- markus@cvs.openbsd.org 2002/03/14 16:38:26

     [sshd.c]
     split out ssh1 session key decryption; ok provos@

2 files changed, 51 insertions, 39 deletions

diff --git a/ChangeLog b/ChangeLog
index 1d512e6fe..bf0776610 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,9 @@
    - markus@cvs.openbsd.org 2002/03/14 15:24:27
      [sshconnect1.c]
      don't trust size sent by (rogue) server; noted by s.esser@e-matters.de
+   - markus@cvs.openbsd.org 2002/03/14 16:38:26
+     [sshd.c]
+     split out ssh1 session key decryption; ok provos@
 
 20020317
  - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted,
@@ -7858,4 +7861,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1927 2002/03/22 01:08:07 mouring Exp $
+$Id: ChangeLog,v 1.1928 2002/03/22 01:10:21 mouring Exp $
diff --git a/sshd.c b/sshd.c
index ea9293251..0fd902f90 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.228 2002/02/27 21:23:13 stevesk Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.229 2002/03/14 16:38:26 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1252,6 +1252,50 @@ main(int ac, char **av)
 }
 
 /*
+ * Decrypt session_key_int using our private server key and private host key
+ * (key with larger modulus first).
+ */
+static int
+ssh1_session_key(BIGNUM *session_key_int)
+{
+        int rsafail = 0;
+
+        if (BN_cmp(sensitive_data.server_key->rsa->n, sensitive_data.ssh1_host_key->rsa->n) > 0) {
+                /* Server key has bigger modulus. */
+                if (BN_num_bits(sensitive_data.server_key->rsa->n) <
+                    BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
+                        fatal("do_connection: %s: server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d",
+                            get_remote_ipaddr(),
+                            BN_num_bits(sensitive_data.server_key->rsa->n),
+                            BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
+                            SSH_KEY_BITS_RESERVED);
+                }
+                if (rsa_private_decrypt(session_key_int, session_key_int,
+                    sensitive_data.server_key->rsa) <= 0)
+                        rsafail++;
+                if (rsa_private_decrypt(session_key_int, session_key_int,
+                    sensitive_data.ssh1_host_key->rsa) <= 0)
+                        rsafail++;
+        } else {
+                /* Host key has bigger modulus (or they are equal). */
+                if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) <
+                    BN_num_bits(sensitive_data.server_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
+                        fatal("do_connection: %s: host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d",
+                            get_remote_ipaddr(),
+                            BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
+                            BN_num_bits(sensitive_data.server_key->rsa->n),
+                            SSH_KEY_BITS_RESERVED);
+                }
+                if (rsa_private_decrypt(session_key_int, session_key_int,
+                    sensitive_data.ssh1_host_key->rsa) < 0)
+                        rsafail++;
+                if (rsa_private_decrypt(session_key_int, session_key_int,
+                    sensitive_data.server_key->rsa) < 0)
+                        rsafail++;
+        }
+        return (rsafail);
+}
+/*
  * SSH1 key exchange
  */
 static void
@@ -1366,43 +1410,8 @@ do_ssh1_kex(void)
         packet_set_protocol_flags(protocol_flags);
         packet_check_eom();
 
-        /*
-         * Decrypt it using our private server key and private host key (key
-         * with larger modulus first).
-         */
-        if (BN_cmp(sensitive_data.server_key->rsa->n, sensitive_data.ssh1_host_key->rsa->n) > 0) {
-                /* Server key has bigger modulus. */
-                if (BN_num_bits(sensitive_data.server_key->rsa->n) <
-                    BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
-                        fatal("do_connection: %s: server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d",
-                            get_remote_ipaddr(),
-                            BN_num_bits(sensitive_data.server_key->rsa->n),
-                            BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
-                            SSH_KEY_BITS_RESERVED);
-                }
-                if (rsa_private_decrypt(session_key_int, session_key_int,
-                    sensitive_data.server_key->rsa) <= 0)
-                        rsafail++;
-                if (rsa_private_decrypt(session_key_int, session_key_int,
-                    sensitive_data.ssh1_host_key->rsa) <= 0)
-                        rsafail++;
-        } else {
-                /* Host key has bigger modulus (or they are equal). */
-                if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) <
-                    BN_num_bits(sensitive_data.server_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
-                        fatal("do_connection: %s: host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d",
-                            get_remote_ipaddr(),
-                            BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
-                            BN_num_bits(sensitive_data.server_key->rsa->n),
-                            SSH_KEY_BITS_RESERVED);
-                }
-                if (rsa_private_decrypt(session_key_int, session_key_int,
-                    sensitive_data.ssh1_host_key->rsa) < 0)
-                        rsafail++;
-                if (rsa_private_decrypt(session_key_int, session_key_int,
-                    sensitive_data.server_key->rsa) < 0)
-                        rsafail++;
-        }
+        /* Decrypt session_key_int using host/server keys */
+        rsafail = ssh1_session_key(session_key_int);
         /*
          * Extract session key from the decrypted integer.  The key is in the
          * least significant 256 bits of the integer; the first byte of the