diff options
Diffstat (limited to 'kexdhs.c')
-rw-r--r-- | kexdhs.c | 19 |
1 files changed, 12 insertions, 7 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexdhs.c,v 1.10 2009/06/21 07:37:15 dtucker Exp $ */ | 1 | /* $OpenBSD: kexdhs.c,v 1.11 2010/02/26 20:29:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -50,7 +50,7 @@ kexdh_server(Kex *kex) | |||
50 | { | 50 | { |
51 | BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; | 51 | BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; |
52 | DH *dh; | 52 | DH *dh; |
53 | Key *server_host_key; | 53 | Key *server_host_public, *server_host_private; |
54 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; | 54 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; |
55 | u_int sbloblen, klen, hashlen, slen; | 55 | u_int sbloblen, klen, hashlen, slen; |
56 | int kout; | 56 | int kout; |
@@ -71,11 +71,16 @@ kexdh_server(Kex *kex) | |||
71 | debug("expecting SSH2_MSG_KEXDH_INIT"); | 71 | debug("expecting SSH2_MSG_KEXDH_INIT"); |
72 | packet_read_expect(SSH2_MSG_KEXDH_INIT); | 72 | packet_read_expect(SSH2_MSG_KEXDH_INIT); |
73 | 73 | ||
74 | if (kex->load_host_key == NULL) | 74 | if (kex->load_host_public_key == NULL || |
75 | kex->load_host_private_key == NULL) | ||
75 | fatal("Cannot load hostkey"); | 76 | fatal("Cannot load hostkey"); |
76 | server_host_key = kex->load_host_key(kex->hostkey_type); | 77 | server_host_public = kex->load_host_public_key(kex->hostkey_type); |
77 | if (server_host_key == NULL) | 78 | if (server_host_public == NULL) |
78 | fatal("Unsupported hostkey type %d", kex->hostkey_type); | 79 | fatal("Unsupported hostkey type %d", kex->hostkey_type); |
80 | server_host_private = kex->load_host_private_key(kex->hostkey_type); | ||
81 | if (server_host_private == NULL) | ||
82 | fatal("Missing private key for hostkey type %d", | ||
83 | kex->hostkey_type); | ||
79 | 84 | ||
80 | /* key, cert */ | 85 | /* key, cert */ |
81 | if ((dh_client_pub = BN_new()) == NULL) | 86 | if ((dh_client_pub = BN_new()) == NULL) |
@@ -113,7 +118,7 @@ kexdh_server(Kex *kex) | |||
113 | memset(kbuf, 0, klen); | 118 | memset(kbuf, 0, klen); |
114 | xfree(kbuf); | 119 | xfree(kbuf); |
115 | 120 | ||
116 | key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); | 121 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); |
117 | 122 | ||
118 | /* calc H */ | 123 | /* calc H */ |
119 | kex_dh_hash( | 124 | kex_dh_hash( |
@@ -137,7 +142,7 @@ kexdh_server(Kex *kex) | |||
137 | } | 142 | } |
138 | 143 | ||
139 | /* sign H */ | 144 | /* sign H */ |
140 | if (PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, | 145 | if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash, |
141 | hashlen)) < 0) | 146 | hashlen)) < 0) |
142 | fatal("kexdh_server: key_sign failed"); | 147 | fatal("kexdh_server: key_sign failed"); |
143 | 148 | ||