Tera TermRevision: 7793
https://osdn.net/projects/ttssh2/scm/svn/commits/7793
Author: yutakapon
Date: 2019-06-23 16:55:34 +0900 (Sun, 23 Jun 2019)
Log Message:
-----------
RSA構造体のメンバーアクセスが不可となったため、関数経由でのアクセスに変更した。
チケット #36876
Ticket Links:
------------
https://osdn.net/projects/ttssh2/tracker/detail/36876
Modified Paths:
--------------
branches/openssl_1_1_1_v2/ttssh2/ttxssh/crypt.c
branches/openssl_1_1_1_v2/ttssh2/ttxssh/hosts.c
branches/openssl_1_1_1_v2/ttssh2/ttxssh/key.c
branches/openssl_1_1_1_v2/ttssh2/ttxssh/keyfiles.c
branches/openssl_1_1_1_v2/ttssh2/ttxssh/ssh.c
branches/openssl_1_1_1_v2/ttssh2/ttxssh/ttxssh.c
-------------- next part --------------
Modified: branches/openssl_1_1_1_v2/ttssh2/ttxssh/crypt.c
===================================================================
--- branches/openssl_1_1_1_v2/ttssh2/ttxssh/crypt.c 2019-06-22 12:19:07 UTC (rev 7792)
+++ branches/openssl_1_1_1_v2/ttssh2/ttxssh/crypt.c 2019-06-23 07:55:34 UTC (rev 7793)
@@ -490,23 +490,28 @@
unsigned char *mod)
{
RSA *key = RSA_new();
+ BIGNUM *e = NULL, *n = NULL;
+ /********* OPENSSL1.1.1 NOTEST *********/
if (key != NULL) {
- key->e = get_bignum(exp);
- key->n = get_bignum(mod);
+ // OpenSSL 1.1.0\x82ł\xCDRSA\x8D\\x91\xA2\x91̂̃\x81\x83\x93\x83o\x81[\x82ɒ\xBC\x90ڃA\x83N\x83Z\x83X\x82ł\xAB\x82Ȃ\xA2\x82\xBD\x82߁A
+ // RSA_set0_key\x8A\x94\x82Őݒ肷\x82\xE9\x95K\x97v\x82\xAA\x82\xA0\x82\xE9\x81B
+ e = get_bignum(exp);
+ n = get_bignum(mod);
+ RSA_set0_key(key, n, e, NULL);
}
- if (key == NULL || key->e == NULL || key->n == NULL) {
+ if (key == NULL || e == NULL || n == NULL) {
UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
"Error setting up RSA keys");
notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
if (key != NULL) {
- if (key->e != NULL) {
- BN_free(key->e);
+ if (e != NULL) {
+ BN_free(e);
}
- if (key->n != NULL) {
- BN_free(key->n);
+ if (n != NULL) {
+ BN_free(n);
}
RSA_free(key);
}
@@ -823,12 +828,24 @@
unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
{
- int server_key_bits =
- BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
- int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
- int server_key_bytes = (server_key_bits + 7) / 8;
- int host_key_bytes = (host_key_bits + 7) / 8;
+ /********* OPENSSL1.1.1 NOTEST *********/
+ int server_key_bits;
+ int host_key_bits;
+ int server_key_bytes;
+ int host_key_bytes;
+ BIGNUM *n;
+ // OpenSSL 1.1.0\x82ł\xCDRSA\x8D\\x91\xA2\x91̂̃\x81\x83\x93\x83o\x81[\x82ɒ\xBC\x90ڃA\x83N\x83Z\x83X\x82ł\xAB\x82Ȃ\xA2\x82\xBD\x82߁A
+ // RSA_get0_key\x8A\x94\x82Ŏ擾\x82\xB7\x82\xE9\x95K\x97v\x82\xAA\x82\xA0\x82\xE9\x81B
+ RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &n, NULL, NULL);
+ server_key_bits = BN_num_bits(n);
+
+ RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &n, NULL, NULL);
+ host_key_bits = BN_num_bits(n);
+
+ server_key_bytes = (server_key_bits + 7) / 8;
+ host_key_bytes = (host_key_bits + 7) / 8;
+
if (server_key_bits < host_key_bits) {
return host_key_bytes;
} else {
@@ -839,14 +856,26 @@
int CRYPT_choose_session_key(PTInstVar pvar,
unsigned char *encrypted_key_buf)
{
- int server_key_bits =
- BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
- int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
- int server_key_bytes = (server_key_bits + 7) / 8;
- int host_key_bytes = (host_key_bits + 7) / 8;
+ /********* OPENSSL1.1.1 NOTEST *********/
+ int server_key_bits;
+ int host_key_bits;
+ int server_key_bytes;
+ int host_key_bytes;
int encrypted_key_bytes;
int bit_delta;
+ BIGNUM *server_n, *host_n;
+ // OpenSSL 1.1.0\x82ł\xCDRSA\x8D\\x91\xA2\x91̂̃\x81\x83\x93\x83o\x81[\x82ɒ\xBC\x90ڃA\x83N\x83Z\x83X\x82ł\xAB\x82Ȃ\xA2\x82\xBD\x82߁A
+ // RSA_get0_key\x8A\x94\x82Ŏ擾\x82\xB7\x82\xE9\x95K\x97v\x82\xAA\x82\xA0\x82\xE9\x81B
+ RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
+ server_key_bits = BN_num_bits(server_n);
+
+ RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
+ host_key_bits = BN_num_bits(host_n);
+
+ server_key_bytes = (server_key_bits + 7) / 8;
+ host_key_bytes = (host_key_bits + 7) / 8;
+
if (server_key_bits < host_key_bits) {
encrypted_key_bytes = host_key_bytes;
bit_delta = host_key_bits - server_key_bits;
@@ -868,8 +897,8 @@
char session_id[16];
int i;
- BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
- BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
+ BN_bn2bin(host_n, session_buf);
+ BN_bn2bin(server_n,
session_buf + host_key_bytes);
memcpy(session_buf + server_key_bytes + host_key_bytes,
pvar->crypt_state.server_cookie, 8);
@@ -939,16 +968,30 @@
int challenge_len,
unsigned char *response)
{
- int server_key_bits =
- BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
- int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
- int server_key_bytes = (server_key_bits + 7) / 8;
- int host_key_bytes = (host_key_bits + 7) / 8;
- int session_buf_len = server_key_bytes + host_key_bytes + 8;
- char *session_buf = (char *) malloc(session_buf_len);
+ /********* OPENSSL1.1.1 NOTEST *********/
+ int server_key_bits;
+ int host_key_bits;
+ int server_key_bytes;
+ int host_key_bytes;
+ int session_buf_len;
+ char *session_buf;
char decrypted_challenge[48];
int decrypted_challenge_len;
+ BIGNUM *server_n, *host_n;
+ // OpenSSL 1.1.0\x82ł\xCDRSA\x8D\\x91\xA2\x91̂̃\x81\x83\x93\x83o\x81[\x82ɒ\xBC\x90ڃA\x83N\x83Z\x83X\x82ł\xAB\x82Ȃ\xA2\x82\xBD\x82߁A
+ // RSA_get0_key\x8A\x94\x82Ŏ擾\x82\xB7\x82\xE9\x95K\x97v\x82\xAA\x82\xA0\x82\xE9\x81B
+ RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
+ server_key_bits = BN_num_bits(server_n);
+
+ RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
+ host_key_bits = BN_num_bits(host_n);
+
+ server_key_bytes = (server_key_bits + 7) / 8;
+ host_key_bytes = (host_key_bits + 7) / 8;
+ session_buf_len = server_key_bytes + host_key_bytes + 8;
+ session_buf = (char FAR *) malloc(session_buf_len);
+
decrypted_challenge_len =
RSA_private_decrypt(challenge_len, challenge, challenge,
AUTH_get_cur_cred(pvar)->key_pair->rsa,
@@ -969,8 +1012,8 @@
decrypted_challenge_len);
}
- BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
- BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
+ BN_bn2bin(host_n, session_buf);
+ BN_bn2bin(server_n,
session_buf + host_key_bytes);
memcpy(session_buf + server_key_bytes + host_key_bytes,
pvar->crypt_state.server_cookie, 8);
@@ -1300,6 +1343,12 @@
void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
+ BIGNUM *server_n, *host_n;
+
+ // OpenSSL 1.1.0\x82ł\xCDRSA\x8D\\x91\xA2\x91̂̃\x81\x83\x93\x83o\x81[\x82ɒ\xBC\x90ڃA\x83N\x83Z\x83X\x82ł\xAB\x82Ȃ\xA2\x82\xBD\x82߁A
+ // RSA_get0_key\x8A\x94\x82Ŏ擾\x82\xB7\x82\xE9\x95K\x97v\x82\xAA\x82\xA0\x82\xE9\x81B
+
if (SSHv1(pvar)) {
if (pvar->crypt_state.server_key.RSA_key == NULL
|| pvar->crypt_state.host_key.RSA_key == NULL) {
@@ -1306,11 +1355,14 @@
UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
} else {
+ RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
+ RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
+
UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
"%d-bit server key, %d-bit host key");
_snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
- BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
- BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
+ BN_num_bits(server_n),
+ BN_num_bits(host_n));
}
} else { // SSH2
UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
Modified: branches/openssl_1_1_1_v2/ttssh2/ttxssh/hosts.c
===================================================================
--- branches/openssl_1_1_1_v2/ttssh2/ttxssh/hosts.c 2019-06-22 12:19:07 UTC (rev 7792)
+++ branches/openssl_1_1_1_v2/ttssh2/ttxssh/hosts.c 2019-06-23 07:55:34 UTC (rev 7793)
@@ -869,7 +869,11 @@
const EC_GROUP *group;
const EC_POINT *pa, *pb;
Key *a, *b;
+ BIGNUM *e = NULL, *n = NULL;
+ BIGNUM *se = NULL, *sn = NULL;
+ /********* OPENSSL1.1.1 NOTEST *********/
+
if (src->type != key->type) {
return -1;
}
@@ -889,9 +893,11 @@
*/
case KEY_RSA: // SSH2 RSA host public key
+ RSA_get0_key(key->rsa, &n, &e, NULL);
+ RSA_get0_key(src->rsa, &sn, &se, NULL);
return key->rsa != NULL && src->rsa != NULL &&
- BN_cmp(key->rsa->e, src->rsa->e) == 0 &&
- BN_cmp(key->rsa->n, src->rsa->n) == 0;
+ BN_cmp(e, se) == 0 &&
+ BN_cmp(n, sn) == 0;
case KEY_DSA: // SSH2 DSA host public key
return key->dsa != NULL && src->dsa &&
Modified: branches/openssl_1_1_1_v2/ttssh2/ttxssh/key.c
===================================================================
--- branches/openssl_1_1_1_v2/ttssh2/ttxssh/key.c 2019-06-22 12:19:07 UTC (rev 7792)
+++ branches/openssl_1_1_1_v2/ttssh2/ttxssh/key.c 2019-06-23 07:55:34 UTC (rev 7793)
@@ -269,6 +269,7 @@
u_char *signature, u_int signaturelen,
u_char *data, u_int datalen)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
const EVP_MD *evp_md;
EVP_MD_CTX *md = NULL;
// char *ktype;
@@ -277,6 +278,7 @@
// int rlen, ret, nid;
int ret = -1, nid;
char *ptr;
+ BIGNUM *n;
/********* OPENSSL1.1.1 NOTEST *********/
md = EVP_MD_CTX_new();
@@ -291,7 +293,9 @@
ret = -2;
goto error;
}
- if (BN_num_bits(key->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+
+ RSA_get0_key(key, &n, NULL, NULL);
+ if (BN_num_bits(n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
ret = -3;
goto error;
}
@@ -559,21 +563,27 @@
//
RSA *duplicate_RSA(RSA *src)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
RSA *rsa = NULL;
+ BIGNUM *e = NULL, *n = NULL;
+ BIGNUM *se = NULL, *sn = NULL;
rsa = RSA_new();
if (rsa == NULL)
goto error;
- rsa->n = BN_new();
- rsa->e = BN_new();
- if (rsa->n == NULL || rsa->e == NULL) {
+ n = BN_new();
+ e = BN_new();
+ RSA_set0_key(rsa, n, e, NULL);
+ if (n == NULL || e == NULL) {
RSA_free(rsa);
goto error;
}
+ RSA_get0_key(src, &sn, &se, NULL);
+
// \x90[\x82\xA2\x83R\x83s\x81[(deep copy)\x82\xF0\x8Ds\x82\xA4\x81B\x90R\x83s\x81[(shallow copy)\x82\xCDNG\x81B
- BN_copy(rsa->n, src->n);
- BN_copy(rsa->e, src->e);
+ BN_copy(n, sn);
+ BN_copy(e, se);
error:
return (rsa);
@@ -659,6 +669,7 @@
char* key_fingerprint_raw(Key *k, digest_algorithm dgst_alg, int *dgst_raw_length)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
const EVP_MD *md = NULL;
EVP_MD_CTX *ctx = NULL;
char *blob = NULL;
@@ -666,6 +677,7 @@
int len = 0;
int nlen, elen;
RSA *rsa;
+ BIGNUM *e = NULL, *n = NULL;
/********* OPENSSL1.1.1 NOTEST *********/
ctx = EVP_MD_CTX_new();
@@ -692,15 +704,16 @@
switch (k->type) {
case KEY_RSA1:
rsa = make_key(NULL, k->bits, k->exp, k->mod);
- nlen = BN_num_bytes(rsa->n);
- elen = BN_num_bytes(rsa->e);
+ RSA_get0_key(rsa, &n, &e, NULL);
+ nlen = BN_num_bytes(n);
+ elen = BN_num_bytes(e);
len = nlen + elen;
blob = malloc(len);
if (blob == NULL) {
// TODO:
}
- BN_bn2bin(rsa->n, blob);
- BN_bn2bin(rsa->e, blob + nlen);
+ BN_bn2bin(n, blob);
+ BN_bn2bin(e, blob + nlen);
RSA_free(rsa);
break;
@@ -767,10 +780,13 @@
unsigned int
key_size(const Key *k)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
+ BIGNUM *n = NULL;
+
switch (k->type) {
case KEY_RSA1:
- // SSH1\x82̏ꍇ\x82\xCD key->rsa \x82\xC6 key->dsa \x82\xCD NULL \x82ł\xA0\x82\xE9\x82̂ŁA\x8Eg\x82\xED\x82Ȃ\xA2\x81B
- return k->bits;
+ RSA_get0_key(k->rsa, &n, NULL, NULL);
+ return BN_num_bits(n);
case KEY_RSA:
return BN_num_bits(k->rsa->n);
case KEY_DSA:
@@ -991,17 +1007,28 @@
//
static void key_add_private(Key *k)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
+ BIGNUM *d, *iqmp, *q, *p, *dmq1, *dmp1;
+
+ d = iqmp = q = p = dmq1 = dmp1 = NULL;
+
switch (k->type) {
case KEY_RSA1:
case KEY_RSA:
- k->rsa->d = BN_new();
- k->rsa->iqmp = BN_new();
- k->rsa->q = BN_new();
- k->rsa->p = BN_new();
- k->rsa->dmq1 = BN_new();
- k->rsa->dmp1 = BN_new();
- if (k->rsa->d == NULL || k->rsa->iqmp == NULL || k->rsa->q == NULL ||
- k->rsa->p == NULL || k->rsa->dmq1 == NULL || k->rsa->dmp1 == NULL)
+ d = BN_new();
+ RSA_set0_key(k->rsa, NULL, NULL, d);
+
+ iqmp = BN_new();
+ q = BN_new();
+ p = BN_new();
+ RSA_set0_factors(k->rsa, p, q);
+
+ dmq1 = BN_new();
+ dmp1 = BN_new();
+ RSA_set0_crt_params(k->rsa, dmp1, dmq1, iqmp);
+
+ if (d == NULL || iqmp == NULL || q == NULL ||
+ p == NULL || dmq1 == NULL || dmp1 == NULL)
goto error;
break;
@@ -1031,29 +1058,25 @@
return;
error:
- if (k->rsa->d) {
- BN_free(k->rsa->d);
- k->rsa->d = NULL;
+ if (d) {
+ BN_free(d);
+ // k->rsa->d\x82\xC9 NULL \x82\xF0\x83Z\x83b\x83g\x82\xB7\x82邱\x82Ƃ͂ł\xAB\x82Ȃ\xA2\x81B
+ // RSA_set0_key()\x82ł\xCD NULL \x82\xF0\x93n\x82\xB5\x82Ă\xE0\x89\xBD\x82\xE0\x82\xB5\x82Ȃ\xA2\x81B
}
- if (k->rsa->iqmp) {
- BN_free(k->rsa->iqmp);
- k->rsa->iqmp = NULL;
+ if (iqmp) {
+ BN_free(iqmp);
}
- if (k->rsa->q) {
- BN_free(k->rsa->q);
- k->rsa->q = NULL;
+ if (q) {
+ BN_free(q);
}
- if (k->rsa->p) {
- BN_free(k->rsa->p);
- k->rsa->p = NULL;
+ if (p) {
+ BN_free(p);
}
- if (k->rsa->dmq1) {
- BN_free(k->rsa->dmq1);
- k->rsa->dmq1 = NULL;
+ if (dmq1) {
+ BN_free(dmq1);
}
- if (k->rsa->dmp1) {
- BN_free(k->rsa->dmp1);
- k->rsa->dmp1 = NULL;
+ if (dmp1) {
+ BN_free(dmp1);
}
@@ -1075,10 +1098,12 @@
Key *key_new(int type)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
int success = 0;
Key *k = NULL;
RSA *rsa;
DSA *dsa;
+ BIGNUM *e = NULL, *n = NULL;
k = calloc(1, sizeof(Key));
if (k == NULL)
@@ -1096,9 +1121,10 @@
rsa = RSA_new();
if (rsa == NULL)
goto error;
- rsa->n = BN_new();
- rsa->e = BN_new();
- if (rsa->n == NULL || rsa->e == NULL)
+ n = BN_new();
+ e = BN_new();
+ RSA_set0_key(rsa, n, e, NULL);
+ if (n == NULL || e == NULL)
goto error;
k->rsa = rsa;
break;
@@ -1274,10 +1300,12 @@
//
int key_to_blob(Key *key, char **blobp, int *lenp)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
buffer_t *b;
char *sshname, *tmp;
int len;
int ret = 1; // success
+ BIGNUM *e = NULL, *n = NULL;
b = buffer_init();
sshname = get_sshname_from_key(key);
@@ -1284,9 +1312,10 @@
switch (key->type) {
case KEY_RSA:
+ RSA_get0_key(key->rsa, &n, &e, NULL);
buffer_put_string(b, sshname, strlen(sshname));
- buffer_put_bignum2(b, key->rsa->e);
- buffer_put_bignum2(b, key->rsa->n);
+ buffer_put_bignum2(b, e);
+ buffer_put_bignum2(b, n);
break;
case KEY_DSA:
buffer_put_string(b, sshname, strlen(sshname));
@@ -1339,6 +1368,7 @@
//
Key *key_from_blob(char *data, int blen)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
int keynamelen, len;
char key[128];
RSA *rsa = NULL;
@@ -1349,6 +1379,7 @@
Key *hostkey = NULL; // hostkey
ssh_keytype type;
unsigned char *pk = NULL;
+ BIGNUM *e = NULL, *n = NULL;
if (data == NULL)
goto error;
@@ -1376,14 +1407,15 @@
if (rsa == NULL) {
goto error;
}
- rsa->n = BN_new();
- rsa->e = BN_new();
- if (rsa->n == NULL || rsa->e == NULL) {
+ n = BN_new();
+ e = BN_new();
+ RSA_set0_key(rsa, n, e, NULL);
+ if (n == NULL || e == NULL) {
goto error;
}
- buffer_get_bignum2(&data, rsa->e);
- buffer_get_bignum2(&data, rsa->n);
+ buffer_get_bignum2(&data, e);
+ buffer_get_bignum2(&data, n);
hostkey->type = type;
hostkey->rsa = rsa;
@@ -1728,9 +1760,11 @@
BOOL get_SSH2_publickey_blob(PTInstVar pvar, buffer_t **blobptr, int *bloblen)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
buffer_t *msg = NULL;
Key *keypair;
char *s, *tmp;
+ BIGNUM *e = NULL, *n = NULL;
msg = buffer_init();
if (msg == NULL) {
@@ -1743,9 +1777,10 @@
switch (keypair->type) {
case KEY_RSA: // RSA
s = get_sshname_from_key(keypair);
+ RSA_get0_key(keypair->rsa, &n, &e, NULL);
buffer_put_string(msg, s, strlen(s));
- buffer_put_bignum2(msg, keypair->rsa->e); // \x8C\xF6\x8AJ\x8Ew\x90\x94
- buffer_put_bignum2(msg, keypair->rsa->n); // p\x81~q
+ buffer_put_bignum2(msg, e); // \x8C\xF6\x8AJ\x8Ew\x90\x94
+ buffer_put_bignum2(msg, n); // p\x81~q
break;
case KEY_DSA: // DSA
s = get_sshname_from_key(keypair);
@@ -1834,7 +1869,9 @@
void key_private_serialize(Key *key, buffer_t *b)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
char *s;
+ BIGNUM *e, *n, *d, *iqmp, *p, *q;
s = get_sshname_from_key(key);
buffer_put_cstring(b, s);
@@ -1841,12 +1878,16 @@
switch (key->type) {
case KEY_RSA:
- buffer_put_bignum2(b, key->rsa->n);
- buffer_put_bignum2(b, key->rsa->e);
- buffer_put_bignum2(b, key->rsa->d);
- buffer_put_bignum2(b, key->rsa->iqmp);
- buffer_put_bignum2(b, key->rsa->p);
- buffer_put_bignum2(b, key->rsa->q);
+ RSA_get0_key(key->rsa, &n, &e, &d);
+ RSA_get0_factors(key->rsa, &p, &q);
+ RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp);
+
+ buffer_put_bignum2(b, n);
+ buffer_put_bignum2(b, e);
+ buffer_put_bignum2(b, d);
+ buffer_put_bignum2(b, iqmp);
+ buffer_put_bignum2(b, p);
+ buffer_put_bignum2(b, q);
break;
case KEY_DSA:
@@ -1879,8 +1920,10 @@
/* calculate p-1 and q-1 */
static void rsa_generate_additional_parameters(RSA *rsa)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
BIGNUM *aux = NULL;
BN_CTX *ctx = NULL;
+ BIGNUM *e, *n, *d, *dmp1, *dmq1, *iqmp, *p, *q;
if ((aux = BN_new()) == NULL)
goto error;
@@ -1887,10 +1930,14 @@
if ((ctx = BN_CTX_new()) == NULL)
goto error;
- if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
- (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
- (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
- (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0))
+ RSA_get0_key(rsa, &n, &e, &d);
+ RSA_get0_factors(rsa, &p, &q);
+ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+
+ if ((BN_sub(aux, q, BN_value_one()) == 0) ||
+ (BN_mod(dmq1, d, aux, ctx) == 0) ||
+ (BN_sub(aux, p, BN_value_one()) == 0) ||
+ (BN_mod(dmp1, d, aux, ctx) == 0))
goto error;
error:
@@ -1902,11 +1949,13 @@
Key *key_private_deserialize(buffer_t *blob)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
int success = 0;
char *type_name = NULL;
Key *k = NULL;
unsigned int pklen, sklen;
int type;
+ BIGNUM *e, *n, *d, *dmp1, *dmq1, *iqmp, *p, *q;
type_name = buffer_get_string_msg(blob, NULL);
if (type_name == NULL)
@@ -1917,13 +1966,17 @@
switch (type) {
case KEY_RSA:
- buffer_get_bignum2_msg(blob, k->rsa->n);
- buffer_get_bignum2_msg(blob, k->rsa->e);
- buffer_get_bignum2_msg(blob, k->rsa->d);
- buffer_get_bignum2_msg(blob, k->rsa->iqmp);
- buffer_get_bignum2_msg(blob, k->rsa->p);
- buffer_get_bignum2_msg(blob, k->rsa->q);
+ RSA_get0_key(k->rsa, &n, &e, &d);
+ RSA_get0_factors(k->rsa, &p, &q);
+ RSA_get0_crt_params(k->rsa, &dmp1, &dmq1, &iqmp);
+ buffer_get_bignum2_msg(blob, n);
+ buffer_get_bignum2_msg(blob, e);
+ buffer_get_bignum2_msg(blob, d);
+ buffer_get_bignum2_msg(blob, iqmp);
+ buffer_get_bignum2_msg(blob, p);
+ buffer_get_bignum2_msg(blob, q);
+
/* Generate additional parameters */
rsa_generate_additional_parameters(k->rsa);
break;
Modified: branches/openssl_1_1_1_v2/ttssh2/ttxssh/keyfiles.c
===================================================================
--- branches/openssl_1_1_1_v2/ttssh2/ttxssh/keyfiles.c 2019-06-22 12:19:07 UTC (rev 7792)
+++ branches/openssl_1_1_1_v2/ttssh2/ttxssh/keyfiles.c 2019-06-23 07:55:34 UTC (rev 7793)
@@ -66,27 +66,35 @@
key must be discarded. */
static BOOL normalize_key(RSA *key)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
BOOL OK = FALSE;
BIGNUM *r = BN_new();
BN_CTX *ctx = BN_CTX_new();
+ BIGNUM *e, *n, *d, *dmp1, *dmq1, *iqmp, *p, *q;
+ RSA_get0_key(key, &n, &e, &d);
+ RSA_get0_factors(key, &p, &q);
+ RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp);
+
if (BN_cmp(key->p, key->q) < 0) {
- BIGNUM *tmp = key->p;
+ BIGNUM *tmp = p;
- key->p = key->q;
- key->q = tmp;
+ p = q;
+ q = tmp;
+ RSA_set0_factors(key, p, q);
}
if (r != NULL && ctx != NULL) {
- key->dmp1 = BN_new();
- key->dmq1 = BN_new();
- key->iqmp = BN_mod_inverse(NULL, key->q, key->p, ctx);
+ dmp1 = BN_new();
+ dmq1 = BN_new();
+ iqmp = BN_mod_inverse(NULL, key->q, key->p, ctx);
+ RSA_set0_crt_params(key, dmp1, dmq1, iqmp);
- if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
- OK = BN_sub(r, key->p, BN_value_one())
- && BN_mod(key->dmp1, key->d, r, ctx)
- && BN_sub(r, key->q, BN_value_one())
- && BN_mod(key->dmq1, key->d, r, ctx);
+ if (dmp1 != NULL && dmq1 != NULL && iqmp != NULL) {
+ OK = BN_sub(r, p, BN_value_one())
+ && BN_mod(dmp1, d, r, ctx)
+ && BN_sub(r, q, BN_value_one())
+ && BN_mod(dmq1, d, r, ctx);
}
}
@@ -102,6 +110,7 @@
BOOL * invalid_passphrase,
BOOL is_auto_login)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
char filename[2048];
int fd;
unsigned int length, amount_read;
@@ -110,6 +119,7 @@
int cipher;
RSA *key;
unsigned int E_index, N_index, D_index, U_index, P_index, Q_index = 0;
+ BIGNUM *e, *n, *d, *p, *q;
*invalid_passphrase = FALSE;
@@ -294,11 +304,13 @@
}
key = RSA_new();
- key->n = get_bignum(keyfile_data + N_index);
- key->e = get_bignum(keyfile_data + E_index);
- key->d = get_bignum(keyfile_data + D_index);
- key->p = get_bignum(keyfile_data + P_index);
- key->q = get_bignum(keyfile_data + Q_index);
+ n = get_bignum(keyfile_data + N_index);
+ e = get_bignum(keyfile_data + E_index);
+ d = get_bignum(keyfile_data + D_index);
+ RSA_set0_key(key, n, e, d);
+ p = get_bignum(keyfile_data + P_index);
+ q = get_bignum(keyfile_data + Q_index);
+ RSA_set0_factors(key, p, q);
if (!normalize_key(key)) {
UTIL_get_lang_msg("MSG_KEYFILES_CRYPTOLIB_ERROR", pvar,
@@ -1091,7 +1103,10 @@
switch (result->type) {
case KEY_RSA:
{
+ /********* OPENSSL1.1.1 NOTEST *********/
char *pubkey_type, *pub, *pri;
+ BIGNUM *e, *n, *d, *dmp1, *dmq1, *iqmp, *p, *q;
+
pub = pubkey->buf;
pri = prikey->buf;
pubkey_type = buffer_get_string(&pub, NULL);
@@ -1107,29 +1122,32 @@
strncpy_s(errmsg, errmsg_len, "key init error", _TRUNCATE);
goto error;
}
- result->rsa->e = BN_new();
- result->rsa->n = BN_new();
- result->rsa->d = BN_new();
- result->rsa->p = BN_new();
- result->rsa->q = BN_new();
- result->rsa->iqmp = BN_new();
- if (result->rsa->e == NULL ||
- result->rsa->n == NULL ||
- result->rsa->d == NULL ||
- result->rsa->p == NULL ||
- result->rsa->q == NULL ||
- result->rsa->iqmp == NULL) {
+ e = BN_new();
+ n = BN_new();
+ d = BN_new();
+ RSA_set0_key(result->rsa, n, e, d);
+ p = BN_new();
+ q = BN_new();
+ RSA_set0_factors(result->rsa, p, q);
+ iqmp = BN_new();
+ RSA_set0_crt_params(result->rsa, NULL, NULL, iqmp);
+ if (e == NULL ||
+ n == NULL ||
+ d == NULL ||
+ p == NULL ||
+ q == NULL ||
+ iqmp == NULL) {
strncpy_s(errmsg, errmsg_len, "key init error", _TRUNCATE);
goto error;
}
- buffer_get_bignum2(&pub, result->rsa->e);
- buffer_get_bignum2(&pub, result->rsa->n);
+ buffer_get_bignum2(&pub, e);
+ buffer_get_bignum2(&pub, n);
- buffer_get_bignum2(&pri, result->rsa->d);
- buffer_get_bignum2(&pri, result->rsa->p);
- buffer_get_bignum2(&pri, result->rsa->q);
- buffer_get_bignum2(&pri, result->rsa->iqmp);
+ buffer_get_bignum2(&pri, d);
+ buffer_get_bignum2(&pri, p);
+ buffer_get_bignum2(&pri, q);
+ buffer_get_bignum2(&pri, iqmp);
break;
}
@@ -1547,33 +1565,39 @@
switch (result->type) {
case KEY_RSA:
{
+ /********* OPENSSL1.1.1 NOTEST *********/
+ BIGNUM *e, *n, *d, *dmp1, *dmq1, *iqmp, *p, *q;
+
result->rsa = RSA_new();
if (result->rsa == NULL) {
strncpy_s(errmsg, errmsg_len, "key init error", _TRUNCATE);
goto error;
}
- result->rsa->e = BN_new();
- result->rsa->n = BN_new();
- result->rsa->d = BN_new();
- result->rsa->p = BN_new();
- result->rsa->q = BN_new();
- result->rsa->iqmp = BN_new();
- if (result->rsa->e == NULL ||
- result->rsa->n == NULL ||
- result->rsa->d == NULL ||
- result->rsa->p == NULL ||
- result->rsa->q == NULL ||
- result->rsa->iqmp == NULL) {
+ e = BN_new();
+ n = BN_new();
+ d = BN_new();
+ RSA_set0_key(result->rsa, n, e, d);
+ p = BN_new();
+ q = BN_new();
+ RSA_set0_factors(result->rsa, p, q);
+ iqmp = BN_new();
+ RSA_set0_crt_params(result->rsa, NULL, NULL, iqmp);
+ if (e == NULL ||
+ n == NULL ||
+ d == NULL ||
+ p == NULL ||
+ q == NULL ||
+ iqmp == NULL) {
strncpy_s(errmsg, errmsg_len, "key init error", _TRUNCATE);
goto error;
}
- buffer_get_bignum_SECSH(blob2, result->rsa->e);
- buffer_get_bignum_SECSH(blob2, result->rsa->d);
- buffer_get_bignum_SECSH(blob2, result->rsa->n);
- buffer_get_bignum_SECSH(blob2, result->rsa->iqmp);
- buffer_get_bignum_SECSH(blob2, result->rsa->p);
- buffer_get_bignum_SECSH(blob2, result->rsa->q);
+ buffer_get_bignum_SECSH(blob2, e);
+ buffer_get_bignum_SECSH(blob2, d);
+ buffer_get_bignum_SECSH(blob2, n);
+ buffer_get_bignum_SECSH(blob2, iqmp);
+ buffer_get_bignum_SECSH(blob2, p);
+ buffer_get_bignum_SECSH(blob2, q);
break;
}
Modified: branches/openssl_1_1_1_v2/ttssh2/ttxssh/ssh.c
===================================================================
--- branches/openssl_1_1_1_v2/ttssh2/ttxssh/ssh.c 2019-06-22 12:19:07 UTC (rev 7792)
+++ branches/openssl_1_1_1_v2/ttssh2/ttxssh/ssh.c 2019-06-23 07:55:34 UTC (rev 7793)
@@ -2527,23 +2527,34 @@
}
}
else if (pvar->auth_state.cur_cred.method == SSH_AUTH_PAGEANT) {
- int server_key_bits = BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
- int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
- int server_key_bytes = (server_key_bits + 7) / 8;
- int host_key_bytes = (host_key_bits + 7) / 8;
- int session_buf_len = server_key_bytes + host_key_bytes + 8;
- char *session_buf = (char *) malloc(session_buf_len);
+ /********* OPENSSL1.1.1 NOTEST *********/
+ int server_key_bits;
+ int host_key_bits;
+ int server_key_bytes;
+ int host_key_bytes;
+ int session_buf_len;
+ char *session_buf;
unsigned char session_id[16];
unsigned char *hash;
int pubkeylen, hashlen;
+ BIGNUM *server_n, *host_n;
+ RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
+ RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
+ server_key_bits = BN_num_bits(server_n);
+ host_key_bits = BN_num_bits(host_n);
+ server_key_bytes = (server_key_bits + 7) / 8;
+ host_key_bytes = (host_key_bits + 7) / 8;
+ session_buf_len = server_key_bytes + host_key_bytes + 8;
+ session_buf = (char FAR *) malloc(session_buf_len);
+
/* Pageant \x82Ƀn\x83b\x83V\x83\x85\x82\xF0\x8Cv\x8EZ\x82\xB5\x82Ă\xE0\x82炤 */
// \x8C\xF6\x8AJ\x8C\xAE\x82̒\xB7\x82\xB3
pubkeylen = putty_get_ssh1_keylen(pvar->pageant_curkey, pvar->pageant_keylistlen);
// \x83Z\x83b\x83V\x83\x87\x83\x93ID\x82\xF0\x8D쐬
- BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
- BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n, session_buf + host_key_bytes);
+ BN_bn2bin(host_n, session_buf);
+ BN_bn2bin(server_n, session_buf + host_key_bytes);
memcpy(session_buf + server_key_bytes + host_key_bytes, pvar->crypt_state.server_cookie, 8);
MD5(session_buf, session_buf_len, session_id);
// \x83n\x83b\x83V\x83\x85\x82\xF0\x8E\xE6\x82\xE9
@@ -2569,6 +2580,9 @@
static void try_send_credentials(PTInstVar pvar)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
+ BIGNUM *e, *n;
+
if ((pvar->ssh_state.status_flags & STATUS_DONT_SEND_CREDENTIALS) == 0) {
AUTHCred *cred = AUTH_get_cur_cred(pvar);
static const int RSA_msgs[] =
@@ -2619,27 +2633,35 @@
break;
}
case SSH_AUTH_RSA:{
- int len = BN_num_bytes(cred->key_pair->rsa->n);
- unsigned char *outmsg =
- begin_send_packet(pvar, SSH_CMSG_AUTH_RSA, 2 + len);
+ int len;
+ unsigned char *outmsg;
+ RSA_get0_key(cred->key_pair->rsa, &n, NULL, NULL);
+ len = BN_num_bytes(n);
+ outmsg = begin_send_packet(pvar, SSH_CMSG_AUTH_RSA, 2 + len);
+
logputs(LOG_LEVEL_VERBOSE, "Trying RSA authentication...");
set_ushort16_MSBfirst(outmsg, len * 8);
- BN_bn2bin(cred->key_pair->rsa->n, outmsg + 2);
+ BN_bn2bin(n, outmsg + 2);
/* don't destroy the current credentials yet */
enque_handlers(pvar, 2, RSA_msgs, RSA_handlers);
break;
}
case SSH_AUTH_RHOSTS_RSA:{
- int mod_len = BN_num_bytes(cred->key_pair->rsa->n);
- int name_len = strlen(cred->rhosts_client_user);
- int exp_len = BN_num_bytes(cred->key_pair->rsa->e);
+ int mod_len;
+ int name_len;
+ int exp_len;
int index;
- unsigned char *outmsg =
- begin_send_packet(pvar, SSH_CMSG_AUTH_RHOSTS_RSA,
- 12 + mod_len + name_len + exp_len);
+ unsigned char *outmsg;
+ RSA_get0_key(cred->key_pair->rsa, &n, &e, NULL);
+ mod_len = BN_num_bytes(n);
+ name_len = strlen(cred->rhosts_client_user);
+ exp_len = BN_num_bytes(e);
+ outmsg = begin_send_packet(pvar, SSH_CMSG_AUTH_RHOSTS_RSA,
+ 12 + mod_len + name_len + exp_len);
+
logputs(LOG_LEVEL_VERBOSE, "Trying RHOSTS+RSA authentication...");
set_uint32(outmsg, name_len);
@@ -2648,11 +2670,11 @@
set_uint32(outmsg + index, 8 * mod_len);
set_ushort16_MSBfirst(outmsg + index + 4, 8 * exp_len);
- BN_bn2bin(cred->key_pair->rsa->e, outmsg + index + 6);
+ BN_bn2bin(e, outmsg + index + 6);
index += 6 + exp_len;
set_ushort16_MSBfirst(outmsg + index, 8 * mod_len);
- BN_bn2bin(cred->key_pair->rsa->n, outmsg + index + 2);
+ BN_bn2bin(n, outmsg + index + 2);
/* don't destroy the current credentials yet */
enque_handlers(pvar, 2, RSA_msgs, RSA_handlers);
break;
@@ -5746,9 +5768,12 @@
if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) {
if (ret == -3 && hostkey->type == KEY_RSA) {
if (!pvar->settings.EnableRsaShortKeyServer) {
+ /********* OPENSSL1.1.1 NOTEST *********/
+ BIGNUM *n;
+ RSA_get0_key(hostkey->rsa, &n, NULL, NULL);
_snprintf_s(emsg, sizeof(emsg), _TRUNCATE,
"%s: key verify error. remote rsa key length is too short (%d-bit)", __FUNCTION__,
- BN_num_bits(hostkey->rsa->n));
+ BN_num_bits(n));
}
else {
goto cont;
Modified: branches/openssl_1_1_1_v2/ttssh2/ttxssh/ttxssh.c
===================================================================
--- branches/openssl_1_1_1_v2/ttssh2/ttxssh/ttxssh.c 2019-06-22 12:19:07 UTC (rev 7792)
+++ branches/openssl_1_1_1_v2/ttssh2/ttxssh/ttxssh.c 2019-06-23 07:55:34 UTC (rev 7793)
@@ -3434,6 +3434,8 @@
static BOOL generate_ssh_key(ssh_keytype type, int bits, void (*cbfunc)(int, int, void *), void *cbarg)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
+
// if SSH key already is generated, should free the resource.
free_ssh_key();
@@ -3443,6 +3445,8 @@
{
RSA *priv = NULL;
RSA *pub = NULL;
+ BIGNUM *e, *n;
+ BIGNUM *p_e, *p_n;
// private key
priv = RSA_generate_key(bits, 35, cbfunc, cbarg);
@@ -3452,15 +3456,18 @@
// public key
pub = RSA_new();
- pub->n = BN_new();
- pub->e = BN_new();
- if (pub->n == NULL || pub->e == NULL) {
+ n = BN_new();
+ e = BN_new();
+ RSA_set0_key(pub, n, e, NULL);
+ if (n == NULL || e == NULL) {
RSA_free(pub);
goto error;
}
- BN_copy(pub->n, priv->n);
- BN_copy(pub->e, priv->e);
+ RSA_get0_key(priv, &p_n, &p_e, NULL);
+
+ BN_copy(n, p_n);
+ BN_copy(e, p_e);
public_key.rsa = pub;
break;
}
@@ -4620,18 +4627,22 @@
}
if (public_key.type == KEY_RSA1) { // SSH1 RSA
+ /********* OPENSSL1.1.1 NOTEST *********/
RSA *rsa = public_key.rsa;
int bits;
char *buf;
+ BIGNUM *e, *n;
- bits = BN_num_bits(rsa->n);
+ RSA_get0_key(rsa, &n, &e, NULL);
+
+ bits = BN_num_bits(n);
fprintf(fp, "%u", bits);
- buf = BN_bn2dec(rsa->e);
+ buf = BN_bn2dec(e);
fprintf(fp, " %s", buf);
OPENSSL_free(buf);
- buf = BN_bn2dec(rsa->n);
+ buf = BN_bn2dec(n);
fprintf(fp, " %s", buf);
OPENSSL_free(buf);
@@ -4645,6 +4656,8 @@
char *blob;
char *uuenc; // uuencode data
int uulen;
+ BIGNUM *e, *n;
+ /********* OPENSSL1.1.1 NOTEST *********/
b = buffer_init();
if (b == NULL)
@@ -4661,10 +4674,11 @@
break;
case KEY_RSA: // RSA
+ RSA_get0_key(rsa, &n, &e, NULL);
keyname = "ssh-rsa";
buffer_put_string(b, keyname, strlen(keyname));
- buffer_put_bignum2(b, rsa->e);
- buffer_put_bignum2(b, rsa->n);
+ buffer_put_bignum2(b, e);
+ buffer_put_bignum2(b, n);
break;
case KEY_ECDSA256: // ECDSA
@@ -4837,6 +4851,8 @@
EVP_CIPHER_CTX *cipher_ctx = NULL;
FILE *fp;
char wrapped[4096];
+ BIGNUM *e, *n, *d, *dmp1, *dmq1, *iqmp, *p, *q;
+ /********* OPENSSL1.1.1 NOTEST *********/
if (passphrase[0] == '\0') { // passphrase is empty
cipher_num = SSH_CIPHER_NONE;
@@ -4867,10 +4883,13 @@
// set private key
rsa = private_key.rsa;
- buffer_put_bignum(b, rsa->d);
- buffer_put_bignum(b, rsa->iqmp);
- buffer_put_bignum(b, rsa->q);
- buffer_put_bignum(b, rsa->p);
+ RSA_get0_key(rsa, &n, &e, &d);
+ RSA_get0_factors(rsa, &p, &q);
+ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+ buffer_put_bignum(b, d);
+ buffer_put_bignum(b, iqmp);
+ buffer_put_bignum(b, q);
+ buffer_put_bignum(b, p);
// padding with 8byte align
while (buffer_len(b) % 8) {
@@ -4893,9 +4912,9 @@
buffer_put_int(enc, 0); // type is 'int'!! (For future extension)
/* Store public key. This will be in plain text. */
- buffer_put_int(enc, BN_num_bits(rsa->n));
- buffer_put_bignum(enc, rsa->n);
- buffer_put_bignum(enc, rsa->e);
+ buffer_put_int(enc, BN_num_bits(n));
+ buffer_put_bignum(enc, n);
+ buffer_put_bignum(enc, e);
buffer_put_string(enc, comment, strlen(comment));
// setup the MD5ed passphrase to cipher encryption key