Lots of changes:
- Removed lots of unnecessary checks from autoconf
- Added support and autoconf test for openpty() function (Unix98 pty support)
- Fix for scp not finding ssh if not installed as /usr/bin/ssh
- Added TODO file
- Merged parts of Debian patch From Phil Hands <phil@hands.com>:
- Added ssh-askpass program
- Added ssh-askpass support to ssh-add.c
- Create symlinks for slogin on install
- Fix "distclean" target in makefile
- Added example for ssh-agent to manpage
- Added support for PAM_TEXT_INFO messages
- Disable internal /etc/nologin support if PAM enabled
- Merged latest OpenBSD CVS changes:
- [sshd.c] don't send fail-msg but disconnect if too many authentication
failures
- [sshd.c] replace assert() with error, fatal or packet_disconnect
- [sshd.c] remove unused argument. ok dugsong
- [sshd.c] typo
- [rsa.c] clear buffers used for encryption. ok: niels
- [rsa.c] replace assert() with error, fatal or packet_disconnect
- Fixed coredump after merge of OpenBSD rsa.c patch
diff --git a/rsa.c b/rsa.c
index 6d4b704..6845fab 100644
--- a/rsa.c
+++ b/rsa.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$Id: rsa.c,v 1.1 1999/10/27 03:42:44 damien Exp $");
+RCSID("$Id: rsa.c,v 1.2 1999/11/08 04:30:59 damien Exp $");
#include "rsa.h"
#include "ssh.h"
@@ -70,8 +70,8 @@
}
key = RSA_generate_key(bits, 35, NULL, NULL);
-
- assert(key != NULL);
+ if (key == NULL)
+ fatal("rsa_generate_key: key generation failed.");
/* Copy public key parameters */
pub->n = BN_new();
@@ -110,24 +110,28 @@
rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA* key)
{
char *inbuf, *outbuf;
+ int in_len;
+ int out_len;
int len;
if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
fatal("rsa_public_encrypt() exponent too small or not odd");
- len = BN_num_bytes(key->n);
- outbuf = xmalloc(len);
+ out_len = BN_num_bytes(key->n);
+ outbuf = xmalloc(out_len);
- len = BN_num_bytes(in);
- inbuf = xmalloc(len);
+ in_len = BN_num_bytes(in);
+ inbuf = xmalloc(in_len);
BN_bn2bin(in, inbuf);
- if ((len = RSA_public_encrypt(len, inbuf, outbuf, key,
+ if ((len = RSA_public_encrypt(in_len, inbuf, outbuf, key,
RSA_PKCS1_PADDING)) <= 0)
fatal("rsa_public_encrypt() failed");
BN_bin2bn(outbuf, len, out);
+ memset(outbuf, 0, out_len);
+ memset(inbuf, 0, in_len);
xfree(outbuf);
xfree(inbuf);
}
@@ -136,21 +140,25 @@
rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
{
char *inbuf, *outbuf;
+ int in_len;
+ int out_len;
int len;
- len = BN_num_bytes(key->n);
- outbuf = xmalloc(len);
+ out_len = BN_num_bytes(key->n);
+ outbuf = xmalloc(out_len);
- len = BN_num_bytes(in);
- inbuf = xmalloc(len);
+ in_len = BN_num_bytes(in);
+ inbuf = xmalloc(in_len);
BN_bn2bin(in, inbuf);
- if ((len = RSA_private_decrypt(len, inbuf, outbuf, key,
+ if ((len = RSA_private_decrypt(in_len, inbuf, outbuf, key,
RSA_SSLV23_PADDING)) <= 0)
fatal("rsa_private_decrypt() failed");
BN_bin2bn(outbuf, len, out);
+ memset(outbuf, 0, out_len);
+ memset(inbuf, 0, in_len);
xfree(outbuf);
xfree(inbuf);
}