upstream: pass most arguments to the KEX hash functions as sshbuf

rather than pointer+length; ok markus@ OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7
author: djm@openbsd.org <djm@openbsd.org> 2019-01-23 00:30:41 +0000
committer: Damien Miller <djm@mindrot.org> 2019-01-23 13:02:02 +1100
commit: bb956eaa94757ad058ff43631c3a7d6c94d38c2f (patch)
tree: e3151971c163f933af9d7ec7adaa4ea876f13c22 /kexgexc.c
parent: d691588b8e29622c66abf8932362b522cf7f4051 (diff)
1 files changed, 17 insertions, 12 deletions
diff --git a/kexgexc.c b/kexgexc.c
index ac42127af..1c65b8a18 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexc.c,v 1.33 2019/01/21 10:07:22 djm Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.34 2019/01/23 00:30:41 djm Exp $ */
 /*
 * Copyright (c) 2000 Niels Provos.  All rights reserved.
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -146,20 +146,24 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
        BIGNUM *dh_server_pub = NULL;
        const BIGNUM *pub_key, *dh_p, *dh_g;
        struct sshbuf *shared_secret = NULL;
+        struct sshbuf *tmp = NULL, *server_host_key_blob = NULL;
        struct sshkey *server_host_key = NULL;
-        u_char *signature = NULL, *server_host_key_blob = NULL;
+        u_char *signature = NULL;
        u_char hash[SSH_DIGEST_MAX_LENGTH];
-        size_t slen, sbloblen, hashlen;
+        size_t slen, hashlen;
        int r;
        debug("got SSH2_MSG_KEX_DH_GEX_REPLY");
        /* key, cert */
-        if ((r = sshpkt_get_string(ssh, &server_host_key_blob,
+        if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0)
-            &sbloblen)) != 0 ||
-            (r = sshkey_from_blob(server_host_key_blob, sbloblen,
-            &server_host_key)) != 0)
                goto out;
-        if ((r = kex_verify_host_key(ssh, server_host_key)) != 0)
+        /* sshkey_fromb() consumes its buffer, so make a copy */
+        if ((tmp = sshbuf_fromb(server_host_key_blob)) == NULL) {
+                r = SSH_ERR_ALLOC_FAIL;
+                goto out;
+        }
+        if ((r = sshkey_fromb(tmp, &server_host_key)) != 0 ||
+            (r = kex_verify_host_key(ssh, server_host_key)) != 0)
                goto out;
        /* DH parameter f, server public DH key, signed H */
        if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 ||
@@ -183,9 +187,9 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
            kex->hash_alg,
            kex->client_version,
            kex->server_version,
-            sshbuf_ptr(kex->my), sshbuf_len(kex->my),
+            kex->my,
-            sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
+            kex->peer,
-            server_host_key_blob, sbloblen,
+            server_host_key_blob,
            kex->min, kex->nbits, kex->max,
            dh_p, dh_g,
            pub_key,
@@ -207,7 +211,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
        BN_clear_free(dh_server_pub);
        sshbuf_free(shared_secret);
        sshkey_free(server_host_key);
-        free(server_host_key_blob);
+        sshbuf_free(tmp);
+        sshbuf_free(server_host_key_blob);
        free(signature);
        return r;
 }
author	djm@openbsd.org <djm@openbsd.org>	2019-01-23 00:30:41 +0000
committer	Damien Miller <djm@mindrot.org>	2019-01-23 13:02:02 +1100
commit	bb956eaa94757ad058ff43631c3a7d6c94d38c2f (patch)
tree	e3151971c163f933af9d7ec7adaa4ea876f13c22 /kexgexc.c
parent	d691588b8e29622c66abf8932362b522cf7f4051 (diff)