Date: Sat, 11 Mar 2000 23:17:08 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: current@freebsd.org Subject: OpenSSH/RSAREF patch to detect long keys Message-ID: <Pine.BSF.4.21.0003112301090.48851-200000@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--0-794126991-952845428=:48851
Content-Type: TEXT/PLAIN; charset=US-ASCII
RSAREF can't handle RSA keys longer than 1024 bits (and we're not allowed
to fix it so that it can, by the terms of the RSAREF license). This is a
problem for OpenSSH, because it can't be used to interoperate with
servers (or clients) which use long keys. Currently it gives a very
non-helpful error message:
rsa_private_encrypt() failed.
The attached patch detects when it is failing because it's being used with
RSAREF and a long key, and returns the error:
rsa_private_encrypt() failed: RSAREF cannot handle keys larger than 1024 bits.
It does this by adding a RSA_libversion() function to the librsausa and
librsaintl libraries so libcrypto users can work out which version they
are actually using (I tried to do this with just an "int RSA_libversion",
but I was having problems getting the symbol to be found at link time).
I've tested it through a make world and with sshd servers that have large
and small keys - I haven't tested it for international OpenSSH users. The
patch takes the openssh/rsa.c file off the vendor branch. There's also a
new file added, crypto/openssl/crypto/rsa/rsa_intlstubs.c.
I'd like to get this committed for 4.0 if I have some more positive
feedback from people.
Kris
Index: crypto/openssh/rsa.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/rsa.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 rsa.c
--- crypto/openssh/rsa.c 2000/02/24 14:29:45 1.1.1.1
+++ crypto/openssh/rsa.c 2000/03/12 03:19:52
@@ -125,7 +125,10 @@
if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key,
RSA_PKCS1_PADDING)) <= 0)
- fatal("rsa_public_encrypt() failed");
+ if (BN_num_bits(key->n) > 1024 && RSA_libversion() == RSALIB_RSAREF)
+ fatal("rsa_private_encrypt() failed: RSAREF cannot handle keys larger than 1024 bits.");
+ else
+ fatal("rsa_private_encrypt() failed.");
BN_bin2bn(outbuf, len, out);
@@ -150,7 +153,10 @@
if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
RSA_PKCS1_PADDING)) <= 0)
- fatal("rsa_private_decrypt() failed");
+ if (BN_num_bits(key->n) > 1024 && RSA_libversion() == RSALIB_RSAREF)
+ fatal("rsa_private_decrypt() failed: RSAREF cannot handle keys larger than 1024 bits.");
+ else
+ fatal("rsa_private_decrypt() failed.");
BN_bin2bn(outbuf, len, out);
Index: crypto/openssl/crypto/rsa/rsa.h
===================================================================
RCS file: /home/ncvs/src/crypto/openssl/crypto/rsa/rsa.h,v
retrieving revision 1.2
diff -u -r1.2 rsa.h
--- crypto/openssl/crypto/rsa/rsa.h 2000/02/26 13:13:02 1.2
+++ crypto/openssl/crypto/rsa/rsa.h 2000/03/12 03:02:07
@@ -244,6 +244,8 @@
int RSA_set_ex_data(RSA *r,int idx,char *arg);
char *RSA_get_ex_data(RSA *r, int idx);
+int RSA_libversion();
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
@@ -307,6 +309,9 @@
#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
#define RSA_R_UNKNOWN_PADDING_TYPE 118
#define RSA_R_WRONG_SIGNATURE_LENGTH 119
+
+#define RSALIB_OPENSSL 1
+#define RSALIB_RSAREF 2
#ifdef __cplusplus
}
Index: crypto/openssl/crypto/rsa/rsa_stubs.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssl/crypto/rsa/rsa_stubs.c,v
retrieving revision 1.4
diff -u -r1.4 rsa_stubs.c
--- crypto/openssl/crypto/rsa/rsa_stubs.c 2000/03/02 06:21:02 1.4
+++ crypto/openssl/crypto/rsa/rsa_stubs.c 2000/03/12 03:03:13
@@ -87,6 +87,16 @@
}
__weak_reference(ERR_load_RSA_strings_stub, ERR_load_RSA_strings);
+int
+RSA_libversion_stub(void)
+{
+ static void (*sym)(void);
+
+ if (sym || (sym = getsym("RSA_libversion")))
+ sym();
+}
+__weak_reference(RSA_libversion_stub, RSA_libversion);
+
#else /* !PIC */
/* Sigh, just get your own libs, ld(1) doesn't deal with weaks here */
Index: crypto/openssl/rsaref/rsaref_stubs.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssl/rsaref/rsaref_stubs.c,v
retrieving revision 1.5
diff -u -r1.5 rsaref_stubs.c
--- crypto/openssl/rsaref/rsaref_stubs.c 2000/03/02 06:21:02 1.5
+++ crypto/openssl/rsaref/rsaref_stubs.c 2000/03/12 03:10:46
@@ -40,6 +40,7 @@
#ifndef NO_RSA
#include <stdio.h>
+#include <openssl/rsa.h>
#define VERBOSE_STUBS /* undef if you don't want missing rsaref reported */
@@ -164,6 +165,12 @@
return 0;
}
__weak_reference(R_RandomUpdate_stub, R_RandomUpdate);
+
+int
+RSA_libversion()
+{
+ return RSALIB_RSAREF;
+}
#else /* !PIC */
Index: secure//lib/librsaintl/Makefile
===================================================================
RCS file: /home/ncvs/src/secure/lib/librsaintl/Makefile,v
retrieving revision 1.1
diff -u -r1.1 Makefile
--- secure//lib/librsaintl/Makefile 2000/02/26 13:12:57 1.1
+++ secure//lib/librsaintl/Makefile 2000/03/12 07:12:31
@@ -11,7 +11,7 @@
CFLAGS+= -I${.OBJDIR}
# rsaref
-SRCS+= rsa_err.c rsa_eay.c
+SRCS+= rsa_err.c rsa_eay.c rsa_intlstubs.c
HDRS= asn1/asn1.h asn1/asn1_mac.h bio/bio.h bf/blowfish.h bn/bn.h \
buffer/buffer.h cast/cast.h comp/comp.h conf/conf.h crypto.h \
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
--0-794126991-952845428=:48851
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="rsa_intlstubs.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.BSF.4.21.0003112317080.48851@hub.freebsd.org>
Content-Description:
Content-Disposition: attachment; filename="rsa_intlstubs.c"
LyotDQogKiBDb3B5cmlnaHQgKGMpIDIwMDAgS3JpcyBLZW5uYXdheSA8a3Jp
c0BGcmVlQlNELm9yZz4NCiAqIEFsbCByaWdodHMgcmVzZXJ2ZWQuDQogKg0K
ICogUmVkaXN0cmlidXRpb24gYW5kIHVzZSBpbiBzb3VyY2UgYW5kIGJpbmFy
eSBmb3Jtcywgd2l0aCBvciB3aXRob3V0DQogKiBtb2RpZmljYXRpb24sIGFy
ZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRp
dGlvbnMNCiAqIGFyZSBtZXQ6DQogKiAxLiBSZWRpc3RyaWJ1dGlvbnMgb2Yg
c291cmNlIGNvZGUgbXVzdCByZXRhaW4gdGhlIGFib3ZlIGNvcHlyaWdodA0K
ICogICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhl
IGZvbGxvd2luZyBkaXNjbGFpbWVyLg0KICogMi4gUmVkaXN0cmlidXRpb25z
IGluIGJpbmFyeSBmb3JtIG11c3QgcmVwcm9kdWNlIHRoZSBhYm92ZSBjb3B5
cmlnaHQNCiAqICAgIG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlvbnMg
YW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1lciBpbiB0aGUNCiAqICAgIGRv
Y3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3
aXRoIHRoZSBkaXN0cmlidXRpb24uDQogKg0KICogVEhJUyBTT0ZUV0FSRSBJ
UyBQUk9WSURFRCBCWSBUSEUgQVVUSE9SIEFORCBDT05UUklCVVRPUlMgYGBB
UyBJUycnIEFORA0KICogQU5ZIEVYUFJFU1MgT1IgSU1QTElFRCBXQVJSQU5U
SUVTLCBJTkNMVURJTkcsIEJVVCBOT1QgTElNSVRFRCBUTywgVEhFDQogKiBJ
TVBMSUVEIFdBUlJBTlRJRVMgT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRO
RVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRQ0KICogQVJFIERJU0NMQUlN
RUQuICBJTiBOTyBFVkVOVCBTSEFMTCBUSEUgQVVUSE9SIE9SIENPTlRSSUJV
VE9SUyBCRSBMSUFCTEUNCiAqIEZPUiBBTlkgRElSRUNULCBJTkRJUkVDVCwg
SU5DSURFTlRBTCwgU1BFQ0lBTCwgRVhFTVBMQVJZLCBPUiBDT05TRVFVRU5U
SUFMDQogKiBEQU1BR0VTIChJTkNMVURJTkcsIEJVVCBOT1QgTElNSVRFRCBU
TywgUFJPQ1VSRU1FTlQgT0YgU1VCU1RJVFVURSBHT09EUw0KICogT1IgU0VS
VklDRVM7IExPU1MgT0YgVVNFLCBEQVRBLCBPUiBQUk9GSVRTOyBPUiBCVVNJ
TkVTUyBJTlRFUlJVUFRJT04pDQogKiBIT1dFVkVSIENBVVNFRCBBTkQgT04g
QU5ZIFRIRU9SWSBPRiBMSUFCSUxJVFksIFdIRVRIRVIgSU4gQ09OVFJBQ1Qs
IFNUUklDVA0KICogTElBQklMSVRZLCBPUiBUT1JUIChJTkNMVURJTkcgTkVH
TElHRU5DRSBPUiBPVEhFUldJU0UpIEFSSVNJTkcgSU4gQU5ZIFdBWQ0KICog
T1VUIE9GIFRIRSBVU0UgT0YgVEhJUyBTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJ
U0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRg0KICogU1VDSCBEQU1BR0UuIFNP
IFRIRVJFLg0KICoNCiAqICRGcmVlQlNEJA0KICovDQoNCiNpZm5kZWYgTk9f
UlNBDQojaWZkZWYgUElDDQojaW5jbHVkZSA8b3BlbnNzbC9yc2EuaD4NCg0K
aW50IFJTQV9saWJ2ZXJzaW9uKCkNCnsNCglyZXR1cm4gUlNBTElCX09QRU5T
U0w7DQp9DQoNCiNlbmRpZiAvKiBQSUMgKi8NCiNlbmRpZiAvKiBOT19SU0Eg
Ki8NCg==
--0-794126991-952845428=:48851--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0003112301090.48851-200000>