diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 1999-11-07 22:38:40 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 1999-11-07 22:38:40 +0000 |
| commit | 65101ef4c352ba6c69f5abac9dac3d384d991776 (patch) | |
| tree | afbcd1bb72db56c4b3520162c3d41bb2e7882493 /usr.bin/ssh | |
| parent | f35f50695565eb129b1f9af9c864d83bf3b37973 (diff) | |
warn if announced size of modulus 'n' != real size
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/sshconnect.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index eba68ca8c59..5449bd21d0e 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -15,7 +15,7 @@ login (authentication) dialog. */ #include "includes.h" -RCSID("$Id: sshconnect.c,v 1.25 1999/11/02 19:42:36 markus Exp $"); +RCSID("$Id: sshconnect.c,v 1.26 1999/11/07 22:38:39 markus Exp $"); #include <ssl/bn.h> #include "xmalloc.h" @@ -1014,6 +1014,7 @@ void ssh_login(int host_key_valid, BIGNUM *key; RSA *host_key, *file_key; RSA *public_key; + int bits, rbits; unsigned char session_key[SSH_SESSION_KEY_LENGTH]; const char *server_user, *local_user; char *cp, *host, *ip = NULL; @@ -1060,7 +1061,7 @@ void ssh_login(int host_key_valid, /* Get the public key. */ public_key = RSA_new(); - packet_get_int(); /* bits */ + bits = packet_get_int(); /* bits */ public_key->e = BN_new(); packet_get_bignum(public_key->e, &clen); sum_len += clen; @@ -1068,9 +1069,16 @@ void ssh_login(int host_key_valid, packet_get_bignum(public_key->n, &clen); sum_len += clen; + rbits = BN_num_bits(public_key->n); + if (bits != rbits) { + log("Warning: Server lies about size of server public key,"); + log("Warning: this may be due to an old implementation of ssh."); + log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits); + } + /* Get the host key. */ host_key = RSA_new(); - packet_get_int(); /* bits */ + bits = packet_get_int(); /* bits */ host_key->e = BN_new(); packet_get_bignum(host_key->e, &clen); sum_len += clen; @@ -1078,6 +1086,13 @@ void ssh_login(int host_key_valid, packet_get_bignum(host_key->n, &clen); sum_len += clen; + rbits = BN_num_bits(host_key->n); + if (bits != rbits) { + log("Warning: Server lies about size of server host key,"); + log("Warning: this may be due to an old implementation of ssh."); + log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits); + } + /* Store the host key from the known host file in here * so that we can compare it with the key for the IP * address. */ |