diff options
| author | Damien Miller <djm@mindrot.org> | 2005-11-05 15:19:35 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2005-11-05 15:19:35 +1100 |
| commit | 19bb3a57f88adc789d61964fcb8f50165026b322 (patch) | |
| tree | ba18e185c014c1da12ce4422a7e7bad9e71725f5 /kexgexs.c | |
| parent | 24ecf612614d83622d9777349b4ecd21ee22bb2a (diff) | |
- djm@cvs.openbsd.org 2005/11/04 05:15:59
[kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
remove hardcoded hash lengths in key exchange code, allowing
implementation of KEX methods with different hashes (e.g. SHA-256);
ok markus@ dtucker@ stevesk@
Diffstat (limited to 'kexgexs.c')
| -rw-r--r-- | kexgexs.c | 20 |
1 files changed, 10 insertions, 10 deletions
| @@ -24,7 +24,7 @@ | |||
| 24 | */ | 24 | */ |
| 25 | 25 | ||
| 26 | #include "includes.h" | 26 | #include "includes.h" |
| 27 | RCSID("$OpenBSD: kexgexs.c,v 1.1 2003/02/16 17:09:57 markus Exp $"); | 27 | RCSID("$OpenBSD: kexgexs.c,v 1.2 2005/11/04 05:15:59 djm Exp $"); |
| 28 | 28 | ||
| 29 | #include "xmalloc.h" | 29 | #include "xmalloc.h" |
| 30 | #include "key.h" | 30 | #include "key.h" |
| @@ -43,7 +43,7 @@ kexgex_server(Kex *kex) | |||
| 43 | Key *server_host_key; | 43 | Key *server_host_key; |
| 44 | DH *dh; | 44 | DH *dh; |
| 45 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; | 45 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; |
| 46 | u_int sbloblen, klen, kout, slen; | 46 | u_int sbloblen, klen, kout, slen, hashlen; |
| 47 | int min = -1, max = -1, nbits = -1, type; | 47 | int min = -1, max = -1, nbits = -1, type; |
| 48 | 48 | ||
| 49 | if (kex->load_host_key == NULL) | 49 | if (kex->load_host_key == NULL) |
| @@ -137,8 +137,9 @@ kexgex_server(Kex *kex) | |||
| 137 | if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) | 137 | if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) |
| 138 | min = max = -1; | 138 | min = max = -1; |
| 139 | 139 | ||
| 140 | /* calc H */ /* XXX depends on 'kex' */ | 140 | /* calc H */ |
| 141 | hash = kexgex_hash( | 141 | kexgex_hash( |
| 142 | kex->evp_md, | ||
| 142 | kex->client_version_string, | 143 | kex->client_version_string, |
| 143 | kex->server_version_string, | 144 | kex->server_version_string, |
| 144 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | 145 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), |
| @@ -148,21 +149,20 @@ kexgex_server(Kex *kex) | |||
| 148 | dh->p, dh->g, | 149 | dh->p, dh->g, |
| 149 | dh_client_pub, | 150 | dh_client_pub, |
| 150 | dh->pub_key, | 151 | dh->pub_key, |
| 151 | shared_secret | 152 | shared_secret, |
| 153 | &hash, &hashlen | ||
| 152 | ); | 154 | ); |
| 153 | BN_clear_free(dh_client_pub); | 155 | BN_clear_free(dh_client_pub); |
| 154 | 156 | ||
| 155 | /* save session id := H */ | 157 | /* save session id := H */ |
| 156 | /* XXX hashlen depends on KEX */ | ||
| 157 | if (kex->session_id == NULL) { | 158 | if (kex->session_id == NULL) { |
| 158 | kex->session_id_len = 20; | 159 | kex->session_id_len = hashlen; |
| 159 | kex->session_id = xmalloc(kex->session_id_len); | 160 | kex->session_id = xmalloc(kex->session_id_len); |
| 160 | memcpy(kex->session_id, hash, kex->session_id_len); | 161 | memcpy(kex->session_id, hash, kex->session_id_len); |
| 161 | } | 162 | } |
| 162 | 163 | ||
| 163 | /* sign H */ | 164 | /* sign H */ |
| 164 | /* XXX hashlen depends on KEX */ | 165 | PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen)); |
| 165 | PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); | ||
| 166 | 166 | ||
| 167 | /* destroy_sensitive_data(); */ | 167 | /* destroy_sensitive_data(); */ |
| 168 | 168 | ||
| @@ -179,7 +179,7 @@ kexgex_server(Kex *kex) | |||
| 179 | /* have keys, free DH */ | 179 | /* have keys, free DH */ |
| 180 | DH_free(dh); | 180 | DH_free(dh); |
| 181 | 181 | ||
| 182 | kex_derive_keys(kex, hash, shared_secret); | 182 | kex_derive_keys(kex, hash, hashlen, shared_secret); |
| 183 | BN_clear_free(shared_secret); | 183 | BN_clear_free(shared_secret); |
| 184 | 184 | ||
| 185 | kex_finish(kex); | 185 | kex_finish(kex); |