summaryrefslogtreecommitdiff
path: root/kexdhs.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-09-13 02:08:33 +0000
committerDamien Miller <djm@mindrot.org>2018-09-13 12:12:33 +1000
commit482d23bcacdd3664f21cc82a5135f66fc598275f (patch)
tree362f697a94da0a765d1dabcfbf33370b2a4df121 /kexdhs.c
parentd70d061828730a56636ab6f1f24fe4a8ccefcfc1 (diff)
upstream: hold our collective noses and use the openssl-1.1.x API in
OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
Diffstat (limited to 'kexdhs.c')
-rw-r--r--kexdhs.c11
1 files changed, 5 insertions, 6 deletions
diff --git a/kexdhs.c b/kexdhs.c
index 5dfca0a24..8367c6c30 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -95,6 +95,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
95{ 95{
96 struct kex *kex = ssh->kex; 96 struct kex *kex = ssh->kex;
97 BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; 97 BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
98 const BIGNUM *pub_key;
98 struct sshkey *server_host_public, *server_host_private; 99 struct sshkey *server_host_public, *server_host_private;
99 u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; 100 u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL;
100 u_char hash[SSH_DIGEST_MAX_LENGTH]; 101 u_char hash[SSH_DIGEST_MAX_LENGTH];
@@ -121,6 +122,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
121 r = SSH_ERR_ALLOC_FAIL; 122 r = SSH_ERR_ALLOC_FAIL;
122 goto out; 123 goto out;
123 } 124 }
125 DH_get0_key(kex->dh, &pub_key, NULL);
124 if ((r = sshpkt_get_bignum2(ssh, dh_client_pub)) != 0 || 126 if ((r = sshpkt_get_bignum2(ssh, dh_client_pub)) != 0 ||
125 (r = sshpkt_get_end(ssh)) != 0) 127 (r = sshpkt_get_end(ssh)) != 0)
126 goto out; 128 goto out;
@@ -130,12 +132,9 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
130 BN_print_fp(stderr, dh_client_pub); 132 BN_print_fp(stderr, dh_client_pub);
131 fprintf(stderr, "\n"); 133 fprintf(stderr, "\n");
132 debug("bits %d", BN_num_bits(dh_client_pub)); 134 debug("bits %d", BN_num_bits(dh_client_pub));
133#endif
134
135#ifdef DEBUG_KEXDH
136 DHparams_print_fp(stderr, kex->dh); 135 DHparams_print_fp(stderr, kex->dh);
137 fprintf(stderr, "pub= "); 136 fprintf(stderr, "pub= ");
138 BN_print_fp(stderr, kex->dh->pub_key); 137 BN_print_fp(stderr, pub_key);
139 fprintf(stderr, "\n"); 138 fprintf(stderr, "\n");
140#endif 139#endif
141 if (!dh_pub_is_valid(kex->dh, dh_client_pub)) { 140 if (!dh_pub_is_valid(kex->dh, dh_client_pub)) {
@@ -171,7 +170,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
171 sshbuf_ptr(kex->my), sshbuf_len(kex->my), 170 sshbuf_ptr(kex->my), sshbuf_len(kex->my),
172 server_host_key_blob, sbloblen, 171 server_host_key_blob, sbloblen,
173 dh_client_pub, 172 dh_client_pub,
174 kex->dh->pub_key, 173 pub_key,
175 shared_secret, 174 shared_secret,
176 hash, &hashlen)) != 0) 175 hash, &hashlen)) != 0)
177 goto out; 176 goto out;
@@ -197,7 +196,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
197 /* send server hostkey, DH pubkey 'f' and signed H */ 196 /* send server hostkey, DH pubkey 'f' and signed H */
198 if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || 197 if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 ||
199 (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || 198 (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
200 (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ 199 (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */
201 (r = sshpkt_put_string(ssh, signature, slen)) != 0 || 200 (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
202 (r = sshpkt_send(ssh)) != 0) 201 (r = sshpkt_send(ssh)) != 0)
203 goto out; 202 goto out;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 07:43:23 +0000