Patch for OpenSSH-7.7p1 to compile with OpenSSL-1.1.x

This is a patch for OpenSSH-7.7p1 to build with OpenSSL-1.1.0 and OpenSSL-1.1.1 . By default OpenSSH-7.7p1 only supports up to OpenSSL-1.0.x versions. This patch will build and pass all "make tests" regressions using OpenSSL-1.1.0.

This patch breaks support for OpenSSL-1.0.x, so don't use this patch if you need 1.0.x support. This patch doesn't introduce new shim functions to emulate OpenSSL-1.1.x API on 1.0.x .

Some obsolete OS may not pass the last test_utf8 test; use env TEST_SSH_UTF8=no ./configure ... to skip the test.

Since sshd invoked during the tests will try to chown("/dev/ttyp1", user, ttygid), key-options.sh test may fail. Do ssh localhost, then logout, then run make tests on such platforms (obsolete BSD variants).

Similar, but independent approaches

Kurt Roeckx's patch
Fedora's patch based on Kurt patch.

Descendants of this patch

Linux From Scratch patch, credits stripped off. Could be vulnerable to certain side-channel attacks since it strips off BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME); flag in ssh_rsa_generate_additional_parameters() beginning in openssh-7.7 patch.
HPN-SSH patch (Patch, README), probably derived from Linux From Scratch patch. Incorporates tons of #ifdefs to let it compile both on OpenSSL 1.0.x and OpenSSL 1.1.0.
Arch Linux patch, probably the most popular next to Fedora patch.

Comments

In this patch, OpenSSL-1.0.x support is dropped for simplicity; else it needs tons of #ifdefs which was minimal in origial OpenSSH code.
I do agree with Kurt's comment that checking for allocated non NULL BIGNUMs in regression tests is pointless. My patch does allocate dummy BIGNUMs, but this shouldn't be necessary under OpenSSL-1.1.x API.
LibreSSL used by OpenBSD has different API, so this patch is unlikely to be merged upstream.

kabe.sra-tohoku.co.jp

Index: auth-pam.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/auth-pam.c,v retrieving revision 1.1.1.5 retrieving revision 1.2 diff -U 6 -r1.1.1.5 -r1.2 --- auth-pam.c 9 Apr 2018 11:17:23 -0000 1.1.1.5 +++ auth-pam.c 11 Apr 2018 06:52:53 -0000 1.2 @@ -125,12 +125,16 @@ * pthreads, which unconditionally define pthread_t via sys/types.h * (e.g. Linux) */ typedef pthread_t sp_pthread_t; #else typedef pid_t sp_pthread_t; +# define pthread_create(a, b, c, d) _ssh_compat_pthread_create(a, b, c, d) +# define pthread_exit(a) _ssh_compat_pthread_exit(a) +# define pthread_cancel(a) _ssh_compat_pthread_cancel(a) +# define pthread_join(a, b) _ssh_compat_pthread_join(a, b) #endif struct pam_ctxt { sp_pthread_t pam_thread; int pam_psock; int pam_csock; Index: cipher.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/cipher.c,v retrieving revision 1.1.1.4 retrieving revision 1.6 diff -U 6 -r1.1.1.4 -r1.6 --- cipher.c 9 Apr 2018 11:17:24 -0000 1.1.1.4 +++ cipher.c 11 Apr 2018 06:52:53 -0000 1.6 @@ -294,13 +294,16 @@ if (klen > 0 && keylen != (u_int)klen) { if (EVP_CIPHER_CTX_set_key_length(cc->evp, keylen) == 0) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } } - if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) { + /* in OpenSSL 1.1.0, EVP_CipherInit clears all previous setups; + use EVP_CipherInit_ex for augmenting */ + if (EVP_CipherInit_ex(cc->evp, NULL, NULL, (u_char *)key, NULL, -1) == 0) + { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } ret = 0; #endif /* WITH_OPENSSL */ out: @@ -480,13 +483,13 @@ #endif if (cipher_authlen(c)) { if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, len, iv)) return SSH_ERR_LIBCRYPTO_ERROR; } else - memcpy(iv, cc->evp->iv, len); + memcpy(iv, EVP_CIPHER_CTX_iv(cc->evp), len); #endif return 0; } int cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) @@ -514,20 +517,25 @@ if (cipher_authlen(c)) { /* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */ if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) return SSH_ERR_LIBCRYPTO_ERROR; } else - memcpy(cc->evp->iv, iv, evplen); + memcpy(EVP_CIPHER_CTX_iv_noconst(cc->evp), iv, evplen); /*XXX using EVP_CIPHER_CTX_iv_noconst as LHS*/ #endif return 0; } #ifdef WITH_OPENSSL -#define EVP_X_STATE(evp) (evp)->cipher_data -#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size +# if OPENSSL_VERSION_NUMBER >= 0x10100000UL +#define EVP_X_STATE(evp) EVP_CIPHER_CTX_get_cipher_data(evp) +#define EVP_X_STATE_LEN(evp) EVP_CIPHER_impl_ctx_size(EVP_CIPHER_CTX_cipher(evp)) +# else +#define EVP_X_STATE(evp) (evp).cipher_data +#define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size +# endif #endif int cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat) { #if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4) Index: configure =================================================================== RCS file: /home/kabe/cvsroot/openssh/configure,v retrieving revision 1.1.1.5 retrieving revision 1.4 diff -U 6 -r1.1.1.5 -r1.4 --- configure 9 Apr 2018 11:17:33 -0000 1.1.1.5 +++ configure 11 Jul 2018 12:08:02 -0000 1.4 @@ -13067,18 +13067,18 @@ if ac_fn_c_try_run "$LINENO"; then : ssl_library_ver=`cat conftest.ssllibver` # Check version is supported. case "$ssl_library_ver" in 10000*|0*) - as_fn_error $? "OpenSSL >= 1.0.1 required (have \"$ssl_library_ver\")" "$LINENO" 5 + as_fn_error $? "OpenSSL >= 1.1.0 required (have \"$ssl_library_ver\")" "$LINENO" 5 ;; - 100*) ;; # 1.0.x - 200*) ;; # LibreSSL + 10100*) ;; # 1.1.0 + 101010*) ;; # 1.1.1 *) - as_fn_error $? "OpenSSL >= 1.1.0 is not yet supported (have \"$ssl_library_ver\")" "$LINENO" 5 + as_fn_error $? "OpenSSL > 1.1.0 is not yet supported (have \"$ssl_library_ver\")" "$LINENO" 5 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5 $as_echo "$ssl_library_ver" >&6; } else Index: configure.ac =================================================================== RCS file: /home/kabe/cvsroot/openssh/configure.ac,v retrieving revision 1.1.1.5 retrieving revision 1.4 diff -U 6 -r1.1.1.5 -r1.4 --- configure.ac 9 Apr 2018 11:17:24 -0000 1.1.1.5 +++ configure.ac 11 Jul 2018 12:08:03 -0000 1.4 @@ -2634,18 +2634,18 @@ ]])], [ ssl_library_ver=`cat conftest.ssllibver` # Check version is supported. case "$ssl_library_ver" in 10000*|0*) - AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) + AC_MSG_ERROR([OpenSSL >= 1.1.0 required (have "$ssl_library_ver")]) ;; - 100*) ;; # 1.0.x - 200*) ;; # LibreSSL + 10100*) ;; # 1.1.0 + 101010*) ;; # 1.1.1 *) - AC_MSG_ERROR([OpenSSL >= 1.1.0 is not yet supported (have "$ssl_library_ver")]) + AC_MSG_ERROR([OpenSSL > 1.1.0 is not yet supported (have "$ssl_library_ver")]) ;; esac AC_MSG_RESULT([$ssl_library_ver]) ], [ AC_MSG_RESULT([not found]) Index: dh.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/dh.c,v retrieving revision 1.1.1.3 retrieving revision 1.5 diff -U 6 -r1.1.1.3 -r1.5 --- dh.c 9 Apr 2018 11:17:25 -0000 1.1.1.3 +++ dh.c 11 Apr 2018 06:52:54 -0000 1.5 @@ -208,93 +208,113 @@ return (dh_new_group(dhg.g, dhg.p)); } /* diffie-hellman-groupN-sha1 */ int -dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) +dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub) { int i; int n = BN_num_bits(dh_pub); int bits_set = 0; BIGNUM *tmp; + const BIGNUM *p; - if (dh_pub->neg) { + if (BN_is_negative(dh_pub)) { logit("invalid public DH value: negative"); return 0; } if (BN_cmp(dh_pub, BN_value_one()) != 1) { /* pub_exp <= 1 */ logit("invalid public DH value: <= 1"); return 0; } if ((tmp = BN_new()) == NULL) { error("%s: BN_new failed", __func__); return 0; } - if (!BN_sub(tmp, dh->p, BN_value_one()) || + DH_get0_pqg(dh, &p, NULL, NULL); + if (!BN_sub(tmp, p, BN_value_one()) || BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ BN_clear_free(tmp); logit("invalid public DH value: >= p-1"); return 0; } BN_clear_free(tmp); for (i = 0; i <= n; i++) if (BN_is_bit_set(dh_pub, i)) bits_set++; - debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); + debug2("bits set: %d/%d", bits_set, BN_num_bits(p)); /* * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ if (bits_set < 4) { logit("invalid public DH value (%d/%d)", - bits_set, BN_num_bits(dh->p)); + bits_set, BN_num_bits(p)); return 0; } return 1; } int dh_gen_key(DH *dh, int need) { int pbits; + const BIGNUM *p, *pub_key; + BIGNUM *priv_key; - if (need < 0 || dh->p == NULL || - (pbits = BN_num_bits(dh->p)) <= 0 || + DH_get0_pqg(dh, &p, NULL, NULL); + + if (need < 0 || p == NULL || + (pbits = BN_num_bits(p)) <= 0 || need > INT_MAX / 2 || 2 * need > pbits) return SSH_ERR_INVALID_ARGUMENT; if (need < 256) need = 256; /* * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)), * so double requested need here. */ - dh->length = MINIMUM(need * 2, pbits - 1); - if (DH_generate_key(dh) == 0 || - !dh_pub_is_valid(dh, dh->pub_key)) { - BN_clear_free(dh->priv_key); + DH_set_length(dh, MIN(need * 2, pbits - 1)); + if (DH_generate_key(dh) == 0) { + return SSH_ERR_LIBCRYPTO_ERROR; + } + DH_get0_key(dh, &pub_key, &priv_key); + if (!dh_pub_is_valid(dh, pub_key)) { + BN_clear(priv_key); return SSH_ERR_LIBCRYPTO_ERROR; } return 0; } DH * dh_new_group_asc(const char *gen, const char *modulus) { - DH *dh; + DH *dh = NULL; + BIGNUM *p=NULL, *g=NULL; - if ((dh = DH_new()) == NULL) - return NULL; - if (BN_hex2bn(&dh->p, modulus) == 0 || - BN_hex2bn(&dh->g, gen) == 0) { - DH_free(dh); - return NULL; + if ((dh = DH_new()) == NULL || + (p = BN_new()) == NULL || + (g = BN_new()) == NULL) + goto null; + if (BN_hex2bn(&p, modulus) == 0 || + BN_hex2bn(&g, gen) == 0) { + goto null; } + if (DH_set0_pqg(dh, p, NULL, g) == 0) { + goto null; + } + p = g = NULL; return (dh); +null: + BN_free(p); + BN_free(g); + DH_free(dh); + return NULL; } /* * This just returns the group, we still need to generate the exchange * value. */ @@ -303,14 +323,14 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus) { DH *dh; if ((dh = DH_new()) == NULL) return NULL; - dh->p = modulus; - dh->g = gen; + if (DH_set0_pqg(dh, modulus, NULL, gen) == 0) + return NULL; return (dh); } /* rfc2409 "Second Oakley Group" (1024 bits) */ DH * Index: dh.h =================================================================== RCS file: /home/kabe/cvsroot/openssh/dh.h,v retrieving revision 1.1.1.1 retrieving revision 1.3 diff -U 6 -r1.1.1.1 -r1.3 --- dh.h 5 Oct 2017 12:06:27 -0000 1.1.1.1 +++ dh.h 22 Dec 2016 01:04:12 -0000 1.3 @@ -39,13 +39,13 @@ DH *dh_new_group14(void); DH *dh_new_group16(void); DH *dh_new_group18(void); DH *dh_new_group_fallback(int); int dh_gen_key(DH *, int); -int dh_pub_is_valid(DH *, BIGNUM *); +int dh_pub_is_valid(const DH *, const BIGNUM *); u_int dh_estimate(int); /* * Max value from RFC4419. * Miniumum increased in light of DH precomputation attacks. Index: digest-openssl.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/digest-openssl.c,v retrieving revision 1.1.1.3 retrieving revision 1.5 diff -U 6 -r1.1.1.3 -r1.5 --- digest-openssl.c 5 Oct 2017 12:06:27 -0000 1.1.1.3 +++ digest-openssl.c 8 Oct 2017 12:56:57 -0000 1.5 @@ -40,13 +40,13 @@ # define EVP_sha384 NULL # define EVP_sha512 NULL #endif /* HAVE_EVP_SHA256 */ struct ssh_digest_ctx { int alg; - EVP_MD_CTX mdctx; + EVP_MD_CTX *mdctx; }; struct ssh_digest { int id; const char *name; size_t digest_len; @@ -103,47 +103,48 @@ return digest == NULL ? 0 : digest->digest_len; } size_t ssh_digest_blocksize(struct ssh_digest_ctx *ctx) { - return EVP_MD_CTX_block_size(&ctx->mdctx); + return EVP_MD_CTX_block_size(ctx->mdctx); } struct ssh_digest_ctx * ssh_digest_start(int alg) { const struct ssh_digest *digest = ssh_digest_by_alg(alg); - struct ssh_digest_ctx *ret; + struct ssh_digest_ctx *ret = NULL; if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL)) return NULL; ret->alg = alg; - EVP_MD_CTX_init(&ret->mdctx); - if (EVP_DigestInit_ex(&ret->mdctx, digest->mdfunc(), NULL) != 1) { + if ((ret->mdctx = EVP_MD_CTX_new()) == NULL || + EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) { + EVP_MD_CTX_free(ret->mdctx); free(ret); return NULL; } return ret; } int ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to) { if (from->alg != to->alg) return SSH_ERR_INVALID_ARGUMENT; /* we have bcopy-style order while openssl has memcpy-style */ - if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx)) + if (!EVP_MD_CTX_copy_ex(to->mdctx, from->mdctx)) return SSH_ERR_LIBCRYPTO_ERROR; return 0; } int ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) { - if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1) + if (EVP_DigestUpdate(ctx->mdctx, m, mlen) != 1) return SSH_ERR_LIBCRYPTO_ERROR; return 0; } int ssh_digest_update_buffer(struct ssh_digest_ctx *ctx, const struct sshbuf *b) @@ -158,24 +159,24 @@ u_int l = dlen; if (digest == NULL || dlen > UINT_MAX) return SSH_ERR_INVALID_ARGUMENT; if (dlen < digest->digest_len) /* No truncation allowed */ return SSH_ERR_INVALID_ARGUMENT; - if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1) + if (EVP_DigestFinal_ex(ctx->mdctx, d, &l) != 1) return SSH_ERR_LIBCRYPTO_ERROR; if (l != digest->digest_len) /* sanity */ return SSH_ERR_INTERNAL_ERROR; return 0; } void ssh_digest_free(struct ssh_digest_ctx *ctx) { if (ctx != NULL) { - EVP_MD_CTX_cleanup(&ctx->mdctx); + EVP_MD_CTX_free(ctx->mdctx); explicit_bzero(ctx, sizeof(*ctx)); free(ctx); } } int Index: kexdhc.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/kexdhc.c,v retrieving revision 1.1.1.3 retrieving revision 1.5 diff -U 6 -r1.1.1.3 -r1.5 --- kexdhc.c 9 Apr 2018 11:17:25 -0000 1.1.1.3 +++ kexdhc.c 11 Apr 2018 06:52:54 -0000 1.5 @@ -78,17 +78,22 @@ } if (kex->dh == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } debug("sending SSH2_MSG_KEXDH_INIT"); - if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || - (r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || + { + const BIGNUM *pub_key; + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) + goto out; + DH_get0_key(kex->dh, &pub_key, NULL); + if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || (r = sshpkt_send(ssh)) != 0) goto out; + } #ifdef DEBUG_KEXDH DHparams_print_fp(stderr, kex->dh); fprintf(stderr, "pub= "); BN_print_fp(stderr, kex->dh->pub_key); fprintf(stderr, "\n"); #endif @@ -166,24 +171,29 @@ #ifdef DEBUG_KEXDH dump_digest("shared secret", kbuf, kout); #endif /* calc and verify H */ hashlen = sizeof(hash); + { + const BIGNUM *pub_key; + DH_get0_key(kex->dh, &pub_key, NULL); if ((r = kex_dh_hash( kex->hash_alg, kex->client_version_string, kex->server_version_string, sshbuf_ptr(kex->my), sshbuf_len(kex->my), sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), server_host_key_blob, sbloblen, - kex->dh->pub_key, + pub_key, dh_server_pub, shared_secret, - hash, &hashlen)) != 0) + hash, &hashlen)) != 0) { goto out; + } + } if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) != 0) goto out; /* save session id */ Index: kexdhs.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/kexdhs.c,v retrieving revision 1.1.1.3 retrieving revision 1.5 diff -U 6 -r1.1.1.3 -r1.5 --- kexdhs.c 9 Apr 2018 11:17:25 -0000 1.1.1.3 +++ kexdhs.c 11 Apr 2018 06:52:54 -0000 1.5 @@ -84,12 +84,16 @@ goto out; debug("expecting SSH2_MSG_KEXDH_INIT"); ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init); r = 0; out: + if (r != 0) { + if (kex->dh) DH_free(kex->dh); + kex->dh = NULL; + } return r; } int input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) { @@ -160,24 +164,29 @@ #endif if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, &sbloblen)) != 0) goto out; /* calc H */ hashlen = sizeof(hash); + { + const BIGNUM *pub_key; + DH_get0_key(kex->dh, &pub_key, NULL); if ((r = kex_dh_hash( kex->hash_alg, kex->client_version_string, kex->server_version_string, sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), sshbuf_ptr(kex->my), sshbuf_len(kex->my), server_host_key_blob, sbloblen, dh_client_pub, - kex->dh->pub_key, + pub_key, shared_secret, - hash, &hashlen)) != 0) + hash, &hashlen)) != 0) { goto out; + } + } /* save session id := H */ if (kex->session_id == NULL) { kex->session_id_len = hashlen; kex->session_id = malloc(kex->session_id_len); if (kex->session_id == NULL) { @@ -192,18 +201,23 @@ &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) goto out; /* destroy_sensitive_data(); */ /* send server hostkey, DH pubkey 'f' and singed H */ + { + const BIGNUM *pub_key; + DH_get0_key(kex->dh, &pub_key, NULL); if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_send(ssh)) != 0) { goto out; + } + } if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: explicit_bzero(hash, sizeof(hash)); DH_free(kex->dh); Index: kexgexc.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/kexgexc.c,v retrieving revision 1.1.1.4 retrieving revision 1.6 diff -U 6 -r1.1.1.4 -r1.6 --- kexgexc.c 9 Apr 2018 11:17:25 -0000 1.1.1.4 +++ kexgexc.c 11 Apr 2018 06:52:54 -0000 1.6 @@ -115,30 +115,40 @@ r = SSH_ERR_ALLOC_FAIL; goto out; } p = g = NULL; /* belong to kex->dh now */ /* generate and send 'e', client DH public key */ - if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || - (r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || - (r = sshpkt_send(ssh)) != 0) + { + const BIGNUM *pub_key; + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) + goto out; + DH_get0_key(kex->dh, &pub_key, NULL); + if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || + (r = sshpkt_send(ssh)) != 0) { goto out; + } + } debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); #ifdef DEBUG_KEXDH DHparams_print_fp(stderr, kex->dh); fprintf(stderr, "pub= "); BN_print_fp(stderr, kex->dh->pub_key); fprintf(stderr, "\n"); #endif ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, NULL); ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply); r = 0; out: - BN_clear_free(p); - BN_clear_free(g); + if (r != 0) { + BN_clear_free(p); + BN_clear_free(g); + DH_free(kex->dh); + kex->dh = NULL; + } return r; } static int input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) { @@ -209,26 +219,32 @@ #endif if (ssh->compat & SSH_OLD_DHGEX) kex->min = kex->max = -1; /* calc and verify H */ hashlen = sizeof(hash); + { + const BIGNUM *p, *g, *pub_key; + DH_get0_pqg(kex->dh, &p, NULL, &g); + DH_get0_key(kex->dh, &pub_key, NULL); if ((r = kexgex_hash( kex->hash_alg, kex->client_version_string, kex->server_version_string, sshbuf_ptr(kex->my), sshbuf_len(kex->my), sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), server_host_key_blob, sbloblen, kex->min, kex->nbits, kex->max, - kex->dh->p, kex->dh->g, - kex->dh->pub_key, + p, g, + pub_key, dh_server_pub, shared_secret, - hash, &hashlen)) != 0) + hash, &hashlen)) != 0) { goto out; + } + } if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) != 0) goto out; /* save session id */ Index: kexgexs.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/kexgexs.c,v retrieving revision 1.1.1.4 retrieving revision 1.6 diff -U 6 -r1.1.1.4 -r1.6 --- kexgexs.c 9 Apr 2018 11:17:25 -0000 1.1.1.4 +++ kexgexs.c 11 Apr 2018 06:52:54 -0000 1.6 @@ -98,26 +98,35 @@ if (kex->dh == NULL) { sshpkt_disconnect(ssh, "no matching DH grp found"); r = SSH_ERR_ALLOC_FAIL; goto out; } debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); + { + const BIGNUM *p, *g; + DH_get0_pqg(kex->dh, &p, NULL, &g); if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 || - (r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 || - (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_put_bignum2(ssh, p)) != 0 || + (r = sshpkt_put_bignum2(ssh, g)) != 0 || + (r = sshpkt_send(ssh)) != 0) { goto out; + } + } /* Compute our exchange value in parallel with the client */ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) goto out; debug("expecting SSH2_MSG_KEX_DH_GEX_INIT"); ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init); r = 0; out: + if (r != 0) { + DH_free(kex->dh); + kex->dh = NULL; + } return r; } static int input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) { @@ -188,26 +197,32 @@ #endif if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, &sbloblen)) != 0) goto out; /* calc H */ hashlen = sizeof(hash); + { + const BIGNUM *p, *g, *pub_key; + DH_get0_pqg(kex->dh, &p, NULL, &g); + DH_get0_key(kex->dh, &pub_key, NULL); if ((r = kexgex_hash( kex->hash_alg, kex->client_version_string, kex->server_version_string, sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), sshbuf_ptr(kex->my), sshbuf_len(kex->my), server_host_key_blob, sbloblen, kex->min, kex->nbits, kex->max, - kex->dh->p, kex->dh->g, + p, g, dh_client_pub, - kex->dh->pub_key, + pub_key, shared_secret, - hash, &hashlen)) != 0) + hash, &hashlen)) != 0) { goto out; + } + } /* save session id := H */ if (kex->session_id == NULL) { kex->session_id_len = hashlen; kex->session_id = malloc(kex->session_id_len); if (kex->session_id == NULL) { @@ -222,18 +237,23 @@ &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) goto out; /* destroy_sensitive_data(); */ /* send server hostkey, DH pubkey 'f' and singed H */ + { + const BIGNUM *pub_key; + DH_get0_key(kex->dh, &pub_key, NULL); if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_send(ssh)) != 0) { goto out; + } + } if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: DH_free(kex->dh); kex->dh = NULL; Index: monitor.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/monitor.c,v retrieving revision 1.1.1.5 retrieving revision 1.6 diff -U 6 -r1.1.1.5 -r1.6 --- monitor.c 9 Apr 2018 11:17:26 -0000 1.1.1.5 +++ monitor.c 11 Apr 2018 06:52:54 -0000 1.6 @@ -592,16 +592,18 @@ dh = choose_dh(min, want, max); if (dh == NULL) { buffer_put_char(m, 0); return (0); } else { + const BIGNUM *p, *g; + DH_get0_pqg(dh, &p, NULL, &g); /* Send first bignum */ buffer_put_char(m, 1); - buffer_put_bignum2(m, dh->p); - buffer_put_bignum2(m, dh->g); + buffer_put_bignum2(m, p); + buffer_put_bignum2(m, g); DH_free(dh); } mm_request_send(sock, MONITOR_ANS_MODULI, m); return (0); } Index: sftp-common.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/sftp-common.c,v retrieving revision 1.1.1.3 retrieving revision 1.2 diff -U 6 -r1.1.1.3 -r1.2 --- sftp-common.c 5 Oct 2017 12:06:30 -0000 1.1.1.3 +++ sftp-common.c 11 Apr 2018 06:52:54 -0000 1.2 @@ -212,13 +212,13 @@ */ char * ls_file(const char *name, const struct stat *st, int remote, int si_units) { int ulen, glen, sz = 0; struct tm *ltime = localtime(&st->st_mtime); - char *user, *group; + const char *user, *group; char buf[1024], lc[8], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1]; char sbuf[FMT_SCALED_STRSIZE]; time_t now; strmode(st->st_mode, mode); if (remote) { Index: ssh-dss.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/ssh-dss.c,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -U 6 -r1.1.1.2 -r1.3 --- ssh-dss.c 9 Apr 2018 11:17:28 -0000 1.1.1.2 +++ ssh-dss.c 11 Apr 2018 06:52:54 -0000 1.3 @@ -50,12 +50,13 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat) { DSA_SIG *sig = NULL; u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); + const BIGNUM *r, *s; struct sshbuf *b = NULL; int ret = SSH_ERR_INVALID_ARGUMENT; if (lenp != NULL) *lenp = 0; if (sigp != NULL) @@ -73,21 +74,22 @@ if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } - rlen = BN_num_bytes(sig->r); - slen = BN_num_bytes(sig->s); + DSA_SIG_get0(sig, &r, &s); + rlen = BN_num_bytes(r); + slen = BN_num_bytes(s); if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { ret = SSH_ERR_INTERNAL_ERROR; goto out; } explicit_bzero(sigblob, SIGBLOB_LEN); - BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); - BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen); + BN_bn2bin(r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); + BN_bn2bin(s, sigblob + SIGBLOB_LEN - slen); if ((b = sshbuf_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 || @@ -151,23 +153,32 @@ if (len != SIGBLOB_LEN) { ret = SSH_ERR_INVALID_FORMAT; goto out; } /* parse signature */ + { + BIGNUM *r=NULL, *s=NULL; if ((sig = DSA_SIG_new()) == NULL || - (sig->r = BN_new()) == NULL || - (sig->s = BN_new()) == NULL) { + (r = BN_new()) == NULL || + (s = BN_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; + BN_free(r); + BN_free(s); goto out; } - if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || - (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) { + if ((BN_bin2bn(sigblob, INTBLOB_LEN, r) == NULL) || + (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, s) == NULL)) { ret = SSH_ERR_LIBCRYPTO_ERROR; + BN_free(r); + BN_free(s); goto out; } + DSA_SIG_set0(sig, r, s); + r = s = NULL; + } /* sha1 the data */ if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, digest, sizeof(digest))) != 0) goto out; Index: ssh-ecdsa.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/ssh-ecdsa.c,v retrieving revision 1.1.1.2 retrieving revision 1.4 diff -U 6 -r1.1.1.2 -r1.4 --- ssh-ecdsa.c 9 Apr 2018 11:17:28 -0000 1.1.1.2 +++ ssh-ecdsa.c 11 Apr 2018 06:52:54 -0000 1.4 @@ -77,15 +77,20 @@ } if ((bb = sshbuf_new()) == NULL || (b = sshbuf_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } - if ((ret = sshbuf_put_bignum2(bb, sig->r)) != 0 || - (ret = sshbuf_put_bignum2(bb, sig->s)) != 0) + { + const BIGNUM *r, *s; + ECDSA_SIG_get0(sig, &r, &s); + if ((ret = sshbuf_put_bignum2(bb, r)) != 0 || + (ret = sshbuf_put_bignum2(bb, s)) != 0) { goto out; + } + } if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 || (ret = sshbuf_put_stringb(b, bb)) != 0) goto out; len = sshbuf_len(b); if (sigp != NULL) { if ((*sigp = malloc(len)) == NULL) { @@ -147,17 +152,33 @@ /* parse signature */ if ((sig = ECDSA_SIG_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } - if (sshbuf_get_bignum2(sigbuf, sig->r) != 0 || - sshbuf_get_bignum2(sigbuf, sig->s) != 0) { + { + BIGNUM *r=NULL, *s=NULL; + if ((r = BN_new()) == NULL || + (s = BN_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out_rs; + } + if (sshbuf_get_bignum2(sigbuf, r) != 0 || + sshbuf_get_bignum2(sigbuf, s) != 0) { ret = SSH_ERR_INVALID_FORMAT; + goto out_rs; + } + if (ECDSA_SIG_set0(sig, r, s) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; +out_rs: + BN_free(r); + BN_free(s); goto out; } + r = s = NULL; + } if (sshbuf_len(sigbuf) != 0) { ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; goto out; } if ((ret = ssh_digest_memory(hash_alg, data, datalen, digest, sizeof(digest))) != 0) Index: ssh-keygen.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/ssh-keygen.c,v retrieving revision 1.1.1.5 retrieving revision 1.7 diff -U 6 -r1.1.1.5 -r1.7 --- ssh-keygen.c 9 Apr 2018 11:17:28 -0000 1.1.1.5 +++ ssh-keygen.c 11 Apr 2018 06:52:54 -0000 1.7 @@ -490,17 +490,39 @@ if ((key = sshkey_new_private(ktype)) == NULL) fatal("sshkey_new_private failed"); free(type); switch (key->type) { case KEY_DSA: - buffer_get_bignum_bits(b, key->dsa->p); - buffer_get_bignum_bits(b, key->dsa->g); - buffer_get_bignum_bits(b, key->dsa->q); - buffer_get_bignum_bits(b, key->dsa->pub_key); - buffer_get_bignum_bits(b, key->dsa->priv_key); + { + BIGNUM *p=NULL, *g=NULL, *q=NULL, *pub_key=NULL, *priv_key=NULL; + if ((p=BN_new()) == NULL || + (g=BN_new()) == NULL || + (q=BN_new()) == NULL || + (pub_key=BN_new()) == NULL || + (priv_key=BN_new()) == NULL) { + BN_free(p); + BN_free(g); + BN_free(q); + BN_free(pub_key); + BN_free(priv_key); + return NULL; + } + buffer_get_bignum_bits(b, p); + buffer_get_bignum_bits(b, g); + buffer_get_bignum_bits(b, q); + buffer_get_bignum_bits(b, pub_key); + buffer_get_bignum_bits(b, priv_key); + if (DSA_set0_pqg(key->dsa, p, q, g) == 0 || + DSA_set0_key(key->dsa, pub_key, priv_key) == 0) { + fatal("failed to set DSA key"); + BN_free(p); BN_free(g); BN_free(q); + BN_free(pub_key); BN_free(priv_key); + return NULL; + } + } break; case KEY_RSA: if ((r = sshbuf_get_u8(b, &e1)) != 0 || (e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) || (e1 < 30 && (r = sshbuf_get_u8(b, &e3)) != 0)) fatal("%s: buffer error: %s", __func__, ssh_err(r)); @@ -511,22 +533,59 @@ e += e2; debug("e %lx", e); e <<= 8; e += e3; debug("e %lx", e); } - if (!BN_set_word(key->rsa->e, e)) { + { + BIGNUM *rsa_e = NULL; + BIGNUM *d=NULL, *n=NULL, *iqmp=NULL, *q=NULL, *p=NULL; + BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy input to set in RSA_set0_crt_params */ + rsa_e = BN_new(); + if (!rsa_e || !BN_set_word(rsa_e, e)) { + goto null_e; + } + if ((d=BN_new()) == NULL || + (n=BN_new()) == NULL || + (iqmp=BN_new()) == NULL || + (q=BN_new()) == NULL || + (p=BN_new()) == NULL || + (dmp1=BN_new()) == NULL || + (dmq1=BN_new()) == NULL) { + BN_free(d); BN_free(n); BN_free(iqmp); + BN_free(q); BN_free(p); + BN_free(dmp1); BN_free(dmq1); + goto null_e; + } + buffer_get_bignum_bits(b, d); + buffer_get_bignum_bits(b, n); + buffer_get_bignum_bits(b, iqmp); + buffer_get_bignum_bits(b, q); + buffer_get_bignum_bits(b, p); + if (RSA_set0_key(key->rsa, n, rsa_e, d) == 0) + goto null; + n = rsa_e = d = NULL; + if (RSA_set0_factors(key->rsa, p, q) == 0) + goto null; + p = q = NULL; + /* dmp1, dmq1 should not be NULL for initial set0 */ + BN_clear(dmp1); BN_clear(dmq1); + if (RSA_set0_crt_params(key->rsa, dmp1, dmq1, iqmp) == 0) { +null: + fatal("Failed to set RSA parameters"); + BN_free(d); BN_free(n); BN_free(iqmp); + BN_free(q); BN_free(p); + BN_free(dmp1); BN_free(dmq1); +null_e: sshbuf_free(b); sshkey_free(key); + BN_free(rsa_e); return NULL; } - buffer_get_bignum_bits(b, key->rsa->d); - buffer_get_bignum_bits(b, key->rsa->n); - buffer_get_bignum_bits(b, key->rsa->iqmp); - buffer_get_bignum_bits(b, key->rsa->q); - buffer_get_bignum_bits(b, key->rsa->p); + dmp1 = dmq1 = iqmp = NULL; + } if ((r = ssh_rsa_generate_additional_parameters(key)) != 0) fatal("generate RSA parameters failed: %s", ssh_err(r)); break; } rlen = sshbuf_len(b); if (rlen != 0) @@ -630,13 +689,13 @@ fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); if ((pubkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) { fatal("%s: %s is not a recognised public key format", __func__, identity_file); } fclose(fp); - switch (EVP_PKEY_type(pubkey->type)) { + switch (EVP_PKEY_type(EVP_PKEY_id(pubkey))) { case EVP_PKEY_RSA: if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) fatal("sshkey_new failed"); (*k)->type = KEY_RSA; (*k)->rsa = EVP_PKEY_get1_RSA(pubkey); break; @@ -654,13 +713,13 @@ (*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey); (*k)->ecdsa_nid = sshkey_ecdsa_key_to_nid((*k)->ecdsa); break; #endif default: fatal("%s: unsupported pubkey type %d", __func__, - EVP_PKEY_type(pubkey->type)); + EVP_PKEY_type(EVP_PKEY_id(pubkey))); } EVP_PKEY_free(pubkey); return; } static void Index: ssh-pkcs11-client.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/ssh-pkcs11-client.c,v retrieving revision 1.1.1.3 retrieving revision 1.5 diff -U 6 -r1.1.1.3 -r1.5 --- ssh-pkcs11-client.c 9 Apr 2018 11:17:28 -0000 1.1.1.3 +++ ssh-pkcs11-client.c 11 Apr 2018 06:52:54 -0000 1.5 @@ -141,18 +141,19 @@ } /* redirect the private key encrypt operation to the ssh-pkcs11-helper */ static int wrap_key(RSA *rsa) { - static RSA_METHOD helper_rsa; + static RSA_METHOD *helper_rsa; - memcpy(&helper_rsa, RSA_get_default_method(), sizeof(helper_rsa)); - helper_rsa.name = "ssh-pkcs11-helper"; - helper_rsa.rsa_priv_enc = pkcs11_rsa_private_encrypt; - RSA_set_method(rsa, &helper_rsa); + if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL) + return (-1); /* XXX but caller isn't checking */ + RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper"); + RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt); + RSA_set_method(rsa, helper_rsa); return (0); } static int pkcs11_start_helper(void) { Index: ssh-pkcs11.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/ssh-pkcs11.c,v retrieving revision 1.1.1.4 retrieving revision 1.6 diff -U 6 -r1.1.1.4 -r1.6 --- ssh-pkcs11.c 9 Apr 2018 11:17:29 -0000 1.1.1.4 +++ ssh-pkcs11.c 11 Apr 2018 06:52:54 -0000 1.6 @@ -64,13 +64,13 @@ TAILQ_HEAD(, pkcs11_provider) pkcs11_providers; struct pkcs11_key { struct pkcs11_provider *provider; CK_ULONG slotidx; int (*orig_finish)(RSA *rsa); - RSA_METHOD rsa_method; + RSA_METHOD *rsa_method; char *keyid; int keyid_len; }; int pkcs11_interactive = 0; @@ -323,19 +323,21 @@ /* identify key object on smartcard */ k11->keyid_len = keyid_attrib->ulValueLen; if (k11->keyid_len > 0) { k11->keyid = xmalloc(k11->keyid_len); memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); } - k11->orig_finish = def->finish; - memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method)); - k11->rsa_method.name = "pkcs11"; - k11->rsa_method.rsa_priv_enc = pkcs11_rsa_private_encrypt; - k11->rsa_method.rsa_priv_dec = pkcs11_rsa_private_decrypt; - k11->rsa_method.finish = pkcs11_rsa_finish; - RSA_set_method(rsa, &k11->rsa_method); + k11->orig_finish = RSA_meth_get_finish(def); + + if ((k11->rsa_method = RSA_meth_new("pkcs11", RSA_meth_get_flags(def))) == NULL) + return -1; + RSA_meth_set_priv_enc(k11->rsa_method, pkcs11_rsa_private_encrypt); + RSA_meth_set_priv_dec(k11->rsa_method, pkcs11_rsa_private_decrypt); + RSA_meth_set_finish(k11->rsa_method, pkcs11_rsa_finish); + + RSA_set_method(rsa, k11->rsa_method); RSA_set_app_data(rsa, k11); return (0); } /* remove trailing spaces */ static void @@ -509,35 +511,47 @@ != CKR_OK) { error("C_GetAttributeValue failed: %lu", rv); } else if (attribs[1].type == CKA_MODULUS ) { if ((rsa = RSA_new()) == NULL) { error("RSA_new failed"); } else { - rsa->n = BN_bin2bn(attribs[1].pValue, - attribs[1].ulValueLen, NULL); - rsa->e = BN_bin2bn(attribs[2].pValue, - attribs[2].ulValueLen, NULL); + BIGNUM *n=NULL, *e=NULL; + n = BN_new(); + e = BN_new(); + if (n == NULL || e == NULL) + error("BN_new alloc failed"); + if (BN_bin2bn(attribs[1].pValue, + attribs[1].ulValueLen, n) == NULL || + BN_bin2bn(attribs[2].pValue, + attribs[2].ulValueLen, e) == NULL) + error("BN_bin2bn failed"); + if (RSA_set0_key(rsa, n, e, NULL) == 0) + error("RSA_set0_key failed"); + n = e = NULL; } } else { cp = attribs[2].pValue; if ((x509 = X509_new()) == NULL) { error("X509_new failed"); } else if (d2i_X509(&x509, &cp, attribs[2].ulValueLen) == NULL) { error("d2i_X509 failed"); } else if ((evp = X509_get_pubkey(x509)) == NULL || - evp->type != EVP_PKEY_RSA || - evp->pkey.rsa == NULL) { + EVP_PKEY_id(evp) != EVP_PKEY_RSA || + EVP_PKEY_get0_RSA(evp) == NULL) { debug("X509_get_pubkey failed or no rsa"); - } else if ((rsa = RSAPublicKey_dup(evp->pkey.rsa)) + } else if ((rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(evp))) == NULL) { error("RSAPublicKey_dup"); } X509_free(x509); } - if (rsa && rsa->n && rsa->e && + { + const BIGNUM *n, *e; + RSA_get0_key(rsa, &n, &e, NULL); + if (rsa && n && e && pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { if ((key = sshkey_new(KEY_UNSPEC)) == NULL) fatal("sshkey_new failed"); key->rsa = rsa; key->type = KEY_RSA; key->flags |= SSHKEY_FLAG_EXT; @@ -551,12 +565,13 @@ *nkeys = *nkeys + 1; debug("have %d keys", *nkeys); } } else if (rsa) { RSA_free(rsa); } + } for (i = 0; i < 3; i++) free(attribs[i].pValue); } if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) error("C_FindObjectsFinal failed: %lu", rv); return (0); Index: ssh-rsa.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/ssh-rsa.c,v retrieving revision 1.1.1.4 retrieving revision 1.5 diff -U 6 -r1.1.1.4 -r1.5 --- ssh-rsa.c 9 Apr 2018 11:17:29 -0000 1.1.1.4 +++ ssh-rsa.c 11 Apr 2018 06:52:54 -0000 1.5 @@ -81,13 +81,14 @@ int ssh_rsa_generate_additional_parameters(struct sshkey *key) { BIGNUM *aux = NULL; BN_CTX *ctx = NULL; - BIGNUM d; + const BIGNUM *p, *q, *dtmp; + BIGNUM *d = NULL, *dmp1 = NULL, *dmq1 = NULL; int r; if (key == NULL || key->rsa == NULL || sshkey_type_plain(key->type) != KEY_RSA) return SSH_ERR_INVALID_ARGUMENT; @@ -96,26 +97,45 @@ if ((aux = BN_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } BN_set_flags(aux, BN_FLG_CONSTTIME); - BN_init(&d); - BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME); + RSA_get0_factors(key->rsa, &p, &q); + dmp1 = BN_new(); dmq1 = BN_new(); + if (dmp1 == NULL || dmq1 == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + RSA_get0_key(key->rsa, NULL, NULL, &dtmp); + + d = BN_new(); + if (d == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + BN_with_flags(d, dtmp, BN_FLG_CONSTTIME); - if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) || - (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) || - (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) || - (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) { + if ((BN_sub(aux, q, BN_value_one()) == 0) || + (BN_mod(dmq1, d, aux, ctx) == 0) || + (BN_sub(aux, p, BN_value_one()) == 0) || + (BN_mod(dmp1, d, aux, ctx) == 0)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if (RSA_set0_crt_params(key->rsa, dmp1, dmq1, NULL) == 0 ){ + /* above assumes iqmp is already set */ r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } + dmp1 = dmq1 = NULL; /* ownership changed to key->rsa */ r = 0; out: BN_clear_free(aux); BN_CTX_free(ctx); + BN_free(d); BN_free(dmp1); BN_free(dmq1); return r; } /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ int ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, @@ -136,13 +156,13 @@ hash_alg = SSH_DIGEST_SHA1; else hash_alg = rsa_hash_alg_from_ident(alg_ident); if (key == NULL || key->rsa == NULL || hash_alg == -1 || sshkey_type_plain(key->type) != KEY_RSA) return SSH_ERR_INVALID_ARGUMENT; - if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) + if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) return SSH_ERR_KEY_LENGTH; slen = RSA_size(key->rsa); if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) return SSH_ERR_INVALID_ARGUMENT; /* hash the data */ @@ -208,13 +228,13 @@ u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL; if (key == NULL || key->rsa == NULL || sshkey_type_plain(key->type) != KEY_RSA || sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; - if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) + if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) return SSH_ERR_KEY_LENGTH; if ((b = sshbuf_from(sig, siglen)) == NULL) return SSH_ERR_ALLOC_FAIL; if (sshbuf_get_cstring(b, &sigtype, NULL) != 0) { ret = SSH_ERR_INVALID_FORMAT; Index: sshkey.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/sshkey.c,v retrieving revision 1.1.1.5 retrieving revision 1.7 diff -U 6 -r1.1.1.5 -r1.7 --- sshkey.c 9 Apr 2018 11:17:29 -0000 1.1.1.5 +++ sshkey.c 11 Apr 2018 06:52:54 -0000 1.7 @@ -271,16 +271,16 @@ sshkey_size(const struct sshkey *k) { switch (k->type) { #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: - return BN_num_bits(k->rsa->n); + return RSA_bits(k->rsa); case KEY_DSA: case KEY_DSA_CERT: - return BN_num_bits(k->dsa->p); + return DSA_bits(k->dsa); case KEY_ECDSA: case KEY_ECDSA_CERT: return sshkey_curve_nid_to_bits(k->ecdsa_nid); #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: @@ -479,32 +479,59 @@ k->xmss_sk = NULL; k->xmss_pk = NULL; switch (k->type) { #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: + { + BIGNUM *n=NULL, *e=NULL; /* just allocate */ if ((rsa = RSA_new()) == NULL || - (rsa->n = BN_new()) == NULL || - (rsa->e = BN_new()) == NULL) { + (n = BN_new()) == NULL || + (e = BN_new()) == NULL) { + BN_free(n); + BN_free(e); RSA_free(rsa); free(k); return NULL; } + BN_clear(n); BN_clear(e); + if (RSA_set0_key(rsa, n, e, NULL) == 0) + return NULL; + n = e = NULL; + } k->rsa = rsa; break; case KEY_DSA: case KEY_DSA_CERT: + { + BIGNUM *p=NULL, *q=NULL, *g=NULL, *pubkey=NULL; /* just allocate */ if ((dsa = DSA_new()) == NULL || - (dsa->p = BN_new()) == NULL || - (dsa->q = BN_new()) == NULL || - (dsa->g = BN_new()) == NULL || - (dsa->pub_key = BN_new()) == NULL) { + (p = BN_new()) == NULL || + (q = BN_new()) == NULL || + (g = BN_new()) == NULL || + (pubkey = BN_new()) == NULL) { + BN_free(p); + BN_free(q); + BN_free(g); + BN_free(pubkey); DSA_free(dsa); free(k); return NULL; } + if (DSA_set0_pqg(dsa, p, q, g) == 0) { + BN_free(p); BN_free(q); BN_free(g); + BN_free(pubkey); + return NULL; + } + p = q = g = NULL; + if (DSA_set0_key(dsa, pubkey, NULL) == 0) { + BN_free(pubkey); + return NULL; + } + pubkey = NULL; + } k->dsa = dsa; break; case KEY_ECDSA: case KEY_ECDSA_CERT: /* Cannot do anything until we know the group */ break; @@ -536,27 +563,87 @@ sshkey_add_private(struct sshkey *k) { switch (k->type) { #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: +#if OPENSSL_VERSION_NUMBER >= 0x10100000UL + /* Allocate BIGNUM. This is a mess. + For OpenSSL 1.1.x API these shouldn't be mandatory, + but some regression tests for non-NULL pointer of + the data. */ +#define new_or_dup(bn, nbn) \ + if (bn == NULL) { \ + if ((nbn = BN_new()) == NULL) \ + return SSH_ERR_ALLOC_FAIL; \ + } else { \ + /* otherwise use-after-free will occur */ \ + if ((nbn = BN_dup(bn)) == NULL) \ + return SSH_ERR_ALLOC_FAIL; \ + } + { + const BIGNUM *d, *iqmp, *q, *p, *dmq1, *dmp1; /* allocate if NULL */ + BIGNUM *nd, *niqmp, *nq, *np, *ndmq1, *ndmp1; + + RSA_get0_key(k->rsa, NULL, NULL, &d); + RSA_get0_factors(k->rsa, &p, &q); + RSA_get0_crt_params(k->rsa, &dmp1, &dmq1, &iqmp); + + new_or_dup(d, nd); + new_or_dup(iqmp, niqmp); + new_or_dup(q, nq); + new_or_dup(p, np); + new_or_dup(dmq1, ndmq1); + new_or_dup(dmp1, ndmp1); + + if (RSA_set0_key(k->rsa, NULL, NULL, nd) == 0) + goto error1; + nd = NULL; + if (RSA_set0_factors(k->rsa, np, nq) == 0) + goto error1; + np = nq = NULL; + if (RSA_set0_crt_params(k->rsa, ndmp1, ndmq1, niqmp) == 0) { +error1: + BN_free(nd); + BN_free(np); BN_free(nq); + BN_free(ndmp1); BN_free(ndmq1); BN_free(niqmp); + return SSH_ERR_LIBCRYPTO_ERROR; + } + ndmp1 = ndmq1 = niqmp = NULL; + } +#else #define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) if (bn_maybe_alloc_failed(k->rsa->d) || bn_maybe_alloc_failed(k->rsa->iqmp) || bn_maybe_alloc_failed(k->rsa->q) || bn_maybe_alloc_failed(k->rsa->p) || bn_maybe_alloc_failed(k->rsa->dmq1) || bn_maybe_alloc_failed(k->rsa->dmp1)) return SSH_ERR_ALLOC_FAIL; +#endif break; case KEY_DSA: case KEY_DSA_CERT: +#if OPENSSL_VERSION_NUMBER >= 0x10100000UL + { + const BIGNUM *priv_key; + BIGNUM *npriv_key; + DSA_get0_key(k->dsa, NULL, &priv_key); + new_or_dup(priv_key, npriv_key); + if (DSA_set0_key(k->dsa, NULL, npriv_key) == 0) { + BN_free(npriv_key); + return SSH_ERR_LIBCRYPTO_ERROR; + } + } +#else if (bn_maybe_alloc_failed(k->dsa->priv_key)) return SSH_ERR_ALLOC_FAIL; +#endif break; #undef bn_maybe_alloc_failed +#undef new_or_dup case KEY_ECDSA: case KEY_ECDSA_CERT: /* Cannot do anything until we know the group */ break; #endif /* WITH_OPENSSL */ case KEY_ED25519: @@ -674,22 +761,40 @@ return 0; switch (a->type) { #ifdef WITH_OPENSSL case KEY_RSA_CERT: case KEY_RSA: - return a->rsa != NULL && b->rsa != NULL && - BN_cmp(a->rsa->e, b->rsa->e) == 0 && - BN_cmp(a->rsa->n, b->rsa->n) == 0; + { + const BIGNUM *a_e, *b_e, *a_n, *b_n; + const BIGNUM *a_d, *b_d; + if (a->rsa == NULL) return 0; + if (b->rsa == NULL) return 0; + RSA_get0_key(a->rsa, &a_n, &a_e, &a_d); + RSA_get0_key(b->rsa, &b_n, &b_e, &b_d); + return + BN_cmp(a_e, b_e) == 0 && + BN_cmp(a_n, b_n) == 0; + } case KEY_DSA_CERT: case KEY_DSA: - return a->dsa != NULL && b->dsa != NULL && - BN_cmp(a->dsa->p, b->dsa->p) == 0 && - BN_cmp(a->dsa->q, b->dsa->q) == 0 && - BN_cmp(a->dsa->g, b->dsa->g) == 0 && - BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; + { + const BIGNUM *a_p, *a_q, *a_g, *a_pub_key; + const BIGNUM *b_p, *b_q, *b_g, *b_pub_key; + if (a->dsa == NULL) return 0; + if (b->dsa == NULL) return 0; + DSA_get0_pqg(a->dsa, &a_p, &a_q, &a_g); + DSA_get0_pqg(b->dsa, &b_p, &b_q, &b_g); + DSA_get0_key(a->dsa, &a_pub_key, NULL); + DSA_get0_key(b->dsa, &b_pub_key, NULL); + return + BN_cmp(a_p, b_p) == 0 && + BN_cmp(a_q, b_q) == 0 && + BN_cmp(a_g, b_g) == 0 && + BN_cmp(a_pub_key, b_pub_key) == 0; + } # ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: if (a->ecdsa == NULL || b->ecdsa == NULL || EC_KEY_get0_public_key(a->ecdsa) == NULL || EC_KEY_get0_public_key(b->ecdsa) == NULL) @@ -772,18 +877,23 @@ return ret; break; #ifdef WITH_OPENSSL case KEY_DSA: if (key->dsa == NULL) return SSH_ERR_INVALID_ARGUMENT; + { + const BIGNUM *p, *q, *g, *pub_key; + DSA_get0_pqg(key->dsa, &p, &q, &g); + DSA_get0_key(key->dsa, &pub_key, NULL); if ((ret = sshbuf_put_cstring(b, typename)) != 0 || - (ret = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || - (ret = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || - (ret = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || - (ret = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0) + (ret = sshbuf_put_bignum2(b, p)) != 0 || + (ret = sshbuf_put_bignum2(b, q)) != 0 || + (ret = sshbuf_put_bignum2(b, g)) != 0 || + (ret = sshbuf_put_bignum2(b, pub_key)) != 0) return ret; + } break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: if (key->ecdsa == NULL) return SSH_ERR_INVALID_ARGUMENT; if ((ret = sshbuf_put_cstring(b, typename)) != 0 || @@ -793,16 +903,20 @@ return ret; break; # endif case KEY_RSA: if (key->rsa == NULL) return SSH_ERR_INVALID_ARGUMENT; + { + const BIGNUM *e, *n; + RSA_get0_key(key->rsa, &n, &e, NULL); if ((ret = sshbuf_put_cstring(b, typename)) != 0 || - (ret = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || - (ret = sshbuf_put_bignum2(b, key->rsa->n)) != 0) + (ret = sshbuf_put_bignum2(b, e)) != 0 || + (ret = sshbuf_put_bignum2(b, n)) != 0) return ret; + } break; #endif /* WITH_OPENSSL */ case KEY_ED25519: if (key->ed25519_pk == NULL) return SSH_ERR_INVALID_ARGUMENT; if ((ret = sshbuf_put_cstring(b, typename)) != 0 || @@ -1737,19 +1851,38 @@ switch (k->type) { #ifdef WITH_OPENSSL case KEY_DSA: case KEY_DSA_CERT: if ((n = sshkey_new(k->type)) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || - (BN_copy(n->dsa->q, k->dsa->q) == NULL) || - (BN_copy(n->dsa->g, k->dsa->g) == NULL) || - (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) { + { + const BIGNUM *p, *q, *g, *pub_key, *priv_key; + BIGNUM *cp=NULL, *cq=NULL, *cg=NULL, *cpub_key=NULL; + DSA_get0_pqg(k->dsa, &p, &q, &g); + DSA_get0_key(k->dsa, &pub_key, &priv_key); + if ((cp = BN_dup(p)) == NULL || + (cq = BN_dup(q)) == NULL || + (cg = BN_dup(g)) == NULL || + (cpub_key = BN_dup(pub_key)) == NULL) { + BN_free(cp); BN_free(cq); BN_free(cg); + BN_free(cpub_key); sshkey_free(n); return SSH_ERR_ALLOC_FAIL; } + if (DSA_set0_pqg(n->dsa, cp, cq, cg) == 0) + goto error1; + cp = cq = cg = NULL; + if (DSA_set0_key(n->dsa, cpub_key, NULL) == 0) { +error1: + BN_free(cp); BN_free(cq); BN_free(cg); + BN_free(cpub_key); + sshkey_free(n); + return SSH_ERR_LIBCRYPTO_ERROR; + } + cpub_key = NULL; + } break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: case KEY_ECDSA_CERT: if ((n = sshkey_new(k->type)) == NULL) return SSH_ERR_ALLOC_FAIL; @@ -1767,17 +1900,29 @@ break; # endif /* OPENSSL_HAS_ECC */ case KEY_RSA: case KEY_RSA_CERT: if ((n = sshkey_new(k->type)) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || - (BN_copy(n->rsa->e, k->rsa->e) == NULL)) { + { + const BIGNUM *nn, *e, *d; + BIGNUM *cn=NULL, *ce=NULL; + RSA_get0_key(k->rsa, &nn, &e, &d); + if ((cn = BN_dup(nn)) == NULL || + (ce = BN_dup(e)) == NULL ) { + BN_free(cn); BN_free(ce); sshkey_free(n); return SSH_ERR_ALLOC_FAIL; } + if (RSA_set0_key(n->rsa, cn, ce, NULL) == 0) { + BN_free(cn); BN_free(ce); + sshkey_free(n); + return SSH_ERR_LIBCRYPTO_ERROR; + } + cn = ce = NULL; + } break; #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: if ((n = sshkey_new(k->type)) == NULL) return SSH_ERR_ALLOC_FAIL; @@ -1992,18 +2137,33 @@ /* FALLTHROUGH */ case KEY_RSA: if ((key = sshkey_new(type)) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } - if (sshbuf_get_bignum2(b, key->rsa->e) != 0 || - sshbuf_get_bignum2(b, key->rsa->n) != 0) { + { + BIGNUM *e=NULL, *n=NULL; + if ((e = BN_new()) == NULL || + (n = BN_new()) == NULL ) { + ret = SSH_ERR_ALLOC_FAIL; + BN_free(e); BN_free(n); + goto out; + } + if (sshbuf_get_bignum2(b, e) != 0 || + sshbuf_get_bignum2(b, n) != 0) { ret = SSH_ERR_INVALID_FORMAT; + BN_free(e); BN_free(n); goto out; } - if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + if (RSA_set0_key(key->rsa, n, e, NULL) == 0) { + BN_free(e); BN_free(n); + return SSH_ERR_LIBCRYPTO_ERROR; + } + n = e = NULL; + } + if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { ret = SSH_ERR_KEY_LENGTH; goto out; } #ifdef DEBUG_PK RSA_print_fp(stderr, key->rsa, 8); #endif @@ -2017,19 +2177,42 @@ /* FALLTHROUGH */ case KEY_DSA: if ((key = sshkey_new(type)) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } - if (sshbuf_get_bignum2(b, key->dsa->p) != 0 || - sshbuf_get_bignum2(b, key->dsa->q) != 0 || - sshbuf_get_bignum2(b, key->dsa->g) != 0 || - sshbuf_get_bignum2(b, key->dsa->pub_key) != 0) { + { + BIGNUM *p=NULL, *q=NULL, *g=NULL, *pub_key=NULL; + if ((p = BN_new()) == NULL || + (q = BN_new()) == NULL || + (g = BN_new()) == NULL || + (pub_key = BN_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto error1; + } + if (sshbuf_get_bignum2(b, p) != 0 || + sshbuf_get_bignum2(b, q) != 0 || + sshbuf_get_bignum2(b, g) != 0 || + sshbuf_get_bignum2(b, pub_key) != 0) { ret = SSH_ERR_INVALID_FORMAT; + goto error1; + } + if (DSA_set0_pqg(key->dsa, p, q, g) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto error1; + } + p = q = g = NULL; + if (DSA_set0_key(key->dsa, pub_key, NULL) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; +error1: + BN_free(p); BN_free(q); BN_free(g); + BN_free(pub_key); goto out; } + pub_key = NULL; + } #ifdef DEBUG_PK DSA_print_fp(stderr, key->dsa, 8); #endif break; case KEY_ECDSA_CERT: /* Skip nonce */ @@ -2324,32 +2507,69 @@ #ifdef WITH_OPENSSL case KEY_RSA_CERT: if ((ret = sshkey_cert_copy(k, pk)) != 0) goto fail; /* FALLTHROUGH */ case KEY_RSA: - if ((pk->rsa = RSA_new()) == NULL || - (pk->rsa->e = BN_dup(k->rsa->e)) == NULL || - (pk->rsa->n = BN_dup(k->rsa->n)) == NULL) { + if ((pk->rsa = RSA_new()) == NULL ){ ret = SSH_ERR_ALLOC_FAIL; goto fail; } + { + const BIGNUM *ke, *kn; + BIGNUM *pke=NULL, *pkn=NULL; + RSA_get0_key(k->rsa, &kn, &ke, NULL); + if ((pke = BN_dup(ke)) == NULL || + (pkn = BN_dup(kn)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + BN_free(pke); BN_free(pkn); + goto fail; + } + if (RSA_set0_key(pk->rsa, pkn, pke, NULL) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + BN_free(pke); BN_free(pkn); + goto fail; + } + pkn = pke = NULL; + } break; case KEY_DSA_CERT: if ((ret = sshkey_cert_copy(k, pk)) != 0) goto fail; /* FALLTHROUGH */ case KEY_DSA: - if ((pk->dsa = DSA_new()) == NULL || - (pk->dsa->p = BN_dup(k->dsa->p)) == NULL || - (pk->dsa->q = BN_dup(k->dsa->q)) == NULL || - (pk->dsa->g = BN_dup(k->dsa->g)) == NULL || - (pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) { + if ((pk->dsa = DSA_new()) == NULL ) { ret = SSH_ERR_ALLOC_FAIL; goto fail; } + { + const BIGNUM *kp, *kq, *kg, *kpub_key; + BIGNUM *pkp=NULL, *pkq=NULL, *pkg=NULL, *pkpub_key=NULL; + DSA_get0_pqg(k->dsa, &kp, &kq, &kg); + DSA_get0_key(k->dsa, &kpub_key, NULL); + if ((pkp = BN_dup(kp)) == NULL || + (pkq = BN_dup(kq)) == NULL || + (pkg = BN_dup(kg)) == NULL || + (pkpub_key = BN_dup(kpub_key)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto error1; + } + if (DSA_set0_pqg(pk->dsa, pkp, pkq, pkg) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto error1; + } + pkp = pkq = pkg = NULL; + if (DSA_set0_key(pk->dsa, pkpub_key, NULL) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; +error1: + BN_free(pkp); BN_free(pkq); BN_free(pkg); + BN_free(pkpub_key); + goto fail; + } + pkpub_key = NULL; + } break; case KEY_ECDSA_CERT: if ((ret = sshkey_cert_copy(k, pk)) != 0) goto fail; /* FALLTHROUGH */ # ifdef OPENSSL_HAS_ECC @@ -2493,32 +2713,44 @@ goto out; /* XXX this substantially duplicates to_blob(); refactor */ switch (k->type) { #ifdef WITH_OPENSSL case KEY_DSA_CERT: - if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 || - (ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 || - (ret = sshbuf_put_bignum2(cert, k->dsa->g)) != 0 || - (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0) + { + const BIGNUM *p, *q, *g, *pub_key; + DSA_get0_pqg(k->dsa, &p, &q, &g); + DSA_get0_key(k->dsa, &pub_key, NULL); + if ((ret = sshbuf_put_bignum2(cert, p)) != 0 || + (ret = sshbuf_put_bignum2(cert, q)) != 0 || + (ret = sshbuf_put_bignum2(cert, g)) != 0 || + (ret = sshbuf_put_bignum2(cert, pub_key)) != 0) { goto out; + } + } break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: if ((ret = sshbuf_put_cstring(cert, sshkey_curve_nid_to_name(k->ecdsa_nid))) != 0 || (ret = sshbuf_put_ec(cert, EC_KEY_get0_public_key(k->ecdsa), EC_KEY_get0_group(k->ecdsa))) != 0) goto out; break; # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: - if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 || - (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0) + { + const BIGNUM *e, *n; + RSA_get0_key(k->rsa, &n, &e, NULL); + if (n == NULL || e == NULL || + (ret = sshbuf_put_bignum2(cert, e)) != 0 || + (ret = sshbuf_put_bignum2(cert, n)) != 0) { goto out; + } + } break; #endif /* WITH_OPENSSL */ case KEY_ED25519_CERT: if ((ret = sshbuf_put_string(cert, k->ed25519_pk, ED25519_PK_SZ)) != 0) goto out; @@ -2699,48 +2931,73 @@ if ((r = sshbuf_put_cstring(b, sshkey_ssh_name(key))) != 0) goto out; switch (key->type) { #ifdef WITH_OPENSSL case KEY_RSA: - if ((r = sshbuf_put_bignum2(b, key->rsa->n)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) + { + const BIGNUM *n, *e, *d, *iqmp, *p, *q; + RSA_get0_key(key->rsa, &n, &e, &d); + RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp); + RSA_get0_factors(key->rsa, &p, &q); + if ((r = sshbuf_put_bignum2(b, n)) != 0 || + (r = sshbuf_put_bignum2(b, e)) != 0 || + (r = sshbuf_put_bignum2(b, d)) != 0 || + (r = sshbuf_put_bignum2(b, iqmp)) != 0 || + (r = sshbuf_put_bignum2(b, p)) != 0 || + (r = sshbuf_put_bignum2(b, q)) != 0) { goto out; + } + } break; case KEY_RSA_CERT: if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { r = SSH_ERR_INVALID_ARGUMENT; goto out; } + { + const BIGNUM *d, *iqmp, *p, *q; + RSA_get0_key(key->rsa, NULL, NULL, &d); + RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp); + RSA_get0_factors(key->rsa, &p, &q); if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || - (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) + (r = sshbuf_put_bignum2(b, d)) != 0 || + (r = sshbuf_put_bignum2(b, iqmp)) != 0 || + (r = sshbuf_put_bignum2(b, p)) != 0 || + (r = sshbuf_put_bignum2(b, q)) != 0) { goto out; + } + } break; case KEY_DSA: - if ((r = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || - (r = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || - (r = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || - (r = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0 || - (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) + { + const BIGNUM *p, *q, *g, *pub_key, *priv_key; + DSA_get0_pqg(key->dsa, &p, &q, &g); + DSA_get0_key(key->dsa, &pub_key, &priv_key); + if ((r = sshbuf_put_bignum2(b, p)) != 0 || + (r = sshbuf_put_bignum2(b, q)) != 0 || + (r = sshbuf_put_bignum2(b, g)) != 0 || + (r = sshbuf_put_bignum2(b, pub_key)) != 0 || + (r = sshbuf_put_bignum2(b, priv_key)) != 0) { goto out; + } + } break; case KEY_DSA_CERT: if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { r = SSH_ERR_INVALID_ARGUMENT; goto out; } + { + const BIGNUM *priv_key; + DSA_get0_key(key->dsa, NULL, &priv_key); if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || - (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) + (r = sshbuf_put_bignum2(b, priv_key)) != 0) { goto out; + } + } break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: if ((r = sshbuf_put_cstring(b, sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || (r = sshbuf_put_eckey(b, key->ecdsa)) != 0 || @@ -2848,24 +3105,64 @@ #ifdef WITH_OPENSSL case KEY_DSA: if ((k = sshkey_new_private(type)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = sshbuf_get_bignum2(buf, k->dsa->p)) != 0 || - (r = sshbuf_get_bignum2(buf, k->dsa->q)) != 0 || - (r = sshbuf_get_bignum2(buf, k->dsa->g)) != 0 || - (r = sshbuf_get_bignum2(buf, k->dsa->pub_key)) != 0 || - (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) + { + BIGNUM *p=NULL, *q=NULL, *g=NULL, *pub_key=NULL, *priv_key=NULL; + if ((p = BN_new()) == NULL || + (q = BN_new()) == NULL || + (g = BN_new()) == NULL || + (pub_key = BN_new()) == NULL || + (priv_key = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto error1; + } + if ((r = sshbuf_get_bignum2(buf, p)) != 0 || + (r = sshbuf_get_bignum2(buf, q)) != 0 || + (r = sshbuf_get_bignum2(buf, g)) != 0 || + (r = sshbuf_get_bignum2(buf, pub_key)) != 0 || + (r = sshbuf_get_bignum2(buf, priv_key)) != 0) { + goto error1; + } + if (DSA_set0_pqg(k->dsa, p, q, g) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto error1; + } + p = q = g = NULL; + if (DSA_set0_key(k->dsa, pub_key, priv_key) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; +error1: + BN_free(p); BN_free(q); BN_free(g); + BN_free(pub_key); BN_free(priv_key); goto out; + } + pub_key = priv_key = NULL; + } break; case KEY_DSA_CERT: + { + BIGNUM *priv_key=NULL; + if ((priv_key = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } if ((r = sshkey_froms(buf, &k)) != 0 || (r = sshkey_add_private(k)) != 0 || - (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) + (r = sshbuf_get_bignum2(buf, priv_key)) != 0) { + BN_free(priv_key); + goto out; + } + if (DSA_set0_key(k->dsa, NULL, priv_key) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + BN_free(priv_key); goto out; + } + priv_key = NULL; + } break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: if ((k = sshkey_new_private(type)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; @@ -2918,35 +3215,110 @@ # endif /* OPENSSL_HAS_ECC */ case KEY_RSA: if ((k = sshkey_new_private(type)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = sshbuf_get_bignum2(buf, k->rsa->n)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->e)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || - (r = ssh_rsa_generate_additional_parameters(k)) != 0) + { + BIGNUM *n=NULL, *e=NULL, *d=NULL, *iqmp=NULL, *p=NULL, *q=NULL; + BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy for RSA_set0_crt_params */ + if ((n = BN_new()) == NULL || + (e = BN_new()) == NULL || + (d = BN_new()) == NULL || + (iqmp = BN_new()) == NULL || + (p = BN_new()) == NULL || + (q = BN_new()) == NULL || + (dmp1 = BN_new()) == NULL || + (dmq1 = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto error2; + } + if ((r = sshbuf_get_bignum2(buf, n)) != 0 || + (r = sshbuf_get_bignum2(buf, e)) != 0 || + (r = sshbuf_get_bignum2(buf, d)) != 0 || + (r = sshbuf_get_bignum2(buf, iqmp)) != 0 || + (r = sshbuf_get_bignum2(buf, p)) != 0 || + (r = sshbuf_get_bignum2(buf, q)) != 0) { + goto error2; + } + if (RSA_set0_key(k->rsa, n, e, d) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto error2; + } + n = e = d = NULL; + /* dmp1,dmq1 should be non NULL to set iqmp value */ + BN_clear(dmp1); BN_clear(dmq1); + if (RSA_set0_crt_params(k->rsa, dmp1, dmq1, iqmp) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto error2; + } + dmp1 = dmq1 = iqmp = NULL; + if (RSA_set0_factors(k->rsa, p, q) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; +error2: + BN_free(n); BN_free(e); BN_free(d); + BN_free(iqmp); + BN_free(p); BN_free(q); + BN_free(dmp1); BN_free(dmq1); + goto out; + } + p = q = NULL; + if ((r = ssh_rsa_generate_additional_parameters(k)) != 0) { goto out; - if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + } + } + if (RSA_bits(k->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { r = SSH_ERR_KEY_LENGTH; goto out; } break; case KEY_RSA_CERT: + { + BIGNUM *d=NULL, *iqmp=NULL, *p=NULL, *q=NULL; + BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy for RSA_set0_crt_params */ + if ((d = BN_new()) == NULL || + (iqmp = BN_new()) == NULL || + (p = BN_new()) == NULL || + (q = BN_new()) == NULL || + (dmp1 = BN_new()) == NULL || + (dmq1 = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto error3; + } if ((r = sshkey_froms(buf, &k)) != 0 || (r = sshkey_add_private(k)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || - (r = ssh_rsa_generate_additional_parameters(k)) != 0) + (r = sshbuf_get_bignum2(buf, d)) != 0 || + (r = sshbuf_get_bignum2(buf, iqmp)) != 0 || + (r = sshbuf_get_bignum2(buf, p)) != 0 || + (r = sshbuf_get_bignum2(buf, q)) != 0) { + goto error3; + } + if (RSA_set0_key(k->rsa, NULL, NULL, d) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto error3; + } + /* dmp1,dmq1 should be non NULL to set value */ + BN_clear(dmp1); BN_clear(dmq1); + if (RSA_set0_crt_params(k->rsa, dmp1, dmq1, iqmp) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto error3; + } + dmp1 = dmq1 = iqmp = NULL; + if (RSA_set0_factors(k->rsa, p, q) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; +error3: + BN_free(d); BN_free(iqmp); + BN_free(p); BN_free(q); + BN_free(dmp1); BN_free(dmq1); + goto out; + } + p = q = NULL; + if ((r = ssh_rsa_generate_additional_parameters(k)) != 0) goto out; - if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + } + if (RSA_bits(k->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { r = SSH_ERR_KEY_LENGTH; goto out; } break; #endif /* WITH_OPENSSL */ case KEY_ED25519: @@ -3704,13 +4076,15 @@ return SSH_ERR_INVALID_FORMAT; } case ERR_LIB_EVP: switch (pem_reason) { case EVP_R_BAD_DECRYPT: return SSH_ERR_KEY_WRONG_PASSPHRASE; +#ifdef EVP_R_BN_DECODE_ERROR case EVP_R_BN_DECODE_ERROR: +#endif case EVP_R_DECODE_ERROR: #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR case EVP_R_PRIVATE_KEY_DECODE_ERROR: #endif return SSH_ERR_INVALID_FORMAT; default: @@ -3769,13 +4143,13 @@ clear_libcrypto_errors(); if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, (char *)passphrase)) == NULL) { r = convert_libcrypto_error(); goto out; } - if (pk->type == EVP_PKEY_RSA && + if (EVP_PKEY_id(pk) == EVP_PKEY_RSA && (type == KEY_UNSPEC || type == KEY_RSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } prv->rsa = EVP_PKEY_get1_RSA(pk); @@ -3784,29 +4158,29 @@ RSA_print_fp(stderr, prv->rsa, 8); #endif if (RSA_blinding_on(prv->rsa, NULL) != 1) { r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } - if (BN_num_bits(prv->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + if (RSA_bits(prv->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { r = SSH_ERR_KEY_LENGTH; goto out; } - } else if (pk->type == EVP_PKEY_DSA && + } else if (EVP_PKEY_id(pk) == EVP_PKEY_DSA && (type == KEY_UNSPEC || type == KEY_DSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } prv->dsa = EVP_PKEY_get1_DSA(pk); prv->type = KEY_DSA; #ifdef DEBUG_PK DSA_print_fp(stderr, prv->dsa, 8); #endif #ifdef OPENSSL_HAS_ECC - } else if (pk->type == EVP_PKEY_EC && + } else if (EVP_PKEY_id(pk) == EVP_PKEY_EC && (type == KEY_UNSPEC || type == KEY_ECDSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk); Index: regress/unittests/sshkey/test_file.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/regress/unittests/sshkey/test_file.c,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -U 6 -r1.1.1.2 -r1.3 --- regress/unittests/sshkey/test_file.c 5 Oct 2017 12:06:38 -0000 1.1.1.2 +++ regress/unittests/sshkey/test_file.c 8 Oct 2017 12:56:59 -0000 1.3 @@ -57,15 +57,20 @@ ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k1, NULL); a = load_bignum("rsa_1.param.n"); b = load_bignum("rsa_1.param.p"); c = load_bignum("rsa_1.param.q"); - ASSERT_BIGNUM_EQ(k1->rsa->n, a); - ASSERT_BIGNUM_EQ(k1->rsa->p, b); - ASSERT_BIGNUM_EQ(k1->rsa->q, c); + { + const BIGNUM *n, *p, *q; + RSA_get0_key(k1->rsa, &n, NULL, NULL); + RSA_get0_factors(k1->rsa, &p, &q); + ASSERT_BIGNUM_EQ(n, a); + ASSERT_BIGNUM_EQ(p, b); + ASSERT_BIGNUM_EQ(q, c); + } BN_free(a); BN_free(b); BN_free(c); TEST_DONE(); TEST_START("parse RSA from private w/ passphrase"); @@ -148,15 +153,20 @@ ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k1, NULL); a = load_bignum("dsa_1.param.g"); b = load_bignum("dsa_1.param.priv"); c = load_bignum("dsa_1.param.pub"); - ASSERT_BIGNUM_EQ(k1->dsa->g, a); - ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b); - ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c); + { + const BIGNUM *g, *priv_key, *pub_key; + DSA_get0_pqg(k1->dsa, NULL, NULL, &g); + DSA_get0_key(k1->dsa, &pub_key, &priv_key); + ASSERT_BIGNUM_EQ(g, a); + ASSERT_BIGNUM_EQ(priv_key, b); + ASSERT_BIGNUM_EQ(pub_key, c); + } BN_free(a); BN_free(b); BN_free(c); TEST_DONE(); TEST_START("parse DSA from private w/ passphrase"); Index: regress/unittests/sshkey/test_sshkey.c =================================================================== RCS file: /home/kabe/cvsroot/openssh/regress/unittests/sshkey/test_sshkey.c,v retrieving revision 1.1.1.3 retrieving revision 1.5 diff -U 6 -r1.1.1.3 -r1.5 --- regress/unittests/sshkey/test_sshkey.c 9 Apr 2018 11:17:38 -0000 1.1.1.3 +++ regress/unittests/sshkey/test_sshkey.c 11 Apr 2018 06:52:59 -0000 1.5 @@ -194,24 +194,34 @@ TEST_DONE(); TEST_START("new/free KEY_RSA"); k1 = sshkey_new(KEY_RSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->rsa, NULL); - ASSERT_PTR_NE(k1->rsa->n, NULL); - ASSERT_PTR_NE(k1->rsa->e, NULL); - ASSERT_PTR_EQ(k1->rsa->p, NULL); + { + const BIGNUM *n, *e, *p; + RSA_get0_key(k1->rsa, &n, &e, NULL); + RSA_get0_factors(k1->rsa, &p, NULL); + ASSERT_PTR_NE(n, NULL); + ASSERT_PTR_NE(e, NULL); + ASSERT_PTR_EQ(p, NULL); + } sshkey_free(k1); TEST_DONE(); TEST_START("new/free KEY_DSA"); k1 = sshkey_new(KEY_DSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->dsa, NULL); - ASSERT_PTR_NE(k1->dsa->g, NULL); - ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); + { + const BIGNUM *g, *priv_key; + DSA_get0_pqg(k1->dsa, NULL, NULL, &g); + DSA_get0_key(k1->dsa, NULL, &priv_key); + ASSERT_PTR_NE(g, NULL); + ASSERT_PTR_EQ(priv_key, NULL); + } sshkey_free(k1); TEST_DONE(); #ifdef OPENSSL_HAS_ECC TEST_START("new/free KEY_ECDSA"); k1 = sshkey_new(KEY_ECDSA); @@ -231,25 +241,35 @@ TEST_DONE(); TEST_START("new_private KEY_RSA"); k1 = sshkey_new_private(KEY_RSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->rsa, NULL); - ASSERT_PTR_NE(k1->rsa->n, NULL); - ASSERT_PTR_NE(k1->rsa->e, NULL); - ASSERT_PTR_NE(k1->rsa->p, NULL); + { + const BIGNUM *n, *e, *p; + RSA_get0_key(k1->rsa, &n, &e, NULL); + RSA_get0_factors(k1->rsa, &p, NULL); + ASSERT_PTR_NE(n, NULL); + ASSERT_PTR_NE(e, NULL); + ASSERT_PTR_NE(p, NULL); + } ASSERT_INT_EQ(sshkey_add_private(k1), 0); sshkey_free(k1); TEST_DONE(); TEST_START("new_private KEY_DSA"); k1 = sshkey_new_private(KEY_DSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->dsa, NULL); - ASSERT_PTR_NE(k1->dsa->g, NULL); - ASSERT_PTR_NE(k1->dsa->priv_key, NULL); + { + const BIGNUM *g, *priv_key; + DSA_get0_pqg(k1->dsa, NULL, NULL, &g); + DSA_get0_key(k1->dsa, NULL, &priv_key); + ASSERT_PTR_NE(g, NULL); + ASSERT_PTR_NE(priv_key, NULL); + } ASSERT_INT_EQ(sshkey_add_private(k1), 0); sshkey_free(k1); TEST_DONE(); TEST_START("generate KEY_RSA too small modulus"); ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 128, &k1), @@ -282,24 +302,34 @@ TEST_START("generate KEY_RSA"); ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 767, &kr), SSH_ERR_KEY_LENGTH); ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0); ASSERT_PTR_NE(kr, NULL); ASSERT_PTR_NE(kr->rsa, NULL); - ASSERT_PTR_NE(kr->rsa->n, NULL); - ASSERT_PTR_NE(kr->rsa->e, NULL); - ASSERT_PTR_NE(kr->rsa->p, NULL); - ASSERT_INT_EQ(BN_num_bits(kr->rsa->n), 1024); + { + const BIGNUM *n, *e, *p; + RSA_get0_key(kr->rsa, &n, &e, NULL); + RSA_get0_factors(kr->rsa, &p, NULL); + ASSERT_PTR_NE(n, NULL); + ASSERT_PTR_NE(e, NULL); + ASSERT_PTR_NE(p, NULL); + ASSERT_INT_EQ(BN_num_bits(n), 1024); + } TEST_DONE(); TEST_START("generate KEY_DSA"); ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0); ASSERT_PTR_NE(kd, NULL); ASSERT_PTR_NE(kd->dsa, NULL); - ASSERT_PTR_NE(kd->dsa->g, NULL); - ASSERT_PTR_NE(kd->dsa->priv_key, NULL); + { + const BIGNUM *g, *priv_key; + DSA_get0_pqg(kd->dsa, NULL, NULL, &g); + DSA_get0_key(kd->dsa, NULL, &priv_key); + ASSERT_PTR_NE(g, NULL); + ASSERT_PTR_NE(priv_key, NULL); + } TEST_DONE(); #ifdef OPENSSL_HAS_ECC TEST_START("generate KEY_ECDSA"); ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &ke), 0); ASSERT_PTR_NE(ke, NULL); @@ -320,15 +350,20 @@ TEST_START("demote KEY_RSA"); ASSERT_INT_EQ(sshkey_demote(kr, &k1), 0); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(kr, k1); ASSERT_INT_EQ(k1->type, KEY_RSA); ASSERT_PTR_NE(k1->rsa, NULL); - ASSERT_PTR_NE(k1->rsa->n, NULL); - ASSERT_PTR_NE(k1->rsa->e, NULL); - ASSERT_PTR_EQ(k1->rsa->p, NULL); + { + const BIGNUM *n, *e, *p; + RSA_get0_key(k1->rsa, &n, &e, NULL); + RSA_get0_factors(k1->rsa, &p, NULL); + ASSERT_PTR_NE(n, NULL); + ASSERT_PTR_NE(e, NULL); + ASSERT_PTR_EQ(p, NULL); + } TEST_DONE(); TEST_START("equal KEY_RSA/demoted KEY_RSA"); ASSERT_INT_EQ(sshkey_equal(kr, k1), 1); sshkey_free(k1); TEST_DONE(); @@ -336,14 +371,19 @@ TEST_START("demote KEY_DSA"); ASSERT_INT_EQ(sshkey_demote(kd, &k1), 0); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(kd, k1); ASSERT_INT_EQ(k1->type, KEY_DSA); ASSERT_PTR_NE(k1->dsa, NULL); - ASSERT_PTR_NE(k1->dsa->g, NULL); - ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); + { + const BIGNUM *g, *priv_key; + DSA_get0_pqg(k1->dsa, NULL, NULL, &g); + DSA_get0_key(k1->dsa, NULL, &priv_key); + ASSERT_PTR_NE(g, NULL); + ASSERT_PTR_EQ(priv_key, NULL); + } TEST_DONE(); TEST_START("equal KEY_DSA/demoted KEY_DSA"); ASSERT_INT_EQ(sshkey_equal(kd, k1), 1); sshkey_free(k1); TEST_DONE();