aboutsummaryrefslogtreecommitdiff
path: root/README.rsa
diff options
context:
space:
mode:
Diffstat (limited to 'README.rsa')
-rw-r--r--README.rsa103
1 files changed, 103 insertions, 0 deletions
diff --git a/README.rsa b/README.rsa
new file mode 100644
index 000000000000..e92eacda1043
--- /dev/null
+++ b/README.rsa
@@ -0,0 +1,103 @@
+If you want to use the RSA stuff for crypto keys:
+
+- Get RSAREF or RSAEURO.
+- - Unpack it in the top-level source directory of the NTP distribution
+ in a directory named rsaref2 or rsaeuro1, respectively
+ (You should see directories like ports, rsaref2, scripts)
+
+Make sure rsa.c has the security patch applied - a copy of it is at the
+end of this file.
+
+When you run configure, the Right Thing will happen.
+
+Be advised that the RSA DES code is not quite as portable is one might
+wish for. In particular, DES under NTP will only work between machines
+of the same "endianness".
+
+Note that the next release of NTP uses OpenSSL instead of RSAREF.
+
+--- rsa.c.orig Fri Mar 25 14:01:48 1994
++++ rsaref2/source/rsa.c Mon Dec 13 13:10:28 1999
+@@ -33,6 +33,9 @@
+ unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
+ unsigned int i, modulusLen;
+
++ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
++ return (RE_LEN);
++
+ modulusLen = (publicKey->bits + 7) / 8;
+ if (inputLen + 11 > modulusLen)
+ return (RE_LEN);
+@@ -78,6 +81,9 @@
+ unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
+ unsigned int i, modulusLen, pkcsBlockLen;
+
++ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
++ return (RE_LEN);
++
+ modulusLen = (publicKey->bits + 7) / 8;
+ if (inputLen > modulusLen)
+ return (RE_LEN);
+@@ -128,6 +134,9 @@
+ int status;
+ unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
+ unsigned int i, modulusLen;
++
++ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
++ return (RE_LEN);
+
+ modulusLen = (privateKey->bits + 7) / 8;
+ if (inputLen + 11 > modulusLen)
+@@ -168,6 +177,9 @@
+ unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
+ unsigned int i, modulusLen, pkcsBlockLen;
+
++ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
++ return (RE_LEN);
++
+ modulusLen = (privateKey->bits + 7) / 8;
+ if (inputLen > modulusLen)
+ return (RE_LEN);
+
+--- rsa.c.orig Sat Sep 28 22:59:40 1996
++++ rsaeuro1/source/rsa.c Sat Jul 8 00:33:13 2000
+@@ -51,6 +51,9 @@ R_RANDOM_STRUCT *randomStruct; /* rando
+ unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
+ unsigned int i, modulusLen;
+
++ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
++ return (RE_LEN);
++
+ modulusLen = (publicKey->bits + 7) / 8;
+
+ if(inputLen + 11 > modulusLen)
+@@ -101,6 +104,9 @@ R_RSA_PUBLIC_KEY *publicKey; /* RSA p
+ unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
+ unsigned int i, modulusLen, pkcsBlockLen;
+
++ if (publicKey->bits > MAX_RSA_MODULUS_BITS)
++ return (RE_LEN);
++
+ modulusLen = (publicKey->bits + 7) / 8;
+
+ if(inputLen > modulusLen)
+@@ -154,6 +160,9 @@ R_RSA_PRIVATE_KEY *privateKey; /* RSA p
+ unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
+ unsigned int i, modulusLen;
+
++ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
++ return (RE_LEN);
++
+ modulusLen = (privateKey->bits + 7) / 8;
+
+ if(inputLen + 11 > modulusLen)
+@@ -193,6 +202,9 @@ R_RSA_PRIVATE_KEY *privateKey; /* RSA p
+ unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
+ unsigned int i, modulusLen, pkcsBlockLen;
+
++ if (privateKey->bits > MAX_RSA_MODULUS_BITS)
++ return (RE_LEN);
++
+ modulusLen = (privateKey->bits + 7) / 8;
+
+ if(inputLen > modulusLen)
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-25 03:38:49 +0000