diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-09-13 02:08:33 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-09-13 12:12:33 +1000 |
commit | 482d23bcacdd3664f21cc82a5135f66fc598275f (patch) | |
tree | 362f697a94da0a765d1dabcfbf33370b2a4df121 /kexdhs.c | |
parent | d70d061828730a56636ab6f1f24fe4a8ccefcfc1 (diff) |
upstream: hold our collective noses and use the openssl-1.1.x API in
OpenSSH; feedback and ok tb@ jsing@ markus@
OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
Diffstat (limited to 'kexdhs.c')
-rw-r--r-- | kexdhs.c | 11 |
1 files changed, 5 insertions, 6 deletions
@@ -95,6 +95,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) | |||
95 | { | 95 | { |
96 | struct kex *kex = ssh->kex; | 96 | struct kex *kex = ssh->kex; |
97 | BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; | 97 | BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; |
98 | const BIGNUM *pub_key; | ||
98 | struct sshkey *server_host_public, *server_host_private; | 99 | struct sshkey *server_host_public, *server_host_private; |
99 | u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; | 100 | u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; |
100 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | 101 | u_char hash[SSH_DIGEST_MAX_LENGTH]; |
@@ -121,6 +122,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) | |||
121 | r = SSH_ERR_ALLOC_FAIL; | 122 | r = SSH_ERR_ALLOC_FAIL; |
122 | goto out; | 123 | goto out; |
123 | } | 124 | } |
125 | DH_get0_key(kex->dh, &pub_key, NULL); | ||
124 | if ((r = sshpkt_get_bignum2(ssh, dh_client_pub)) != 0 || | 126 | if ((r = sshpkt_get_bignum2(ssh, dh_client_pub)) != 0 || |
125 | (r = sshpkt_get_end(ssh)) != 0) | 127 | (r = sshpkt_get_end(ssh)) != 0) |
126 | goto out; | 128 | goto out; |
@@ -130,12 +132,9 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) | |||
130 | BN_print_fp(stderr, dh_client_pub); | 132 | BN_print_fp(stderr, dh_client_pub); |
131 | fprintf(stderr, "\n"); | 133 | fprintf(stderr, "\n"); |
132 | debug("bits %d", BN_num_bits(dh_client_pub)); | 134 | debug("bits %d", BN_num_bits(dh_client_pub)); |
133 | #endif | ||
134 | |||
135 | #ifdef DEBUG_KEXDH | ||
136 | DHparams_print_fp(stderr, kex->dh); | 135 | DHparams_print_fp(stderr, kex->dh); |
137 | fprintf(stderr, "pub= "); | 136 | fprintf(stderr, "pub= "); |
138 | BN_print_fp(stderr, kex->dh->pub_key); | 137 | BN_print_fp(stderr, pub_key); |
139 | fprintf(stderr, "\n"); | 138 | fprintf(stderr, "\n"); |
140 | #endif | 139 | #endif |
141 | if (!dh_pub_is_valid(kex->dh, dh_client_pub)) { | 140 | if (!dh_pub_is_valid(kex->dh, dh_client_pub)) { |
@@ -171,7 +170,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) | |||
171 | sshbuf_ptr(kex->my), sshbuf_len(kex->my), | 170 | sshbuf_ptr(kex->my), sshbuf_len(kex->my), |
172 | server_host_key_blob, sbloblen, | 171 | server_host_key_blob, sbloblen, |
173 | dh_client_pub, | 172 | dh_client_pub, |
174 | kex->dh->pub_key, | 173 | pub_key, |
175 | shared_secret, | 174 | shared_secret, |
176 | hash, &hashlen)) != 0) | 175 | hash, &hashlen)) != 0) |
177 | goto out; | 176 | goto out; |
@@ -197,7 +196,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) | |||
197 | /* send server hostkey, DH pubkey 'f' and signed H */ | 196 | /* send server hostkey, DH pubkey 'f' and signed H */ |
198 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || | 197 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || |
199 | (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || | 198 | (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || |
200 | (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ | 199 | (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ |
201 | (r = sshpkt_put_string(ssh, signature, slen)) != 0 || | 200 | (r = sshpkt_put_string(ssh, signature, slen)) != 0 || |
202 | (r = sshpkt_send(ssh)) != 0) | 201 | (r = sshpkt_send(ssh)) != 0) |
203 | goto out; | 202 | goto out; |