• R/O
  • SSH
  • HTTPS

ttssh2: Commit


Commit MetaInfo

Revision6565 (tree)
Time2017-01-09 00:36:18
Author(del#24082)

Log Message

RSA構造体のメンバーアクセスを関数アクセスに変更した。

Change Summary

Incremental Difference

--- branches/openssl_1_1_0/ttssh2/ttxssh/crypt.c (revision 6564)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/crypt.c (revision 6565)
@@ -872,23 +872,27 @@
872872 unsigned char FAR * mod)
873873 {
874874 RSA FAR *key = RSA_new();
875+ BIGNUM *e = NULL, *n = NULL;
875876
876877 if (key != NULL) {
877- key->e = get_bignum(exp);
878- key->n = get_bignum(mod);
878+ // OpenSSL 1.1.0ではRSA構造体のメンバーに直接アクセスできないため、
879+ // RSA_get0_key関数で取得する必要がある。
880+ e = get_bignum(exp);
881+ n = get_bignum(mod);
882+ RSA_set0_key(key, n, e, NULL);
879883 }
880884
881- if (key == NULL || key->e == NULL || key->n == NULL) {
885+ if (key == NULL || e == NULL || n == NULL) {
882886 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
883887 "Error setting up RSA keys");
884888 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
885889
886890 if (key != NULL) {
887- if (key->e != NULL) {
888- BN_free(key->e);
891+ if (e != NULL) {
892+ BN_free(e);
889893 }
890- if (key->n != NULL) {
891- BN_free(key->n);
894+ if (n != NULL) {
895+ BN_free(n);
892896 }
893897 RSA_free(key);
894898 }
@@ -1192,12 +1196,21 @@
11921196
11931197 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
11941198 {
1195- int server_key_bits =
1196- BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1197- int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1198- int server_key_bytes = (server_key_bits + 7) / 8;
1199- int host_key_bytes = (host_key_bits + 7) / 8;
1199+ int server_key_bits;
1200+ int host_key_bits;
1201+ int server_key_bytes;
1202+ int host_key_bytes;
1203+ BIGNUM *n;
12001204
1205+ RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &n, NULL, NULL);
1206+ server_key_bits = BN_num_bits(n);
1207+
1208+ RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &n, NULL, NULL);
1209+ host_key_bits = BN_num_bits(n);
1210+
1211+ server_key_bytes = (server_key_bits + 7) / 8;
1212+ host_key_bytes = (host_key_bits + 7) / 8;
1213+
12011214 if (server_key_bits < host_key_bits) {
12021215 return host_key_bytes;
12031216 } else {
@@ -1208,14 +1221,23 @@
12081221 int CRYPT_choose_session_key(PTInstVar pvar,
12091222 unsigned char FAR * encrypted_key_buf)
12101223 {
1211- int server_key_bits =
1212- BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1213- int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1214- int server_key_bytes = (server_key_bits + 7) / 8;
1215- int host_key_bytes = (host_key_bits + 7) / 8;
1224+ int server_key_bits;
1225+ int host_key_bits;
1226+ int server_key_bytes;
1227+ int host_key_bytes;
12161228 int encrypted_key_bytes;
12171229 int bit_delta;
1230+ BIGNUM *server_n, *host_n;
12181231
1232+ RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
1233+ server_key_bits = BN_num_bits(server_n);
1234+
1235+ RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
1236+ host_key_bits = BN_num_bits(host_n);
1237+
1238+ server_key_bytes = (server_key_bits + 7) / 8;
1239+ host_key_bytes = (host_key_bits + 7) / 8;
1240+
12191241 if (server_key_bits < host_key_bits) {
12201242 encrypted_key_bytes = host_key_bytes;
12211243 bit_delta = host_key_bits - server_key_bits;
@@ -1237,8 +1259,8 @@
12371259 char session_id[16];
12381260 int i;
12391261
1240- BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1241- BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1262+ BN_bn2bin(host_n, session_buf);
1263+ BN_bn2bin(server_n,
12421264 session_buf + host_key_bytes);
12431265 memcpy(session_buf + server_key_bytes + host_key_bytes,
12441266 pvar->crypt_state.server_cookie, 8);
@@ -1308,16 +1330,27 @@
13081330 int challenge_len,
13091331 unsigned char FAR * response)
13101332 {
1311- int server_key_bits =
1312- BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1313- int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1314- int server_key_bytes = (server_key_bits + 7) / 8;
1315- int host_key_bytes = (host_key_bits + 7) / 8;
1316- int session_buf_len = server_key_bytes + host_key_bytes + 8;
1317- char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1333+ int server_key_bits;
1334+ int host_key_bits;
1335+ int server_key_bytes;
1336+ int host_key_bytes;
1337+ int session_buf_len;
1338+ char FAR *session_buf;
13181339 char decrypted_challenge[48];
13191340 int decrypted_challenge_len;
1341+ BIGNUM *server_n, *host_n;
13201342
1343+ RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
1344+ server_key_bits = BN_num_bits(server_n);
1345+
1346+ RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
1347+ host_key_bits = BN_num_bits(host_n);
1348+
1349+ server_key_bytes = (server_key_bits + 7) / 8;
1350+ host_key_bytes = (host_key_bits + 7) / 8;
1351+ session_buf_len = server_key_bytes + host_key_bytes + 8;
1352+ session_buf = (char FAR *) malloc(session_buf_len);
1353+
13211354 decrypted_challenge_len =
13221355 RSA_private_decrypt(challenge_len, challenge, challenge,
13231356 AUTH_get_cur_cred(pvar)->key_pair->rsa,
@@ -1338,8 +1371,8 @@
13381371 decrypted_challenge_len);
13391372 }
13401373
1341- BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1342- BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1374+ BN_bn2bin(host_n, session_buf);
1375+ BN_bn2bin(server_n,
13431376 session_buf + host_key_bytes);
13441377 memcpy(session_buf + server_key_bytes + host_key_bytes,
13451378 pvar->crypt_state.server_cookie, 8);
@@ -1903,6 +1936,8 @@
19031936
19041937 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
19051938 {
1939+ BIGNUM *server_n, *host_n;
1940+
19061941 if (SSHv1(pvar)) {
19071942 if (pvar->crypt_state.server_key.RSA_key == NULL
19081943 || pvar->crypt_state.host_key.RSA_key == NULL) {
@@ -1909,11 +1944,14 @@
19091944 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
19101945 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
19111946 } else {
1947+ RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
1948+ RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
1949+
19121950 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
19131951 "%d-bit server key, %d-bit host key");
19141952 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1915- BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1916- BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1953+ BN_num_bits(server_n),
1954+ BN_num_bits(host_n));
19171955 }
19181956 } else { // SSH2
19191957 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
--- branches/openssl_1_1_0/ttssh2/ttxssh/hosts.c (revision 6564)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/hosts.c (revision 6565)
@@ -982,6 +982,8 @@
982982 const EC_GROUP *group;
983983 const EC_POINT *pa, *pb;
984984 Key *a, *b;
985+ BIGNUM *e = NULL, *n = NULL;
986+ BIGNUM *se = NULL, *sn = NULL;
985987
986988 if (src->type != key->type) {
987989 return -1;
@@ -1002,9 +1004,11 @@
10021004 */
10031005
10041006 case KEY_RSA: // SSH2 RSA host public key
1007+ RSA_get0_key(key->rsa, &n, &e, NULL);
1008+ RSA_get0_key(src->rsa, &sn, &se, NULL);
10051009 return key->rsa != NULL && src->rsa != NULL &&
1006- BN_cmp(key->rsa->e, src->rsa->e) == 0 &&
1007- BN_cmp(key->rsa->n, src->rsa->n) == 0;
1010+ BN_cmp(e, se) == 0 &&
1011+ BN_cmp(n, sn) == 0;
10081012
10091013 case KEY_DSA: // SSH2 DSA host public key
10101014 return key->dsa != NULL && src->dsa &&
--- branches/openssl_1_1_0/ttssh2/ttxssh/key.c (revision 6564)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/key.c (revision 6565)
@@ -520,20 +520,26 @@
520520 RSA *duplicate_RSA(RSA *src)
521521 {
522522 RSA *rsa = NULL;
523+ BIGNUM *e = NULL, *n = NULL;
524+ BIGNUM *se = NULL, *sn = NULL;
523525
524526 rsa = RSA_new();
525527 if (rsa == NULL)
526528 goto error;
527- rsa->n = BN_new();
528- rsa->e = BN_new();
529- if (rsa->n == NULL || rsa->e == NULL) {
529+
530+ n = BN_new();
531+ e = BN_new();
532+ RSA_set0_key(rsa, n, e, NULL);
533+ if (n == NULL || e == NULL) {
530534 RSA_free(rsa);
531535 goto error;
532536 }
533537
538+ RSA_get0_key(src, &sn, &se, NULL);
539+
534540 // 深いコピー(deep copy)を行う。浅いコピー(shallow copy)はNG。
535- BN_copy(rsa->n, src->n);
536- BN_copy(rsa->e, src->e);
541+ BN_copy(n, sn);
542+ BN_copy(e, se);
537543
538544 error:
539545 return (rsa);
@@ -626,6 +632,7 @@
626632 int len = 0;
627633 int nlen, elen;
628634 RSA *rsa;
635+ BIGNUM *e = NULL, *n = NULL;
629636
630637 ctx = EVP_MD_CTX_new();
631638 if (ctx == NULL)
@@ -650,15 +657,16 @@
650657 switch (k->type) {
651658 case KEY_RSA1:
652659 rsa = make_key(NULL, k->bits, k->exp, k->mod);
653- nlen = BN_num_bytes(rsa->n);
654- elen = BN_num_bytes(rsa->e);
660+ RSA_get0_key(rsa, &n, &e, NULL);
661+ nlen = BN_num_bytes(n);
662+ elen = BN_num_bytes(e);
655663 len = nlen + elen;
656664 blob = malloc(len);
657665 if (blob == NULL) {
658666 // TODO:
659667 }
660- BN_bn2bin(rsa->n, blob);
661- BN_bn2bin(rsa->e, blob + nlen);
668+ BN_bn2bin(n, blob);
669+ BN_bn2bin(e, blob + nlen);
662670 RSA_free(rsa);
663671 break;
664672
@@ -725,12 +733,15 @@
725733 unsigned int
726734 key_size(const Key *k)
727735 {
736+ BIGNUM *n = NULL;
737+
728738 switch (k->type) {
729739 case KEY_RSA1:
730740 // SSH1の場合は key->rsa と key->dsa は NULL であるので、使わない。
731741 return k->bits;
732742 case KEY_RSA:
733- return BN_num_bits(k->rsa->n);
743+ RSA_get0_key(k->rsa, &n, NULL, NULL);
744+ return BN_num_bits(n);
734745 case KEY_DSA:
735746 return BN_num_bits(k->dsa->p);
736747 case KEY_ECDSA256:
@@ -949,17 +960,27 @@
949960 //
950961 static void key_add_private(Key *k)
951962 {
963+ BIGNUM *d, *iqmp, *q, *p, *dmq1, *dmp1;
964+
965+ d = iqmp = q = p = dmq1 = dmp1 = NULL;
966+
952967 switch (k->type) {
953968 case KEY_RSA1:
954969 case KEY_RSA:
955- k->rsa->d = BN_new();
956- k->rsa->iqmp = BN_new();
957- k->rsa->q = BN_new();
958- k->rsa->p = BN_new();
959- k->rsa->dmq1 = BN_new();
960- k->rsa->dmp1 = BN_new();
961- if (k->rsa->d == NULL || k->rsa->iqmp == NULL || k->rsa->q == NULL ||
962- k->rsa->p == NULL || k->rsa->dmq1 == NULL || k->rsa->dmp1 == NULL)
970+ d = BN_new();
971+ RSA_set0_key(k->rsa, NULL, NULL, d);
972+
973+ iqmp = BN_new();
974+ q = BN_new();
975+ p = BN_new();
976+ RSA_set0_factors(k->rsa, p, q);
977+
978+ dmq1 = BN_new();
979+ dmp1 = BN_new();
980+ RSA_set0_crt_params(k->rsa, dmp1, dmq1, iqmp);
981+
982+ if (d == NULL || iqmp == NULL || q == NULL ||
983+ p == NULL || dmq1 == NULL || dmp1 == NULL)
963984 goto error;
964985 break;
965986
@@ -989,29 +1010,24 @@
9891010 return;
9901011
9911012 error:
992- if (k->rsa->d) {
993- BN_free(k->rsa->d);
994- k->rsa->d = NULL;
1013+ if (d) {
1014+ BN_free(d);
1015+ // RSA_set0_key関数ではメンバーにNULLをセットすることはできない。
9951016 }
996- if (k->rsa->iqmp) {
997- BN_free(k->rsa->iqmp);
998- k->rsa->iqmp = NULL;
1017+ if (iqmp) {
1018+ BN_free(iqmp);
9991019 }
1000- if (k->rsa->q) {
1001- BN_free(k->rsa->q);
1002- k->rsa->q = NULL;
1020+ if (q) {
1021+ BN_free(q);
10031022 }
1004- if (k->rsa->p) {
1005- BN_free(k->rsa->p);
1006- k->rsa->p = NULL;
1023+ if (p) {
1024+ BN_free(p);
10071025 }
1008- if (k->rsa->dmq1) {
1009- BN_free(k->rsa->dmq1);
1010- k->rsa->dmq1 = NULL;
1026+ if (dmq1) {
1027+ BN_free(dmq1);
10111028 }
1012- if (k->rsa->dmp1) {
1013- BN_free(k->rsa->dmp1);
1014- k->rsa->dmp1 = NULL;
1029+ if (dmp1) {
1030+ BN_free(dmp1);
10151031 }
10161032
10171033
@@ -1037,6 +1053,7 @@
10371053 Key *k = NULL;
10381054 RSA *rsa;
10391055 DSA *dsa;
1056+ BIGNUM *e = NULL, *n = NULL;
10401057
10411058 k = calloc(1, sizeof(Key));
10421059 if (k == NULL)
@@ -1054,9 +1071,10 @@
10541071 rsa = RSA_new();
10551072 if (rsa == NULL)
10561073 goto error;
1057- rsa->n = BN_new();
1058- rsa->e = BN_new();
1059- if (rsa->n == NULL || rsa->e == NULL)
1074+ n = BN_new();
1075+ e = BN_new();
1076+ RSA_set0_key(rsa, n, e, NULL);
1077+ if (n == NULL || e == NULL)
10601078 goto error;
10611079 k->rsa = rsa;
10621080 break;
@@ -1236,6 +1254,7 @@
12361254 char *sshname, *tmp;
12371255 int len;
12381256 int ret = 1; // success
1257+ BIGNUM *e = NULL, *n = NULL;
12391258
12401259 b = buffer_init();
12411260 sshname = get_sshname_from_key(key);
@@ -1242,9 +1261,10 @@
12421261
12431262 switch (key->type) {
12441263 case KEY_RSA:
1264+ RSA_get0_key(key->rsa, &n, &e, NULL);
12451265 buffer_put_string(b, sshname, strlen(sshname));
1246- buffer_put_bignum2(b, key->rsa->e);
1247- buffer_put_bignum2(b, key->rsa->n);
1266+ buffer_put_bignum2(b, e);
1267+ buffer_put_bignum2(b, n);
12481268 break;
12491269 case KEY_DSA:
12501270 buffer_put_string(b, sshname, strlen(sshname));
@@ -1307,6 +1327,7 @@
13071327 Key *hostkey = NULL; // hostkey
13081328 ssh_keytype type;
13091329 unsigned char *pk = NULL;
1330+ BIGNUM *e = NULL, *n = NULL;
13101331
13111332 if (data == NULL)
13121333 goto error;
@@ -1334,14 +1355,15 @@
13341355 if (rsa == NULL) {
13351356 goto error;
13361357 }
1337- rsa->n = BN_new();
1338- rsa->e = BN_new();
1339- if (rsa->n == NULL || rsa->e == NULL) {
1358+ n = BN_new();
1359+ e = BN_new();
1360+ RSA_set0_key(rsa, n, e, NULL);
1361+ if (n == NULL || e == NULL) {
13401362 goto error;
13411363 }
13421364
1343- buffer_get_bignum2(&data, rsa->e);
1344- buffer_get_bignum2(&data, rsa->n);
1365+ buffer_get_bignum2(&data, e);
1366+ buffer_get_bignum2(&data, n);
13451367
13461368 hostkey->type = type;
13471369 hostkey->rsa = rsa;
@@ -1674,6 +1696,7 @@
16741696 buffer_t *msg = NULL;
16751697 Key *keypair;
16761698 char *s, *tmp;
1699+ BIGNUM *e = NULL, *n = NULL;
16771700
16781701 msg = buffer_init();
16791702 if (msg == NULL) {
@@ -1686,9 +1709,10 @@
16861709 switch (keypair->type) {
16871710 case KEY_RSA: // RSA
16881711 s = get_sshname_from_key(keypair);
1712+ RSA_get0_key(keypair->rsa, &n, &e, NULL);
16891713 buffer_put_string(msg, s, strlen(s));
1690- buffer_put_bignum2(msg, keypair->rsa->e); // 公開指数
1691- buffer_put_bignum2(msg, keypair->rsa->n); // p×q
1714+ buffer_put_bignum2(msg, e); // 公開指数
1715+ buffer_put_bignum2(msg, n); // p×q
16921716 break;
16931717 case KEY_DSA: // DSA
16941718 s = get_sshname_from_key(keypair);
@@ -1778,6 +1802,7 @@
17781802 void key_private_serialize(Key *key, buffer_t *b)
17791803 {
17801804 char *s;
1805+ BIGNUM *e, *n, *d, *iqmp, *p, *q;
17811806
17821807 s = get_sshname_from_key(key);
17831808 buffer_put_cstring(b, s);
@@ -1784,12 +1809,16 @@
17841809
17851810 switch (key->type) {
17861811 case KEY_RSA:
1787- buffer_put_bignum2(b, key->rsa->n);
1788- buffer_put_bignum2(b, key->rsa->e);
1789- buffer_put_bignum2(b, key->rsa->d);
1790- buffer_put_bignum2(b, key->rsa->iqmp);
1791- buffer_put_bignum2(b, key->rsa->p);
1792- buffer_put_bignum2(b, key->rsa->q);
1812+ RSA_get0_key(key->rsa, &n, &e, &d);
1813+ RSA_get0_factors(key->rsa, &p, &q);
1814+ RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp);
1815+
1816+ buffer_put_bignum2(b, n);
1817+ buffer_put_bignum2(b, e);
1818+ buffer_put_bignum2(b, d);
1819+ buffer_put_bignum2(b, iqmp);
1820+ buffer_put_bignum2(b, p);
1821+ buffer_put_bignum2(b, q);
17931822 break;
17941823
17951824 case KEY_DSA:
@@ -1824,6 +1853,7 @@
18241853 {
18251854 BIGNUM *aux = NULL;
18261855 BN_CTX *ctx = NULL;
1856+ BIGNUM *e, *n, *d, *dmp1, *dmq1, *iqmp, *p, *q;
18271857
18281858 if ((aux = BN_new()) == NULL)
18291859 goto error;
@@ -1830,10 +1860,14 @@
18301860 if ((ctx = BN_CTX_new()) == NULL)
18311861 goto error;
18321862
1833- if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
1834- (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
1835- (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
1836- (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0))
1863+ RSA_get0_key(rsa, &n, &e, &d);
1864+ RSA_get0_factors(rsa, &p, &q);
1865+ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
1866+
1867+ if ((BN_sub(aux, q, BN_value_one()) == 0) ||
1868+ (BN_mod(dmq1, d, aux, ctx) == 0) ||
1869+ (BN_sub(aux, p, BN_value_one()) == 0) ||
1870+ (BN_mod(dmp1, d, aux, ctx) == 0))
18371871 goto error;
18381872
18391873 error:
@@ -1886,6 +1920,7 @@
18861920 Key *k = NULL;
18871921 unsigned int pklen, sklen;
18881922 int type;
1923+ BIGNUM *e, *n, *d, *dmp1, *dmq1, *iqmp, *p, *q;
18891924
18901925 type_name = buffer_get_string_msg(blob, NULL);
18911926 if (type_name == NULL)
@@ -1896,13 +1931,17 @@
18961931
18971932 switch (type) {
18981933 case KEY_RSA:
1899- buffer_get_bignum2_msg(blob, k->rsa->n);
1900- buffer_get_bignum2_msg(blob, k->rsa->e);
1901- buffer_get_bignum2_msg(blob, k->rsa->d);
1902- buffer_get_bignum2_msg(blob, k->rsa->iqmp);
1903- buffer_get_bignum2_msg(blob, k->rsa->p);
1904- buffer_get_bignum2_msg(blob, k->rsa->q);
1934+ RSA_get0_key(k->rsa, &n, &e, &d);
1935+ RSA_get0_factors(k->rsa, &p, &q);
1936+ RSA_get0_crt_params(k->rsa, &dmp1, &dmq1, &iqmp);
19051937
1938+ buffer_get_bignum2_msg(blob, n);
1939+ buffer_get_bignum2_msg(blob, e);
1940+ buffer_get_bignum2_msg(blob, d);
1941+ buffer_get_bignum2_msg(blob, iqmp);
1942+ buffer_get_bignum2_msg(blob, p);
1943+ buffer_get_bignum2_msg(blob, q);
1944+
19061945 /* Generate additional parameters */
19071946 rsa_generate_additional_parameters(k->rsa);
19081947 break;
--- branches/openssl_1_1_0/ttssh2/ttxssh/keyfiles.c (revision 6564)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/keyfiles.c (revision 6565)
@@ -68,24 +68,31 @@
6868 BOOL OK = FALSE;
6969 BIGNUM *r = BN_new();
7070 BN_CTX *ctx = BN_CTX_new();
71+ BIGNUM *e, *n, *d, *dmp1, *dmq1, *iqmp, *p, *q;
7172
72- if (BN_cmp(key->p, key->q) < 0) {
73- BIGNUM *tmp = key->p;
73+ RSA_get0_key(key, &n, &e, &d);
74+ RSA_get0_factors(key, &p, &q);
75+ RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp);
7476
75- key->p = key->q;
76- key->q = tmp;
77+ if (BN_cmp(p, q) < 0) {
78+ BIGNUM *tmp = p;
79+
80+ p = q;
81+ q = tmp;
82+ RSA_set0_factors(key, p, q);
7783 }
7884
7985 if (r != NULL && ctx != NULL) {
80- key->dmp1 = BN_new();
81- key->dmq1 = BN_new();
82- key->iqmp = BN_mod_inverse(NULL, key->q, key->p, ctx);
86+ dmp1 = BN_new();
87+ dmq1 = BN_new();
88+ iqmp = BN_mod_inverse(NULL, q, p, ctx);
89+ RSA_set0_crt_params(key, dmp1, dmq1, iqmp);
8390
84- if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
85- OK = BN_sub(r, key->p, BN_value_one())
86- && BN_mod(key->dmp1, key->d, r, ctx)
87- && BN_sub(r, key->q, BN_value_one())
88- && BN_mod(key->dmq1, key->d, r, ctx);
91+ if (dmp1 != NULL && dmq1 != NULL && iqmp != NULL) {
92+ OK = BN_sub(r, p, BN_value_one())
93+ && BN_mod(dmp1, d, r, ctx)
94+ && BN_sub(r, q, BN_value_one())
95+ && BN_mod(dmq1, d, r, ctx);
8996 }
9097 }
9198
@@ -109,6 +116,7 @@
109116 int cipher;
110117 RSA FAR *key;
111118 unsigned int E_index, N_index, D_index, U_index, P_index, Q_index = 0;
119+ BIGNUM *e, *n, *d, *p, *q;
112120
113121 *invalid_passphrase = FALSE;
114122
@@ -293,11 +301,13 @@
293301 }
294302
295303 key = RSA_new();
296- key->n = get_bignum(keyfile_data + N_index);
297- key->e = get_bignum(keyfile_data + E_index);
298- key->d = get_bignum(keyfile_data + D_index);
299- key->p = get_bignum(keyfile_data + P_index);
300- key->q = get_bignum(keyfile_data + Q_index);
304+ n = get_bignum(keyfile_data + N_index);
305+ e = get_bignum(keyfile_data + E_index);
306+ d = get_bignum(keyfile_data + D_index);
307+ RSA_set0_key(key, e, n, d);
308+ p = get_bignum(keyfile_data + P_index);
309+ q = get_bignum(keyfile_data + Q_index);
310+ RSA_set0_factors(key, p, q);
301311
302312 if (!normalize_key(key)) {
303313 UTIL_get_lang_msg("MSG_KEYFILES_CRYPTOLIB_ERROR", pvar,
@@ -380,7 +390,7 @@
380390 encoded = buffer_init();
381391 copy_consumed = buffer_init();
382392 cipher_ctx = EVP_CIPHER_CTX_new();
383- if (blob == NULL || b == NULL || ;kdf == NULL || encoded == NULL || copy_consumed == NULL || cipher_ctx == NULL)
393+ if (blob == NULL || b == NULL || kdf == NULL || encoded == NULL || copy_consumed == NULL || cipher_ctx == NULL)
384394 goto error;
385395
386396 // ファイルをすべて読み込む
@@ -1031,6 +1041,8 @@
10311041 case KEY_RSA:
10321042 {
10331043 char *pubkey_type, *pub, *pri;
1044+ BIGNUM *e, *n, *d, *dmp1, *dmq1, *iqmp, *p, *q;
1045+
10341046 pub = pubkey->buf;
10351047 pri = prikey->buf;
10361048 pubkey_type = buffer_get_string(&pub, NULL);
@@ -1046,29 +1058,34 @@
10461058 strncpy_s(errmsg, errmsg_len, "key init error", _TRUNCATE);
10471059 goto error;
10481060 }
1049- result->rsa->e = BN_new();
1050- result->rsa->n = BN_new();
1051- result->rsa->d = BN_new();
1052- result->rsa->p = BN_new();
1053- result->rsa->q = BN_new();
1054- result->rsa->iqmp = BN_new();
1055- if (result->rsa->e == NULL ||
1056- result->rsa->n == NULL ||
1057- result->rsa->d == NULL ||
1058- result->rsa->p == NULL ||
1059- result->rsa->q == NULL ||
1060- result->rsa->iqmp == NULL) {
1061+ e = BN_new();
1062+ n = BN_new();
1063+ d = BN_new();
1064+ RSA_set0_key(result->rsa, e, n, d);
1065+
1066+ p = BN_new();
1067+ q = BN_new();
1068+ RSA_set0_factors(result->rsa, p, q);
1069+
1070+ iqmp = BN_new();
1071+ RSA_set0_crt_params(result->rsa, NULL, NULL, iqmp);
1072+ if (e == NULL ||
1073+ n == NULL ||
1074+ d == NULL ||
1075+ p == NULL ||
1076+ q == NULL ||
1077+ iqmp == NULL) {
10611078 strncpy_s(errmsg, errmsg_len, "key init error", _TRUNCATE);
10621079 goto error;
10631080 }
10641081
1065- buffer_get_bignum2(&pub, result->rsa->e);
1066- buffer_get_bignum2(&pub, result->rsa->n);
1082+ buffer_get_bignum2(&pub, e);
1083+ buffer_get_bignum2(&pub, n);
10671084
1068- buffer_get_bignum2(&pri, result->rsa->d);
1069- buffer_get_bignum2(&pri, result->rsa->p);
1070- buffer_get_bignum2(&pri, result->rsa->q);
1071- buffer_get_bignum2(&pri, result->rsa->iqmp);
1085+ buffer_get_bignum2(&pri, d);
1086+ buffer_get_bignum2(&pri, p);
1087+ buffer_get_bignum2(&pri, q);
1088+ buffer_get_bignum2(&pri, iqmp);
10721089
10731090 break;
10741091 }
@@ -1382,33 +1399,40 @@
13821399 switch (result->type) {
13831400 case KEY_RSA:
13841401 {
1402+ BIGNUM *e, *n, *d, *dmp1, *dmq1, *iqmp, *p, *q;
1403+
13851404 result->rsa = RSA_new();
13861405 if (result->rsa == NULL) {
13871406 strncpy_s(errmsg, errmsg_len, "key init error", _TRUNCATE);
13881407 goto error;
13891408 }
1390- result->rsa->e = BN_new();
1391- result->rsa->n = BN_new();
1392- result->rsa->d = BN_new();
1393- result->rsa->p = BN_new();
1394- result->rsa->q = BN_new();
1395- result->rsa->iqmp = BN_new();
1396- if (result->rsa->e == NULL ||
1397- result->rsa->n == NULL ||
1398- result->rsa->d == NULL ||
1399- result->rsa->p == NULL ||
1400- result->rsa->q == NULL ||
1401- result->rsa->iqmp == NULL) {
1409+ e = BN_new();
1410+ n = BN_new();
1411+ d = BN_new();
1412+ RSA_set0_key(result->rsa, e, n, d);
1413+
1414+ p = BN_new();
1415+ q = BN_new();
1416+ RSA_set0_factors(result->rsa, p, q);
1417+
1418+ iqmp = BN_new();
1419+ RSA_set0_crt_params(result->rsa, NULL, NULL, iqmp);
1420+ if (e == NULL ||
1421+ n == NULL ||
1422+ d == NULL ||
1423+ p == NULL ||
1424+ q == NULL ||
1425+ iqmp == NULL) {
14021426 strncpy_s(errmsg, errmsg_len, "key init error", _TRUNCATE);
14031427 goto error;
14041428 }
14051429
1406- buffer_get_bignum_SECSH(blob2, result->rsa->e);
1407- buffer_get_bignum_SECSH(blob2, result->rsa->d);
1408- buffer_get_bignum_SECSH(blob2, result->rsa->n);
1409- buffer_get_bignum_SECSH(blob2, result->rsa->iqmp);
1410- buffer_get_bignum_SECSH(blob2, result->rsa->p);
1411- buffer_get_bignum_SECSH(blob2, result->rsa->q);
1430+ buffer_get_bignum_SECSH(blob2, e);
1431+ buffer_get_bignum_SECSH(blob2, d);
1432+ buffer_get_bignum_SECSH(blob2, n);
1433+ buffer_get_bignum_SECSH(blob2, iqmp);
1434+ buffer_get_bignum_SECSH(blob2, p);
1435+ buffer_get_bignum_SECSH(blob2, q);
14121436
14131437 break;
14141438 }
--- branches/openssl_1_1_0/ttssh2/ttxssh/ssh.c (revision 6564)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/ssh.c (revision 6565)
@@ -2429,24 +2429,35 @@
24292429 }
24302430 }
24312431 else if (pvar->auth_state.cur_cred.method == SSH_AUTH_PAGEANT) {
2432- int server_key_bits = BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
2433- int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
2434- int server_key_bytes = (server_key_bits + 7) / 8;
2435- int host_key_bytes = (host_key_bits + 7) / 8;
2436- int session_buf_len = server_key_bytes + host_key_bytes + 8;
2437- char FAR *session_buf = (char FAR *) malloc(session_buf_len);
2432+ int server_key_bits;
2433+ int host_key_bits;
2434+ int server_key_bytes;
2435+ int host_key_bytes;
2436+ int session_buf_len;
2437+ char FAR *session_buf;
24382438 unsigned char session_id[16];
2439+ BIGNUM *server_n, *host_n;
24392440
24402441 unsigned char *hash;
24412442 int pubkeylen, hashlen;
24422443
2444+ RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
2445+ RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
2446+
2447+ server_key_bits = BN_num_bits(server_n);
2448+ host_key_bits = BN_num_bits(host_n);
2449+ server_key_bytes = (server_key_bits + 7) / 8;
2450+ host_key_bytes = (host_key_bits + 7) / 8;
2451+ session_buf_len = server_key_bytes + host_key_bytes + 8;
2452+ session_buf = (char FAR *) malloc(session_buf_len);
2453+
24432454 /* Pageant にハッシュを計算してもらう */
24442455 // 公開鍵の長さ
24452456 pubkeylen = putty_get_ssh1_keylen(pvar->pageant_curkey,
24462457 pvar->pageant_keylistlen);
24472458 // セッションIDを作成
2448- BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
2449- BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
2459+ BN_bn2bin(host_n, session_buf);
2460+ BN_bn2bin(server_n,
24502461 session_buf + host_key_bytes);
24512462 memcpy(session_buf + server_key_bytes + host_key_bytes,
24522463 pvar->crypt_state.server_cookie, 8);
@@ -2474,6 +2485,8 @@
24742485
24752486 static void try_send_credentials(PTInstVar pvar)
24762487 {
2488+ BIGNUM *e, *n;
2489+
24772490 if ((pvar->ssh_state.status_flags & STATUS_DONT_SEND_CREDENTIALS) == 0) {
24782491 AUTHCred FAR *cred = AUTH_get_cur_cred(pvar);
24792492 static const int RSA_msgs[] =
@@ -2530,8 +2543,12 @@
25302543 break;
25312544 }
25322545 case SSH_AUTH_RSA:{
2533- int len = BN_num_bytes(cred->key_pair->rsa->n);
2534- unsigned char FAR *outmsg =
2546+ int len;
2547+ unsigned char FAR *outmsg;
2548+
2549+ RSA_get0_key(cred->key_pair->rsa, &n, NULL, NULL);
2550+ len = BN_num_bytes(n);
2551+ outmsg =
25352552 begin_send_packet(pvar, SSH_CMSG_AUTH_RSA, 2 + len);
25362553
25372554 notify_verbose_message(pvar,
@@ -2539,17 +2556,23 @@
25392556 LOG_LEVEL_VERBOSE);
25402557
25412558 set_ushort16_MSBfirst(outmsg, len * 8);
2542- BN_bn2bin(cred->key_pair->rsa->n, outmsg + 2);
2559+ BN_bn2bin(n, outmsg + 2);
25432560 /* don't destroy the current credentials yet */
25442561 enque_handlers(pvar, 2, RSA_msgs, RSA_handlers);
25452562 break;
25462563 }
25472564 case SSH_AUTH_RHOSTS_RSA:{
2548- int mod_len = BN_num_bytes(cred->key_pair->rsa->n);
2549- int name_len = strlen(cred->rhosts_client_user);
2550- int exp_len = BN_num_bytes(cred->key_pair->rsa->e);
2565+ int mod_len;
2566+ int name_len;
2567+ int exp_len;
25512568 int index;
2552- unsigned char FAR *outmsg =
2569+ unsigned char FAR *outmsg;
2570+
2571+ RSA_get0_key(cred->key_pair->rsa, &n, &e, NULL);
2572+ mod_len = BN_num_bytes(n);
2573+ name_len = strlen(cred->rhosts_client_user);
2574+ exp_len = BN_num_bytes(e);
2575+ outmsg =
25532576 begin_send_packet(pvar, SSH_CMSG_AUTH_RHOSTS_RSA,
25542577 12 + mod_len + name_len + exp_len);
25552578
@@ -2563,11 +2586,11 @@
25632586
25642587 set_uint32(outmsg + index, 8 * mod_len);
25652588 set_ushort16_MSBfirst(outmsg + index + 4, 8 * exp_len);
2566- BN_bn2bin(cred->key_pair->rsa->e, outmsg + index + 6);
2589+ BN_bn2bin(e, outmsg + index + 6);
25672590 index += 6 + exp_len;
25682591
25692592 set_ushort16_MSBfirst(outmsg + index, 8 * mod_len);
2570- BN_bn2bin(cred->key_pair->rsa->n, outmsg + index + 2);
2593+ BN_bn2bin(n, outmsg + index + 2);
25712594 /* don't destroy the current credentials yet */
25722595 enque_handlers(pvar, 2, RSA_msgs, RSA_handlers);
25732596 break;
@@ -5684,9 +5707,11 @@
56845707 if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) {
56855708 if (ret == -3 && hostkey->type == KEY_RSA) {
56865709 if (!pvar->settings.EnableRsaShortKeyServer) {
5710+ BIGNUM *n;
5711+ RSA_get0_key(hostkey->rsa, &n, NULL, NULL);
56875712 _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
56885713 "key verify error(remote rsa key length is too short %d-bit) "
5689- "@ handle_SSH2_dh_kex_reply()", BN_num_bits(hostkey->rsa->n));
5714+ "@ handle_SSH2_dh_kex_reply()", BN_num_bits(n));
56905715 }
56915716 else {
56925717 goto cont;
@@ -5919,9 +5944,11 @@
59195944 if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) {
59205945 if (ret == -3 && hostkey->type == KEY_RSA) {
59215946 if (!pvar->settings.EnableRsaShortKeyServer) {
5947+ BIGNUM *n;
5948+ RSA_get0_key(hostkey->rsa, &n, NULL, NULL);
59225949 _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
59235950 "key verify error(remote rsa key length is too short %d-bit) "
5924- "@ handle_SSH2_dh_gex_reply()", BN_num_bits(hostkey->rsa->n));
5951+ "@ handle_SSH2_dh_gex_reply()", BN_num_bits(n));
59255952 }
59265953 else {
59275954 goto cont;
@@ -6151,9 +6178,11 @@
61516178 if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) {
61526179 if (ret == -3 && hostkey->type == KEY_RSA) {
61536180 if (!pvar->settings.EnableRsaShortKeyServer) {
6181+ BIGNUM *n;
6182+ RSA_get0_key(hostkey->rsa, &n, NULL, NULL);
61546183 _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
61556184 "key verify error(remote rsa key length is too short %d-bit) "
6156- "@ handle_SSH2_ecdh_kex_reply()", BN_num_bits(hostkey->rsa->n));
6185+ "@ handle_SSH2_ecdh_kex_reply()", BN_num_bits(n));
61576186 }
61586187 else {
61596188 goto cont;
--- branches/openssl_1_1_0/ttssh2/ttxssh/ttxssh.c (revision 6564)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/ttxssh.c (revision 6565)
@@ -3657,6 +3657,8 @@
36573657 {
36583658 RSA *priv = NULL;
36593659 RSA *pub = NULL;
3660+ BIGNUM *e, *n;
3661+ BIGNUM *p_e, *p_n;
36603662
36613663 // private key
36623664 priv = RSA_generate_key(bits, 35, cbfunc, cbarg);
@@ -3666,15 +3668,18 @@
36663668
36673669 // public key
36683670 pub = RSA_new();
3669- pub->n = BN_new();
3670- pub->e = BN_new();
3671- if (pub->n == NULL || pub->e == NULL) {
3671+ n = BN_new();
3672+ e = BN_new();
3673+ RSA_set0_key(pub, e, n, NULL);
3674+ if (n == NULL || e == NULL) {
36723675 RSA_free(pub);
36733676 goto error;
36743677 }
36753678
3676- BN_copy(pub->n, priv->n);
3677- BN_copy(pub->e, priv->e);
3679+ RSA_get0_key(priv, &p_n, &p_e, NULL);
3680+
3681+ BN_copy(n, p_n);
3682+ BN_copy(e, p_e);
36783683 public_key.rsa = pub;
36793684 break;
36803685 }
@@ -4875,15 +4880,18 @@
48754880 RSA *rsa = public_key.rsa;
48764881 int bits;
48774882 char *buf;
4883+ BIGNUM *e, *n;
48784884
4879- bits = BN_num_bits(rsa->n);
4885+ RSA_get0_key(rsa, &n, &e, NULL);
4886+
4887+ bits = BN_num_bits(n);
48804888 fprintf(fp, "%u", bits);
48814889
4882- buf = BN_bn2dec(rsa->e);
4890+ buf = BN_bn2dec(e);
48834891 fprintf(fp, " %s", buf);
48844892 OPENSSL_free(buf);
48854893
4886- buf = BN_bn2dec(rsa->n);
4894+ buf = BN_bn2dec(n);
48874895 fprintf(fp, " %s", buf);
48884896 OPENSSL_free(buf);
48894897
@@ -4897,6 +4905,7 @@
48974905 char *blob;
48984906 char *uuenc; // uuencode data
48994907 int uulen;
4908+ BIGNUM *e, *n;
49004909
49014910 b = buffer_init();
49024911 if (b == NULL)
@@ -4913,10 +4922,11 @@
49134922 break;
49144923
49154924 case KEY_RSA: // RSA
4925+ RSA_get0_key(rsa, &n, &e, NULL);
49164926 keyname = "ssh-rsa";
49174927 buffer_put_string(b, keyname, strlen(keyname));
4918- buffer_put_bignum2(b, rsa->e);
4919- buffer_put_bignum2(b, rsa->n);
4928+ buffer_put_bignum2(b, e);
4929+ buffer_put_bignum2(b, n);
49204930 break;
49214931
49224932 case KEY_ECDSA256: // ECDSA
@@ -5089,6 +5099,7 @@
50895099 EVP_CIPHER_CTX *cipher_ctx = NULL;
50905100 FILE *fp;
50915101 char wrapped[4096];
5102+ BIGNUM *e, *n, *d, *dmp1, *dmq1, *iqmp, *p, *q;
50925103
50935104 if (passphrase[0] == '\0') { // passphrase is empty
50945105 cipher_num = SSH_CIPHER_NONE;
@@ -5117,11 +5128,15 @@
51175128
51185129 // set private key
51195130 rsa = private_key.rsa;
5120- buffer_put_bignum(b, rsa->d);
5121- buffer_put_bignum(b, rsa->iqmp);
5122- buffer_put_bignum(b, rsa->q);
5123- buffer_put_bignum(b, rsa->p);
5131+ RSA_get0_key(rsa, &n, &e, &d);
5132+ RSA_get0_factors(rsa, &p, &q);
5133+ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
51245134
5135+ buffer_put_bignum(b, d);
5136+ buffer_put_bignum(b, iqmp);
5137+ buffer_put_bignum(b, q);
5138+ buffer_put_bignum(b, p);
5139+
51255140 // padding with 8byte align
51265141 while (buffer_len(b) % 8) {
51275142 buffer_put_char(b, 0);
@@ -5143,9 +5158,9 @@
51435158 buffer_put_int(enc, 0); // type is 'int'!! (For future extension)
51445159
51455160 /* Store public key. This will be in plain text. */
5146- buffer_put_int(enc, BN_num_bits(rsa->n));
5147- buffer_put_bignum(enc, rsa->n);
5148- buffer_put_bignum(enc, rsa->e);
5161+ buffer_put_int(enc, BN_num_bits(n));
5162+ buffer_put_bignum(enc, n);
5163+ buffer_put_bignum(enc, e);
51495164 buffer_put_string(enc, comment, strlen(comment));
51505165
51515166 // setup the MD5ed passphrase to cipher encryption key
Show on old repository browser