diff options
Diffstat (limited to 'kexgsss.c')
-rw-r--r-- | kexgsss.c | 17 |
1 files changed, 11 insertions, 6 deletions
@@ -68,6 +68,7 @@ kexgss_server(struct ssh *ssh) | |||
68 | u_char *kbuf; | 68 | u_char *kbuf; |
69 | DH *dh; | 69 | DH *dh; |
70 | int min = -1, max = -1, nbits = -1; | 70 | int min = -1, max = -1, nbits = -1; |
71 | const BIGNUM *pub_key, *dh_p, *dh_g; | ||
71 | BIGNUM *shared_secret = NULL; | 72 | BIGNUM *shared_secret = NULL; |
72 | BIGNUM *dh_client_pub = NULL; | 73 | BIGNUM *dh_client_pub = NULL; |
73 | int type = 0; | 74 | int type = 0; |
@@ -118,10 +119,11 @@ kexgss_server(struct ssh *ssh) | |||
118 | nbits, MIN(DH_GRP_MAX, max))); | 119 | nbits, MIN(DH_GRP_MAX, max))); |
119 | if (dh == NULL) | 120 | if (dh == NULL) |
120 | packet_disconnect("Protocol error: no matching group found"); | 121 | packet_disconnect("Protocol error: no matching group found"); |
122 | DH_get0_pqg(dh, &dh_p, NULL, &dh_g); | ||
121 | 123 | ||
122 | packet_start(SSH2_MSG_KEXGSS_GROUP); | 124 | packet_start(SSH2_MSG_KEXGSS_GROUP); |
123 | packet_put_bignum2(dh->p); | 125 | packet_put_bignum2(dh_p); |
124 | packet_put_bignum2(dh->g); | 126 | packet_put_bignum2(dh_g); |
125 | packet_send(); | 127 | packet_send(); |
126 | 128 | ||
127 | packet_write_wait(); | 129 | packet_write_wait(); |
@@ -213,6 +215,9 @@ kexgss_server(struct ssh *ssh) | |||
213 | memset(kbuf, 0, klen); | 215 | memset(kbuf, 0, klen); |
214 | free(kbuf); | 216 | free(kbuf); |
215 | 217 | ||
218 | DH_get0_key(dh, &pub_key, NULL); | ||
219 | DH_get0_pqg(dh, &dh_p, NULL, &dh_g); | ||
220 | |||
216 | hashlen = sizeof(hash); | 221 | hashlen = sizeof(hash); |
217 | switch (ssh->kex->kex_type) { | 222 | switch (ssh->kex->kex_type) { |
218 | case KEX_GSS_GRP1_SHA1: | 223 | case KEX_GSS_GRP1_SHA1: |
@@ -223,7 +228,7 @@ kexgss_server(struct ssh *ssh) | |||
223 | sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer), | 228 | sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer), |
224 | sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my), | 229 | sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my), |
225 | NULL, 0, /* Change this if we start sending host keys */ | 230 | NULL, 0, /* Change this if we start sending host keys */ |
226 | dh_client_pub, dh->pub_key, shared_secret, | 231 | dh_client_pub, pub_key, shared_secret, |
227 | hash, &hashlen | 232 | hash, &hashlen |
228 | ); | 233 | ); |
229 | break; | 234 | break; |
@@ -235,9 +240,9 @@ kexgss_server(struct ssh *ssh) | |||
235 | sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my), | 240 | sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my), |
236 | NULL, 0, | 241 | NULL, 0, |
237 | min, nbits, max, | 242 | min, nbits, max, |
238 | dh->p, dh->g, | 243 | dh_p, dh_g, |
239 | dh_client_pub, | 244 | dh_client_pub, |
240 | dh->pub_key, | 245 | pub_key, |
241 | shared_secret, | 246 | shared_secret, |
242 | hash, &hashlen | 247 | hash, &hashlen |
243 | ); | 248 | ); |
@@ -261,7 +266,7 @@ kexgss_server(struct ssh *ssh) | |||
261 | fatal("Couldn't get MIC"); | 266 | fatal("Couldn't get MIC"); |
262 | 267 | ||
263 | packet_start(SSH2_MSG_KEXGSS_COMPLETE); | 268 | packet_start(SSH2_MSG_KEXGSS_COMPLETE); |
264 | packet_put_bignum2(dh->pub_key); | 269 | packet_put_bignum2(pub_key); |
265 | packet_put_string(msg_tok.value,msg_tok.length); | 270 | packet_put_string(msg_tok.value,msg_tok.length); |
266 | 271 | ||
267 | if (send_tok.length != 0) { | 272 | if (send_tok.length != 0) { |