diff options
author | Damien Miller <djm@mindrot.org> | 2014-01-12 19:21:22 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-01-12 19:21:22 +1100 |
commit | 91b580e4bec55118bf96ab3cdbe5a50839e75d0a (patch) | |
tree | 32e4083c5a8cd285e1b0b13f9b77992db535cba4 /kexc25519c.c | |
parent | af5d4481f4c7c8c3c746e68b961bb85ef907800e (diff) |
- djm@cvs.openbsd.org 2014/01/12 08:13:13
[bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c]
[kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c]
avoid use of OpenSSL BIGNUM type and functions for KEX with
Curve25519 by adding a buffer_put_bignum2_from_string() that stores
a string using the bignum encoding rules. Will make it easier to
build a reduced-feature OpenSSH without OpenSSL in the future;
ok markus@
Diffstat (limited to 'kexc25519c.c')
-rw-r--r-- | kexc25519c.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/kexc25519c.c b/kexc25519c.c index 4655c2542..a80678af6 100644 --- a/kexc25519c.c +++ b/kexc25519c.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexc25519c.c,v 1.3 2014/01/09 23:20:00 djm Exp $ */ | 1 | /* $OpenBSD: kexc25519c.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -45,7 +45,6 @@ | |||
45 | void | 45 | void |
46 | kexc25519_client(Kex *kex) | 46 | kexc25519_client(Kex *kex) |
47 | { | 47 | { |
48 | BIGNUM *shared_secret; | ||
49 | Key *server_host_key; | 48 | Key *server_host_key; |
50 | u_char client_key[CURVE25519_SIZE]; | 49 | u_char client_key[CURVE25519_SIZE]; |
51 | u_char client_pubkey[CURVE25519_SIZE]; | 50 | u_char client_pubkey[CURVE25519_SIZE]; |
@@ -53,6 +52,7 @@ kexc25519_client(Kex *kex) | |||
53 | u_char *server_host_key_blob = NULL, *signature = NULL; | 52 | u_char *server_host_key_blob = NULL, *signature = NULL; |
54 | u_char *hash; | 53 | u_char *hash; |
55 | u_int slen, sbloblen, hashlen; | 54 | u_int slen, sbloblen, hashlen; |
55 | Buffer shared_secret; | ||
56 | 56 | ||
57 | kexc25519_keygen(client_key, client_pubkey); | 57 | kexc25519_keygen(client_key, client_pubkey); |
58 | 58 | ||
@@ -93,7 +93,8 @@ kexc25519_client(Kex *kex) | |||
93 | signature = packet_get_string(&slen); | 93 | signature = packet_get_string(&slen); |
94 | packet_check_eom(); | 94 | packet_check_eom(); |
95 | 95 | ||
96 | shared_secret = kexc25519_shared_key(client_key, server_pubkey); | 96 | buffer_init(&shared_secret); |
97 | kexc25519_shared_key(client_key, server_pubkey, &shared_secret); | ||
97 | 98 | ||
98 | /* calc and verify H */ | 99 | /* calc and verify H */ |
99 | kex_c25519_hash( | 100 | kex_c25519_hash( |
@@ -105,7 +106,7 @@ kexc25519_client(Kex *kex) | |||
105 | server_host_key_blob, sbloblen, | 106 | server_host_key_blob, sbloblen, |
106 | client_pubkey, | 107 | client_pubkey, |
107 | server_pubkey, | 108 | server_pubkey, |
108 | shared_secret, | 109 | buffer_ptr(&shared_secret), buffer_len(&shared_secret), |
109 | &hash, &hashlen | 110 | &hash, &hashlen |
110 | ); | 111 | ); |
111 | free(server_host_key_blob); | 112 | free(server_host_key_blob); |
@@ -121,8 +122,8 @@ kexc25519_client(Kex *kex) | |||
121 | kex->session_id = xmalloc(kex->session_id_len); | 122 | kex->session_id = xmalloc(kex->session_id_len); |
122 | memcpy(kex->session_id, hash, kex->session_id_len); | 123 | memcpy(kex->session_id, hash, kex->session_id_len); |
123 | } | 124 | } |
124 | 125 | kex_derive_keys(kex, hash, hashlen, | |
125 | kex_derive_keys(kex, hash, hashlen, shared_secret); | 126 | buffer_ptr(&shared_secret), buffer_len(&shared_secret)); |
126 | BN_clear_free(shared_secret); | 127 | buffer_free(&shared_secret); |
127 | kex_finish(kex); | 128 | kex_finish(kex); |
128 | } | 129 | } |