diff options
Diffstat (limited to 'kexdhc.c')
| -rw-r--r-- | kexdhc.c | 15 |
1 files changed, 8 insertions, 7 deletions
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: kexdhc.c,v 1.2 2004/06/13 12:53:24 djm Exp $"); | 26 | RCSID("$OpenBSD: kexdhc.c,v 1.3 2005/11/04 05:15:59 djm Exp $"); |
| 27 | 27 | ||
| 28 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
| 29 | #include "key.h" | 29 | #include "key.h" |
| @@ -41,7 +41,7 @@ kexdh_client(Kex *kex) | |||
| 41 | Key *server_host_key; | 41 | Key *server_host_key; |
| 42 | u_char *server_host_key_blob = NULL, *signature = NULL; | 42 | u_char *server_host_key_blob = NULL, *signature = NULL; |
| 43 | u_char *kbuf, *hash; | 43 | u_char *kbuf, *hash; |
| 44 | u_int klen, kout, slen, sbloblen; | 44 | u_int klen, kout, slen, sbloblen, hashlen; |
| 45 | 45 | ||
| 46 | /* generate and send 'e', client DH public key */ | 46 | /* generate and send 'e', client DH public key */ |
| 47 | switch (kex->kex_type) { | 47 | switch (kex->kex_type) { |
| @@ -114,7 +114,7 @@ kexdh_client(Kex *kex) | |||
| 114 | xfree(kbuf); | 114 | xfree(kbuf); |
| 115 | 115 | ||
| 116 | /* calc and verify H */ | 116 | /* calc and verify H */ |
| 117 | hash = kex_dh_hash( | 117 | kex_dh_hash( |
| 118 | kex->client_version_string, | 118 | kex->client_version_string, |
| 119 | kex->server_version_string, | 119 | kex->server_version_string, |
| 120 | buffer_ptr(&kex->my), buffer_len(&kex->my), | 120 | buffer_ptr(&kex->my), buffer_len(&kex->my), |
| @@ -122,25 +122,26 @@ kexdh_client(Kex *kex) | |||
| 122 | server_host_key_blob, sbloblen, | 122 | server_host_key_blob, sbloblen, |
| 123 | dh->pub_key, | 123 | dh->pub_key, |
| 124 | dh_server_pub, | 124 | dh_server_pub, |
| 125 | shared_secret | 125 | shared_secret, |
| 126 | &hash, &hashlen | ||
| 126 | ); | 127 | ); |
| 127 | xfree(server_host_key_blob); | 128 | xfree(server_host_key_blob); |
| 128 | BN_clear_free(dh_server_pub); | 129 | BN_clear_free(dh_server_pub); |
| 129 | DH_free(dh); | 130 | DH_free(dh); |
| 130 | 131 | ||
| 131 | if (key_verify(server_host_key, signature, slen, hash, 20) != 1) | 132 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) |
| 132 | fatal("key_verify failed for server_host_key"); | 133 | fatal("key_verify failed for server_host_key"); |
| 133 | key_free(server_host_key); | 134 | key_free(server_host_key); |
| 134 | xfree(signature); | 135 | xfree(signature); |
| 135 | 136 | ||
| 136 | /* save session id */ | 137 | /* save session id */ |
| 137 | if (kex->session_id == NULL) { | 138 | if (kex->session_id == NULL) { |
| 138 | kex->session_id_len = 20; | 139 | kex->session_id_len = hashlen; |
| 139 | kex->session_id = xmalloc(kex->session_id_len); | 140 | kex->session_id = xmalloc(kex->session_id_len); |
| 140 | memcpy(kex->session_id, hash, kex->session_id_len); | 141 | memcpy(kex->session_id, hash, kex->session_id_len); |
| 141 | } | 142 | } |
| 142 | 143 | ||
| 143 | kex_derive_keys(kex, hash, shared_secret); | 144 | kex_derive_keys(kex, hash, hashlen, shared_secret); |
| 144 | BN_clear_free(shared_secret); | 145 | BN_clear_free(shared_secret); |
| 145 | kex_finish(kex); | 146 | kex_finish(kex); |
| 146 | } | 147 | } |