summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-01-12 19:21:22 +1100
committerDamien Miller <djm@mindrot.org>2014-01-12 19:21:22 +1100
commit91b580e4bec55118bf96ab3cdbe5a50839e75d0a (patch)
tree32e4083c5a8cd285e1b0b13f9b77992db535cba4
parentaf5d4481f4c7c8c3c746e68b961bb85ef907800e (diff)
- djm@cvs.openbsd.org 2014/01/12 08:13:13
[bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c] [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c] avoid use of OpenSSL BIGNUM type and functions for KEX with Curve25519 by adding a buffer_put_bignum2_from_string() that stores a string using the bignum encoding rules. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in the future; ok markus@
Diffstat
-rw-r--r--ChangeLog8
-rw-r--r--bufaux.c75
-rw-r--r--buffer.h6
-rw-r--r--kex.c23
-rw-r--r--kex.h11
-rw-r--r--kexc25519.c18
-rw-r--r--kexc25519c.c15
-rw-r--r--kexc25519s.c15
-rw-r--r--kexdhc.c4
-rw-r--r--kexdhs.c4
-rw-r--r--kexecdhc.c4
-rw-r--r--kexecdhs.c4
-rw-r--r--kexgexc.c4
-rw-r--r--kexgexs.c4
14 files changed, 147 insertions, 48 deletions
diff --git a/ChangeLog b/ChangeLog
index 99b846e3c..e30cec1a4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,14 @@
3 - djm@cvs.openbsd.org 2014/01/10 05:59:19 3 - djm@cvs.openbsd.org 2014/01/10 05:59:19
4 [sshd_config] 4 [sshd_config]
5 the /etc/ssh/ssh_host_ed25519_key is loaded by default too 5 the /etc/ssh/ssh_host_ed25519_key is loaded by default too
6 - djm@cvs.openbsd.org 2014/01/12 08:13:13
7 [bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c]
8 [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c]
9 avoid use of OpenSSL BIGNUM type and functions for KEX with
10 Curve25519 by adding a buffer_put_bignum2_from_string() that stores
11 a string using the bignum encoding rules. Will make it easier to
12 build a reduced-feature OpenSSH without OpenSSL in the future;
13 ok markus@
6 14
720140110 1520140110
8 - (djm) OpenBSD CVS Sync 16 - (djm) OpenBSD CVS Sync
diff --git a/bufaux.c b/bufaux.c
index 3e70b8d90..9401fe1d0 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bufaux.c,v 1.53 2013/11/08 11:15:19 dtucker Exp $ */ 1/* $OpenBSD: bufaux.c,v 1.54 2014/01/12 08:13:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -315,3 +315,76 @@ buffer_put_char(Buffer *buffer, int value)
315 315
316 buffer_append(buffer, &ch, 1); 316 buffer_append(buffer, &ch, 1);
317} 317}
318
319/* Pseudo bignum functions */
320
321void *
322buffer_get_bignum2_as_string_ret(Buffer *buffer, u_int *length_ptr)
323{
324 u_int len;
325 u_char *bin, *p, *ret;
326
327 if ((p = bin = buffer_get_string_ret(buffer, &len)) == NULL) {
328 error("%s: invalid bignum", __func__);
329 return NULL;
330 }
331
332 if (len > 0 && (bin[0] & 0x80)) {
333 error("%s: negative numbers not supported", __func__);
334 free(bin);
335 return NULL;
336 }
337 if (len > 8 * 1024) {
338 error("%s: cannot handle BN of size %d", __func__, len);
339 free(bin);
340 return NULL;
341 }
342 /* Skip zero prefix on numbers with the MSB set */
343 if (len > 1 && bin[0] == 0x00 && (bin[1] & 0x80) != 0) {
344 p++;
345 len--;
346 }
347 ret = xmalloc(len);
348 memcpy(ret, p, len);
349 memset(p, '\0', len);
350 free(bin);
351 return ret;
352}
353
354void *
355buffer_get_bignum2_as_string(Buffer *buffer, u_int *l)
356{
357 void *ret = buffer_get_bignum2_as_string_ret(buffer, l);
358
359 if (ret == NULL)
360 fatal("%s: buffer error", __func__);
361 return ret;
362}
363
364/*
365 * Stores a string using the bignum encoding rules (\0 pad if MSB set).
366 */
367void
368buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l)
369{
370 u_char *buf, *p;
371 int pad = 0;
372
373 if (l > 8 * 1024)
374 fatal("%s: length %u too long", __func__, l);
375 p = buf = xmalloc(l + 1);
376 /*
377 * If most significant bit is set then prepend a zero byte to
378 * avoid interpretation as a negative number.
379 */
380 if (l > 0 && (s[0] & 0x80) != 0) {
381 *p++ = '\0';
382 pad = 1;
383 }
384 memcpy(p, s, l);
385 buffer_put_string(buffer, buf, l + pad);
386 memset(buf, '\0', l + pad);
387 free(buf);
388}
389
390
diff --git a/buffer.h b/buffer.h
index 4fa2ca112..7df8a38fa 100644
--- a/buffer.h
+++ b/buffer.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: buffer.h,v 1.22 2013/07/12 00:19:58 djm Exp $ */ 1/* $OpenBSD: buffer.h,v 1.23 2014/01/12 08:13:13 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -86,6 +86,10 @@ char *buffer_get_cstring_ret(Buffer *, u_int *);
86void *buffer_get_string_ptr_ret(Buffer *, u_int *); 86void *buffer_get_string_ptr_ret(Buffer *, u_int *);
87int buffer_get_char_ret(u_char *, Buffer *); 87int buffer_get_char_ret(u_char *, Buffer *);
88 88
89void *buffer_get_bignum2_as_string_ret(Buffer *, u_int *);
90void *buffer_get_bignum2_as_string(Buffer *, u_int *);
91void buffer_put_bignum2_from_string(Buffer *, const u_char *, u_int);
92
89#ifdef OPENSSL_HAS_ECC 93#ifdef OPENSSL_HAS_ECC
90#include <openssl/ec.h> 94#include <openssl/ec.h>
91 95
diff --git a/kex.c b/kex.c
index dbb1a9816..7d054cdcb 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.94 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: kex.c,v 1.95 2014/01/12 08:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -534,7 +534,7 @@ kex_choose_conf(Kex *kex)
534 534
535static u_char * 535static u_char *
536derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen, 536derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen,
537 BIGNUM *shared_secret) 537 const u_char *shared_secret, u_int slen)
538{ 538{
539 Buffer b; 539 Buffer b;
540 struct ssh_digest_ctx *hashctx; 540 struct ssh_digest_ctx *hashctx;
@@ -548,7 +548,7 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen,
548 digest = xmalloc(roundup(need, mdsz)); 548 digest = xmalloc(roundup(need, mdsz));
549 549
550 buffer_init(&b); 550 buffer_init(&b);
551 buffer_put_bignum2(&b, shared_secret); 551 buffer_append(&b, shared_secret, slen);
552 552
553 /* K1 = HASH(K || H || "A" || session_id) */ 553 /* K1 = HASH(K || H || "A" || session_id) */
554 if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL) 554 if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL)
@@ -591,14 +591,15 @@ Newkeys *current_keys[MODE_MAX];
591 591
592#define NKEYS 6 592#define NKEYS 6
593void 593void
594kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret) 594kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen,
595 const u_char *shared_secret, u_int slen)
595{ 596{
596 u_char *keys[NKEYS]; 597 u_char *keys[NKEYS];
597 u_int i, mode, ctos; 598 u_int i, mode, ctos;
598 599
599 for (i = 0; i < NKEYS; i++) { 600 for (i = 0; i < NKEYS; i++) {
600 keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, hashlen, 601 keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, hashlen,
601 shared_secret); 602 shared_secret, slen);
602 } 603 }
603 604
604 debug2("kex_derive_keys"); 605 debug2("kex_derive_keys");
@@ -613,6 +614,18 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret)
613 } 614 }
614} 615}
615 616
617void
618kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret)
619{
620 Buffer shared_secret;
621
622 buffer_init(&shared_secret);
623 buffer_put_bignum2(&shared_secret, secret);
624 kex_derive_keys(kex, hash, hashlen,
625 buffer_ptr(&shared_secret), buffer_len(&shared_secret));
626 buffer_free(&shared_secret);
627}
628
616Newkeys * 629Newkeys *
617kex_get_newkeys(int mode) 630kex_get_newkeys(int mode)
618{ 631{
diff --git a/kex.h b/kex.h
index fbe4940e8..7e2878f70 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.h,v 1.59 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: kex.h,v 1.60 2014/01/12 08:13:13 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -153,7 +153,8 @@ void kex_finish(Kex *);
153 153
154void kex_send_kexinit(Kex *); 154void kex_send_kexinit(Kex *);
155void kex_input_kexinit(int, u_int32_t, void *); 155void kex_input_kexinit(int, u_int32_t, void *);
156void kex_derive_keys(Kex *, u_char *, u_int, BIGNUM *); 156void kex_derive_keys(Kex *, u_char *, u_int, const u_char *, u_int);
157void kex_derive_keys_bn(Kex *, u_char *, u_int, const BIGNUM *);
157 158
158Newkeys *kex_get_newkeys(int); 159Newkeys *kex_get_newkeys(int);
159 160
@@ -182,14 +183,14 @@ kex_ecdh_hash(int, const EC_GROUP *, char *, char *, char *, int,
182void 183void
183kex_c25519_hash(int, char *, char *, char *, int, 184kex_c25519_hash(int, char *, char *, char *, int,
184 char *, int, u_char *, int, const u_char *, const u_char *, 185 char *, int, u_char *, int, const u_char *, const u_char *,
185 const BIGNUM *, u_char **, u_int *); 186 const u_char *, u_int, u_char **, u_int *);
186 187
187#define CURVE25519_SIZE 32 188#define CURVE25519_SIZE 32
188void kexc25519_keygen(u_char[CURVE25519_SIZE], u_char[CURVE25519_SIZE]) 189void kexc25519_keygen(u_char[CURVE25519_SIZE], u_char[CURVE25519_SIZE])
189 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) 190 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
190 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); 191 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
191BIGNUM *kexc25519_shared_key(const u_char[CURVE25519_SIZE], 192void kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
192 const u_char[CURVE25519_SIZE]) 193 const u_char pub[CURVE25519_SIZE], Buffer *out)
193 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) 194 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
194 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); 195 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
195 196
diff --git a/kexc25519.c b/kexc25519.c
index 8dd363991..48ca4aaa2 100644
--- a/kexc25519.c
+++ b/kexc25519.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexc25519.c,v 1.3 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: kexc25519.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -58,23 +58,19 @@ kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
58 crypto_scalarmult_curve25519(pub, key, basepoint); 58 crypto_scalarmult_curve25519(pub, key, basepoint);
59} 59}
60 60
61BIGNUM * 61void
62kexc25519_shared_key(const u_char key[CURVE25519_SIZE], 62kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
63 const u_char pub[CURVE25519_SIZE]) 63 const u_char pub[CURVE25519_SIZE], Buffer *out)
64{ 64{
65 u_char shared_key[CURVE25519_SIZE]; 65 u_char shared_key[CURVE25519_SIZE];
66 BIGNUM *shared_secret;
67 66
68 crypto_scalarmult_curve25519(shared_key, key, pub); 67 crypto_scalarmult_curve25519(shared_key, key, pub);
69#ifdef DEBUG_KEXECDH 68#ifdef DEBUG_KEXECDH
70 dump_digest("shared secret", shared_key, CURVE25519_SIZE); 69 dump_digest("shared secret", shared_key, CURVE25519_SIZE);
71#endif 70#endif
72 if ((shared_secret = BN_new()) == NULL) 71 buffer_clear(out);
73 fatal("%s: BN_new failed", __func__); 72 buffer_put_bignum2_from_string(out, shared_key, CURVE25519_SIZE);
74 if (BN_bin2bn(shared_key, sizeof(shared_key), shared_secret) == NULL)
75 fatal("%s: BN_bin2bn failed", __func__);
76 memset(shared_key, 0, CURVE25519_SIZE); /* XXX explicit_bzero() */ 73 memset(shared_key, 0, CURVE25519_SIZE); /* XXX explicit_bzero() */
77 return (shared_secret);
78} 74}
79 75
80void 76void
@@ -87,7 +83,7 @@ kex_c25519_hash(
87 u_char *serverhostkeyblob, int sbloblen, 83 u_char *serverhostkeyblob, int sbloblen,
88 const u_char client_dh_pub[CURVE25519_SIZE], 84 const u_char client_dh_pub[CURVE25519_SIZE],
89 const u_char server_dh_pub[CURVE25519_SIZE], 85 const u_char server_dh_pub[CURVE25519_SIZE],
90 const BIGNUM *shared_secret, 86 const u_char *shared_secret, u_int secretlen,
91 u_char **hash, u_int *hashlen) 87 u_char **hash, u_int *hashlen)
92{ 88{
93 Buffer b; 89 Buffer b;
@@ -108,7 +104,7 @@ kex_c25519_hash(
108 buffer_put_string(&b, serverhostkeyblob, sbloblen); 104 buffer_put_string(&b, serverhostkeyblob, sbloblen);
109 buffer_put_string(&b, client_dh_pub, CURVE25519_SIZE); 105 buffer_put_string(&b, client_dh_pub, CURVE25519_SIZE);
110 buffer_put_string(&b, server_dh_pub, CURVE25519_SIZE); 106 buffer_put_string(&b, server_dh_pub, CURVE25519_SIZE);
111 buffer_put_bignum2(&b, shared_secret); 107 buffer_append(&b, shared_secret, secretlen);
112 108
113#ifdef DEBUG_KEX 109#ifdef DEBUG_KEX
114 buffer_dump(&b); 110 buffer_dump(&b);
diff --git a/kexc25519c.c b/kexc25519c.c
index 4655c2542..a80678af6 100644
--- a/kexc25519c.c
+++ b/kexc25519c.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexc25519c.c,v 1.3 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: kexc25519c.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -45,7 +45,6 @@
45void 45void
46kexc25519_client(Kex *kex) 46kexc25519_client(Kex *kex)
47{ 47{
48 BIGNUM *shared_secret;
49 Key *server_host_key; 48 Key *server_host_key;
50 u_char client_key[CURVE25519_SIZE]; 49 u_char client_key[CURVE25519_SIZE];
51 u_char client_pubkey[CURVE25519_SIZE]; 50 u_char client_pubkey[CURVE25519_SIZE];
@@ -53,6 +52,7 @@ kexc25519_client(Kex *kex)
53 u_char *server_host_key_blob = NULL, *signature = NULL; 52 u_char *server_host_key_blob = NULL, *signature = NULL;
54 u_char *hash; 53 u_char *hash;
55 u_int slen, sbloblen, hashlen; 54 u_int slen, sbloblen, hashlen;
55 Buffer shared_secret;
56 56
57 kexc25519_keygen(client_key, client_pubkey); 57 kexc25519_keygen(client_key, client_pubkey);
58 58
@@ -93,7 +93,8 @@ kexc25519_client(Kex *kex)
93 signature = packet_get_string(&slen); 93 signature = packet_get_string(&slen);
94 packet_check_eom(); 94 packet_check_eom();
95 95
96 shared_secret = kexc25519_shared_key(client_key, server_pubkey); 96 buffer_init(&shared_secret);
97 kexc25519_shared_key(client_key, server_pubkey, &shared_secret);
97 98
98 /* calc and verify H */ 99 /* calc and verify H */
99 kex_c25519_hash( 100 kex_c25519_hash(
@@ -105,7 +106,7 @@ kexc25519_client(Kex *kex)
105 server_host_key_blob, sbloblen, 106 server_host_key_blob, sbloblen,
106 client_pubkey, 107 client_pubkey,
107 server_pubkey, 108 server_pubkey,
108 shared_secret, 109 buffer_ptr(&shared_secret), buffer_len(&shared_secret),
109 &hash, &hashlen 110 &hash, &hashlen
110 ); 111 );
111 free(server_host_key_blob); 112 free(server_host_key_blob);
@@ -121,8 +122,8 @@ kexc25519_client(Kex *kex)
121 kex->session_id = xmalloc(kex->session_id_len); 122 kex->session_id = xmalloc(kex->session_id_len);
122 memcpy(kex->session_id, hash, kex->session_id_len); 123 memcpy(kex->session_id, hash, kex->session_id_len);
123 } 124 }
124 125 kex_derive_keys(kex, hash, hashlen,
125 kex_derive_keys(kex, hash, hashlen, shared_secret); 126 buffer_ptr(&shared_secret), buffer_len(&shared_secret));
126 BN_clear_free(shared_secret); 127 buffer_free(&shared_secret);
127 kex_finish(kex); 128 kex_finish(kex);
128} 129}
diff --git a/kexc25519s.c b/kexc25519s.c
index dc4f56c80..2b8e8efa1 100644
--- a/kexc25519s.c
+++ b/kexc25519s.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexc25519s.c,v 1.3 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: kexc25519s.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -42,7 +42,6 @@
42void 42void
43kexc25519_server(Kex *kex) 43kexc25519_server(Kex *kex)
44{ 44{
45 BIGNUM *shared_secret;
46 Key *server_host_private, *server_host_public; 45 Key *server_host_private, *server_host_public;
47 u_char *server_host_key_blob = NULL, *signature = NULL; 46 u_char *server_host_key_blob = NULL, *signature = NULL;
48 u_char server_key[CURVE25519_SIZE]; 47 u_char server_key[CURVE25519_SIZE];
@@ -50,6 +49,7 @@ kexc25519_server(Kex *kex)
50 u_char server_pubkey[CURVE25519_SIZE]; 49 u_char server_pubkey[CURVE25519_SIZE];
51 u_char *hash; 50 u_char *hash;
52 u_int slen, sbloblen, hashlen; 51 u_int slen, sbloblen, hashlen;
52 Buffer shared_secret;
53 53
54 /* generate private key */ 54 /* generate private key */
55 kexc25519_keygen(server_key, server_pubkey); 55 kexc25519_keygen(server_key, server_pubkey);
@@ -76,7 +76,8 @@ kexc25519_server(Kex *kex)
76 dump_digest("client public key:", client_pubkey, CURVE25519_SIZE); 76 dump_digest("client public key:", client_pubkey, CURVE25519_SIZE);
77#endif 77#endif
78 78
79 shared_secret = kexc25519_shared_key(server_key, client_pubkey); 79 buffer_init(&shared_secret);
80 kexc25519_shared_key(server_key, client_pubkey, &shared_secret);
80 81
81 /* calc H */ 82 /* calc H */
82 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); 83 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
@@ -89,7 +90,7 @@ kexc25519_server(Kex *kex)
89 server_host_key_blob, sbloblen, 90 server_host_key_blob, sbloblen,
90 client_pubkey, 91 client_pubkey,
91 server_pubkey, 92 server_pubkey,
92 shared_secret, 93 buffer_ptr(&shared_secret), buffer_len(&shared_secret),
93 &hash, &hashlen 94 &hash, &hashlen
94 ); 95 );
95 96
@@ -117,7 +118,9 @@ kexc25519_server(Kex *kex)
117 free(server_host_key_blob); 118 free(server_host_key_blob);
118 /* have keys, free server key */ 119 /* have keys, free server key */
119 free(client_pubkey); 120 free(client_pubkey);
120 kex_derive_keys(kex, hash, hashlen, shared_secret); 121
121 BN_clear_free(shared_secret); 122 kex_derive_keys(kex, hash, hashlen,
123 buffer_ptr(&shared_secret), buffer_len(&shared_secret));
124 buffer_free(&shared_secret);
122 kex_finish(kex); 125 kex_finish(kex);
123} 126}
diff --git a/kexdhc.c b/kexdhc.c
index ccd137cac..78509af21 100644
--- a/kexdhc.c
+++ b/kexdhc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */ 1/* $OpenBSD: kexdhc.c,v 1.14 2014/01/12 08:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -155,7 +155,7 @@ kexdh_client(Kex *kex)
155 memcpy(kex->session_id, hash, kex->session_id_len); 155 memcpy(kex->session_id, hash, kex->session_id_len);
156 } 156 }
157 157
158 kex_derive_keys(kex, hash, hashlen, shared_secret); 158 kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
159 BN_clear_free(shared_secret); 159 BN_clear_free(shared_secret);
160 kex_finish(kex); 160 kex_finish(kex);
161} 161}
diff --git a/kexdhs.c b/kexdhs.c
index 39b9aba54..d2c7adc96 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhs.c,v 1.16 2013/11/02 22:24:24 markus Exp $ */ 1/* $OpenBSD: kexdhs.c,v 1.17 2014/01/12 08:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -154,7 +154,7 @@ kexdh_server(Kex *kex)
154 /* have keys, free DH */ 154 /* have keys, free DH */
155 DH_free(dh); 155 DH_free(dh);
156 156
157 kex_derive_keys(kex, hash, hashlen, shared_secret); 157 kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
158 BN_clear_free(shared_secret); 158 BN_clear_free(shared_secret);
159 kex_finish(kex); 159 kex_finish(kex);
160} 160}
diff --git a/kexecdhc.c b/kexecdhc.c
index fc62cec55..e3d1cf5f9 100644
--- a/kexecdhc.c
+++ b/kexecdhc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexecdhc.c,v 1.5 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: kexecdhc.c,v 1.6 2014/01/12 08:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -152,7 +152,7 @@ kexecdh_client(Kex *kex)
152 memcpy(kex->session_id, hash, kex->session_id_len); 152 memcpy(kex->session_id, hash, kex->session_id_len);
153 } 153 }
154 154
155 kex_derive_keys(kex, hash, hashlen, shared_secret); 155 kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
156 BN_clear_free(shared_secret); 156 BN_clear_free(shared_secret);
157 kex_finish(kex); 157 kex_finish(kex);
158} 158}
diff --git a/kexecdhs.c b/kexecdhs.c
index d1dd8c7fb..6fbb79c9d 100644
--- a/kexecdhs.c
+++ b/kexecdhs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexecdhs.c,v 1.8 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: kexecdhs.c,v 1.9 2014/01/12 08:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -148,7 +148,7 @@ kexecdh_server(Kex *kex)
148 /* have keys, free server key */ 148 /* have keys, free server key */
149 EC_KEY_free(server_key); 149 EC_KEY_free(server_key);
150 150
151 kex_derive_keys(kex, hash, hashlen, shared_secret); 151 kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
152 BN_clear_free(shared_secret); 152 BN_clear_free(shared_secret);
153 kex_finish(kex); 153 kex_finish(kex);
154} 154}
diff --git a/kexgexc.c b/kexgexc.c
index ca771edfe..a69ff2705 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexc.c,v 1.14 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: kexgexc.c,v 1.15 2014/01/12 08:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -200,7 +200,7 @@ kexgex_client(Kex *kex)
200 kex->session_id = xmalloc(kex->session_id_len); 200 kex->session_id = xmalloc(kex->session_id_len);
201 memcpy(kex->session_id, hash, kex->session_id_len); 201 memcpy(kex->session_id, hash, kex->session_id_len);
202 } 202 }
203 kex_derive_keys(kex, hash, hashlen, shared_secret); 203 kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
204 BN_clear_free(shared_secret); 204 BN_clear_free(shared_secret);
205 205
206 kex_finish(kex); 206 kex_finish(kex);
diff --git a/kexgexs.c b/kexgexs.c
index 90853403e..8773778ed 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexs.c,v 1.17 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: kexgexs.c,v 1.18 2014/01/12 08:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -201,7 +201,7 @@ kexgex_server(Kex *kex)
201 /* have keys, free DH */ 201 /* have keys, free DH */
202 DH_free(dh); 202 DH_free(dh);
203 203
204 kex_derive_keys(kex, hash, hashlen, shared_secret); 204 kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
205 BN_clear_free(shared_secret); 205 BN_clear_free(shared_secret);
206 206
207 kex_finish(kex); 207 kex_finish(kex);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 22:04:46 +0000