NetBSD/dist/ntp/README.rsa

If you want to use the RSA stuff for crypto keys:

- Get RSAREF or RSAEURO (or a reasonable facsimile thereof)
- - Unpack it in the top-level source directory of the NTP distribution
    in a directory named rsaref2
    (You should see directories like ports, rsaref2, scripts)

Make sure rsa.c has the security patch applied - a copy of it is at the
end of this file.

When you run configure, the Right Thing will happen.

Be advised that the RSA DES code is not quite as portable os one might
wish for.  In particular, DES under NTP will only work between machines
of the same "endianness".

Dave would prefer that new/alternative encryption schemes follow the
RSA API.


--- rsa.c.orig	Fri Mar 25 14:01:48 1994
+++ rsaref2/source/rsa.c	Mon Dec 13 13:10:28 1999
@@ -33,6 +33,9 @@
   unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN];
   unsigned int i, modulusLen;
   
+  if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+    return (RE_LEN);
+
   modulusLen = (publicKey->bits + 7) / 8;
   if (inputLen + 11 > modulusLen)
     return (RE_LEN);
@@ -78,6 +81,9 @@
   unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
   unsigned int i, modulusLen, pkcsBlockLen;
   
+  if (publicKey->bits > MAX_RSA_MODULUS_BITS)
+    return (RE_LEN);
+
   modulusLen = (publicKey->bits + 7) / 8;
   if (inputLen > modulusLen)
     return (RE_LEN);
@@ -128,6 +134,9 @@
   int status;
   unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
   unsigned int i, modulusLen;
+
+  if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+    return (RE_LEN);
   
   modulusLen = (privateKey->bits + 7) / 8;
   if (inputLen + 11 > modulusLen)
@@ -168,6 +177,9 @@
   unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN];
   unsigned int i, modulusLen, pkcsBlockLen;
   
+  if (privateKey->bits > MAX_RSA_MODULUS_BITS)
+    return (RE_LEN);
+
   modulusLen = (privateKey->bits + 7) / 8;
   if (inputLen > modulusLen)
     return (RE_LEN);