| 88 |
ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, |
ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, |
| 89 |
uint8 * exponent) |
uint8 * exponent) |
| 90 |
{ |
{ |
| 91 |
BN_CTX * ctx; |
BN_CTX *ctx; |
| 92 |
BIGNUM mod, exp, x, y; |
BIGNUM mod, exp, x, y; |
| 93 |
uint8 inr[SEC_MAX_MODULUS_SIZE]; |
uint8 inr[SEC_MAX_MODULUS_SIZE]; |
| 94 |
int outlen; |
int outlen; |
| 110 |
BN_mod_exp(&y, &x, &exp, &mod, ctx); |
BN_mod_exp(&y, &x, &exp, &mod, ctx); |
| 111 |
outlen = BN_bn2bin(&y, out); |
outlen = BN_bn2bin(&y, out); |
| 112 |
reverse(out, outlen); |
reverse(out, outlen); |
| 113 |
if (outlen < modulus_size) |
if (outlen < (int) modulus_size) |
| 114 |
memset(out + outlen, 0, modulus_size - outlen); |
memset(out + outlen, 0, modulus_size - outlen); |
| 115 |
|
|
| 116 |
BN_free(&y); |
BN_free(&y); |
| 138 |
SSL_RKEY * |
SSL_RKEY * |
| 139 |
ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len) |
ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len) |
| 140 |
{ |
{ |
| 141 |
EVP_PKEY * epk = NULL; |
EVP_PKEY *epk = NULL; |
| 142 |
SSL_RKEY * lkey; |
SSL_RKEY *lkey; |
| 143 |
|
int nid; |
| 144 |
|
|
| 145 |
/* By some reason, Microsoft sets the OID of the Public RSA key to |
/* By some reason, Microsoft sets the OID of the Public RSA key to |
| 146 |
the oid for "MD5 with RSA Encryption" instead of "RSA Encryption" |
the oid for "MD5 with RSA Encryption" instead of "RSA Encryption" |
| 147 |
|
|
| 148 |
Kudos to Richard Levitte for the following (. intiutive .) |
Kudos to Richard Levitte for the following (. intiutive .) |
| 149 |
lines of code that resets the OID and let's us extract the key. */ |
lines of code that resets the OID and let's us extract the key. */ |
| 150 |
if (OBJ_obj2nid(cert->cert_info->key->algor->algorithm) == NID_md5WithRSAEncryption) |
nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); |
| 151 |
|
if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) |
| 152 |
{ |
{ |
| 153 |
DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n")); |
DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n")); |
| 154 |
ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm); |
ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm); |
| 179 |
server we are connecting to as key, and compare it |
server we are connecting to as key, and compare it |
| 180 |
when we connect the next time, in order to prevent |
when we connect the next time, in order to prevent |
| 181 |
MITM-attacks. |
MITM-attacks. |
| 182 |
*/ |
*/ |
| 183 |
return True; |
return True; |
| 184 |
} |
} |
| 185 |
|
|
| 200 |
ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus, |
ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus, |
| 201 |
uint32 max_mod_len) |
uint32 max_mod_len) |
| 202 |
{ |
{ |
| 203 |
uint32 len; |
int len; |
| 204 |
|
|
| 205 |
if ((BN_num_bytes(rkey->e) > max_exp_len) || (BN_num_bytes(rkey->n) > max_mod_len)) |
if ((BN_num_bytes(rkey->e) > (int) max_exp_len) || |
| 206 |
|
(BN_num_bytes(rkey->n) > (int) max_mod_len)) |
| 207 |
{ |
{ |
| 208 |
return 1; |
return 1; |
| 209 |
} |
} |
| 221 |
{ |
{ |
| 222 |
/* Currently, we don't check the signature |
/* Currently, we don't check the signature |
| 223 |
FIXME: |
FIXME: |
| 224 |
*/ |
*/ |
| 225 |
return True; |
return True; |
| 226 |
} |
} |
Parent Directory
| 
Revision Log
| 
Patch