Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 7e8e820153a620ab1dcd81857a7de0969c41d043^! / . / authfd.c
commit7e8e820153a620ab1dcd81857a7de0969c41d043[log] [tgz]
authorDamien Miller <djm@mindrot.org>Tue Nov 16 13:37:16 1999 +1100
committerDamien Miller <djm@mindrot.org>Tue Nov 16 13:37:16 1999 +1100
tree226cc4185feae97f4069ad60b4c18d259aa5df2f
parent4874c79a3a05fc18678d7a85d7091f5139630fac [diff] [blame]
 - Merged OpenBSD CVS changes:
   - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
     [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
     the keysize of rsa-parameter 'n' is passed implizit,
     a few more checks and warnings about 'pretended' keysizes.
   - [cipher.c cipher.h packet.c packet.h sshd.c]
     remove support for cipher RC4
   - [ssh.c]
     a note for legay systems about secuity issues with permanently_set_uid(),
     the private hostkey and ptrace()
   - [sshconnect.c]
     more detailed messages about adding and checking hostkeys

diff --git a/authfd.c b/authfd.c
index ac2c196..84a5fc7 100644
--- a/authfd.c
+++ b/authfd.c

@@ -14,7 +14,7 @@
 */
 
 #include "includes.h"
-RCSID("$Id: authfd.c,v 1.3 1999/11/12 23:51:58 damien Exp $");
+RCSID("$Id: authfd.c,v 1.4 1999/11/16 02:37:16 damien Exp $");
 
 #include "ssh.h"
 #include "rsa.h"
@@ -117,7 +117,7 @@
 
 int
 ssh_get_first_identity(AuthenticationConnection *auth,
-		       int *bitsp, BIGNUM *e, BIGNUM *n, char **comment)
+		       BIGNUM *e, BIGNUM *n, char **comment)
 {
   unsigned char msg[8192];
   int len, l;
@@ -179,7 +179,7 @@
     fatal("Too many identities in authentication reply: %d\n", auth->howmany);
 
   /* Return the first entry (if any). */
-  return ssh_get_next_identity(auth, bitsp, e, n, comment);
+  return ssh_get_next_identity(auth, e, n, comment);
 }
 
 /* Returns the next authentication identity for the agent.  Other functions
@@ -189,19 +189,25 @@
 
 int
 ssh_get_next_identity(AuthenticationConnection *auth,
-		      int *bitsp, BIGNUM *e, BIGNUM *n, char **comment)
+		      BIGNUM *e, BIGNUM *n, char **comment)
 {
+  unsigned int bits;
+
   /* Return failure if no more entries. */
   if (auth->howmany <= 0)
     return 0;
 
   /* Get the next entry from the packet.  These will abort with a fatal
      error if the packet is too short or contains corrupt data. */
-  *bitsp = buffer_get_int(&auth->identities);
+  bits = buffer_get_int(&auth->identities);
   buffer_get_bignum(&auth->identities, e);
   buffer_get_bignum(&auth->identities, n);
   *comment = buffer_get_string(&auth->identities, NULL);
 
+  if (bits != BN_num_bits(n))
+    error("Warning: keysize mismatch: actual %d, announced %s",
+	  BN_num_bits(n), bits);
+
   /* Decrement the number of remaining entries. */
   auth->howmany--;
 
@@ -216,7 +222,7 @@
 
 int
 ssh_decrypt_challenge(AuthenticationConnection *auth,
-		      int bits, BIGNUM *e, BIGNUM *n, BIGNUM *challenge,
+		      BIGNUM *e, BIGNUM *n, BIGNUM *challenge,
 		      unsigned char session_id[16],
 		      unsigned int response_type,
 		      unsigned char response[16])
@@ -233,7 +239,7 @@
   buf[0] = SSH_AGENTC_RSA_CHALLENGE;
   buffer_init(&buffer);
   buffer_append(&buffer, (char *)buf, 1);
-  buffer_put_int(&buffer, bits);
+  buffer_put_int(&buffer, BN_num_bits(n));
   buffer_put_bignum(&buffer, e);
   buffer_put_bignum(&buffer, n);
   buffer_put_bignum(&buffer, challenge);