diff options
author | Damien Miller <djm@mindrot.org> | 2002-03-13 12:47:54 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2002-03-13 12:47:54 +1100 |
commit | 646e7cf3d7e7d4231c2d97d27c09fe5fe1d749e2 (patch) | |
tree | a693368c47d2d044514878fbb1516f87b487f78b /kexgex.c | |
parent | 29bdd2c9bca2737e7a246ed50fd827a6ccba0c61 (diff) |
Import of Niels Provos' 20020312 ssh-complete.diff
PAM, Cygwin and OSF SIA will not work for sure
Diffstat (limited to 'kexgex.c')
-rw-r--r-- | kexgex.c | 19 |
1 files changed, 17 insertions, 2 deletions
@@ -38,6 +38,12 @@ RCSID("$OpenBSD: kexgex.c,v 1.20 2002/02/28 15:46:33 markus Exp $"); | |||
38 | #include "dh.h" | 38 | #include "dh.h" |
39 | #include "ssh2.h" | 39 | #include "ssh2.h" |
40 | #include "compat.h" | 40 | #include "compat.h" |
41 | #include "monitor.h" | ||
42 | #include "monitor_wrap.h" | ||
43 | |||
44 | /* Imports */ | ||
45 | extern int use_privsep; | ||
46 | extern int mm_recvfd; | ||
41 | 47 | ||
42 | static u_char * | 48 | static u_char * |
43 | kexgex_hash( | 49 | kexgex_hash( |
@@ -296,7 +302,11 @@ kexgex_server(Kex *kex) | |||
296 | fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", | 302 | fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", |
297 | min, nbits, max); | 303 | min, nbits, max); |
298 | 304 | ||
299 | dh = choose_dh(min, nbits, max); | 305 | /* Contact privileged parent */ |
306 | if (use_privsep) | ||
307 | dh = mm_choose_dh(mm_recvfd, min, nbits, max); | ||
308 | else | ||
309 | dh = choose_dh(min, nbits, max); | ||
300 | if (dh == NULL) | 310 | if (dh == NULL) |
301 | packet_disconnect("Protocol error: no matching DH grp found"); | 311 | packet_disconnect("Protocol error: no matching DH grp found"); |
302 | 312 | ||
@@ -379,7 +389,11 @@ kexgex_server(Kex *kex) | |||
379 | 389 | ||
380 | /* sign H */ | 390 | /* sign H */ |
381 | /* XXX hashlen depends on KEX */ | 391 | /* XXX hashlen depends on KEX */ |
382 | key_sign(server_host_key, &signature, &slen, hash, 20); | 392 | if (use_privsep) |
393 | mm_key_sign(mm_recvfd, kex->host_key_index(server_host_key), | ||
394 | &signature, &slen, hash, 20); | ||
395 | else | ||
396 | key_sign(server_host_key, &signature, &slen, hash, 20); | ||
383 | 397 | ||
384 | /* destroy_sensitive_data(); */ | 398 | /* destroy_sensitive_data(); */ |
385 | 399 | ||
@@ -390,6 +404,7 @@ kexgex_server(Kex *kex) | |||
390 | packet_put_bignum2(dh->pub_key); /* f */ | 404 | packet_put_bignum2(dh->pub_key); /* f */ |
391 | packet_put_string(signature, slen); | 405 | packet_put_string(signature, slen); |
392 | packet_send(); | 406 | packet_send(); |
407 | |||
393 | xfree(signature); | 408 | xfree(signature); |
394 | xfree(server_host_key_blob); | 409 | xfree(server_host_key_blob); |
395 | /* have keys, free DH */ | 410 | /* have keys, free DH */ |