freebsd-skq/contrib/ntp/README.rsa

104 lines
3.0 KiB
Plaintext
Raw Normal View History

2001-08-29 14:35:15 +00:00
If you want to use the RSA stuff for crypto keys:
- Get RSAREF or RSAEURO.
- - Unpack it in the top-level source directory of the NTP distribution
in a directory named rsaref2 or rsaeuro1, respectively
(You should see directories like ports, rsaref2, scripts)
Make sure rsa.c has the security patch applied - a copy of it is at the
end of this file.
When you run configure, the Right Thing will happen.
2002-10-29 19:58:12 +00:00
Be advised that the RSA DES code is not quite as portable is one might
2001-08-29 14:35:15 +00:00
wish for. In particular, DES under NTP will only work between machines
of the same "endianness".
2002-10-29 19:58:12 +00:00
Note that the next release of NTP uses OpenSSL instead of RSAREF.
2001-08-29 14:35:15 +00:00
--- rsa.c.orig Fri Mar 25 14:01:48 1994
+++ rsaref2/source/rsa.c Mon Dec 13 13:10:28 1999
@@ -33,6 +33,9 @@
unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (publicKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
return (RE_LEN);
@@ -78,6 +81,9 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (publicKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);
@@ -128,6 +134,9 @@
int status;
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
modulusLen = (privateKey->bits + 7) / 8;
if (inputLen + 11 > modulusLen)
@@ -168,6 +177,9 @@
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (privateKey->bits + 7) / 8;
if (inputLen > modulusLen)
return (RE_LEN);
--- rsa.c.orig Sat Sep 28 22:59:40 1996
+++ rsaeuro1/source/rsa.c Sat Jul 8 00:33:13 2000
@@ -51,6 +51,9 @@ R_RANDOM_STRUCT *randomStruct; /* rando
unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (publicKey->bits + 7) / 8;
if(inputLen + 11 > modulusLen)
@@ -101,6 +104,9 @@ R_RSA_PUBLIC_KEY *publicKey; /* RSA p
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (publicKey->bits + 7) / 8;
if(inputLen > modulusLen)
@@ -154,6 +160,9 @@ R_RSA_PRIVATE_KEY *privateKey; /* RSA p
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen;
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (privateKey->bits + 7) / 8;
if(inputLen + 11 > modulusLen)
@@ -193,6 +202,9 @@ R_RSA_PRIVATE_KEY *privateKey; /* RSA p
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
unsigned int i, modulusLen, pkcsBlockLen;
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+ return (RE_LEN);
+
modulusLen = (privateKey->bits + 7) / 8;
if(inputLen > modulusLen)