- djm@cvs.openbsd.org 2014/01/12 08:13:13

[bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c] [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c] avoid use of OpenSSL BIGNUM type and functions for KEX with Curve25519 by adding a buffer_put_bignum2_from_string() that stores a string using the bignum encoding rules. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in the future; ok markus@
author: Damien Miller <djm@mindrot.org> 2014-01-12 19:21:22 +1100
committer: Damien Miller <djm@mindrot.org> 2014-01-12 19:21:22 +1100
commit: 91b580e4bec55118bf96ab3cdbe5a50839e75d0a (patch)
tree: 32e4083c5a8cd285e1b0b13f9b77992db535cba4 /kexc25519c.c
parent: af5d4481f4c7c8c3c746e68b961bb85ef907800e (diff)
1 files changed, 8 insertions, 7 deletions
diff --git a/kexc25519c.c b/kexc25519c.c
index 4655c2542..a80678af6 100644
--- a/kexc25519c.c
+++ b/kexc25519c.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexc25519c.c,v 1.3 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: kexc25519c.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */
 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -45,7 +45,6 @@
 void
 kexc25519_client(Kex *kex)
 {
-        BIGNUM *shared_secret;
        Key *server_host_key;
        u_char client_key[CURVE25519_SIZE];
        u_char client_pubkey[CURVE25519_SIZE];
@@ -53,6 +52,7 @@ kexc25519_client(Kex *kex)
        u_char *server_host_key_blob = NULL, *signature = NULL;
        u_char *hash;
        u_int slen, sbloblen, hashlen;
+        Buffer shared_secret;
        kexc25519_keygen(client_key, client_pubkey);
@@ -93,7 +93,8 @@ kexc25519_client(Kex *kex)
        signature = packet_get_string(&slen);
        packet_check_eom();
-        shared_secret = kexc25519_shared_key(client_key, server_pubkey);
+        buffer_init(&shared_secret);
+        kexc25519_shared_key(client_key, server_pubkey, &shared_secret);
        /* calc and verify H */
        kex_c25519_hash(
@@ -105,7 +106,7 @@ kexc25519_client(Kex *kex)
            server_host_key_blob, sbloblen,
            client_pubkey,
            server_pubkey,
-            shared_secret,
+            buffer_ptr(&shared_secret), buffer_len(&shared_secret),
            &hash, &hashlen
        );
        free(server_host_key_blob);
@@ -121,8 +122,8 @@ kexc25519_client(Kex *kex)
                kex->session_id = xmalloc(kex->session_id_len);
                memcpy(kex->session_id, hash, kex->session_id_len);
        }
+        kex_derive_keys(kex, hash, hashlen,
-        kex_derive_keys(kex, hash, hashlen, shared_secret);
+            buffer_ptr(&shared_secret), buffer_len(&shared_secret));
-        BN_clear_free(shared_secret);
+        buffer_free(&shared_secret);
        kex_finish(kex);
 }
author	Damien Miller <djm@mindrot.org>	2014-01-12 19:21:22 +1100
committer	Damien Miller <djm@mindrot.org>	2014-01-12 19:21:22 +1100
commit	91b580e4bec55118bf96ab3cdbe5a50839e75d0a (patch)
tree	32e4083c5a8cd285e1b0b13f9b77992db535cba4 /kexc25519c.c
parent	af5d4481f4c7c8c3c746e68b961bb85ef907800e (diff)

diff --git a/kexc25519c.c b/kexc25519c.c index 4655c2542..a80678af6 100644 --- a/kexc25519c.c +++ b/kexc25519c.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: kexc25519c.c,v 1.3 2014/01/09 23:20:00 djm Exp $ */	1	/* $OpenBSD: kexc25519c.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2001 Markus Friedl. All rights reserved.	3	* Copyright (c) 2001 Markus Friedl. All rights reserved.
4	* Copyright (c) 2010 Damien Miller. All rights reserved.	4	* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -45,7 +45,6 @@
45	void	45	void
46	kexc25519_client(Kex *kex)	46	kexc25519_client(Kex *kex)
47	{	47	{
48	BIGNUM *shared_secret;
49	Key *server_host_key;	48	Key *server_host_key;
50	u_char client_key[CURVE25519_SIZE];	49	u_char client_key[CURVE25519_SIZE];
51	u_char client_pubkey[CURVE25519_SIZE];	50	u_char client_pubkey[CURVE25519_SIZE];
@@ -53,6 +52,7 @@ kexc25519_client(Kex *kex)
53	u_char server_host_key_blob = NULL, signature = NULL;	52	u_char server_host_key_blob = NULL, signature = NULL;
54	u_char *hash;	53	u_char *hash;
55	u_int slen, sbloblen, hashlen;	54	u_int slen, sbloblen, hashlen;
		55	Buffer shared_secret;
56		56
57	kexc25519_keygen(client_key, client_pubkey);	57	kexc25519_keygen(client_key, client_pubkey);
58		58
@@ -93,7 +93,8 @@ kexc25519_client(Kex *kex)
93	signature = packet_get_string(&slen);	93	signature = packet_get_string(&slen);
94	packet_check_eom();	94	packet_check_eom();
95		95
96	shared_secret = kexc25519_shared_key(client_key, server_pubkey);	96	buffer_init(&shared_secret);
		97	kexc25519_shared_key(client_key, server_pubkey, &shared_secret);
97		98
98	/* calc and verify H */	99	/* calc and verify H */
99	kex_c25519_hash(	100	kex_c25519_hash(
@@ -105,7 +106,7 @@ kexc25519_client(Kex *kex)
105	server_host_key_blob, sbloblen,	106	server_host_key_blob, sbloblen,
106	client_pubkey,	107	client_pubkey,
107	server_pubkey,	108	server_pubkey,
108	shared_secret,	109	buffer_ptr(&shared_secret), buffer_len(&shared_secret),
109	&hash, &hashlen	110	&hash, &hashlen
110	);	111	);
111	free(server_host_key_blob);	112	free(server_host_key_blob);
@@ -121,8 +122,8 @@ kexc25519_client(Kex *kex)
121	kex->session_id = xmalloc(kex->session_id_len);	122	kex->session_id = xmalloc(kex->session_id_len);
122	memcpy(kex->session_id, hash, kex->session_id_len);	123	memcpy(kex->session_id, hash, kex->session_id_len);
123	}	124	}
124		125	kex_derive_keys(kex, hash, hashlen,
125	kex_derive_keys(kex, hash, hashlen, shared_secret);	126	buffer_ptr(&shared_secret), buffer_len(&shared_secret));
126	BN_clear_free(shared_secret);	127	buffer_free(&shared_secret);
127	kex_finish(kex);	128	kex_finish(kex);
128	}	129	}