diff options
Diffstat (limited to 'kexdhs.c')
| -rw-r--r-- | kexdhs.c | 19 |
1 files changed, 12 insertions, 7 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexdhs.c,v 1.10 2009/06/21 07:37:15 dtucker Exp $ */ | 1 | /* $OpenBSD: kexdhs.c,v 1.11 2010/02/26 20:29:54 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -50,7 +50,7 @@ kexdh_server(Kex *kex) | |||
| 50 | { | 50 | { |
| 51 | BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; | 51 | BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; |
| 52 | DH *dh; | 52 | DH *dh; |
| 53 | Key *server_host_key; | 53 | Key *server_host_public, *server_host_private; |
| 54 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; | 54 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; |
| 55 | u_int sbloblen, klen, hashlen, slen; | 55 | u_int sbloblen, klen, hashlen, slen; |
| 56 | int kout; | 56 | int kout; |
| @@ -71,11 +71,16 @@ kexdh_server(Kex *kex) | |||
| 71 | debug("expecting SSH2_MSG_KEXDH_INIT"); | 71 | debug("expecting SSH2_MSG_KEXDH_INIT"); |
| 72 | packet_read_expect(SSH2_MSG_KEXDH_INIT); | 72 | packet_read_expect(SSH2_MSG_KEXDH_INIT); |
| 73 | 73 | ||
| 74 | if (kex->load_host_key == NULL) | 74 | if (kex->load_host_public_key == NULL || |
| 75 | kex->load_host_private_key == NULL) | ||
| 75 | fatal("Cannot load hostkey"); | 76 | fatal("Cannot load hostkey"); |
| 76 | server_host_key = kex->load_host_key(kex->hostkey_type); | 77 | server_host_public = kex->load_host_public_key(kex->hostkey_type); |
| 77 | if (server_host_key == NULL) | 78 | if (server_host_public == NULL) |
| 78 | fatal("Unsupported hostkey type %d", kex->hostkey_type); | 79 | fatal("Unsupported hostkey type %d", kex->hostkey_type); |
| 80 | server_host_private = kex->load_host_private_key(kex->hostkey_type); | ||
| 81 | if (server_host_private == NULL) | ||
| 82 | fatal("Missing private key for hostkey type %d", | ||
| 83 | kex->hostkey_type); | ||
| 79 | 84 | ||
| 80 | /* key, cert */ | 85 | /* key, cert */ |
| 81 | if ((dh_client_pub = BN_new()) == NULL) | 86 | if ((dh_client_pub = BN_new()) == NULL) |
| @@ -113,7 +118,7 @@ kexdh_server(Kex *kex) | |||
| 113 | memset(kbuf, 0, klen); | 118 | memset(kbuf, 0, klen); |
| 114 | xfree(kbuf); | 119 | xfree(kbuf); |
| 115 | 120 | ||
| 116 | key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); | 121 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); |
| 117 | 122 | ||
| 118 | /* calc H */ | 123 | /* calc H */ |
| 119 | kex_dh_hash( | 124 | kex_dh_hash( |
| @@ -137,7 +142,7 @@ kexdh_server(Kex *kex) | |||
| 137 | } | 142 | } |
| 138 | 143 | ||
| 139 | /* sign H */ | 144 | /* sign H */ |
| 140 | if (PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, | 145 | if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash, |
| 141 | hashlen)) < 0) | 146 | hashlen)) < 0) |
| 142 | fatal("kexdh_server: key_sign failed"); | 147 | fatal("kexdh_server: key_sign failed"); |
| 143 | 148 | ||