1 files changed, 0 insertions, 151 deletions
diff --git a/kexdhc.c b/kexdhc.c
deleted file mode 100644
index a2af8cb08..000000000
--- a/kexdhc.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/* $OpenBSD: kexdhc.c,v 1.29 2019/01/21 10:07:22 djm Exp $ */
-/*
- * Copyright (c) 2001 Markus Friedl.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#include "includes.h"
-#ifdef WITH_OPENSSL
-#include <sys/types.h>
-#include <openssl/dh.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <string.h>
-#include <signal.h>
-#include "openbsd-compat/openssl-compat.h"
-#include "sshkey.h"
-#include "cipher.h"
-#include "digest.h"
-#include "dh.h"
-#include "kex.h"
-#include "log.h"
-#include "packet.h"
-#include "ssh2.h"
-#include "dispatch.h"
-#include "compat.h"
-#include "ssherr.h"
-#include "sshbuf.h"
-static int input_kex_dh(int, u_int32_t, struct ssh *);
-int
-kexdh_client(struct ssh *ssh)
-{
-        struct kex *kex = ssh->kex;
-        int r;
-        const BIGNUM *pub_key;
-        /* generate and send 'e', client DH public key */
-        if ((r = kex_dh_keygen(kex)) != 0)
-                goto out;
-        debug("sending SSH2_MSG_KEXDH_INIT");
-        DH_get0_key(kex->dh, &pub_key, NULL);
-        if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 ||
-            (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||
-            (r = sshpkt_send(ssh)) != 0)
-                goto out;
-#ifdef DEBUG_KEXDH
-        DHparams_print_fp(stderr, kex->dh);
-        fprintf(stderr, "pub= ");
-        BN_print_fp(stderr, pub_key);
-        fprintf(stderr, "\n");
-#endif
-        debug("expecting SSH2_MSG_KEXDH_REPLY");
-        ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_REPLY, &input_kex_dh);
-        r = 0;
- out:
-        return r;
-}
-static int
-input_kex_dh(int type, u_int32_t seq, struct ssh *ssh)
-{
-        struct kex *kex = ssh->kex;
-        BIGNUM *dh_server_pub = NULL;
-        const BIGNUM *pub_key;
-        struct sshkey *server_host_key = NULL;
-        struct sshbuf *shared_secret = NULL;
-        u_char *server_host_key_blob = NULL, *signature = NULL;
-        u_char hash[SSH_DIGEST_MAX_LENGTH];
-        size_t slen, sbloblen, hashlen;
-        int r;
-        /* key, cert */
-        if ((r = sshpkt_get_string(ssh, &server_host_key_blob,
-            &sbloblen)) != 0 ||
-            (r = sshkey_from_blob(server_host_key_blob, sbloblen,
-            &server_host_key)) != 0)
-                goto out;
-        if ((r = kex_verify_host_key(ssh, server_host_key)) != 0)
-                goto out;
-        /* DH parameter f, server public DH key, signed H */
-        if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 ||
-            (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||
-            (r = sshpkt_get_end(ssh)) != 0)
-                goto out;
-        if ((shared_secret = sshbuf_new()) == NULL) {
-                r = SSH_ERR_ALLOC_FAIL;
-                goto out;
-        }
-        if ((r = kex_dh_compute_key(kex, dh_server_pub, shared_secret)) != 0)
-                goto out;
-        /* calc and verify H */
-        DH_get0_key(kex->dh, &pub_key, NULL);
-        hashlen = sizeof(hash);
-        if ((r = kex_dh_hash(
-            kex->hash_alg,
-            kex->client_version,
-            kex->server_version,
-            sshbuf_ptr(kex->my), sshbuf_len(kex->my),
-            sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
-            server_host_key_blob, sbloblen,
-            pub_key,
-            dh_server_pub,
-            sshbuf_ptr(shared_secret), sshbuf_len(shared_secret),
-            hash, &hashlen)) != 0)
-                goto out;
-        if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
-            kex->hostkey_alg, ssh->compat)) != 0)
-                goto out;
-        if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)
-                r = kex_send_newkeys(ssh);
- out:
-        explicit_bzero(hash, sizeof(hash));
-        DH_free(kex->dh);
-        kex->dh = NULL;
-        BN_clear_free(dh_server_pub);
-        sshbuf_free(shared_secret);
-        sshkey_free(server_host_key);
-        free(server_host_key_blob);
-        free(signature);
-        return r;
-}
-#endif /* WITH_OPENSSL */

diff --git a/kexdhc.c b/kexdhc.c deleted file mode 100644 index a2af8cb08..000000000 --- a/kexdhc.c +++ /dev/null
@@ -1,151 +0,0 @@
1	/* $OpenBSD: kexdhc.c,v 1.29 2019/01/21 10:07:22 djm Exp $ */
2	/*
3	* Copyright (c) 2001 Markus Friedl. All rights reserved.
4	*
5	* Redistribution and use in source and binary forms, with or without
6	* modification, are permitted provided that the following conditions
7	* are met:
8	* 1. Redistributions of source code must retain the above copyright
9	* notice, this list of conditions and the following disclaimer.
10	* 2. Redistributions in binary form must reproduce the above copyright
11	* notice, this list of conditions and the following disclaimer in the
12	* documentation and/or other materials provided with the distribution.
13	*
14	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24	*/
25
26	#include "includes.h"
27
28	#ifdef WITH_OPENSSL
29
30	#include <sys/types.h>
31
32	#include <openssl/dh.h>
33
34	#include <stdarg.h>
35	#include <stdio.h>
36	#include <string.h>
37	#include <signal.h>
38
39	#include "openbsd-compat/openssl-compat.h"
40
41	#include "sshkey.h"
42	#include "cipher.h"
43	#include "digest.h"
44	#include "dh.h"
45	#include "kex.h"
46	#include "log.h"
47	#include "packet.h"
48	#include "ssh2.h"
49	#include "dispatch.h"
50	#include "compat.h"
51	#include "ssherr.h"
52	#include "sshbuf.h"
53
54	static int input_kex_dh(int, u_int32_t, struct ssh *);
55
56	int
57	kexdh_client(struct ssh *ssh)
58	{
59	struct kex *kex = ssh->kex;
60	int r;
61	const BIGNUM *pub_key;
62
63	/* generate and send 'e', client DH public key */
64	if ((r = kex_dh_keygen(kex)) != 0)
65	goto out;
66	debug("sending SSH2_MSG_KEXDH_INIT");
67	DH_get0_key(kex->dh, &pub_key, NULL);
68	if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 \|\|
69	(r = sshpkt_put_bignum2(ssh, pub_key)) != 0 \|\|
70	(r = sshpkt_send(ssh)) != 0)
71	goto out;
72	#ifdef DEBUG_KEXDH
73	DHparams_print_fp(stderr, kex->dh);
74	fprintf(stderr, "pub= ");
75	BN_print_fp(stderr, pub_key);
76	fprintf(stderr, "\n");
77	#endif
78	debug("expecting SSH2_MSG_KEXDH_REPLY");
79	ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_REPLY, &input_kex_dh);
80	r = 0;
81	out:
82	return r;
83	}
84
85	static int
86	input_kex_dh(int type, u_int32_t seq, struct ssh *ssh)
87	{
88	struct kex *kex = ssh->kex;
89	BIGNUM *dh_server_pub = NULL;
90	const BIGNUM *pub_key;
91	struct sshkey *server_host_key = NULL;
92	struct sshbuf *shared_secret = NULL;
93	u_char server_host_key_blob = NULL, signature = NULL;
94	u_char hash[SSH_DIGEST_MAX_LENGTH];
95	size_t slen, sbloblen, hashlen;
96	int r;
97
98	/* key, cert */
99	if ((r = sshpkt_get_string(ssh, &server_host_key_blob,
100	&sbloblen)) != 0 \|\|
101	(r = sshkey_from_blob(server_host_key_blob, sbloblen,
102	&server_host_key)) != 0)
103	goto out;
104	if ((r = kex_verify_host_key(ssh, server_host_key)) != 0)
105	goto out;
106	/* DH parameter f, server public DH key, signed H */
107	if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 \|\|
108	(r = sshpkt_get_string(ssh, &signature, &slen)) != 0 \|\|
109	(r = sshpkt_get_end(ssh)) != 0)
110	goto out;
111	if ((shared_secret = sshbuf_new()) == NULL) {
112	r = SSH_ERR_ALLOC_FAIL;
113	goto out;
114	}
115	if ((r = kex_dh_compute_key(kex, dh_server_pub, shared_secret)) != 0)
116	goto out;
117
118	/* calc and verify H */
119	DH_get0_key(kex->dh, &pub_key, NULL);
120	hashlen = sizeof(hash);
121	if ((r = kex_dh_hash(
122	kex->hash_alg,
123	kex->client_version,
124	kex->server_version,
125	sshbuf_ptr(kex->my), sshbuf_len(kex->my),
126	sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
127	server_host_key_blob, sbloblen,
128	pub_key,
129	dh_server_pub,
130	sshbuf_ptr(shared_secret), sshbuf_len(shared_secret),
131	hash, &hashlen)) != 0)
132	goto out;
133
134	if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
135	kex->hostkey_alg, ssh->compat)) != 0)
136	goto out;
137
138	if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)
139	r = kex_send_newkeys(ssh);
140	out:
141	explicit_bzero(hash, sizeof(hash));
142	DH_free(kex->dh);
143	kex->dh = NULL;
144	BN_clear_free(dh_server_pub);
145	sshbuf_free(shared_secret);
146	sshkey_free(server_host_key);
147	free(server_host_key_blob);
148	free(signature);
149	return r;
150	}
151	#endif /* WITH_OPENSSL */