upstream: hold our collective noses and use the openssl-1.1.x API in

OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
author: djm@openbsd.org <djm@openbsd.org> 2018-09-13 02:08:33 +0000
committer: Damien Miller <djm@mindrot.org> 2018-09-13 12:12:33 +1000
commit: 482d23bcacdd3664f21cc82a5135f66fc598275f (patch)
tree: 362f697a94da0a765d1dabcfbf33370b2a4df121 /kexgexs.c
parent: d70d061828730a56636ab6f1f24fe4a8ccefcfc1 (diff)
1 files changed, 12 insertions, 9 deletions
diff --git a/kexgexs.c b/kexgexs.c
index f6983fd69..2a4aa7e81 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -72,6 +72,7 @@ input_kex_dh_gex_request(int type, u_int32_t seq, struct ssh *ssh)
        struct kex *kex = ssh->kex;
        int r;
        u_int min = 0, max = 0, nbits = 0;
+        const BIGNUM *dh_p, *dh_g;
        debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
        if ((r = sshpkt_get_u32(ssh, &min)) != 0 ||
@@ -101,9 +102,10 @@ input_kex_dh_gex_request(int type, u_int32_t seq, struct ssh *ssh)
                goto out;
        }
        debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
+        DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
        if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 ||
-            (r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 ||
+            (r = sshpkt_put_bignum2(ssh, dh_p)) != 0 ||
-            (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 ||
+            (r = sshpkt_put_bignum2(ssh, dh_g)) != 0 ||
            (r = sshpkt_send(ssh)) != 0)
                goto out;
@@ -123,6 +125,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
 {
        struct kex *kex = ssh->kex;
        BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
+        const BIGNUM *pub_key, *dh_p, *dh_g;
        struct sshkey *server_host_public, *server_host_private;
        u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL;
        u_char hash[SSH_DIGEST_MAX_LENGTH];
@@ -153,17 +156,17 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
            (r = sshpkt_get_end(ssh)) != 0)
                goto out;
+        DH_get0_key(kex->dh, &pub_key, NULL);
+        DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
 #ifdef DEBUG_KEXDH
        fprintf(stderr, "dh_client_pub= ");
        BN_print_fp(stderr, dh_client_pub);
        fprintf(stderr, "\n");
        debug("bits %d", BN_num_bits(dh_client_pub));
-#endif
-#ifdef DEBUG_KEXDH
        DHparams_print_fp(stderr, kex->dh);
        fprintf(stderr, "pub= ");
-        BN_print_fp(stderr, kex->dh->pub_key);
+        BN_print_fp(stderr, pub_key);
        fprintf(stderr, "\n");
 #endif
        if (!dh_pub_is_valid(kex->dh, dh_client_pub)) {
@@ -199,9 +202,9 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
            sshbuf_ptr(kex->my), sshbuf_len(kex->my),
            server_host_key_blob, sbloblen,
            kex->min, kex->nbits, kex->max,
-            kex->dh->p, kex->dh->g,
+            dh_p, dh_g,
            dh_client_pub,
-            kex->dh->pub_key,
+            pub_key,
            shared_secret,
            hash, &hashlen)) != 0)
                goto out;
@@ -227,7 +230,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
        /* send server hostkey, DH pubkey 'f' and signed H */
        if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 ||
            (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
-            (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||     /* f */
+            (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||     /* f */
            (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
            (r = sshpkt_send(ssh)) != 0)
                goto out;
author	djm@openbsd.org <djm@openbsd.org>	2018-09-13 02:08:33 +0000
committer	Damien Miller <djm@mindrot.org>	2018-09-13 12:12:33 +1000
commit	482d23bcacdd3664f21cc82a5135f66fc598275f (patch)
tree	362f697a94da0a765d1dabcfbf33370b2a4df121 /kexgexs.c
parent	d70d061828730a56636ab6f1f24fe4a8ccefcfc1 (diff)