88 |
ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, |
ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, |
89 |
uint8 * exponent) |
uint8 * exponent) |
90 |
{ |
{ |
91 |
BN_CTX * ctx; |
BN_CTX *ctx; |
92 |
BIGNUM mod, exp, x, y; |
BIGNUM mod, exp, x, y; |
93 |
uint8 inr[SEC_MAX_MODULUS_SIZE]; |
uint8 inr[SEC_MAX_MODULUS_SIZE]; |
94 |
int outlen; |
int outlen; |
110 |
BN_mod_exp(&y, &x, &exp, &mod, ctx); |
BN_mod_exp(&y, &x, &exp, &mod, ctx); |
111 |
outlen = BN_bn2bin(&y, out); |
outlen = BN_bn2bin(&y, out); |
112 |
reverse(out, outlen); |
reverse(out, outlen); |
113 |
if (outlen < modulus_size) |
if (outlen < (int) modulus_size) |
114 |
memset(out + outlen, 0, modulus_size - outlen); |
memset(out + outlen, 0, modulus_size - outlen); |
115 |
|
|
116 |
BN_free(&y); |
BN_free(&y); |
138 |
SSL_RKEY * |
SSL_RKEY * |
139 |
ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len) |
ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len) |
140 |
{ |
{ |
141 |
EVP_PKEY * epk = NULL; |
EVP_PKEY *epk = NULL; |
142 |
SSL_RKEY * lkey; |
SSL_RKEY *lkey; |
143 |
|
int nid; |
144 |
|
|
145 |
/* By some reason, Microsoft sets the OID of the Public RSA key to |
/* By some reason, Microsoft sets the OID of the Public RSA key to |
146 |
the oid for "MD5 with RSA Encryption" instead of "RSA Encryption" |
the oid for "MD5 with RSA Encryption" instead of "RSA Encryption" |
147 |
|
|
148 |
Kudos to Richard Levitte for the following (. intiutive .) |
Kudos to Richard Levitte for the following (. intiutive .) |
149 |
lines of code that resets the OID and let's us extract the key. */ |
lines of code that resets the OID and let's us extract the key. */ |
150 |
if (OBJ_obj2nid(cert->cert_info->key->algor->algorithm) == NID_md5WithRSAEncryption) |
nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); |
151 |
|
if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) |
152 |
{ |
{ |
153 |
DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n")); |
DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n")); |
154 |
ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm); |
ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm); |
179 |
server we are connecting to as key, and compare it |
server we are connecting to as key, and compare it |
180 |
when we connect the next time, in order to prevent |
when we connect the next time, in order to prevent |
181 |
MITM-attacks. |
MITM-attacks. |
182 |
*/ |
*/ |
183 |
return True; |
return True; |
184 |
} |
} |
185 |
|
|
200 |
ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus, |
ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus, |
201 |
uint32 max_mod_len) |
uint32 max_mod_len) |
202 |
{ |
{ |
203 |
uint32 len; |
int len; |
204 |
|
|
205 |
if ((BN_num_bytes(rkey->e) > max_exp_len) || (BN_num_bytes(rkey->n) > max_mod_len)) |
if ((BN_num_bytes(rkey->e) > (int) max_exp_len) || |
206 |
|
(BN_num_bytes(rkey->n) > (int) max_mod_len)) |
207 |
{ |
{ |
208 |
return 1; |
return 1; |
209 |
} |
} |
221 |
{ |
{ |
222 |
/* Currently, we don't check the signature |
/* Currently, we don't check the signature |
223 |
FIXME: |
FIXME: |
224 |
*/ |
*/ |
225 |
return True; |
return True; |
226 |
} |
} |