diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-09-13 02:08:33 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-09-13 12:12:33 +1000 |
commit | 482d23bcacdd3664f21cc82a5135f66fc598275f (patch) | |
tree | 362f697a94da0a765d1dabcfbf33370b2a4df121 /kexgexc.c | |
parent | d70d061828730a56636ab6f1f24fe4a8ccefcfc1 (diff) |
upstream: hold our collective noses and use the openssl-1.1.x API in
OpenSSH; feedback and ok tb@ jsing@ markus@
OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
Diffstat (limited to 'kexgexc.c')
-rw-r--r-- | kexgexc.c | 18 |
1 files changed, 12 insertions, 6 deletions
@@ -93,6 +93,7 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh) | |||
93 | { | 93 | { |
94 | struct kex *kex = ssh->kex; | 94 | struct kex *kex = ssh->kex; |
95 | BIGNUM *p = NULL, *g = NULL; | 95 | BIGNUM *p = NULL, *g = NULL; |
96 | const BIGNUM *pub_key; | ||
96 | int r, bits; | 97 | int r, bits; |
97 | 98 | ||
98 | debug("got SSH2_MSG_KEX_DH_GEX_GROUP"); | 99 | debug("got SSH2_MSG_KEX_DH_GEX_GROUP"); |
@@ -118,16 +119,18 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh) | |||
118 | p = g = NULL; /* belong to kex->dh now */ | 119 | p = g = NULL; /* belong to kex->dh now */ |
119 | 120 | ||
120 | /* generate and send 'e', client DH public key */ | 121 | /* generate and send 'e', client DH public key */ |
121 | if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || | 122 | if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) |
122 | (r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || | 123 | goto out; |
123 | (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || | 124 | DH_get0_key(kex->dh, &pub_key, NULL); |
125 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || | ||
126 | (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || | ||
124 | (r = sshpkt_send(ssh)) != 0) | 127 | (r = sshpkt_send(ssh)) != 0) |
125 | goto out; | 128 | goto out; |
126 | debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); | 129 | debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); |
127 | #ifdef DEBUG_KEXDH | 130 | #ifdef DEBUG_KEXDH |
128 | DHparams_print_fp(stderr, kex->dh); | 131 | DHparams_print_fp(stderr, kex->dh); |
129 | fprintf(stderr, "pub= "); | 132 | fprintf(stderr, "pub= "); |
130 | BN_print_fp(stderr, kex->dh->pub_key); | 133 | BN_print_fp(stderr, pub_key); |
131 | fprintf(stderr, "\n"); | 134 | fprintf(stderr, "\n"); |
132 | #endif | 135 | #endif |
133 | ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, NULL); | 136 | ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, NULL); |
@@ -144,6 +147,7 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) | |||
144 | { | 147 | { |
145 | struct kex *kex = ssh->kex; | 148 | struct kex *kex = ssh->kex; |
146 | BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; | 149 | BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; |
150 | const BIGNUM *pub_key, *dh_p, *dh_g; | ||
147 | struct sshkey *server_host_key = NULL; | 151 | struct sshkey *server_host_key = NULL; |
148 | u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; | 152 | u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; |
149 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | 153 | u_char hash[SSH_DIGEST_MAX_LENGTH]; |
@@ -211,6 +215,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) | |||
211 | kex->min = kex->max = -1; | 215 | kex->min = kex->max = -1; |
212 | 216 | ||
213 | /* calc and verify H */ | 217 | /* calc and verify H */ |
218 | DH_get0_key(kex->dh, &pub_key, NULL); | ||
219 | DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g); | ||
214 | hashlen = sizeof(hash); | 220 | hashlen = sizeof(hash); |
215 | if ((r = kexgex_hash( | 221 | if ((r = kexgex_hash( |
216 | kex->hash_alg, | 222 | kex->hash_alg, |
@@ -220,8 +226,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) | |||
220 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), | 226 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), |
221 | server_host_key_blob, sbloblen, | 227 | server_host_key_blob, sbloblen, |
222 | kex->min, kex->nbits, kex->max, | 228 | kex->min, kex->nbits, kex->max, |
223 | kex->dh->p, kex->dh->g, | 229 | dh_p, dh_g, |
224 | kex->dh->pub_key, | 230 | pub_key, |
225 | dh_server_pub, | 231 | dh_server_pub, |
226 | shared_secret, | 232 | shared_secret, |
227 | hash, &hashlen)) != 0) | 233 | hash, &hashlen)) != 0) |