diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-01-23 00:30:41 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-01-23 13:02:02 +1100 |
commit | bb956eaa94757ad058ff43631c3a7d6c94d38c2f (patch) | |
tree | e3151971c163f933af9d7ec7adaa4ea876f13c22 /kexgexs.c | |
parent | d691588b8e29622c66abf8932362b522cf7f4051 (diff) |
upstream: pass most arguments to the KEX hash functions as sshbuf
rather than pointer+length; ok markus@
OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7
Diffstat (limited to 'kexgexs.c')
-rw-r--r-- | kexgexs.c | 25 |
1 files changed, 14 insertions, 11 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexs.c,v 1.41 2019/01/21 10:05:09 djm Exp $ */ | 1 | /* $OpenBSD: kexgexs.c,v 1.42 2019/01/23 00:30:41 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -129,11 +129,11 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |||
129 | BIGNUM *dh_client_pub = NULL; | 129 | BIGNUM *dh_client_pub = NULL; |
130 | const BIGNUM *pub_key, *dh_p, *dh_g; | 130 | const BIGNUM *pub_key, *dh_p, *dh_g; |
131 | struct sshbuf *shared_secret = NULL; | 131 | struct sshbuf *shared_secret = NULL; |
132 | struct sshbuf *server_host_key_blob = NULL; | ||
132 | struct sshkey *server_host_public, *server_host_private; | 133 | struct sshkey *server_host_public, *server_host_private; |
133 | u_char *signature = NULL, *server_host_key_blob = NULL; | 134 | u_char *signature = NULL; |
134 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | 135 | u_char hash[SSH_DIGEST_MAX_LENGTH]; |
135 | size_t sbloblen, slen; | 136 | size_t slen, hashlen; |
136 | size_t hashlen; | ||
137 | int r; | 137 | int r; |
138 | 138 | ||
139 | if ((r = kex_load_hostkey(ssh, &server_host_private, | 139 | if ((r = kex_load_hostkey(ssh, &server_host_private, |
@@ -150,8 +150,11 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |||
150 | } | 150 | } |
151 | if ((r = kex_dh_compute_key(kex, dh_client_pub, shared_secret)) != 0) | 151 | if ((r = kex_dh_compute_key(kex, dh_client_pub, shared_secret)) != 0) |
152 | goto out; | 152 | goto out; |
153 | if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, | 153 | if ((server_host_key_blob = sshbuf_new()) == NULL) { |
154 | &sbloblen)) != 0) | 154 | r = SSH_ERR_ALLOC_FAIL; |
155 | goto out; | ||
156 | } | ||
157 | if ((r = sshkey_putb(server_host_public, server_host_key_blob)) != 0) | ||
155 | goto out; | 158 | goto out; |
156 | 159 | ||
157 | /* calc H */ | 160 | /* calc H */ |
@@ -162,9 +165,9 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |||
162 | kex->hash_alg, | 165 | kex->hash_alg, |
163 | kex->client_version, | 166 | kex->client_version, |
164 | kex->server_version, | 167 | kex->server_version, |
165 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), | 168 | kex->peer, |
166 | sshbuf_ptr(kex->my), sshbuf_len(kex->my), | 169 | kex->my, |
167 | server_host_key_blob, sbloblen, | 170 | server_host_key_blob, |
168 | kex->min, kex->nbits, kex->max, | 171 | kex->min, kex->nbits, kex->max, |
169 | dh_p, dh_g, | 172 | dh_p, dh_g, |
170 | dh_client_pub, | 173 | dh_client_pub, |
@@ -180,7 +183,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |||
180 | 183 | ||
181 | /* send server hostkey, DH pubkey 'f' and signed H */ | 184 | /* send server hostkey, DH pubkey 'f' and signed H */ |
182 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || | 185 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || |
183 | (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || | 186 | (r = sshpkt_put_stringb(ssh, server_host_key_blob)) != 0 || |
184 | (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ | 187 | (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ |
185 | (r = sshpkt_put_string(ssh, signature, slen)) != 0 || | 188 | (r = sshpkt_put_string(ssh, signature, slen)) != 0 || |
186 | (r = sshpkt_send(ssh)) != 0) | 189 | (r = sshpkt_send(ssh)) != 0) |
@@ -194,7 +197,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |||
194 | kex->dh = NULL; | 197 | kex->dh = NULL; |
195 | BN_clear_free(dh_client_pub); | 198 | BN_clear_free(dh_client_pub); |
196 | sshbuf_free(shared_secret); | 199 | sshbuf_free(shared_secret); |
197 | free(server_host_key_blob); | 200 | sshbuf_free(server_host_key_blob); |
198 | free(signature); | 201 | free(signature); |
199 | return r; | 202 | return r; |
200 | } | 203 | } |