2001-08-29 14:35:15 +00:00
|
|
|
If you want to use the RSA stuff for crypto keys:
|
|
|
|
|
|
|
|
- Get RSAREF or RSAEURO.
|
|
|
|
- - Unpack it in the top-level source directory of the NTP distribution
|
|
|
|
in a directory named rsaref2 or rsaeuro1, respectively
|
|
|
|
(You should see directories like ports, rsaref2, scripts)
|
|
|
|
|
|
|
|
Make sure rsa.c has the security patch applied - a copy of it is at the
|
|
|
|
end of this file.
|
|
|
|
|
|
|
|
When you run configure, the Right Thing will happen.
|
|
|
|
|
2002-10-29 19:58:12 +00:00
|
|
|
Be advised that the RSA DES code is not quite as portable is one might
|
2001-08-29 14:35:15 +00:00
|
|
|
wish for. In particular, DES under NTP will only work between machines
|
|
|
|
of the same "endianness".
|
|
|
|
|
2002-10-29 19:58:12 +00:00
|
|
|
Note that the next release of NTP uses OpenSSL instead of RSAREF.
|
2001-08-29 14:35:15 +00:00
|
|
|
|
|
|
|
--- rsa.c.orig Fri Mar 25 14:01:48 1994
|
|
|
|
+++ rsaref2/source/rsa.c Mon Dec 13 13:10:28 1999
|
|
|
|
@@ -33,6 +33,9 @@
|
|
|
|
unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
|
|
|
|
unsigned int i, modulusLen;
|
|
|
|
|
|
|
|
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
|
|
|
|
+ return (RE_LEN);
|
|
|
|
+
|
|
|
|
modulusLen = (publicKey->bits + 7) / 8;
|
|
|
|
if (inputLen + 11 > modulusLen)
|
|
|
|
return (RE_LEN);
|
|
|
|
@@ -78,6 +81,9 @@
|
|
|
|
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
|
|
|
|
unsigned int i, modulusLen, pkcsBlockLen;
|
|
|
|
|
|
|
|
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
|
|
|
|
+ return (RE_LEN);
|
|
|
|
+
|
|
|
|
modulusLen = (publicKey->bits + 7) / 8;
|
|
|
|
if (inputLen > modulusLen)
|
|
|
|
return (RE_LEN);
|
|
|
|
@@ -128,6 +134,9 @@
|
|
|
|
int status;
|
|
|
|
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
|
|
|
|
unsigned int i, modulusLen;
|
|
|
|
+
|
|
|
|
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
|
|
|
|
+ return (RE_LEN);
|
|
|
|
|
|
|
|
modulusLen = (privateKey->bits + 7) / 8;
|
|
|
|
if (inputLen + 11 > modulusLen)
|
|
|
|
@@ -168,6 +177,9 @@
|
|
|
|
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
|
|
|
|
unsigned int i, modulusLen, pkcsBlockLen;
|
|
|
|
|
|
|
|
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
|
|
|
|
+ return (RE_LEN);
|
|
|
|
+
|
|
|
|
modulusLen = (privateKey->bits + 7) / 8;
|
|
|
|
if (inputLen > modulusLen)
|
|
|
|
return (RE_LEN);
|
|
|
|
|
|
|
|
--- rsa.c.orig Sat Sep 28 22:59:40 1996
|
|
|
|
+++ rsaeuro1/source/rsa.c Sat Jul 8 00:33:13 2000
|
|
|
|
@@ -51,6 +51,9 @@ R_RANDOM_STRUCT *randomStruct; /* rando
|
|
|
|
unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
|
|
|
|
unsigned int i, modulusLen;
|
|
|
|
|
|
|
|
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
|
|
|
|
+ return (RE_LEN);
|
|
|
|
+
|
|
|
|
modulusLen = (publicKey->bits + 7) / 8;
|
|
|
|
|
|
|
|
if(inputLen + 11 > modulusLen)
|
|
|
|
@@ -101,6 +104,9 @@ R_RSA_PUBLIC_KEY *publicKey; /* RSA p
|
|
|
|
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
|
|
|
|
unsigned int i, modulusLen, pkcsBlockLen;
|
|
|
|
|
|
|
|
+ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
|
|
|
|
+ return (RE_LEN);
|
|
|
|
+
|
|
|
|
modulusLen = (publicKey->bits + 7) / 8;
|
|
|
|
|
|
|
|
if(inputLen > modulusLen)
|
|
|
|
@@ -154,6 +160,9 @@ R_RSA_PRIVATE_KEY *privateKey; /* RSA p
|
|
|
|
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
|
|
|
|
unsigned int i, modulusLen;
|
|
|
|
|
|
|
|
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
|
|
|
|
+ return (RE_LEN);
|
|
|
|
+
|
|
|
|
modulusLen = (privateKey->bits + 7) / 8;
|
|
|
|
|
|
|
|
if(inputLen + 11 > modulusLen)
|
|
|
|
@@ -193,6 +202,9 @@ R_RSA_PRIVATE_KEY *privateKey; /* RSA p
|
|
|
|
unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
|
|
|
|
unsigned int i, modulusLen, pkcsBlockLen;
|
|
|
|
|
|
|
|
+ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
|
|
|
|
+ return (RE_LEN);
|
|
|
|
+
|
|
|
|
modulusLen = (privateKey->bits + 7) / 8;
|
|
|
|
|
|
|
|
if(inputLen > modulusLen)
|