diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-01-23 00:30:41 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-01-23 13:02:02 +1100 |
commit | bb956eaa94757ad058ff43631c3a7d6c94d38c2f (patch) | |
tree | e3151971c163f933af9d7ec7adaa4ea876f13c22 /kexgexc.c | |
parent | d691588b8e29622c66abf8932362b522cf7f4051 (diff) |
upstream: pass most arguments to the KEX hash functions as sshbuf
rather than pointer+length; ok markus@
OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7
Diffstat (limited to 'kexgexc.c')
-rw-r--r-- | kexgexc.c | 29 |
1 files changed, 17 insertions, 12 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexc.c,v 1.33 2019/01/21 10:07:22 djm Exp $ */ | 1 | /* $OpenBSD: kexgexc.c,v 1.34 2019/01/23 00:30:41 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -146,20 +146,24 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) | |||
146 | BIGNUM *dh_server_pub = NULL; | 146 | BIGNUM *dh_server_pub = NULL; |
147 | const BIGNUM *pub_key, *dh_p, *dh_g; | 147 | const BIGNUM *pub_key, *dh_p, *dh_g; |
148 | struct sshbuf *shared_secret = NULL; | 148 | struct sshbuf *shared_secret = NULL; |
149 | struct sshbuf *tmp = NULL, *server_host_key_blob = NULL; | ||
149 | struct sshkey *server_host_key = NULL; | 150 | struct sshkey *server_host_key = NULL; |
150 | u_char *signature = NULL, *server_host_key_blob = NULL; | 151 | u_char *signature = NULL; |
151 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | 152 | u_char hash[SSH_DIGEST_MAX_LENGTH]; |
152 | size_t slen, sbloblen, hashlen; | 153 | size_t slen, hashlen; |
153 | int r; | 154 | int r; |
154 | 155 | ||
155 | debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); | 156 | debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); |
156 | /* key, cert */ | 157 | /* key, cert */ |
157 | if ((r = sshpkt_get_string(ssh, &server_host_key_blob, | 158 | if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0) |
158 | &sbloblen)) != 0 || | ||
159 | (r = sshkey_from_blob(server_host_key_blob, sbloblen, | ||
160 | &server_host_key)) != 0) | ||
161 | goto out; | 159 | goto out; |
162 | if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) | 160 | /* sshkey_fromb() consumes its buffer, so make a copy */ |
161 | if ((tmp = sshbuf_fromb(server_host_key_blob)) == NULL) { | ||
162 | r = SSH_ERR_ALLOC_FAIL; | ||
163 | goto out; | ||
164 | } | ||
165 | if ((r = sshkey_fromb(tmp, &server_host_key)) != 0 || | ||
166 | (r = kex_verify_host_key(ssh, server_host_key)) != 0) | ||
163 | goto out; | 167 | goto out; |
164 | /* DH parameter f, server public DH key, signed H */ | 168 | /* DH parameter f, server public DH key, signed H */ |
165 | if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || | 169 | if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || |
@@ -183,9 +187,9 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) | |||
183 | kex->hash_alg, | 187 | kex->hash_alg, |
184 | kex->client_version, | 188 | kex->client_version, |
185 | kex->server_version, | 189 | kex->server_version, |
186 | sshbuf_ptr(kex->my), sshbuf_len(kex->my), | 190 | kex->my, |
187 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), | 191 | kex->peer, |
188 | server_host_key_blob, sbloblen, | 192 | server_host_key_blob, |
189 | kex->min, kex->nbits, kex->max, | 193 | kex->min, kex->nbits, kex->max, |
190 | dh_p, dh_g, | 194 | dh_p, dh_g, |
191 | pub_key, | 195 | pub_key, |
@@ -207,7 +211,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) | |||
207 | BN_clear_free(dh_server_pub); | 211 | BN_clear_free(dh_server_pub); |
208 | sshbuf_free(shared_secret); | 212 | sshbuf_free(shared_secret); |
209 | sshkey_free(server_host_key); | 213 | sshkey_free(server_host_key); |
210 | free(server_host_key_blob); | 214 | sshbuf_free(tmp); |
215 | sshbuf_free(server_host_key_blob); | ||
211 | free(signature); | 216 | free(signature); |
212 | return r; | 217 | return r; |
213 | } | 218 | } |