upstream: factor out DH keygen; it's identical between the client

and the server

from markus@ ok djm@

OpenBSD-Commit-ID: 2be57f6a0d44f1ab2c8de2b1b5d6f530c387fae9

4 files changed, 37 insertions, 57 deletions

diff --git a/kex.h b/kex.h
index 085e60b52..4394e100b 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.94 2019/01/19 21:43:56 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.95 2019/01/21 10:00:23 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -202,6 +202,7 @@ int	 kexecdh_server(struct ssh *);
 int      kexc25519_client(struct ssh *);
 int      kexc25519_server(struct ssh *);
 
+int      kex_dh_keygen(struct kex *);
 int      kex_dh_hash(int, const struct sshbuf *, const struct sshbuf *,
     const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
     const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
diff --git a/kexdh.c b/kexdh.c
index 34c55ef9f..916036994 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdh.c,v 1.27 2018/12/27 03:25:25 djm Exp $ */
+/* $OpenBSD: kexdh.c,v 1.28 2019/01/21 10:00:23 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -39,11 +39,37 @@
 #include "sshkey.h"
 #include "cipher.h"
 #include "kex.h"
+#include "dh.h"
 #include "ssherr.h"
 #include "sshbuf.h"
 #include "digest.h"
 
 int
+kex_dh_keygen(struct kex *kex)
+{
+        switch (kex->kex_type) {
+        case KEX_DH_GRP1_SHA1:
+                kex->dh = dh_new_group1();
+                break;
+        case KEX_DH_GRP14_SHA1:
+        case KEX_DH_GRP14_SHA256:
+                kex->dh = dh_new_group14();
+                break;
+        case KEX_DH_GRP16_SHA512:
+                kex->dh = dh_new_group16();
+                break;
+        case KEX_DH_GRP18_SHA512:
+                kex->dh = dh_new_group18();
+                break;
+        default:
+                return SSH_ERR_INVALID_ARGUMENT;
+        }
+        if (kex->dh == NULL)
+                return SSH_ERR_ALLOC_FAIL;
+        return (dh_gen_key(kex->dh, kex->we_need * 8));
+}
+
+int
 kex_dh_hash(
     int hash_alg,
     const struct sshbuf *client_version,
diff --git a/kexdhc.c b/kexdhc.c
index a37452abd..a7ea0baad 100644
--- a/kexdhc.c
+++ b/kexdhc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhc.c,v 1.26 2019/01/21 09:55:52 djm Exp $ */
+/* $OpenBSD: kexdhc.c,v 1.27 2019/01/21 10:00:23 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -41,10 +41,10 @@
 #include "sshkey.h"
 #include "cipher.h"
 #include "digest.h"
+#include "dh.h"
 #include "kex.h"
 #include "log.h"
 #include "packet.h"
-#include "dh.h"
 #include "ssh2.h"
 #include "dispatch.h"
 #include "compat.h"
@@ -61,31 +61,9 @@ kexdh_client(struct ssh *ssh)
         const BIGNUM *pub_key;
 
         /* generate and send 'e', client DH public key */
-        switch (kex->kex_type) {
-        case KEX_DH_GRP1_SHA1:
-                kex->dh = dh_new_group1();
-                break;
-        case KEX_DH_GRP14_SHA1:
-        case KEX_DH_GRP14_SHA256:
-                kex->dh = dh_new_group14();
-                break;
-        case KEX_DH_GRP16_SHA512:
-                kex->dh = dh_new_group16();
-                break;
-        case KEX_DH_GRP18_SHA512:
-                kex->dh = dh_new_group18();
-                break;
-        default:
-                r = SSH_ERR_INVALID_ARGUMENT;
-                goto out;
-        }
-        if (kex->dh == NULL) {
-                r = SSH_ERR_ALLOC_FAIL;
+        if ((r = kex_dh_keygen(kex)) != 0)
                 goto out;
-        }
         debug("sending SSH2_MSG_KEXDH_INIT");
-        if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
-                goto out;
         DH_get0_key(kex->dh, &pub_key, NULL);
         if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 ||
             (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||
diff --git a/kexdhs.c b/kexdhs.c
index b7b64a82a..cd2e52e00 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhs.c,v 1.32 2019/01/21 09:55:52 djm Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.33 2019/01/21 10:00:23 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -40,10 +40,10 @@
 #include "sshkey.h"
 #include "cipher.h"
 #include "digest.h"
+#include "dh.h"
 #include "kex.h"
 #include "log.h"
 #include "packet.h"
-#include "dh.h"
 #include "ssh2.h"
 
 #include "dispatch.h"
@@ -60,36 +60,11 @@ kexdh_server(struct ssh *ssh)
         int r;
 
         /* generate server DH public key */
-        switch (kex->kex_type) {
-        case KEX_DH_GRP1_SHA1:
-                kex->dh = dh_new_group1();
-                break;
-        case KEX_DH_GRP14_SHA1:
-        case KEX_DH_GRP14_SHA256:
-                kex->dh = dh_new_group14();
-                break;
-        case KEX_DH_GRP16_SHA512:
-                kex->dh = dh_new_group16();
-                break;
-        case KEX_DH_GRP18_SHA512:
-                kex->dh = dh_new_group18();
-                break;
-        default:
-                r = SSH_ERR_INVALID_ARGUMENT;
-                goto out;
-        }
-        if (kex->dh == NULL) {
-                r = SSH_ERR_ALLOC_FAIL;
-                goto out;
-        }
-        if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
-                goto out;
-
+        if ((r = kex_dh_keygen(kex)) != 0)
+                return r;
         debug("expecting SSH2_MSG_KEXDH_INIT");
         ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init);
-        r = 0;
- out:
-        return r;
+        return 0;
 }
 
 int