diff options
-rw-r--r-- | kex.c | 20 | ||||
-rw-r--r-- | kex.h | 3 | ||||
-rw-r--r-- | kexc25519s.c | 17 | ||||
-rw-r--r-- | kexdhs.c | 16 | ||||
-rw-r--r-- | kexecdhs.c | 16 | ||||
-rw-r--r-- | kexgexs.c | 16 |
6 files changed, 33 insertions, 55 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.144 2019/01/21 09:55:52 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.145 2019/01/21 10:05:09 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -1052,6 +1052,24 @@ kex_derive_keys_bn(struct ssh *ssh, u_char *hash, u_int hashlen, | |||
1052 | } | 1052 | } |
1053 | #endif | 1053 | #endif |
1054 | 1054 | ||
1055 | int | ||
1056 | kex_load_hostkey(struct ssh *ssh, struct sshkey **pubp, struct sshkey **prvp) | ||
1057 | { | ||
1058 | struct kex *kex = ssh->kex; | ||
1059 | |||
1060 | *pubp = NULL; | ||
1061 | *prvp = NULL; | ||
1062 | if (kex->load_host_public_key == NULL || | ||
1063 | kex->load_host_private_key == NULL) | ||
1064 | return SSH_ERR_INVALID_ARGUMENT; | ||
1065 | *pubp = kex->load_host_public_key(kex->hostkey_type, | ||
1066 | kex->hostkey_nid, ssh); | ||
1067 | *prvp = kex->load_host_private_key(kex->hostkey_type, | ||
1068 | kex->hostkey_nid, ssh); | ||
1069 | if (*pubp == NULL) | ||
1070 | return SSH_ERR_NO_HOSTKEY_LOADED; | ||
1071 | return 0; | ||
1072 | } | ||
1055 | 1073 | ||
1056 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) | 1074 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) |
1057 | void | 1075 | void |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.h,v 1.96 2019/01/21 10:03:37 djm Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.97 2019/01/21 10:05:09 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -184,6 +184,7 @@ void kex_free(struct kex *); | |||
184 | int kex_buf2prop(struct sshbuf *, int *, char ***); | 184 | int kex_buf2prop(struct sshbuf *, int *, char ***); |
185 | int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]); | 185 | int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]); |
186 | void kex_prop_free(char **); | 186 | void kex_prop_free(char **); |
187 | int kex_load_hostkey(struct ssh *, struct sshkey **, struct sshkey **); | ||
187 | 188 | ||
188 | int kex_send_kexinit(struct ssh *); | 189 | int kex_send_kexinit(struct ssh *); |
189 | int kex_input_kexinit(int, u_int32_t, struct ssh *); | 190 | int kex_input_kexinit(int, u_int32_t, struct ssh *); |
diff --git a/kexc25519s.c b/kexc25519s.c index 65df18c4b..d7cc70fee 100644 --- a/kexc25519s.c +++ b/kexc25519s.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexc25519s.c,v 1.14 2019/01/21 09:55:52 djm Exp $ */ | 1 | /* $OpenBSD: kexc25519s.c,v 1.15 2019/01/21 10:05:09 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -70,20 +70,9 @@ input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh) | |||
70 | #ifdef DEBUG_KEXECDH | 70 | #ifdef DEBUG_KEXECDH |
71 | dump_digest("server private key:", server_key, sizeof(server_key)); | 71 | dump_digest("server private key:", server_key, sizeof(server_key)); |
72 | #endif | 72 | #endif |
73 | if (kex->load_host_public_key == NULL || | 73 | if ((r = kex_load_hostkey(ssh, &server_host_private, |
74 | kex->load_host_private_key == NULL) { | 74 | &server_host_public)) != 0) |
75 | r = SSH_ERR_INVALID_ARGUMENT; | ||
76 | goto out; | 75 | goto out; |
77 | } | ||
78 | server_host_public = kex->load_host_public_key(kex->hostkey_type, | ||
79 | kex->hostkey_nid, ssh); | ||
80 | server_host_private = kex->load_host_private_key(kex->hostkey_type, | ||
81 | kex->hostkey_nid, ssh); | ||
82 | if (server_host_public == NULL) { | ||
83 | r = SSH_ERR_NO_HOSTKEY_LOADED; | ||
84 | goto out; | ||
85 | } | ||
86 | |||
87 | if ((r = sshpkt_get_string(ssh, &client_pubkey, &pklen)) != 0 || | 76 | if ((r = sshpkt_get_string(ssh, &client_pubkey, &pklen)) != 0 || |
88 | (r = sshpkt_get_end(ssh)) != 0) | 77 | (r = sshpkt_get_end(ssh)) != 0) |
89 | goto out; | 78 | goto out; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexdhs.c,v 1.34 2019/01/21 10:03:37 djm Exp $ */ | 1 | /* $OpenBSD: kexdhs.c,v 1.35 2019/01/21 10:05:09 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -81,19 +81,9 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) | |||
81 | size_t hashlen; | 81 | size_t hashlen; |
82 | int r; | 82 | int r; |
83 | 83 | ||
84 | if (kex->load_host_public_key == NULL || | 84 | if ((r = kex_load_hostkey(ssh, &server_host_private, |
85 | kex->load_host_private_key == NULL) { | 85 | &server_host_public)) != 0) |
86 | r = SSH_ERR_INVALID_ARGUMENT; | ||
87 | goto out; | 86 | goto out; |
88 | } | ||
89 | server_host_public = kex->load_host_public_key(kex->hostkey_type, | ||
90 | kex->hostkey_nid, ssh); | ||
91 | server_host_private = kex->load_host_private_key(kex->hostkey_type, | ||
92 | kex->hostkey_nid, ssh); | ||
93 | if (server_host_public == NULL) { | ||
94 | r = SSH_ERR_NO_HOSTKEY_LOADED; | ||
95 | goto out; | ||
96 | } | ||
97 | 87 | ||
98 | /* key, cert */ | 88 | /* key, cert */ |
99 | if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 || | 89 | if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 || |
diff --git a/kexecdhs.c b/kexecdhs.c index 4ba2072df..b9254eed7 100644 --- a/kexecdhs.c +++ b/kexecdhs.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexecdhs.c,v 1.20 2019/01/21 09:55:52 djm Exp $ */ | 1 | /* $OpenBSD: kexecdhs.c,v 1.21 2019/01/21 10:05:09 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -89,19 +89,9 @@ input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh) | |||
89 | sshkey_dump_ec_key(server_key); | 89 | sshkey_dump_ec_key(server_key); |
90 | #endif | 90 | #endif |
91 | 91 | ||
92 | if (kex->load_host_public_key == NULL || | 92 | if ((r = kex_load_hostkey(ssh, &server_host_private, |
93 | kex->load_host_private_key == NULL) { | 93 | &server_host_public)) != 0) |
94 | r = SSH_ERR_INVALID_ARGUMENT; | ||
95 | goto out; | 94 | goto out; |
96 | } | ||
97 | server_host_public = kex->load_host_public_key(kex->hostkey_type, | ||
98 | kex->hostkey_nid, ssh); | ||
99 | server_host_private = kex->load_host_private_key(kex->hostkey_type, | ||
100 | kex->hostkey_nid, ssh); | ||
101 | if (server_host_public == NULL) { | ||
102 | r = SSH_ERR_NO_HOSTKEY_LOADED; | ||
103 | goto out; | ||
104 | } | ||
105 | if ((client_public = EC_POINT_new(group)) == NULL) { | 95 | if ((client_public = EC_POINT_new(group)) == NULL) { |
106 | r = SSH_ERR_ALLOC_FAIL; | 96 | r = SSH_ERR_ALLOC_FAIL; |
107 | goto out; | 97 | goto out; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexs.c,v 1.40 2019/01/21 10:03:37 djm Exp $ */ | 1 | /* $OpenBSD: kexgexs.c,v 1.41 2019/01/21 10:05:09 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -136,19 +136,9 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |||
136 | size_t hashlen; | 136 | size_t hashlen; |
137 | int r; | 137 | int r; |
138 | 138 | ||
139 | if (kex->load_host_public_key == NULL || | 139 | if ((r = kex_load_hostkey(ssh, &server_host_private, |
140 | kex->load_host_private_key == NULL) { | 140 | &server_host_public)) != 0) |
141 | r = SSH_ERR_INVALID_ARGUMENT; | ||
142 | goto out; | 141 | goto out; |
143 | } | ||
144 | server_host_public = kex->load_host_public_key(kex->hostkey_type, | ||
145 | kex->hostkey_nid, ssh); | ||
146 | server_host_private = kex->load_host_private_key(kex->hostkey_type, | ||
147 | kex->hostkey_nid, ssh); | ||
148 | if (server_host_public == NULL) { | ||
149 | r = SSH_ERR_NO_HOSTKEY_LOADED; | ||
150 | goto out; | ||
151 | } | ||
152 | 142 | ||
153 | /* key, cert */ | 143 | /* key, cert */ |
154 | if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 || | 144 | if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 || |