Properly deserialize received RSA certificates in ssh-agent (#1402029)
This commit is contained in:
parent
7bccf7e6e0
commit
4ce5741703
@ -3566,7 +3566,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c
|
||||
break;
|
||||
# ifdef OPENSSL_HAS_ECC
|
||||
case KEY_ECDSA:
|
||||
@@ -2818,24 +2994,73 @@ sshkey_private_deserialize(struct sshbuf
|
||||
@@ -2818,24 +2994,81 @@ sshkey_private_deserialize(struct sshbuf
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
@ -3631,28 +3631,36 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c
|
||||
+ case KEY_RSA_CERT: {
|
||||
+ BIGNUM *n, *e, *d, *iqmp, *p, *q;
|
||||
+
|
||||
+ /* XXX leave N, E as zero */
|
||||
+ /* N can't be zero because it breaks blinding (seed). Count it now */
|
||||
+ /* E is zero because it is not in the protocol, but needed for RSA structure */
|
||||
+ n = BN_new();
|
||||
+ e = BN_new();
|
||||
+ d = BN_new();
|
||||
+ iqmp = BN_new();
|
||||
+ p = BN_new();
|
||||
+ q = BN_new();
|
||||
+ BN_CTX *ctx = BN_CTX_new();
|
||||
+
|
||||
+ if (n == NULL || e == NULL || d == NULL ||
|
||||
+ iqmp == NULL || p == NULL || q == NULL ||
|
||||
+ ctx == NULL ||
|
||||
+ (r = sshkey_froms(buf, &k)) != 0 ||
|
||||
+ (r = sshkey_add_private(k)) != 0 ||
|
||||
+ (r = sshbuf_get_bignum2(buf, d)) != 0 ||
|
||||
+ (r = sshbuf_get_bignum2(buf, iqmp)) != 0 ||
|
||||
+ (r = sshbuf_get_bignum2(buf, p)) != 0 ||
|
||||
+ (r = sshbuf_get_bignum2(buf, q)) != 0 ||
|
||||
+ (r = ((BN_mul(n, p, q, ctx) == 0) /* N = P * Q */
|
||||
+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0 ||
|
||||
+ (r = ((RSA_set0_key(k->rsa, n, e, d) == 0)
|
||||
+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0 ||
|
||||
+ (r = ((RSA_set0_factors(k->rsa, p, q) == 0)
|
||||
+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0 ||
|
||||
+ (r = rsa_generate_additional_parameters(k->rsa, iqmp)) != 0)
|
||||
+ (r = rsa_generate_additional_parameters(k->rsa, iqmp)) != 0) {
|
||||
+ BN_CTX_free(ctx);
|
||||
+ goto out;
|
||||
+ }
|
||||
+ BN_CTX_free(ctx);
|
||||
+ }
|
||||
break;
|
||||
#endif /* WITH_OPENSSL */
|
||||
|
Loading…
Reference in New Issue
Block a user