void
mm_ssh1_session_id(u_char session_id[16])
{
Buffer m;
int i;
debug3("%s entering", __func__);
buffer_init(&m);
for (i = 0; i < 16; i++)
buffer_put_char(&m, session_id[i]);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m);
buffer_free(&m);
}
int
ssh_update_card(AuthenticationConnection *auth, int add,
const char *reader_id, const char *pin, u_int life, u_int confirm)
{
Buffer msg;
int type, constrained = (life || confirm);
if (add) {
type = constrained ?
SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED :
SSH_AGENTC_ADD_SMARTCARD_KEY;
} else
type = SSH_AGENTC_REMOVE_SMARTCARD_KEY;
buffer_init(&msg);
buffer_put_char(&msg, type);
buffer_put_cstring(&msg, reader_id);
buffer_put_cstring(&msg, pin);
if (constrained) {
if (life != 0) {
buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME);
buffer_put_int(&msg, life);
}
if (confirm != 0)
buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM);
}
if (ssh_request_reply(auth, &msg, &msg) == 0) {
buffer_free(&msg);
return 0;
}
type = buffer_get_char(&msg);
buffer_free(&msg);
return decode_reply(type);
}
static void
send_string_attrs_request(int fd, u_int id, u_int code, char *s,
u_int len, Attrib *a)
{
Buffer msg;
buffer_init(&msg);
buffer_put_char(&msg, code);
buffer_put_int(&msg, id);
buffer_put_string(&msg, s, len);
encode_attrib(&msg, a);
send_msg(fd, &msg);
debug3("Sent message fd %d T:%u I:%u", fd, code, id);
buffer_free(&msg);
}
void SFTP::send_data_or_handle
(char type,
u_int32_t id,
const char *data,
u_int dlen
)
{
Buffer msg;
buffer_init(&msg);
buffer_put_char(&msg, type);
buffer_put_int(&msg, id);
buffer_put_string(&msg, data, dlen);
send_msg(&msg);
buffer_free(&msg);
}
static void
send_read_request(int fd_out, u_int id, u_int64_t offset, u_int len,
char *handle, u_int handle_len)
{
Buffer msg;
buffer_init(&msg);
buffer_clear(&msg);
buffer_put_char(&msg, SSH2_FXP_READ);
buffer_put_int(&msg, id);
buffer_put_string(&msg, handle, handle_len);
buffer_put_int64(&msg, offset);
buffer_put_int(&msg, len);
send_msg(fd_out, &msg);
buffer_free(&msg);
}
struct shaft_conn *
do_init(int fd_in, int fd_out, struct shaft_flow *flow)
{
u_int type, version;
Buffer msg;
struct shaft_conn *ret;
buffer_init(&msg);
buffer_put_char(&msg, SHAFT_INIT);
buffer_put_int(&msg, SHAFT_VERSION);
buffer_put_cstring(&msg, flow->local);
send_msg(fd_out, &msg);
buffer_clear(&msg);
get_msg(fd_in, &msg);
/* Expecting a VERSION reply */
if ((type = buffer_get_char(&msg)) != SHAFT_VERSION) {
error("Invalid packet back from SHAFT_INIT (type %u)",
version);
buffer_free(&msg);
return(NULL);
}
version = buffer_get_int(&msg);
flow->dst = buffer_get_cstring(&msg, NULL);
if (flow->dst == NULL) {
error("Invalid packet back from SHAFT_INIT remote addr is null");
buffer_free(&msg);
return(NULL);
}
debug2("Remote version: %u", version);
debug2("Remote Address: %s", flow->dst);
buffer_free(&msg);
ret = xmalloc(sizeof(*ret));
ret->fd_in = fd_in;
ret->fd_out = fd_out;
ret->version = version;
ret->msg_id = 1;
return(ret);
}
void SFTP::send_names(u_int32_t id, int count, const Stat *stats)
{
Buffer msg;
int i;
buffer_init(&msg);
buffer_put_char(&msg, SSH2_FXP_NAME);
buffer_put_int(&msg, id);
buffer_put_int(&msg, count);
debug("request %u: sent names count %d", id, count);
for (i = 0; i < count; i++) {
buffer_put_cstring(&msg, stats[i].name);
buffer_put_cstring(&msg, stats[i].long_name);
encode_attrib(&msg, &stats[i].attrib);
}
send_msg(&msg);
buffer_free(&msg);
}
int
pkcs11_del_provider(char *name)
{
int ret = -1;
Buffer msg;
buffer_init(&msg);
buffer_put_char(&msg, SSH_AGENTC_REMOVE_SMARTCARD_KEY);
buffer_put_cstring(&msg, name);
buffer_put_cstring(&msg, "");
send_msg(&msg);
buffer_clear(&msg);
if (recv_msg(&msg) == SSH_AGENT_SUCCESS)
ret = 0;
buffer_free(&msg);
return (ret);
}
/* Lock/unlock agent */
int
ssh_lock_agent(AuthenticationConnection *auth, int lock, const char *password)
{
int type;
Buffer msg;
buffer_init(&msg);
buffer_put_char(&msg, lock ? SSH_AGENTC_LOCK : SSH_AGENTC_UNLOCK);
buffer_put_cstring(&msg, password);
if (ssh_request_reply(auth, &msg, &msg) == 0) {
buffer_free(&msg);
return 0;
}
type = buffer_get_char(&msg);
buffer_free(&msg);
return decode_reply(type);
}
int
ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin)
{
Buffer msg;
int type;
buffer_init(&msg);
buffer_put_char(&msg, add ? SSH_AGENTC_ADD_SMARTCARD_KEY :
SSH_AGENTC_REMOVE_SMARTCARD_KEY);
buffer_put_cstring(&msg, reader_id);
buffer_put_cstring(&msg, pin);
if (ssh_request_reply(auth, &msg, &msg) == 0) {
buffer_free(&msg);
return 0;
}
type = buffer_get_char(&msg);
buffer_free(&msg);
return decode_reply(type);
}
static void
send_names(u_int32_t id, int count, Stat *stats)
{
Buffer msg;
int i;
buffer_init(&msg);
buffer_put_char(&msg, SSH2_FXP_NAME);
buffer_put_int(&msg, id);
buffer_put_int(&msg, count);
TRACE("sent names id %u count %d", id, count);
for (i = 0; i < count; i++) {
buffer_put_cstring(&msg, stats[i].name);
buffer_put_cstring(&msg, stats[i].long_name);
encode_attrib(&msg, &stats[i].attrib);
}
send_msg(&msg);
buffer_free(&msg);
}
/* ask agent to sign data, returns -1 on error, 0 on success */
int
ssh_agent_sign(AuthenticationConnection *auth,
Key *key,
u_char **sigp, u_int *lenp,
u_char *data, u_int datalen)
{
extern int datafellows;
Buffer msg;
u_char *blob;
u_int blen;
int type, flags = 0;
int ret = -1;
if (key_to_blob(key, &blob, &blen) == 0)
return -1;
if (datafellows & SSH_BUG_SIGBLOB)
flags = SSH_AGENT_OLD_SIGNATURE;
buffer_init(&msg);
buffer_put_char(&msg, SSH2_AGENTC_SIGN_REQUEST);
buffer_put_string(&msg, blob, blen);
buffer_put_string(&msg, data, datalen);
buffer_put_int(&msg, flags);
xfree(blob);
if (ssh_request_reply(auth, &msg, &msg) == 0) {
buffer_free(&msg);
return -1;
}
type = buffer_get_char(&msg);
if (agent_failed(type)) {
log("Agent admitted failure to sign using the key.");
} else if (type != SSH2_AGENT_SIGN_RESPONSE) {
fatal("Bad authentication response: %d", type);
} else {
ret = 0;
*sigp = buffer_get_string(&msg, lenp);
}
buffer_free(&msg);
return ret;
}
int
ssh_remove_all_identities(AuthenticationConnection *auth, int version)
{
Buffer msg;
int type;
int code = (version==1) ?
SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES :
SSH2_AGENTC_REMOVE_ALL_IDENTITIES;
buffer_init(&msg);
buffer_put_char(&msg, code);
if (ssh_request_reply(auth, &msg, &msg) == 0) {
buffer_free(&msg);
return 0;
}
type = buffer_get_char(&msg);
buffer_free(&msg);
return decode_reply(type);
}
static void
send_status(u_int32_t id, u_int32_t status)
{
Buffer msg;
debug3("request %u: sent status %u", id, status);
if (log_level > SYSLOG_LEVEL_VERBOSE ||
(status != SSH2_FX_OK && status != SSH2_FX_EOF))
logit("sent status %s", status_to_message(status));
buffer_init(&msg);
buffer_put_char(&msg, SSH2_FXP_STATUS);
buffer_put_int(&msg, id);
buffer_put_int(&msg, status);
if (version >= 3) {
buffer_put_cstring(&msg, status_to_message(status));
buffer_put_cstring(&msg, "");
}
send_msg(&msg);
buffer_free(&msg);
}
void
do_add_sa(struct shaft_conn *conn, char * rules)
{
u_int status, id, type;
Buffer msg;
id = conn->msg_id++;
buffer_init(&msg);
buffer_put_char(&msg, SHAFT_ADD_SA);
buffer_put_int(&msg, id);
send_msg(conn->fd_out, &msg);
add_rules(rules);
buffer_clear(&msg);
status = get_status(conn->fd_in, id);
if (status != SHAFT_OK)
fatal("Couldn't add SA");
}
static void
process_init(void)
{
Buffer msg;
version = get_int();
verbose("received client version %d", version);
buffer_init(&msg);
buffer_put_char(&msg, SSH2_FXP_VERSION);
buffer_put_int(&msg, SSH2_FILEXFER_VERSION);
/* POSIX rename extension */
buffer_put_cstring(&msg, "*****@*****.**");
buffer_put_cstring(&msg, "1"); /* version */
/* statvfs extension */
buffer_put_cstring(&msg, "*****@*****.**");
buffer_put_cstring(&msg, "2"); /* version */
/* fstatvfs extension */
buffer_put_cstring(&msg, "*****@*****.**");
buffer_put_cstring(&msg, "2"); /* version */
send_msg(&msg);
buffer_free(&msg);
}
int
do_close(struct sftp_conn *conn, char *handle, u_int handle_len)
{
u_int id, status;
Buffer msg;
buffer_init(&msg);
id = conn->msg_id++;
buffer_put_char(&msg, SSH2_FXP_CLOSE);
buffer_put_int(&msg, id);
buffer_put_string(&msg, handle, handle_len);
send_msg(conn->fd_out, &msg);
debug3("Sent message SSH2_FXP_CLOSE I:%u", id);
status = get_status(conn->fd_in, id);
if (status != SSH2_FX_OK)
error("Couldn't close file: %s", fx2txt(status));
buffer_free(&msg);
return(status);
}
int ssh_rename(const char *oldname, const char *newname)
{
Buffer msg;
u_int status, id;
char *on, *nn;
buffer_init(&msg);
on = ftp_path_absolute(oldname);
nn = ftp_path_absolute(newname);
stripslash(on);
stripslash(nn);
/* Send rename request */
id = ftp->ssh_id++;
buffer_put_char(&msg, SSH2_FXP_RENAME);
buffer_put_int(&msg, id);
buffer_put_cstring(&msg, on);
buffer_put_cstring(&msg, nn);
ssh_cmd( &msg);
buffer_free(&msg);
status = ssh_get_status(id);
if(status != SSH2_FX_OK) {
ftp_err("Couldn't rename file \"%s\" to \"%s\": %s\n",
on, nn, fx2txt(status));
free(on);
free(nn);
return -1;
}
ftp_cache_flush_mark_for(on);
ftp_cache_flush_mark_for(nn);
free(on);
free(nn);
return 0;
}
static int
pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
int padding)
{
Key key;
u_char *blob, *signature = NULL;
u_int blen, slen = 0;
int ret = -1;
Buffer msg;
if (padding != RSA_PKCS1_PADDING)
return (-1);
key.type = KEY_RSA;
key.rsa = rsa;
if (key_to_blob(&key, &blob, &blen) == 0)
return -1;
buffer_init(&msg);
buffer_put_char(&msg, SSH2_AGENTC_SIGN_REQUEST);
buffer_put_string(&msg, blob, blen);
buffer_put_string(&msg, from, flen);
buffer_put_int(&msg, 0);
free(blob);
send_msg(&msg);
buffer_clear(&msg);
if (recv_msg(&msg) == SSH2_AGENT_SIGN_RESPONSE) {
signature = buffer_get_string(&msg, &slen);
if (slen <= (u_int)RSA_size(rsa)) {
memcpy(to, signature, slen);
ret = slen;
}
free(signature);
}
buffer_free(&msg);
return (ret);
}
int
pkcs11_add_provider(char *name, char *pin, Key ***keysp)
{
Key *k;
int i, nkeys;
u_char *blob;
u_int blen;
Buffer msg;
if (fd < 0 && pkcs11_start_helper() < 0)
return (-1);
buffer_init(&msg);
buffer_put_char(&msg, SSH_AGENTC_ADD_SMARTCARD_KEY);
buffer_put_cstring(&msg, name);
buffer_put_cstring(&msg, pin);
send_msg(&msg);
buffer_clear(&msg);
if (recv_msg(&msg) == SSH2_AGENT_IDENTITIES_ANSWER) {
nkeys = buffer_get_int(&msg);
*keysp = xcalloc(nkeys, sizeof(Key *));
for (i = 0; i < nkeys; i++) {
blob = buffer_get_string(&msg, &blen);
free(buffer_get_string(&msg, NULL));
k = key_from_blob(blob, blen);
wrap_key(k->rsa);
(*keysp)[i] = k;
free(blob);
}
} else {
nkeys = -1;
}
buffer_free(&msg);
return (nkeys);
}
char *
ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
const char *host, const char *client) {
Buffer buf;
size_t i;
int oidpos, enclen;
char *mechs, *encoded;
u_char digest[EVP_MAX_MD_SIZE];
char deroid[2];
const EVP_MD *evp_md = EVP_md5();
EVP_MD_CTX md;
if (gss_enc2oid != NULL) {
for (i = 0; gss_enc2oid[i].encoded != NULL; i++)
free(gss_enc2oid[i].encoded);
free(gss_enc2oid);
}
gss_enc2oid = xmalloc(sizeof(ssh_gss_kex_mapping) *
(gss_supported->count + 1));
buffer_init(&buf);
oidpos = 0;
for (i = 0; i < gss_supported->count; i++) {
if (gss_supported->elements[i].length < 128 &&
(*check)(NULL, &(gss_supported->elements[i]), host, client)) {
deroid[0] = SSH_GSS_OIDTYPE;
deroid[1] = gss_supported->elements[i].length;
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, deroid, 2);
EVP_DigestUpdate(&md,
gss_supported->elements[i].elements,
gss_supported->elements[i].length);
EVP_DigestFinal(&md, digest, NULL);
encoded = xmalloc(EVP_MD_size(evp_md) * 2);
enclen = __b64_ntop(digest, EVP_MD_size(evp_md),
encoded, EVP_MD_size(evp_md) * 2);
if (oidpos != 0)
buffer_put_char(&buf, ',');
buffer_append(&buf, KEX_GSS_GEX_SHA1_ID,
sizeof(KEX_GSS_GEX_SHA1_ID) - 1);
buffer_append(&buf, encoded, enclen);
buffer_put_char(&buf, ',');
buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID,
sizeof(KEX_GSS_GRP1_SHA1_ID) - 1);
buffer_append(&buf, encoded, enclen);
buffer_put_char(&buf, ',');
buffer_append(&buf, KEX_GSS_GRP14_SHA1_ID,
sizeof(KEX_GSS_GRP14_SHA1_ID) - 1);
buffer_append(&buf, encoded, enclen);
gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);
gss_enc2oid[oidpos].encoded = encoded;
oidpos++;
}
}
gss_enc2oid[oidpos].oid = NULL;
gss_enc2oid[oidpos].encoded = NULL;
buffer_put_char(&buf, '\0');
mechs = xmalloc(buffer_len(&buf));
buffer_get(&buf, mechs, buffer_len(&buf));
buffer_free(&buf);
if (strlen(mechs) == 0) {
free(mechs);
mechs = NULL;
}
return (mechs);
}
static int
do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
SFTP_DIRENT ***dir)
{
Buffer msg;
u_int count, type, id, handle_len, i, expected_id, ents = 0;
char *handle;
id = conn->msg_id++;
buffer_init(&msg);
buffer_put_char(&msg, SSH2_FXP_OPENDIR);
buffer_put_int(&msg, id);
buffer_put_cstring(&msg, path);
send_msg(conn->fd_out, &msg);
buffer_clear(&msg);
handle = get_handle(conn->fd_in, id, &handle_len);
if (handle == NULL)
return(-1);
if (dir) {
ents = 0;
*dir = xmalloc(sizeof(**dir));
(*dir)[0] = NULL;
}
for (; !interrupted;) {
id = expected_id = conn->msg_id++;
debug3("Sending SSH2_FXP_READDIR I:%u", id);
buffer_clear(&msg);
buffer_put_char(&msg, SSH2_FXP_READDIR);
buffer_put_int(&msg, id);
buffer_put_string(&msg, handle, handle_len);
send_msg(conn->fd_out, &msg);
buffer_clear(&msg);
get_msg(conn->fd_in, &msg);
type = buffer_get_char(&msg);
id = buffer_get_int(&msg);
debug3("Received reply T:%u I:%u", type, id);
if (id != expected_id)
fatal("ID mismatch (%u != %u)", id, expected_id);
if (type == SSH2_FXP_STATUS) {
int status = buffer_get_int(&msg);
debug3("Received SSH2_FXP_STATUS %d", status);
if (status == SSH2_FX_EOF) {
break;
} else {
error("Couldn't read directory: %s",
fx2txt(status));
do_close(conn, handle, handle_len);
xfree(handle);
return(status);
}
} else if (type != SSH2_FXP_NAME)
fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
SSH2_FXP_NAME, type);
count = buffer_get_int(&msg);
if (count == 0)
break;
debug3("Received %d SSH2_FXP_NAME responses", count);
for (i = 0; i < count; i++) {
char *filename, *longname;
Attrib *a;
filename = buffer_get_string(&msg, NULL);
longname = buffer_get_string(&msg, NULL);
a = decode_attrib(&msg);
if (printflag)
printf("%s\n", longname);
if (dir) {
*dir = xrealloc(*dir, (ents + 2) * sizeof(**dir));
(*dir)[ents] = xmalloc(sizeof(***dir));
(*dir)[ents]->filename = xstrdup(filename);
(*dir)[ents]->longname = xstrdup(longname);
memcpy(&(*dir)[ents]->a, a, sizeof(*a));
(*dir)[++ents] = NULL;
}
xfree(filename);
xfree(longname);
}
}
buffer_free(&msg);
do_close(conn, handle, handle_len);
xfree(handle);
/* Don't return partial matches on interrupt */
if (interrupted && dir != NULL && *dir != NULL) {
free_sftp_dirents(*dir);
*dir = xmalloc(sizeof(**dir));
**dir = NULL;
}
return(0);
}
static int
userauth_pubkey(Authctxt *authctxt)
{
#ifdef WIN32_FIXME
int loginStat = 1;
char currentUser[MAX_PATH] = {0};
DWORD currentUserSize = sizeof(currentUser);
int targetIsCurrent = 0;
# ifdef USE_NTCREATETOKEN
int doOpenSSHVerify = 1;
# else
int doOpenSSHVerify = 0;
# endif
#endif
Buffer b;
Key *key = NULL;
char *pkalg, *userstyle;
u_char *pkblob, *sig;
u_int alen, blen, slen;
int have_sig, pktype;
int authenticated = 0;
if (!authctxt->valid) {
debug2("userauth_pubkey: disabled because of invalid user");
return 0;
}
have_sig = packet_get_char();
if (datafellows & SSH_BUG_PKAUTH) {
debug2("userauth_pubkey: SSH_BUG_PKAUTH");
/* no explicit pkalg given */
pkblob = packet_get_string(&blen);
buffer_init(&b);
buffer_append(&b, pkblob, blen);
/* so we have to extract the pkalg from the pkblob */
pkalg = buffer_get_string(&b, &alen);
buffer_free(&b);
} else {
pkalg = packet_get_string(&alen);
pkblob = packet_get_string(&blen);
}
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
logit("userauth_pubkey: unsupported public key algorithm: %s",
pkalg);
goto done;
}
key = key_from_blob(pkblob, blen);
if (key == NULL) {
error("userauth_pubkey: cannot decode key: %s", pkalg);
goto done;
}
if (key->type != pktype) {
error("userauth_pubkey: type mismatch for decoded key "
"(received %d, expected %d)", key->type, pktype);
goto done;
}
if (key_type_plain(key->type) == KEY_RSA &&
(datafellows & SSH_BUG_RSASIGMD5) != 0) {
logit("Refusing RSA key because client uses unsafe "
"signature scheme");
goto done;
}
if (auth2_userkey_already_used(authctxt, key)) {
logit("refusing previously-used %s key", key_type(key));
goto done;
}
if (match_pattern_list(sshkey_ssh_name(key),
options.pubkey_key_types, 0) != 1) {
logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
__func__, sshkey_ssh_name(key));
goto done;
}
if (have_sig) {
sig = packet_get_string(&slen);
packet_check_eom();
buffer_init(&b);
if (datafellows & SSH_OLD_SESSIONID) {
buffer_append(&b, session_id2, session_id2_len);
} else {
buffer_put_string(&b, session_id2, session_id2_len);
}
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : "");
buffer_put_cstring(&b, userstyle);
free(userstyle);
buffer_put_cstring(&b,
datafellows & SSH_BUG_PKSERVICE ?
"ssh-userauth" :
authctxt->service);
if (datafellows & SSH_BUG_PKAUTH) {
buffer_put_char(&b, have_sig);
} else {
buffer_put_cstring(&b, "publickey");
buffer_put_char(&b, have_sig);
buffer_put_cstring(&b, pkalg);
}
buffer_put_string(&b, pkblob, blen);
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
pubkey_auth_info(authctxt, key, NULL);
/* test for correct signature */
authenticated = 0;
/*
* On pure win32 try to logon using lsa first.
*/
#ifdef WIN32_FIXME
authctxt -> hTokenLsa_ = NULL;
authctxt -> methoddata = NULL;
/*
* Retrieve name of current login user (i.e. sshd process owner).
*/
GetUserName(currentUser, ¤tUserSize);
/*
* Try to get token from lsa, but only if targetUser != currentUser.
* Owerthise we already have targetUser's token in current thread, so
* we only need key verify from original OpenSSH code.
*/
targetIsCurrent = (strcmp(currentUser, authctxt -> user) == 0);
if (targetIsCurrent)
{
doOpenSSHVerify = 1;
}
else
{
loginStat = LsaLogon(&authctxt -> hTokenLsa_, HomeDirLsaW,
authctxt -> user, pkblob, blen, sig, slen,
buffer_ptr(&b), buffer_len(&b), datafellows);
/*
* If lsa logon process success.
*/
if (loginStat == 0)
{
/*
* And user authorized OK.
*/
if (authctxt -> hTokenLsa_)
{
doOpenSSHVerify = 0;
/*
* This is part of openssh authorization needed for parsing
* 'options' block in key.
*/
authctxt -> pw -> pw_dir = GetHomeDir(authctxt -> user);
if (PRIVSEP(user_key_allowed(authctxt -> pw, key, 1))) // PRAGMA:TODO
{
authenticated = 1;
}
else
{
authenticated = 0;
}
buffer_free(&b);
free(sig);
}
}
}
if (doOpenSSHVerify)
{
/*
* If lsa fails, test for correct signature using openssh code.
*/
authctxt -> pw -> pw_dir = GetHomeDir(authctxt -> user);
if (PRIVSEP(user_key_allowed(authctxt->pw, key, 0)) //PRAGMA:TODO
&&
PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b))) == 1)
{
authenticated = 1;
}
}
/*
* Original code.
*/
#else /* #ifdef WIN32_FIXME */
if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) &&
PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
buffer_len(&b))) == 1) {
authenticated = 1;
/* Record the successful key to prevent reuse */
auth2_record_userkey(authctxt, key);
key = NULL; /* Don't free below */
}
buffer_free(&b);
free(sig);
#endif /* else #ifdef WIN32_FIXME. */
} else {
debug("test whether pkalg/pkblob are acceptable");
packet_check_eom();
/* XXX fake reply and always send PK_OK ? */
/*
* XXX this allows testing whether a user is allowed
* to login: if you happen to have a valid pubkey this
* message is sent. the message is NEVER sent at all
* if a user is not allowed to login. is this an
* issue? -markus
*/
#ifndef WIN32_FIXME
if (PRIVSEP(user_key_allowed(authctxt->pw, key, 0)))
#endif
{
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
packet_put_string(pkblob, blen);
packet_send();
packet_write_wait();
authctxt->postponed = 1;
}
}
if (authenticated != 1)
auth_clear_options();
done:
debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
if (key != NULL)
key_free(key);
free(pkalg);
free(pkblob);
return authenticated;
}
static int
userauth_pubkey(Authctxt *authctxt)
{
Buffer b;
Key *key = NULL;
char *pkalg, *userstyle;
u_char *pkblob, *sig;
u_int alen, blen, slen;
int have_sig, pktype;
int authenticated = 0;
if (!authctxt->valid) {
debug2("userauth_pubkey: disabled because of invalid user");
return 0;
}
have_sig = packet_get_char();
if (datafellows & SSH_BUG_PKAUTH) {
debug2("userauth_pubkey: SSH_BUG_PKAUTH");
/* no explicit pkalg given */
pkblob = packet_get_string(&blen);
buffer_init(&b);
buffer_append(&b, pkblob, blen);
/* so we have to extract the pkalg from the pkblob */
pkalg = buffer_get_string(&b, &alen);
buffer_free(&b);
} else {
pkalg = packet_get_string(&alen);
pkblob = packet_get_string(&blen);
}
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
logit("userauth_pubkey: unsupported public key algorithm: %s",
pkalg);
goto done;
}
key = key_from_blob(pkblob, blen);
if (key == NULL) {
error("userauth_pubkey: cannot decode key: %s", pkalg);
goto done;
}
if (key->type != pktype) {
error("userauth_pubkey: type mismatch for decoded key "
"(received %d, expected %d)", key->type, pktype);
goto done;
}
if (key_type_plain(key->type) == KEY_RSA &&
(datafellows & SSH_BUG_RSASIGMD5) != 0) {
logit("Refusing RSA key because client uses unsafe "
"signature scheme");
goto done;
}
if (auth2_userkey_already_used(authctxt, key)) {
logit("refusing previously-used %s key", key_type(key));
goto done;
}
if (match_pattern_list(sshkey_ssh_name(key), options.pubkey_key_types,
strlen(options.pubkey_key_types), 0) != 1) {
logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
__func__, sshkey_ssh_name(key));
goto done;
}
if (have_sig) {
sig = packet_get_string(&slen);
packet_check_eom();
buffer_init(&b);
if (datafellows & SSH_OLD_SESSIONID) {
buffer_append(&b, session_id2, session_id2_len);
} else {
buffer_put_string(&b, session_id2, session_id2_len);
}
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : "");
buffer_put_cstring(&b, userstyle);
free(userstyle);
buffer_put_cstring(&b,
datafellows & SSH_BUG_PKSERVICE ?
"ssh-userauth" :
authctxt->service);
if (datafellows & SSH_BUG_PKAUTH) {
buffer_put_char(&b, have_sig);
} else {
buffer_put_cstring(&b, "publickey");
buffer_put_char(&b, have_sig);
buffer_put_cstring(&b, pkalg);
}
buffer_put_string(&b, pkblob, blen);
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
pubkey_auth_info(authctxt, key, NULL);
/* test for correct signature */
authenticated = 0;
if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
buffer_len(&b))) == 1) {
authenticated = 1;
/* Record the successful key to prevent reuse */
auth2_record_userkey(authctxt, key);
key = NULL; /* Don't free below */
}
buffer_free(&b);
free(sig);
} else {
debug("test whether pkalg/pkblob are acceptable");
packet_check_eom();
/* XXX fake reply and always send PK_OK ? */
/*
* XXX this allows testing whether a user is allowed
* to login: if you happen to have a valid pubkey this
* message is sent. the message is NEVER sent at all
* if a user is not allowed to login. is this an
* issue? -markus
*/
if (PRIVSEP(user_key_allowed(authctxt->pw, key))) {
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
packet_put_string(pkblob, blen);
packet_send();
packet_write_wait();
authctxt->postponed = 1;
}
}
if (authenticated != 1)
auth_clear_options();
done:
debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
if (key != NULL)
key_free(key);
free(pkalg);
free(pkblob);
return authenticated;
}
static int
userauth_hostbased(Authctxt *authctxt)
{
Buffer b;
Key *key = NULL;
char *pkalg, *cuser, *chost, *service;
u_char *pkblob, *sig;
u_int alen, blen, slen;
int pktype;
int authenticated = 0;
if (!authctxt->valid) {
debug2("userauth_hostbased: disabled because of invalid user");
return 0;
}
pkalg = packet_get_string(&alen);
pkblob = packet_get_string(&blen);
chost = packet_get_string(NULL);
cuser = packet_get_string(NULL);
sig = packet_get_string(&slen);
debug("userauth_hostbased: cuser %s chost %s pkalg %s slen %d",
cuser, chost, pkalg, slen);
#ifdef DEBUG_PK
debug("signature:");
buffer_init(&b);
buffer_append(&b, sig, slen);
buffer_dump(&b);
buffer_free(&b);
#endif
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
logit("userauth_hostbased: unsupported "
"public key algorithm: %s", pkalg);
goto done;
}
key = key_from_blob(pkblob, blen);
if (key == NULL) {
error("userauth_hostbased: cannot decode key: %s", pkalg);
goto done;
}
if (key->type != pktype) {
error("userauth_hostbased: type mismatch for decoded key "
"(received %d, expected %d)", key->type, pktype);
goto done;
}
service = datafellows & SSH_BUG_HBSERVICE ? __UNCONST("ssh-userauth") :
authctxt->service;
buffer_init(&b);
buffer_put_string(&b, session_id2, session_id2_len);
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->user);
buffer_put_cstring(&b, service);
buffer_put_cstring(&b, "hostbased");
buffer_put_string(&b, pkalg, alen);
buffer_put_string(&b, pkblob, blen);
buffer_put_cstring(&b, chost);
buffer_put_cstring(&b, cuser);
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
/* test for allowed key and correct signature */
authenticated = 0;
if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
buffer_len(&b))) == 1)
authenticated = 1;
buffer_free(&b);
done:
debug2("userauth_hostbased: authenticated %d", authenticated);
if (key != NULL)
key_free(key);
xfree(pkalg);
xfree(pkblob);
xfree(cuser);
xfree(chost);
xfree(sig);
return authenticated;
}
char *
ssh_gssapi_client_mechanisms(const char *host) {
gss_OID_set supported;
OM_uint32 min_status;
Buffer buf;
int i = 0;
char *mechs;
char *encoded;
int enclen;
char digest[EVP_MAX_MD_SIZE];
char deroid[2];
const EVP_MD *evp_md = EVP_md5();
EVP_MD_CTX md;
int oidpos=0;
gss_indicate_mechs(&min_status,&supported);
if (datafellows & SSH_BUG_GSSAPI_BER) {
gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping)
*((supported->count*2)+1));
} else {
gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping)
*(supported->count+1));
}
buffer_init(&buf);
for (i=0;i<supported->count;i++) {
gss_enc2oid[oidpos].encoded=NULL;
if (supported->elements[i].length<128 &&
ssh_gssapi_check_mechanism(&(supported->elements[i]),host)) {
/* Earlier versions of this code interpreted the
* spec incorrectly with regard to OID encoding. They
* also mis-encoded the krb5 OID. The following
* _temporary_ code interfaces with these broken
* servers */
if (datafellows & SSH_BUG_GSSAPI_BER) {
char *bodge=NULL;
gss_OID_desc krb5oid={9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"};
gss_OID_desc gsioid={9, "\x2B\x06\x01\x04\x01\x9B\x50\x01\x01"};
if (supported->elements[i].length==krb5oid.length &&
memcmp(supported->elements[i].elements,
krb5oid.elements, krb5oid.length)==0) {
bodge="Se3H81ismmOC3OE+FwYCiQ==";
}
if (supported->elements[i].length==gsioid.length &&
memcmp(supported->elements[i].elements,
gsioid.elements, gsioid.length)==0) {
bodge="N3+k7/4wGxHyuP8Yxi4RhA==";
}
if (bodge) {
if (oidpos!=0) {
buffer_put_char(&buf,',');
}
buffer_append(&buf, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1);
buffer_append(&buf, bodge, strlen(bodge));
gss_enc2oid[oidpos].oid=&(supported->elements[i]);
gss_enc2oid[oidpos].encoded=bodge;
oidpos++;
}
}
/* Add the required DER encoding octets and MD5 hash */
deroid[0]=0x06; /* Object Identifier */
deroid[1]=supported->elements[i].length;
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md,deroid,2);
EVP_DigestUpdate(&md,
supported->elements[i].elements,
supported->elements[i].length);
EVP_DigestFinal(&md, digest, NULL);
/* Base64 encode it */
encoded=xmalloc(EVP_MD_size(evp_md)*2);
enclen=__b64_ntop(digest, EVP_MD_size(evp_md),
encoded,EVP_MD_size(evp_md)*2);
if (oidpos!=0) {
buffer_put_char(&buf,',');
}
buffer_append(&buf, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1);
buffer_append(&buf, encoded, enclen);
debug("Mechanism encoded as %s",encoded);
gss_enc2oid[oidpos].oid=&(supported->elements[i]);
gss_enc2oid[oidpos].encoded=encoded;
oidpos++;
}
}
gss_enc2oid[oidpos].oid=NULL;
gss_enc2oid[oidpos].encoded=NULL;
buffer_put_char(&buf,'\0');
mechs=xmalloc(buffer_len(&buf));
buffer_get(&buf,mechs,buffer_len(&buf));
buffer_free(&buf);
if (strlen(mechs)==0)
return(NULL);
else
return(mechs);
}
/* process the characters one by one */
static int
process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
{
char string[1024];
pid_t pid;
int bytes = 0;
u_int i;
u_char ch;
char *s;
for (i = 0; i < len; i++) {
/* Get one character at a time. */
ch = buf[i];
if (escape_pending) {
/* We have previously seen an escape character. */
/* Clear the flag now. */
escape_pending = 0;
/* Process the escaped character. */
switch (ch) {
case '.':
/* Terminate the connection. */
snprintf(string, sizeof string, "%c.\r\n", escape_char);
buffer_append(berr, string, strlen(string));
quit_pending = 1;
return -1;
case 'Z' - 64:
/* Suspend the program. */
/* Print a message to that effect to the user. */
snprintf(string, sizeof string, "%c^Z [suspend ssh]\r\n", escape_char);
buffer_append(berr, string, strlen(string));
/* Restore terminal modes and suspend. */
client_suspend_self(bin, bout, berr);
/* We have been continued. */
continue;
case 'B':
if (compat20) {
snprintf(string, sizeof string,
"%cB\r\n", escape_char);
buffer_append(berr, string,
strlen(string));
channel_request_start(session_ident,
"break", 0);
packet_put_int(1000);
packet_send();
}
continue;
case 'R':
if (compat20) {
if (datafellows & SSH_BUG_NOREKEY)
logit("Server does not support re-keying");
else
need_rekeying = 1;
}
continue;
case '&':
/*
* Detach the program (continue to serve connections,
* but put in background and no more new connections).
*/
/* Restore tty modes. */
leave_raw_mode();
/* Stop listening for new connections. */
channel_stop_listening();
snprintf(string, sizeof string,
"%c& [backgrounded]\n", escape_char);
buffer_append(berr, string, strlen(string));
/* Fork into background. */
pid = fork();
if (pid < 0) {
error("fork: %.100s", strerror(errno));
continue;
}
if (pid != 0) { /* This is the parent. */
/* The parent just exits. */
exit(0);
}
/* The child continues serving connections. */
if (compat20) {
buffer_append(bin, "\004", 1);
/* fake EOF on stdin */
return -1;
} else if (!stdin_eof) {
/*
* Sending SSH_CMSG_EOF alone does not always appear
* to be enough. So we try to send an EOF character
* first.
*/
packet_start(SSH_CMSG_STDIN_DATA);
packet_put_string("\004", 1);
packet_send();
/* Close stdin. */
stdin_eof = 1;
if (buffer_len(bin) == 0) {
packet_start(SSH_CMSG_EOF);
packet_send();
}
}
continue;
case '?':
snprintf(string, sizeof string,
"%c?\r\n\
Supported escape sequences:\r\n\
%c. - terminate connection\r\n\
%cB - send a BREAK to the remote system\r\n\
%cC - open a command line\r\n\
%cR - Request rekey (SSH protocol 2 only)\r\n\
%c^Z - suspend ssh\r\n\
%c# - list forwarded connections\r\n\
%c& - background ssh (when waiting for connections to terminate)\r\n\
%c? - this message\r\n\
%c%c - send the escape character by typing it twice\r\n\
(Note that escapes are only recognized immediately after newline.)\r\n",
escape_char, escape_char, escape_char, escape_char,
escape_char, escape_char, escape_char, escape_char,
escape_char, escape_char, escape_char);
buffer_append(berr, string, strlen(string));
continue;
case '#':
snprintf(string, sizeof string, "%c#\r\n", escape_char);
buffer_append(berr, string, strlen(string));
s = channel_open_message();
buffer_append(berr, s, strlen(s));
xfree(s);
continue;
case 'C':
process_cmdline();
continue;
default:
if (ch != escape_char) {
buffer_put_char(bin, escape_char);
bytes++;
}
/* Escaped characters fall through here */
break;
}
} else {
/*
* The previous character was not an escape char. Check if this
* is an escape.
*/
if (last_was_cr && ch == escape_char) {
/* It is. Set the flag and continue to next character. */
escape_pending = 1;
continue;
}
}
/*
* Normal character. Record whether it was a newline,
* and append it to the buffer.
*/
last_was_cr = (ch == '\r' || ch == '\n');
buffer_put_char(bin, ch);
bytes++;
}
static int
userauth_pubkey(Authctxt *authctxt)
{
Buffer b;
Key *key = NULL;
char *pkalg;
u_char *pkblob, *sig;
u_int alen, blen, slen;
int have_sig, pktype;
int authenticated = 0;
if (!authctxt->valid) {
debug2("userauth_pubkey: disabled because of invalid user");
return 0;
}
have_sig = packet_get_char();
if (datafellows & SSH_BUG_PKAUTH) {
debug2("userauth_pubkey: SSH_BUG_PKAUTH");
/* no explicit pkalg given */
pkblob = packet_get_string(&blen);
buffer_init(&b);
buffer_append(&b, pkblob, blen);
/* so we have to extract the pkalg from the pkblob */
pkalg = buffer_get_string(&b, &alen);
buffer_free(&b);
} else {
pkalg = packet_get_string(&alen);
pkblob = packet_get_string(&blen);
}
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
logit("userauth_pubkey: unsupported public key algorithm: %s",
pkalg);
goto done;
}
key = key_from_blob(pkblob, blen);
if (key == NULL) {
error("userauth_pubkey: cannot decode key: %s", pkalg);
goto done;
}
if (key->type != pktype) {
error("userauth_pubkey: type mismatch for decoded key "
"(received %d, expected %d)", key->type, pktype);
goto done;
}
if (have_sig) {
sig = packet_get_string(&slen);
packet_check_eom();
buffer_init(&b);
if (datafellows & SSH_OLD_SESSIONID) {
buffer_append(&b, session_id2, session_id2_len);
} else {
buffer_put_string(&b, session_id2, session_id2_len);
}
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->user);
buffer_put_cstring(&b,
datafellows & SSH_BUG_PKSERVICE ?
"ssh-userauth" :
authctxt->service);
if (datafellows & SSH_BUG_PKAUTH) {
buffer_put_char(&b, have_sig);
} else {
buffer_put_cstring(&b, "publickey");
buffer_put_char(&b, have_sig);
buffer_put_cstring(&b, pkalg);
}
buffer_put_string(&b, pkblob, blen);
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
/* test for correct signature */
authenticated = 0;
if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
buffer_len(&b))) == 1)
authenticated = 1;
buffer_free(&b);
xfree(sig);
} else {
debug("test whether pkalg/pkblob are acceptable");
packet_check_eom();
/* XXX fake reply and always send PK_OK ? */
/*
* XXX this allows testing whether a user is allowed
* to login: if you happen to have a valid pubkey this
* message is sent. the message is NEVER sent at all
* if a user is not allowed to login. is this an
* issue? -markus
*/
if (PRIVSEP(user_key_allowed(authctxt->pw, key))) {
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
packet_put_string(pkblob, blen);
packet_send();
packet_write_wait();
authctxt->postponed = 1;
}
}
if (authenticated != 1)
auth_clear_options();
done:
debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
if (key != NULL)
key_free(key);
xfree(pkalg);
xfree(pkblob);
return authenticated;
}
int
mm_answer_pwnamallow(int sock, Buffer *m)
{
char *username;
struct passwd *pwent;
int allowed = 0;
debug3("%s", __func__);
if (authctxt->attempt++ != 0)
fatal("%s: multiple attempts for getpwnam", __func__);
username = buffer_get_string(m, NULL);
pwent = getpwnamallow(username);
authctxt->user = xstrdup(username);
setproctitle("%s [priv]", pwent ? username : "******");
xfree(username);
buffer_clear(m);
if (pwent == NULL) {
buffer_put_char(m, 0);
authctxt->pw = fakepw();
goto out;
}
allowed = 1;
authctxt->pw = pwent;
authctxt->valid = 1;
buffer_put_char(m, 1);
buffer_put_string(m, pwent, sizeof(struct passwd));
buffer_put_cstring(m, pwent->pw_name);
buffer_put_cstring(m, "*");
buffer_put_cstring(m, pwent->pw_gecos);
#ifdef HAVE_PW_CLASS_IN_PASSWD
buffer_put_cstring(m, pwent->pw_class);
#endif
buffer_put_cstring(m, pwent->pw_dir);
buffer_put_cstring(m, pwent->pw_shell);
out:
debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
mm_request_send(sock, MONITOR_ANS_PWNAM, m);
/* For SSHv1 allow authentication now */
if (!compat20)
monitor_permit_authentications(1);
else {
/* Allow service/style information on the auth context */
monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
}
#ifdef USE_PAM
if (options.use_pam)
monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);
#endif
#ifdef SSH_AUDIT_EVENTS
monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_COMMAND, 1);
#endif
return (0);
}
// SHA-1(160bit)/SHA-256(256bit)を求める
unsigned char *kex_dh_gex_hash(const EVP_MD *evp_md,
char *client_version_string,
char *server_version_string,
char *ckexinit, int ckexinitlen,
char *skexinit, int skexinitlen,
u_char *serverhostkeyblob, int sbloblen,
int kexgex_min,
int kexgex_bits,
int kexgex_max,
BIGNUM *kexgex_p,
BIGNUM *kexgex_g,
BIGNUM *client_dh_pub,
BIGNUM *server_dh_pub,
BIGNUM *shared_secret,
unsigned int *hashlen)
{
buffer_t *b;
static unsigned char digest[EVP_MAX_MD_SIZE];
EVP_MD_CTX md;
b = buffer_init();
buffer_put_string(b, client_version_string, strlen(client_version_string));
buffer_put_string(b, server_version_string, strlen(server_version_string));
/* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
buffer_put_int(b, ckexinitlen+1);
buffer_put_char(b, SSH2_MSG_KEXINIT);
buffer_append(b, ckexinit, ckexinitlen);
buffer_put_int(b, skexinitlen+1);
buffer_put_char(b, SSH2_MSG_KEXINIT);
buffer_append(b, skexinit, skexinitlen);
buffer_put_string(b, serverhostkeyblob, sbloblen);
// DH group sizeのビット数を加算する
buffer_put_int(b, kexgex_min);
buffer_put_int(b, kexgex_bits);
buffer_put_int(b, kexgex_max);
// DH鍵の素数と生成元を加算する
buffer_put_bignum2(b, kexgex_p);
buffer_put_bignum2(b, kexgex_g);
buffer_put_bignum2(b, client_dh_pub);
buffer_put_bignum2(b, server_dh_pub);
buffer_put_bignum2(b, shared_secret);
// yutaka
//debug_print(38, buffer_ptr(b), buffer_len(b));
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b));
EVP_DigestFinal(&md, digest, NULL);
buffer_free(b);
//write_buffer_file(digest, EVP_MD_size(evp_md));
*hashlen = EVP_MD_size(evp_md);
return digest;
}