use rsaref port

This commit is contained in:
dugsong 1999-12-12 22:09:25 +00:00
parent c1db3645d0
commit b131dffd16
6 changed files with 16 additions and 91 deletions

View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.44 1999/12/09 17:55:55 brad Exp $
# $OpenBSD: Makefile,v 1.45 1999/12/12 22:09:25 dugsong Exp $
DISTNAME= ssh-1.2.27
CATEGORIES= security net
@ -6,9 +6,6 @@ MASTER_SITES= http://the.wiretapped.net/security/cryptography/ssh/SSH/ \
ftp://ftp.cs.hut.fi/pub/ssh/ \
ftp://ftp.funet.fi/pub/unix/security/login/ssh/ \
ftp://ftp.cert.dfn.de/pub/tools/net/ssh/
MASTER_SITES0= http://the.wiretapped.net/security/cryptography/libs/rsa/ \
ftp://idea.dsi.unimi.it/pub/security/crypt/math/ \
ftp://ftp.it.net.au/mirrors/crypto/misc/
PATCH_SITES= http://www.ssh.org/patches/ \
ftp://ftp2.inch.com/pub/FreeBSD/
@ -23,8 +20,9 @@ RESTRICTED= "Crypto; export-controlled"
MAINTAINER= todd@openbsd.org
.if defined(USA_RESIDENT) && ${USA_RESIDENT:U} == YES
DISTFILES= ${DISTNAME}.tar.gz rsaref2.tar.gz:0
CONFIGURE_ARGS+= --with-rsaref
BUILD_DEPENDS= ${PREFIX}/lib/librsaref.a:${PORTSDIR}/security/rsaref
CONFIGURE_ARGS+= --with-rsaref=${PREFIX}/lib
CFLAGS+= -I${PREFIX}/include
.endif
GNU_CONFIGURE= yes
@ -71,19 +69,9 @@ ETCDIR?= /etc
RSHPROG?= /usr/bin/rsh
pre-patch:
.if defined(USA_RESIDENT) && ${USA_RESIDENT:U} == YES
@cp ${FILESDIR}/patch-rsaref2 ${PATCHDIR}
@cp ${FILESDIR}/patch-rsaref2-2 ${PATCHDIR}
.endif
@mv -f ${WRKSRC}/make-ssh-known-hosts.pl \
${WRKSRC}/make-ssh-known-hosts.pl.in
post-patch:
.if defined(USA_RESIDENT) && ${USA_RESIDENT:U} == YES
@rm -f ${PATCHDIR}/patch-rsaref2
@rm -f ${PATCHDIR}/patch-rsaref2-2
.endif
fetch-depends:
.if !defined(NO_WARNINGS)
.if !defined(USA_RESIDENT) || ${USA_RESIDENT:U} != YES && ${USA_RESIDENT:U} != NO
@ -101,11 +89,6 @@ fetch-depends:
.endif
.endif
post-extract:
.if defined(USA_RESIDENT) && ${USA_RESIDENT:U} == YES
@mv ${WRKDIR}/rsaref2 ${WRKSRC}/rsaref2
.endif
# Put the config files someplace where they can be found to
# create a package.
post-install:

View File

@ -1,9 +1,6 @@
MD5 (patch-ssh-1.2.27-bsd.tty.chown) = e4d7755994c2fa0d419a60723e8a9d53
MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d
MD5 (ssh-1.2.27.tar.gz) = c22bc000bee0f7d6f4845eab72a81395
RMD160 (patch-ssh-1.2.27-bsd.tty.chown) = 90dd710dc0ba69473eaad648720165914f921f4a
RMD160 (rsaref2.tar.gz) = 282d62321c50ddc3cefb8bab924200594d24af0c
RMD160 (ssh-1.2.27.tar.gz) = b2295e38551f8cc479e0a8e6081ae4312bf946fb
SHA1 (patch-ssh-1.2.27-bsd.tty.chown) = 69692ec9b28ebfc552c5c7e2727eb1bc210bcfcf
SHA1 (rsaref2.tar.gz) = 0b1e58ed2dd82bed07fe80c01c3cfa8558dc745f
SHA1 (ssh-1.2.27.tar.gz) = 0e7d59c6a62b094bd51818599ae24f7de3462d14

View File

@ -1,25 +0,0 @@
--- rsaref2/source/global.h.~1~ Fri Mar 25 12:01:46 1994
+++ rsaref2/source/global.h Thu Apr 2 00:12:23 1998
@@ -7,6 +7,8 @@
#ifndef _GLOBAL_H_
#define _GLOBAL_H_ 1
+#include <limits.h>
+
/* PROTOTYPES should be set to one if and only if the compiler supports
function argument prototyping.
The following makes PROTOTYPES default to 1 if it has not already been
@@ -23,7 +25,13 @@
typedef unsigned short int UINT2;
/* UINT4 defines a four byte word */
+#if ( UINT_MAX == 0xffffffffU )
+typedef unsigned int UINT4;
+#elif ( ULONG_MAX == 0xffffffffU )
typedef unsigned long int UINT4;
+#else
+# error Unknown size for UINT4
+#endif
#ifndef NULL_PTR
#define NULL_PTR ((POINTER)0)

View File

@ -1,38 +0,0 @@
--- rsaref2/source/rsa.c.orig Fri Mar 25 14:01:48 1994
+++ rsaref2/source/rsa.c Sun Dec 12 13:47:57 1999
@@ -33,6 +33,8 @@
unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
modulusLen = (publicKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
return (RE_LEN);
@@ -78,6 +80,8 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
modulusLen = (publicKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);
@@ -129,6 +133,8 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
modulusLen = (privateKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
return (RE_LEN);
@@ -168,6 +174,8 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
modulusLen = (privateKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);

View File

@ -1,5 +1,16 @@
--- rsaglue.c.orig Wed May 12 07:19:28 1999
+++ rsaglue.c Wed Nov 10 09:30:32 1999
+++ rsaglue.c Sun Dec 12 16:20:41 1999
@@ -71,8 +71,8 @@
interface without modifying RSAREF. */
#define _MD5_H_ /* Kludge to prevent inclusion of rsaref md5.h. */
-#include "rsaref2/source/global.h"
-#include "rsaref2/source/rsaref.h"
+#include "global.h"
+#include "rsaref.h"
/* Convert an integer from gmp to rsaref representation. */
@@ -139,6 +139,10 @@
input_bits = mpz_sizeinbase(input, 2);

View File

@ -3,6 +3,3 @@ ssh-1.2.27: patch-ai fixes the buffer overflow in RSAREF rsaglue code.
OpenSSH (integrated into OpenBSD-2.6) does not have this bug.
patch-rsaref2-2 fixes the buffer overflow in RSA{Private,Public}{De,En}crypt(),
as published by CORE SDI in their advisory of Dec. 1, 1999.