upstream: hold our collective noses and use the openssl-1.1.x API in

OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
author: djm@openbsd.org <djm@openbsd.org> 2018-09-13 02:08:33 +0000
committer: Damien Miller <djm@mindrot.org> 2018-09-13 12:12:33 +1000
commit: 482d23bcacdd3664f21cc82a5135f66fc598275f (patch)
tree: 362f697a94da0a765d1dabcfbf33370b2a4df121 /kexgexc.c
parent: d70d061828730a56636ab6f1f24fe4a8ccefcfc1 (diff)
1 files changed, 12 insertions, 6 deletions
diff --git a/kexgexc.c b/kexgexc.c
index 762a9a322..955bc837c 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -93,6 +93,7 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh)
 {
        struct kex *kex = ssh->kex;
        BIGNUM *p = NULL, *g = NULL;
+        const BIGNUM *pub_key;
        int r, bits;
        debug("got SSH2_MSG_KEX_DH_GEX_GROUP");
@@ -118,16 +119,18 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh)
        p = g = NULL; /* belong to kex->dh now */
        /* generate and send 'e', client DH public key */
-        if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 ||
+        if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
-            (r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 ||
+                goto out;
-            (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||
+        DH_get0_key(kex->dh, &pub_key, NULL);
+        if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 ||
+            (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||
            (r = sshpkt_send(ssh)) != 0)
                goto out;
        debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
 #ifdef DEBUG_KEXDH
        DHparams_print_fp(stderr, kex->dh);
        fprintf(stderr, "pub= ");
-        BN_print_fp(stderr, kex->dh->pub_key);
+        BN_print_fp(stderr, pub_key);
        fprintf(stderr, "\n");
 #endif
        ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, NULL);
@@ -144,6 +147,7 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
 {
        struct kex *kex = ssh->kex;
        BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
+        const BIGNUM *pub_key, *dh_p, *dh_g;
        struct sshkey *server_host_key = NULL;
        u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL;
        u_char hash[SSH_DIGEST_MAX_LENGTH];
@@ -211,6 +215,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
                kex->min = kex->max = -1;
        /* calc and verify H */
+        DH_get0_key(kex->dh, &pub_key, NULL);
+        DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
        hashlen = sizeof(hash);
        if ((r = kexgex_hash(
            kex->hash_alg,
@@ -220,8 +226,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
            sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
            server_host_key_blob, sbloblen,
            kex->min, kex->nbits, kex->max,
-            kex->dh->p, kex->dh->g,
+            dh_p, dh_g,
-            kex->dh->pub_key,
+            pub_key,
            dh_server_pub,
            shared_secret,
            hash, &hashlen)) != 0)
author	djm@openbsd.org <djm@openbsd.org>	2018-09-13 02:08:33 +0000
committer	Damien Miller <djm@mindrot.org>	2018-09-13 12:12:33 +1000
commit	482d23bcacdd3664f21cc82a5135f66fc598275f (patch)
tree	362f697a94da0a765d1dabcfbf33370b2a4df121 /kexgexc.c
parent	d70d061828730a56636ab6f1f24fe4a8ccefcfc1 (diff)