPENSSL case KEY_RSA: - if ((r = sshbuf_put_bignum2(b, key->rsa->n)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) + { + const BIGNUM *n, *e, *d, *iqmp, *p, *q; + RSA_get0_key(key->rsa, &n, &e, &d); + RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp); + RSA_get0_factors(key->rsa, &p, &q); + if ((r = sshbuf_put_bignum2(b, n)) != 0 || + (r = sshbuf_put_bignum2(b, e)) != 0 || + (r = sshbuf_put_bignum2(b, d)) != 0 || + (r = sshbuf_put_bignum2(b, iqmp)) != 0 || + (r = sshbuf_put_bignum2(b, p)) != 0 || + (r = sshbuf_put_bignum2(b, q)) != 0) { goto out; + } + } break; case KEY_RSA_CERT: if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { r = SSH_ERR_INVALID_ARGUMENT; goto out; } + { + const BIGNUM *d, *iqmp, *p, *q; + RSA_get0_key(key->rsa, NULL, NULL, &d); + RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp); + RSA_get0_factors(key->rsa, &p, &q); if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) + (r = sshbuf_put_bignum2(b, d)) != 0 || + (r = sshbuf_put_bignum2(b, iqmp)) != 0 || + (r = sshbuf_put_bignum2(b, p)) != 0 || + (r = sshbuf_put_bignum2(b, q)) != 0) { goto out; + } + } break; case KEY_DSA: - if ((r = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || - (r = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || - (r = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || - (r = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0 || - (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) + { + const BIGNUM *p, *q, *g, *pub_key, *priv_key; + DSA_get0_pqg(key->dsa, &p, &q, &g); + DSA_get0_key(key->dsa, &pub_key, &priv_key); + if ((r = sshbuf_put_bignum2(b, p)) != 0 || + (r = sshbuf_put_bignum2(b, q)) != 0 || + (r = sshbuf_put_bignum2(b, g)) != 0 || + (r = sshbuf_put_bignum2(b, pub_key)) != 0 || + (r = sshbuf_put_bignum2(b, priv_key)) != 0) { goto out; + } + } break; case KEY_DSA_CERT: if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { r = SSH_ERR_INVALID_ARGUMENT; goto out; } + { + const BIGNUM *priv_key; + DSA_get0_key(key->dsa, NULL, &priv_key); if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) + (r = sshbuf_put_bignum2(b, priv_key)) != 0) { goto out; + } + } break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: @@ -2692,18 +2970,61 @@ r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = sshbuf_get_bignum2(buf, k->dsa->p)) != 0 || - (r = sshbuf_get_bignum2(buf, k->dsa->q)) != 0 || - (r = sshbuf_get_bignum2(buf, k->dsa->g)) != 0 || - (r = sshbuf_get_bignum2(buf, k->dsa->pub_key)) != 0 || - (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) + { + BIGNUM *p=NULL, *q=NULL, *g=NULL, *pub_key=NULL, *priv_key=NULL; + if ((p = BN_new()) == NULL || + (q = BN_new()) == NULL || + (g = BN_new()) == NULL || + (pub_key = BN_new()) == NULL || + (priv_key = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto error1; + } + if (p == NULL || q == NULL || g == NULL || + pub_key == NULL || priv_key == NULL || + (r = sshbuf_get_bignum2(buf, p)) != 0 || + (r = sshbuf_get_bignum2(buf, q)) != 0 || + (r = sshbuf_get_bignum2(buf, g)) != 0 || + (r = sshbuf_get_bignum2(buf, pub_key)) != 0 || + (r = sshbuf_get_bignum2(buf, priv_key)) != 0) { + goto error1; + } + if (DSA_set0_pqg(k->dsa, p, q, g) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto error1; + } + p = q = g = NULL; + if (DSA_set0_key(k->dsa, pub_key, priv_key) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; +error1: + BN_free(p); BN_free(q); BN_free(g); + BN_free(pub_key); BN_free(priv_key); goto out; + } + pub_key = priv_key = NULL; + } break; case KEY_DSA_CERT: - if ((r = sshkey_froms(buf, &k)) != 0 || + { + BIGNUM *priv_key=NULL; + if ((priv_key = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (priv_key == NULL || + (r = sshkey_froms(buf, &k)) != 0 || (r = sshkey_add_private(k)) != 0 || - (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) + (r = sshbuf_get_bignum2(buf, priv_key)) != 0) { + BN_free(priv_key); goto out; + } + if (DSA_set0_key(k->dsa, NULL, priv_key) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + BN_free(priv_key); + goto out; + } + priv_key = NULL; + } break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: @@ -2762,24 +3083,99 @@ r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = sshbuf_get_bignum2(buf, k->rsa->n)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->e)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || - (r = rsa_generate_additional_parameters(k->rsa)) != 0) + { + BIGNUM *n=NULL, *e=NULL, *d=NULL, *iqmp=NULL, *p=NULL, *q=NULL; + BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy for RSA_set0_crt_params */ + if ((n = BN_new()) == NULL || + (e = BN_new()) == NULL || + (d = BN_new()) == NULL || + (iqmp = BN_new()) == NULL || + (p = BN_new()) == NULL || + (q = BN_new()) == NULL || + (dmp1 = BN_new()) == NULL || + (dmq1 = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto error2; + } + BN_clear(dmp1); BN_clear(dmq1); + if ((r = sshbuf_get_bignum2(buf, n)) != 0 || + (r = sshbuf_get_bignum2(buf, e)) != 0 || + (r = sshbuf_get_bignum2(buf, d)) != 0 || + (r = sshbuf_get_bignum2(buf, iqmp)) != 0 || + (r = sshbuf_get_bignum2(buf, p)) != 0 || + (r = sshbuf_get_bignum2(buf, q)) != 0) { + goto error2; + } + if (RSA_set0_key(k->rsa, n, e, d) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto error2; + } + n = e = d = NULL; + /* dmp1,dmpq1 should be non NULL to set iqmp value */ + if (RSA_set0_crt_params(k->rsa, dmp1, dmq1, iqmp) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto error2; + } + dmp1 = dmq1 = iqmp = NULL; + if (RSA_set0_factors(k->rsa, p, q) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; +error2: + BN_free(n); BN_free(e); BN_free(d); + BN_free(iqmp); + BN_free(p); BN_free(q); + BN_free(dmp1); BN_free(dmq1); goto out; + } + p = q = NULL; + if ((r = rsa_generate_additional_parameters(k->rsa)) != 0) { + goto out; + } + } break; case KEY_RSA_CERT: + { + BIGNUM *d=NULL, *iqmp=NULL, *p=NULL, *q=NULL; + BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy for RSA_set0_crt_params */ + if ((d = BN_new()) == NULL || + (iqmp = BN_new()) == NULL || + (p = BN_new()) == NULL || + (q = BN_new()) == NULL || + (dmp1 = BN_new()) == NULL || + (dmq1 = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto error3; + } + BN_clear(dmp1); BN_clear(dmq1); if ((r = sshkey_froms(buf, &k)) != 0 || (r = sshkey_add_private(k)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || - (r = rsa_generate_additional_parameters(k->rsa)) != 0) + (r = sshbuf_get_bignum2(buf, d)) != 0 || + (r = sshbuf_get_bignum2(buf, iqmp)) != 0 || + (r = sshbuf_get_bignum2(buf, p)) != 0 || + (r = sshbuf_get_bignum2(buf, q)) != 0) { + goto error3; + } + if (RSA_set0_key(k->rsa, NULL, NULL, d) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto error3; + } + /* dmp1,dmpq1 should be non NULL to set value */ + if (RSA_set0_crt_params(k->rsa, dmp1, dmq1, iqmp) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto error3; + } + dmp1 = dmq1 = iqmp = NULL; + if (RSA_set0_factors(k->rsa, p, q) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; +error3: + BN_free(d); BN_free(iqmp); + BN_free(p); BN_free(q); + BN_free(dmp1); BN_free(dmq1); + goto out; + } + p = q = NULL; + if ((r = rsa_generate_additional_parameters(k->rsa)) != 0) goto out; + } break; #endif /* WITH_OPENSSL */ case KEY_ED25519: @@ -3586,7 +3982,7 @@ } } -#ifdef WITH_SSH1 +#ifdef WITH_SSH1 /*{*/ /* * Parse the public, unencrypted portion of a RSA1 key. */ @@ -3761,7 +4157,7 @@ sshbuf_free(decrypted); return r; } -#endif /* WITH_SSH1 */ +#endif /* } WITH_SSH1 */ #ifdef WITH_OPENSSL static int @@ -3789,7 +4185,7 @@ r = SSH_ERR_KEY_WRONG_PASSPHRASE; goto out; } - if (pk->type == EVP_PKEY_RSA && + if (EVP_PKEY_id(pk) == EVP_PKEY_RSA && (type == KEY_UNSPEC || type == KEY_RSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; @@ -3804,7 +4200,7 @@ r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } - } else if (pk->type == EVP_PKEY_DSA && + } else if (EVP_PKEY_id(pk) == EVP_PKEY_DSA && (type == KEY_UNSPEC || type == KEY_DSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; @@ -3816,7 +4212,7 @@ DSA_print_fp(stderr, prv->dsa, 8); #endif #ifdef OPENSSL_HAS_ECC - } else if (pk->type == EVP_PKEY_EC && + } else if (EVP_PKEY_id(pk) == EVP_PKEY_EC && (type == KEY_UNSPEC || type == KEY_ECDSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; Index: regress/unittests/sshkey/test_file.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/regress/unittests/sshkey/test_file.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- regress/unittests/sshkey/test_file.c 3 Nov 2016 07:51:57 -0000 1.1.1.1 +++ regress/unittests/sshkey/test_file.c 3 Nov 2016 07:55:50 -0000 1.2 @@ -109,9 +109,14 @@ a = load_bignum("rsa_1.param.n"); b = load_bignum("rsa_1.param.p"); c = load_bignum("rsa_1.param.q"); - ASSERT_BIGNUM_EQ(k1->rsa->n, a); - ASSERT_BIGNUM_EQ(k1->rsa->p, b); - ASSERT_BIGNUM_EQ(k1->rsa->q, c); + { + const BIGNUM *n, *p, *q; + RSA_get0_key(k1->rsa, &n, NULL, NULL); + RSA_get0_factors(k1->rsa, &p, &q); + ASSERT_BIGNUM_EQ(n, a); + ASSERT_BIGNUM_EQ(p, b); + ASSERT_BIGNUM_EQ(q, c); + } BN_free(a); BN_free(b); BN_free(c); @@ -200,9 +205,14 @@ a = load_bignum("dsa_1.param.g"); b = load_bignum("dsa_1.param.priv"); c = load_bignum("dsa_1.param.pub"); - ASSERT_BIGNUM_EQ(k1->dsa->g, a); - ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b); - ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c); + { + const BIGNUM *g, *priv_key, *pub_key; + DSA_get0_pqg(k1->dsa, NULL, NULL, &g); + DSA_get0_key(k1->dsa, &pub_key, &priv_key); + ASSERT_BIGNUM_EQ(g, a); + ASSERT_BIGNUM_EQ(priv_key, b); + ASSERT_BIGNUM_EQ(pub_key, c); + } BN_free(a); BN_free(b); BN_free(c); Index: regress/unittests/sshkey/test_sshkey.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/regress/unittests/sshkey/test_sshkey.c,v retrieving revision 1.1.1.1 retrieving revision 1.3 diff -u -r1.1.1.1 -r1.3 --- regress/unittests/sshkey/test_sshkey.c 3 Nov 2016 07:51:57 -0000 1.1.1.1 +++ regress/unittests/sshkey/test_sshkey.c 22 Dec 2016 01:04:16 -0000 1.3 @@ -197,9 +197,14 @@ k1 = sshkey_new(KEY_RSA1); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->rsa, NULL); - ASSERT_PTR_NE(k1->rsa->n, NULL); - ASSERT_PTR_NE(k1->rsa->e, NULL); - ASSERT_PTR_EQ(k1->rsa->p, NULL); + { + const BIGNUM *n, *e, *p; + RSA_get0_key(k1->rsa, &n, &e, NULL); + RSA_get0_factors(k1->rsa, &p, NULL); + ASSERT_PTR_NE(n, NULL); + ASSERT_PTR_NE(e, NULL); + ASSERT_PTR_EQ(p, NULL); + } sshkey_free(k1); TEST_DONE(); @@ -207,9 +212,14 @@ k1 = sshkey_new(KEY_RSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->rsa, NULL); - ASSERT_PTR_NE(k1->rsa->n, NULL); - ASSERT_PTR_NE(k1->rsa->e, NULL); - ASSERT_PTR_EQ(k1->rsa->p, NULL); + { + const BIGNUM *n, *e, *p; + RSA_get0_key(k1->rsa, &n, &e, NULL); + RSA_get0_factors(k1->rsa, &p, NULL); + ASSERT_PTR_NE(n, NULL); + ASSERT_PTR_NE(e, NULL); + ASSERT_PTR_EQ(p, NULL); + } sshkey_free(k1); TEST_DONE(); @@ -217,8 +227,13 @@ k1 = sshkey_new(KEY_DSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->dsa, NULL); - ASSERT_PTR_NE(k1->dsa->g, NULL); - ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); + { + const BIGNUM *g, *priv_key; + DSA_get0_pqg(k1->dsa, NULL, NULL, &g); + DSA_get0_key(k1->dsa, NULL, &priv_key); + ASSERT_PTR_NE(g, NULL); + ASSERT_PTR_EQ(priv_key, NULL); + } sshkey_free(k1); TEST_DONE(); @@ -244,9 +259,14 @@ k1 = sshkey_new_private(KEY_RSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->rsa, NULL); - ASSERT_PTR_NE(k1->rsa->n, NULL); - ASSERT_PTR_NE(k1->rsa->e, NULL); - ASSERT_PTR_NE(k1->rsa->p, NULL); + { + const BIGNUM *n, *e, *p; + RSA_get0_key(k1->rsa, &n, &e, NULL); + RSA_get0_factors(k1->rsa, &p, NULL); + ASSERT_PTR_NE(n, NULL); + ASSERT_PTR_NE(e, NULL); + ASSERT_PTR_NE(p, NULL); + } ASSERT_INT_EQ(sshkey_add_private(k1), 0); sshkey_free(k1); TEST_DONE(); @@ -255,8 +275,13 @@ k1 = sshkey_new_private(KEY_DSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->dsa, NULL); - ASSERT_PTR_NE(k1->dsa->g, NULL); - ASSERT_PTR_NE(k1->dsa->priv_key, NULL); + { + const BIGNUM *g, *priv_key; + DSA_get0_pqg(k1->dsa, NULL, NULL, &g); + DSA_get0_key(k1->dsa, NULL, &priv_key); + ASSERT_PTR_NE(g, NULL); + ASSERT_PTR_NE(priv_key, NULL); + } ASSERT_INT_EQ(sshkey_add_private(k1), 0); sshkey_free(k1); TEST_DONE(); @@ -295,18 +320,28 @@ ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0); ASSERT_PTR_NE(kr, NULL); ASSERT_PTR_NE(kr->rsa, NULL); - ASSERT_PTR_NE(kr->rsa->n, NULL); - ASSERT_PTR_NE(kr->rsa->e, NULL); - ASSERT_PTR_NE(kr->rsa->p, NULL); - ASSERT_INT_EQ(BN_num_bits(kr->rsa->n), 1024); + { + const BIGNUM *n, *e, *p; + RSA_get0_key(kr->rsa, &n, &e, NULL); + RSA_get0_factors(kr->rsa, &p, NULL); + ASSERT_PTR_NE(n, NULL); + ASSERT_PTR_NE(e, NULL); + ASSERT_PTR_NE(p, NULL); + ASSERT_INT_EQ(BN_num_bits(n), 1024); + } TEST_DONE(); TEST_START("generate KEY_DSA"); ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0); ASSERT_PTR_NE(kd, NULL); ASSERT_PTR_NE(kd->dsa, NULL); - ASSERT_PTR_NE(kd->dsa->g, NULL); - ASSERT_PTR_NE(kd->dsa->priv_key, NULL); + { + const BIGNUM *g, *priv_key; + DSA_get0_pqg(kd->dsa, NULL, NULL, &g); + DSA_get0_key(kd->dsa, NULL, &priv_key); + ASSERT_PTR_NE(g, NULL); + ASSERT_PTR_NE(priv_key, NULL); + } TEST_DONE(); #ifdef OPENSSL_HAS_ECC @@ -333,9 +368,14 @@ ASSERT_PTR_NE(kr, k1); ASSERT_INT_EQ(k1->type, KEY_RSA); ASSERT_PTR_NE(k1->rsa, NULL); - ASSERT_PTR_NE(k1->rsa->n, NULL); - ASSERT_PTR_NE(k1->rsa->e, NULL); - ASSERT_PTR_EQ(k1->rsa->p, NULL); + { + const BIGNUM *n, *e, *p; + RSA_get0_key(k1->rsa, &n, &e, NULL); + RSA_get0_factors(k1->rsa, &p, NULL); + ASSERT_PTR_NE(n, NULL); + ASSERT_PTR_NE(e, NULL); + ASSERT_PTR_EQ(p, NULL); + } TEST_DONE(); TEST_START("equal KEY_RSA/demoted KEY_RSA"); @@ -349,8 +389,13 @@ ASSERT_PTR_NE(kd, k1); ASSERT_INT_EQ(k1->type, KEY_DSA); ASSERT_PTR_NE(k1->dsa, NULL); - ASSERT_PTR_NE(k1->dsa->g, NULL); - ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); + { + const BIGNUM *g, *priv_key; + DSA_get0_pqg(k1->dsa, NULL, NULL, &g); + DSA_get0_key(k1->dsa, NULL, &priv_key); + ASSERT_PTR_NE(g, NULL); + ASSERT_PTR_EQ(priv_key, NULL); + } TEST_DONE(); TEST_START("equal KEY_DSA/demoted KEY_DSA");