Bugtraq mailing list archives
Re: SSH1 key recovery patch
From: Johannes Geiger <geiger () INFORMATIK TU-MUENCHEN DE>
Date: Wed, 21 Feb 2001 11:11:29 +0000
On Tue, Feb 20, 2001 at 12:48:09PM +0100, Johannes Geiger wrote:
The following patch is UNTESTED and supplied only to make myself clear.
If anybody is interested: Thomas Themel (thanks) pointed out to me an error in my patch. In rsaglue.c it should read of course + success = (value[0] == 0 && value[1] == 2); ^^^^^ So the complete patch reads: --- rsaglue.c.orig Tue Feb 20 11:20:21 2001 +++ rsaglue.c Tue Feb 20 11:23:21 2001 @@ -238,11 +238,12 @@ /* Decrypt input using the private key. Output will become a 256 bit value. */ -void rsa_private_decrypt(MP_INT *output, MP_INT *input, RSAPrivateKey *key) +int rsa_private_decrypt(MP_INT *output, MP_INT *input, RSAPrivateKey *key) { MP_INT aux; unsigned int len, i; unsigned char *value; + int success; rsa_private(output, input, key); @@ -263,8 +264,7 @@ } mpz_clear(&aux); - if (value[0] != 0 || value[1] != 2) - fatal("Bad result from rsa_private_decrypt"); + success = (value[0] == 0 && value[1] == 2); for (i = 2; i < len && value[i]; i++) ; @@ -272,6 +272,9 @@ xfree(value); mpz_mod_2exp(output, output, 8 * (len - i - 1)); + + return success; + } #endif /* RSAREF */ --- rsa.h.orig Tue Feb 20 11:38:04 2001 +++ rsa.h Tue Feb 20 12:21:50 2001 @@ -111,6 +111,6 @@ RandomState *state); /* Performs a private key decrypt operation. */ -void rsa_private_decrypt(MP_INT *output, MP_INT *input, RSAPrivateKey *key); +int rsa_private_decrypt(MP_INT *output, MP_INT *input, RSAPrivateKey *key); #endif /* RSA_H */ --- sshd.c.orig Tue Feb 20 11:20:12 2001 +++ sshd.c Tue Feb 20 12:43:54 2001 @@ -1553,23 +1553,29 @@ larger modulus first). */ if (mpz_cmp(&sensitive_data.private_key.n, &sensitive_data.host_key.n) > 0) { + int rok1, rok2; /* Private key has bigger modulus. */ assert(sensitive_data.private_key.bits >= sensitive_data.host_key.bits + SSH_KEY_BITS_RESERVED); - rsa_private_decrypt(&session_key_int, &session_key_int, - &sensitive_data.private_key); - rsa_private_decrypt(&session_key_int, &session_key_int, - &sensitive_data.host_key); + rok1 = rsa_private_decrypt(&session_key_int, &session_key_int, + &sensitive_data.private_key); + rok2 = rsa_private_decrypt(&session_key_int, &session_key_int, + &sensitive_data.host_key); + if (!(rok1 && rok2)) + fatal("Bad result from rsa_private_decrypt"); } else { + int rok1, rok2; /* Host key has bigger modulus (or they are equal). */ assert(sensitive_data.host_key.bits >= sensitive_data.private_key.bits + SSH_KEY_BITS_RESERVED); - rsa_private_decrypt(&session_key_int, &session_key_int, - &sensitive_data.host_key); - rsa_private_decrypt(&session_key_int, &session_key_int, - &sensitive_data.private_key); + rok1 = rsa_private_decrypt(&session_key_int, &session_key_int, + &sensitive_data.host_key); + rok2 = rsa_private_decrypt(&session_key_int, &session_key_int, + &sensitive_data.private_key); + if (!(rok1 && rok2)) + fatal("Bad result from rsa_private_decrypt"); } /* Compute session id for this session. */
Current thread:
- SSH1 key recovery patch Iván Arce (Feb 13)
- Re: SSH1 key recovery patch Andrew Brown (Feb 15)
- Re: SSH1 key recovery patch Pavel Machek (Feb 19)
- Re: SSH1 key recovery patch Johannes Geiger (Feb 20)
- Re: SSH1 key recovery patch Johannes Geiger (Feb 21)
- Re: SSH1 key recovery patch Markus Friedl (Feb 21)
- Message not available
- Re: SSH1 key recovery patch Markus Friedl (Feb 22)