diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-09-13 02:08:33 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-09-13 12:12:33 +1000 |
| commit | 482d23bcacdd3664f21cc82a5135f66fc598275f (patch) | |
| tree | 362f697a94da0a765d1dabcfbf33370b2a4df121 /kexdhc.c | |
| parent | d70d061828730a56636ab6f1f24fe4a8ccefcfc1 (diff) | |
upstream: hold our collective noses and use the openssl-1.1.x API in
OpenSSH; feedback and ok tb@ jsing@ markus@
OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
Diffstat (limited to 'kexdhc.c')
| -rw-r--r-- | kexdhc.c | 15 |
1 files changed, 10 insertions, 5 deletions
| @@ -56,6 +56,7 @@ kexdh_client(struct ssh *ssh) | |||
| 56 | { | 56 | { |
| 57 | struct kex *kex = ssh->kex; | 57 | struct kex *kex = ssh->kex; |
| 58 | int r; | 58 | int r; |
| 59 | const BIGNUM *pub_key; | ||
| 59 | 60 | ||
| 60 | /* generate and send 'e', client DH public key */ | 61 | /* generate and send 'e', client DH public key */ |
| 61 | switch (kex->kex_type) { | 62 | switch (kex->kex_type) { |
| @@ -81,15 +82,17 @@ kexdh_client(struct ssh *ssh) | |||
| 81 | goto out; | 82 | goto out; |
| 82 | } | 83 | } |
| 83 | debug("sending SSH2_MSG_KEXDH_INIT"); | 84 | debug("sending SSH2_MSG_KEXDH_INIT"); |
| 84 | if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || | 85 | if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) |
| 85 | (r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || | 86 | goto out; |
| 86 | (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || | 87 | DH_get0_key(kex->dh, &pub_key, NULL); |
| 88 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || | ||
| 89 | (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || | ||
| 87 | (r = sshpkt_send(ssh)) != 0) | 90 | (r = sshpkt_send(ssh)) != 0) |
| 88 | goto out; | 91 | goto out; |
| 89 | #ifdef DEBUG_KEXDH | 92 | #ifdef DEBUG_KEXDH |
| 90 | DHparams_print_fp(stderr, kex->dh); | 93 | DHparams_print_fp(stderr, kex->dh); |
| 91 | fprintf(stderr, "pub= "); | 94 | fprintf(stderr, "pub= "); |
| 92 | BN_print_fp(stderr, kex->dh->pub_key); | 95 | BN_print_fp(stderr, pub_key); |
| 93 | fprintf(stderr, "\n"); | 96 | fprintf(stderr, "\n"); |
| 94 | #endif | 97 | #endif |
| 95 | debug("expecting SSH2_MSG_KEXDH_REPLY"); | 98 | debug("expecting SSH2_MSG_KEXDH_REPLY"); |
| @@ -104,6 +107,7 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) | |||
| 104 | { | 107 | { |
| 105 | struct kex *kex = ssh->kex; | 108 | struct kex *kex = ssh->kex; |
| 106 | BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; | 109 | BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; |
| 110 | const BIGNUM *pub_key; | ||
| 107 | struct sshkey *server_host_key = NULL; | 111 | struct sshkey *server_host_key = NULL; |
| 108 | u_char *kbuf = NULL, *server_host_key_blob = NULL, *signature = NULL; | 112 | u_char *kbuf = NULL, *server_host_key_blob = NULL, *signature = NULL; |
| 109 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | 113 | u_char hash[SSH_DIGEST_MAX_LENGTH]; |
| @@ -168,6 +172,7 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) | |||
| 168 | #endif | 172 | #endif |
| 169 | 173 | ||
| 170 | /* calc and verify H */ | 174 | /* calc and verify H */ |
| 175 | DH_get0_key(kex->dh, &pub_key, NULL); | ||
| 171 | hashlen = sizeof(hash); | 176 | hashlen = sizeof(hash); |
| 172 | if ((r = kex_dh_hash( | 177 | if ((r = kex_dh_hash( |
| 173 | kex->hash_alg, | 178 | kex->hash_alg, |
| @@ -176,7 +181,7 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) | |||
| 176 | sshbuf_ptr(kex->my), sshbuf_len(kex->my), | 181 | sshbuf_ptr(kex->my), sshbuf_len(kex->my), |
| 177 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), | 182 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), |
| 178 | server_host_key_blob, sbloblen, | 183 | server_host_key_blob, sbloblen, |
| 179 | kex->dh->pub_key, | 184 | pub_key, |
| 180 | dh_server_pub, | 185 | dh_server_pub, |
| 181 | shared_secret, | 186 | shared_secret, |
| 182 | hash, &hashlen)) != 0) | 187 | hash, &hashlen)) != 0) |