diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-09-13 02:08:33 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-09-13 12:12:33 +1000 |
commit | 482d23bcacdd3664f21cc82a5135f66fc598275f (patch) | |
tree | 362f697a94da0a765d1dabcfbf33370b2a4df121 /kexgexs.c | |
parent | d70d061828730a56636ab6f1f24fe4a8ccefcfc1 (diff) |
upstream: hold our collective noses and use the openssl-1.1.x API in
OpenSSH; feedback and ok tb@ jsing@ markus@
OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
Diffstat (limited to 'kexgexs.c')
-rw-r--r-- | kexgexs.c | 21 |
1 files changed, 12 insertions, 9 deletions
@@ -72,6 +72,7 @@ input_kex_dh_gex_request(int type, u_int32_t seq, struct ssh *ssh) | |||
72 | struct kex *kex = ssh->kex; | 72 | struct kex *kex = ssh->kex; |
73 | int r; | 73 | int r; |
74 | u_int min = 0, max = 0, nbits = 0; | 74 | u_int min = 0, max = 0, nbits = 0; |
75 | const BIGNUM *dh_p, *dh_g; | ||
75 | 76 | ||
76 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); | 77 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); |
77 | if ((r = sshpkt_get_u32(ssh, &min)) != 0 || | 78 | if ((r = sshpkt_get_u32(ssh, &min)) != 0 || |
@@ -101,9 +102,10 @@ input_kex_dh_gex_request(int type, u_int32_t seq, struct ssh *ssh) | |||
101 | goto out; | 102 | goto out; |
102 | } | 103 | } |
103 | debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); | 104 | debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); |
105 | DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g); | ||
104 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 || | 106 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 || |
105 | (r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 || | 107 | (r = sshpkt_put_bignum2(ssh, dh_p)) != 0 || |
106 | (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 || | 108 | (r = sshpkt_put_bignum2(ssh, dh_g)) != 0 || |
107 | (r = sshpkt_send(ssh)) != 0) | 109 | (r = sshpkt_send(ssh)) != 0) |
108 | goto out; | 110 | goto out; |
109 | 111 | ||
@@ -123,6 +125,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |||
123 | { | 125 | { |
124 | struct kex *kex = ssh->kex; | 126 | struct kex *kex = ssh->kex; |
125 | BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; | 127 | BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; |
128 | const BIGNUM *pub_key, *dh_p, *dh_g; | ||
126 | struct sshkey *server_host_public, *server_host_private; | 129 | struct sshkey *server_host_public, *server_host_private; |
127 | u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; | 130 | u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; |
128 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | 131 | u_char hash[SSH_DIGEST_MAX_LENGTH]; |
@@ -153,17 +156,17 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |||
153 | (r = sshpkt_get_end(ssh)) != 0) | 156 | (r = sshpkt_get_end(ssh)) != 0) |
154 | goto out; | 157 | goto out; |
155 | 158 | ||
159 | DH_get0_key(kex->dh, &pub_key, NULL); | ||
160 | DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g); | ||
161 | |||
156 | #ifdef DEBUG_KEXDH | 162 | #ifdef DEBUG_KEXDH |
157 | fprintf(stderr, "dh_client_pub= "); | 163 | fprintf(stderr, "dh_client_pub= "); |
158 | BN_print_fp(stderr, dh_client_pub); | 164 | BN_print_fp(stderr, dh_client_pub); |
159 | fprintf(stderr, "\n"); | 165 | fprintf(stderr, "\n"); |
160 | debug("bits %d", BN_num_bits(dh_client_pub)); | 166 | debug("bits %d", BN_num_bits(dh_client_pub)); |
161 | #endif | ||
162 | |||
163 | #ifdef DEBUG_KEXDH | ||
164 | DHparams_print_fp(stderr, kex->dh); | 167 | DHparams_print_fp(stderr, kex->dh); |
165 | fprintf(stderr, "pub= "); | 168 | fprintf(stderr, "pub= "); |
166 | BN_print_fp(stderr, kex->dh->pub_key); | 169 | BN_print_fp(stderr, pub_key); |
167 | fprintf(stderr, "\n"); | 170 | fprintf(stderr, "\n"); |
168 | #endif | 171 | #endif |
169 | if (!dh_pub_is_valid(kex->dh, dh_client_pub)) { | 172 | if (!dh_pub_is_valid(kex->dh, dh_client_pub)) { |
@@ -199,9 +202,9 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |||
199 | sshbuf_ptr(kex->my), sshbuf_len(kex->my), | 202 | sshbuf_ptr(kex->my), sshbuf_len(kex->my), |
200 | server_host_key_blob, sbloblen, | 203 | server_host_key_blob, sbloblen, |
201 | kex->min, kex->nbits, kex->max, | 204 | kex->min, kex->nbits, kex->max, |
202 | kex->dh->p, kex->dh->g, | 205 | dh_p, dh_g, |
203 | dh_client_pub, | 206 | dh_client_pub, |
204 | kex->dh->pub_key, | 207 | pub_key, |
205 | shared_secret, | 208 | shared_secret, |
206 | hash, &hashlen)) != 0) | 209 | hash, &hashlen)) != 0) |
207 | goto out; | 210 | goto out; |
@@ -227,7 +230,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |||
227 | /* send server hostkey, DH pubkey 'f' and signed H */ | 230 | /* send server hostkey, DH pubkey 'f' and signed H */ |
228 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || | 231 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || |
229 | (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || | 232 | (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || |
230 | (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ | 233 | (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ |
231 | (r = sshpkt_put_string(ssh, signature, slen)) != 0 || | 234 | (r = sshpkt_put_string(ssh, signature, slen)) != 0 || |
232 | (r = sshpkt_send(ssh)) != 0) | 235 | (r = sshpkt_send(ssh)) != 0) |
233 | goto out; | 236 | goto out; |