upstream commit

remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
masaeedu · Jul 21, 2017 · 83fa3a0 · 83fa3a0
1 parent 738c73d
commit 83fa3a0
Show file tree

Hide file tree

Showing 13 changed files with 52 additions and 236 deletions.
diff --git a/Makefile.in b/Makefile.in
@@ -81,7 +81,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
 	cipher-ctr.o cleanup.o \
 	compat.o crc32.o fatal.o hostfile.o \
 	log.o match.o moduli.o nchan.o packet.o opacket.o \
-	readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
+	readpass.o ttymodes.o xmalloc.o addrmatch.o \
 	atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \
 	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
 	msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \

diff --git a/authfd.c b/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.104 2017/06/28 01:09:22 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.105 2017/07/01 13:50:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <[email protected]>
  * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
@@ -51,7 +51,6 @@
 
 #include "xmalloc.h"
 #include "ssh.h"
-#include "rsa.h"
 #include "sshbuf.h"
 #include "sshkey.h"
 #include "authfd.h"

diff --git a/authfile.c b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.126 2017/05/31 09:15:42 deraadt Exp $ */
+/* $OpenBSD: authfile.c,v 1.127 2017/07/01 13:50:45 djm Exp $ */
 /*
  * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
  *
@@ -42,7 +42,6 @@
 #include "ssh.h"
 #include "log.h"
 #include "authfile.h"
-#include "rsa.h"
 #include "misc.h"
 #include "atomicio.h"
 #include "sshkey.h"

diff --git a/rsa.c b/rsa.c
diff --git a/rsa.h b/rsa.h
diff --git a/ssh-add.c b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.132 2017/05/30 14:16:41 markus Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.133 2017/07/01 13:50:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <[email protected]>
  * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
@@ -55,7 +55,6 @@
 
 #include "xmalloc.h"
 #include "ssh.h"
-#include "rsa.h"
 #include "log.h"
 #include "sshkey.h"
 #include "sshbuf.h"

diff --git a/ssh-agent.c b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.221 2017/04/30 23:29:10 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.222 2017/07/01 13:50:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <[email protected]>
  * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
@@ -73,7 +73,6 @@
 
 #include "xmalloc.h"
 #include "ssh.h"
-#include "rsa.h"
 #include "sshbuf.h"
 #include "sshkey.h"
 #include "authfd.h"

diff --git a/ssh-keygen.c b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.305 2017/06/28 01:09:22 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.306 2017/07/01 13:50:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <[email protected]>
  * Copyright (c) 1994 Tatu Ylonen <[email protected]>, Espoo, Finland
@@ -41,7 +41,6 @@
 
 #include "xmalloc.h"
 #include "sshkey.h"
-#include "rsa.h"
 #include "authfile.h"
 #include "uuencode.h"
 #include "sshbuf.h"
@@ -528,7 +527,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
 		buffer_get_bignum_bits(b, key->rsa->iqmp);
 		buffer_get_bignum_bits(b, key->rsa->q);
 		buffer_get_bignum_bits(b, key->rsa->p);
-		if ((r = rsa_generate_additional_parameters(key->rsa)) != 0)
+		if ((r = ssh_rsa_generate_additional_parameters(key)) != 0)
 			fatal("generate RSA parameters failed: %s", ssh_err(r));
 		break;
 	}

diff --git a/ssh-rsa.c b/ssh-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-rsa.c,v 1.61 2017/05/07 23:15:59 djm Exp $ */
+/* $OpenBSD: ssh-rsa.c,v 1.62 2017/07/01 13:50:45 djm Exp $ */
 /*
  * Copyright (c) 2000, 2003 Markus Friedl <[email protected]>
  *
@@ -78,6 +78,41 @@ rsa_hash_alg_nid(int type)
 	}
 }
 
+/* calculate p-1 and q-1 */
+int
+ssh_rsa_generate_additional_parameters(struct sshkey *key)
+{
+	RSA *rsa;
+	BIGNUM *aux = NULL;
+	BN_CTX *ctx = NULL;
+	int r;
+
+	if (key == NULL || key->rsa == NULL ||
+	    sshkey_type_plain(key->type) != KEY_RSA)
+		return SSH_ERR_INVALID_ARGUMENT;
+
+	if ((ctx = BN_CTX_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((aux = BN_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	rsa = key->rsa;
+
+	if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
+	    (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
+	    (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
+	    (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
+		r = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+	}
+	r = 0;
+ out:
+	BN_clear_free(aux);
+	BN_CTX_free(ctx);
+	return r;
+}
+
 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
 int
 ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,

diff --git a/sshconnect.c b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.282 2017/06/24 05:37:44 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.283 2017/07/01 13:50:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <[email protected]>
  * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
@@ -48,7 +48,6 @@
 #include "key.h"
 #include "hostfile.h"
 #include "ssh.h"
-#include "rsa.h"
 #include "buffer.h"
 #include "packet.h"
 #include "uidswap.h"

diff --git a/sshd.c b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.490 2017/05/31 08:09:45 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.491 2017/07/01 13:50:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <[email protected]>
  * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
@@ -88,7 +88,6 @@
 #include "xmalloc.h"
 #include "ssh.h"
 #include "ssh2.h"
-#include "rsa.h"
 #include "sshpty.h"
 #include "packet.h"
 #include "log.h"