1 | If you want to use the RSA stuff for crypto keys: |
---|
2 | |
---|
3 | - Get RSAREF or RSAEURO. |
---|
4 | - - Unpack it in the top-level source directory of the NTP distribution |
---|
5 | in a directory named rsaref2 or rsaeuro1, respectively |
---|
6 | (You should see directories like ports, rsaref2, scripts) |
---|
7 | |
---|
8 | Make sure rsa.c has the security patch applied - a copy of it is at the |
---|
9 | end of this file. |
---|
10 | |
---|
11 | When you run configure, the Right Thing will happen. |
---|
12 | |
---|
13 | Be advised that the RSA DES code is not quite as portable os one might |
---|
14 | wish for. In particular, DES under NTP will only work between machines |
---|
15 | of the same "endianness". |
---|
16 | |
---|
17 | Dave would prefer that new/alternative encryption schemes follow the |
---|
18 | RSA API. |
---|
19 | |
---|
20 | |
---|
21 | --- rsa.c.orig Fri Mar 25 14:01:48 1994 |
---|
22 | +++ rsaref2/source/rsa.c Mon Dec 13 13:10:28 1999 |
---|
23 | @@ -33,6 +33,9 @@ |
---|
24 | unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN]; |
---|
25 | unsigned int i, modulusLen; |
---|
26 | |
---|
27 | + if (publicKey->bits > MAX_RSA_MODULUS_BITS) |
---|
28 | + return (RE_LEN); |
---|
29 | + |
---|
30 | modulusLen = (publicKey->bits + 7) / 8; |
---|
31 | if (inputLen + 11 > modulusLen) |
---|
32 | return (RE_LEN); |
---|
33 | @@ -78,6 +81,9 @@ |
---|
34 | unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN]; |
---|
35 | unsigned int i, modulusLen, pkcsBlockLen; |
---|
36 | |
---|
37 | + if (publicKey->bits > MAX_RSA_MODULUS_BITS) |
---|
38 | + return (RE_LEN); |
---|
39 | + |
---|
40 | modulusLen = (publicKey->bits + 7) / 8; |
---|
41 | if (inputLen > modulusLen) |
---|
42 | return (RE_LEN); |
---|
43 | @@ -128,6 +134,9 @@ |
---|
44 | int status; |
---|
45 | unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN]; |
---|
46 | unsigned int i, modulusLen; |
---|
47 | + |
---|
48 | + if (privateKey->bits > MAX_RSA_MODULUS_BITS) |
---|
49 | + return (RE_LEN); |
---|
50 | |
---|
51 | modulusLen = (privateKey->bits + 7) / 8; |
---|
52 | if (inputLen + 11 > modulusLen) |
---|
53 | @@ -168,6 +177,9 @@ |
---|
54 | unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN]; |
---|
55 | unsigned int i, modulusLen, pkcsBlockLen; |
---|
56 | |
---|
57 | + if (privateKey->bits > MAX_RSA_MODULUS_BITS) |
---|
58 | + return (RE_LEN); |
---|
59 | + |
---|
60 | modulusLen = (privateKey->bits + 7) / 8; |
---|
61 | if (inputLen > modulusLen) |
---|
62 | return (RE_LEN); |
---|
63 | |
---|
64 | --- rsa.c.orig Sat Sep 28 22:59:40 1996 |
---|
65 | +++ rsaeuro1/source/rsa.c Sat Jul 8 00:33:13 2000 |
---|
66 | @@ -51,6 +51,9 @@ R_RANDOM_STRUCT *randomStruct; /* rando |
---|
67 | unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN]; |
---|
68 | unsigned int i, modulusLen; |
---|
69 | |
---|
70 | + if (publicKey->bits > MAX_RSA_MODULUS_BITS) |
---|
71 | + return (RE_LEN); |
---|
72 | + |
---|
73 | modulusLen = (publicKey->bits + 7) / 8; |
---|
74 | |
---|
75 | if(inputLen + 11 > modulusLen) |
---|
76 | @@ -101,6 +104,9 @@ R_RSA_PUBLIC_KEY *publicKey; /* RSA p |
---|
77 | unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN]; |
---|
78 | unsigned int i, modulusLen, pkcsBlockLen; |
---|
79 | |
---|
80 | + if (publicKey->bits > MAX_RSA_MODULUS_BITS) |
---|
81 | + return (RE_LEN); |
---|
82 | + |
---|
83 | modulusLen = (publicKey->bits + 7) / 8; |
---|
84 | |
---|
85 | if(inputLen > modulusLen) |
---|
86 | @@ -154,6 +160,9 @@ R_RSA_PRIVATE_KEY *privateKey; /* RSA p |
---|
87 | unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN]; |
---|
88 | unsigned int i, modulusLen; |
---|
89 | |
---|
90 | + if (privateKey->bits > MAX_RSA_MODULUS_BITS) |
---|
91 | + return (RE_LEN); |
---|
92 | + |
---|
93 | modulusLen = (privateKey->bits + 7) / 8; |
---|
94 | |
---|
95 | if(inputLen + 11 > modulusLen) |
---|
96 | @@ -193,6 +202,9 @@ R_RSA_PRIVATE_KEY *privateKey; /* RSA p |
---|
97 | unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN]; |
---|
98 | unsigned int i, modulusLen, pkcsBlockLen; |
---|
99 | |
---|
100 | + if (privateKey->bits > MAX_RSA_MODULUS_BITS) |
---|
101 | + return (RE_LEN); |
---|
102 | + |
---|
103 | modulusLen = (privateKey->bits + 7) / 8; |
---|
104 | |
---|
105 | if(inputLen > modulusLen) |
---|