summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-06-25 04:47:54 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-06-25 04:47:54 +0000
commit34f91883a6f3123656b0a8017d68b658f7cf2403 (patch)
treecd6d3386df38e8a2a6702bcdbf08365f12ba9472
parent90fd060bc852072ebe351ddacaced7c267d53f96 (diff)
- markus@cvs.openbsd.org 2001/06/23 06:41:10
[ssh-keygen.c] try to decode ssh-3.0.0 private rsa keys (allow migration to openssh, not vice versa), #910
-rw-r--r--ChangeLog6
-rw-r--r--ssh-keygen.c31
2 files changed, 26 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index f53da6f8..a663e121 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -63,6 +63,10 @@
- deraadt@cvs.openbsd.org 2001/06/23 05:57:09
[sftp.1 sftp-server.8 ssh-keygen.1]
ok, tmac is now fixed
+ - markus@cvs.openbsd.org 2001/06/23 06:41:10
+ [ssh-keygen.c]
+ try to decode ssh-3.0.0 private rsa keys
+ (allow migration to openssh, not vice versa), #910
20010622
- (stevesk) handle systems without pw_expire and pw_change.
@@ -5747,4 +5751,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1313 2001/06/25 04:45:33 mouring Exp $
+$Id: ChangeLog,v 1.1314 2001/06/25 04:47:54 mouring Exp $
diff --git a/ssh-keygen.c b/ssh-keygen.c
index d1b2a583..bd7eea9a 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.61 2001/05/25 14:37:32 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.62 2001/06/23 06:41:10 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -187,7 +187,8 @@ do_convert_private_ssh2_from_blob(char *blob, int blen)
{
Buffer b;
Key *key = NULL;
- int ignore, magic, rlen, ktype;
+ int magic, rlen, ktype, i1, i2, i3, i4;
+ u_long e;
char *type, *cipher;
buffer_init(&b);
@@ -199,13 +200,13 @@ do_convert_private_ssh2_from_blob(char *blob, int blen)
buffer_free(&b);
return NULL;
}
- ignore = buffer_get_int(&b);
+ i1 = buffer_get_int(&b);
type = buffer_get_string(&b, NULL);
cipher = buffer_get_string(&b, NULL);
- ignore = buffer_get_int(&b);
- ignore = buffer_get_int(&b);
- ignore = buffer_get_int(&b);
-
+ i2 = buffer_get_int(&b);
+ i3 = buffer_get_int(&b);
+ i4 = buffer_get_int(&b);
+ debug("ignore (%d %d %d %d)", i1,i2,i3,i4);
if (strcmp(cipher, "none") != 0) {
error("unsupported cipher %s", cipher);
xfree(cipher);
@@ -235,7 +236,17 @@ do_convert_private_ssh2_from_blob(char *blob, int blen)
buffer_get_bignum_bits(&b, key->dsa->priv_key);
break;
case KEY_RSA:
- if (!BN_set_word(key->rsa->e, (u_long) buffer_get_char(&b))) {
+ e = buffer_get_char(&b);
+ debug("e %lx", e);
+ if (e < 30) {
+ e <<= 8;
+ e += buffer_get_char(&b);
+ debug("e %lx", e);
+ e <<= 8;
+ e += buffer_get_char(&b);
+ debug("e %lx", e);
+ }
+ if (!BN_set_word(key->rsa->e, e)) {
buffer_free(&b);
key_free(key);
return NULL;
@@ -258,8 +269,8 @@ do_convert_private_ssh2_from_blob(char *blob, int blen)
u_int slen;
u_char *sig, data[10] = "abcde12345";
- key_sign(key, &sig, &slen, data, sizeof data);
- key_verify(key, sig, slen, data, sizeof data);
+ key_sign(key, &sig, &slen, data, sizeof(data));
+ key_verify(key, sig, slen, data, sizeof(data));
xfree(sig);
}
#endif