updating OPENSSH_GSSAPI_Protocol1-branch with latest on the trunk (OpenSSH 3.2.3p1)

[gssapi-openssh.git] / openssh / kexgex.c

diff --git a/openssh/kexgex.c b/openssh/kexgex.c
index 61896e6ed467685a995c175aa016b7cc051d7b8f..2d4a58153151753d56e9cd24e025ad4897bd212a 100644 (file)
--- a/openssh/kexgex.c
+++ b/openssh/kexgex.c
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.20 2002/02/28 15:46:33 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.22 2002/03/24 17:27:03 stevesk Exp $");
 
 #include <openssl/bn.h>
 
@@ -38,6 +38,7 @@ RCSID("$OpenBSD: kexgex.c,v 1.20 2002/02/28 15:46:33 markus Exp $");
 #include "dh.h"
 #include "ssh2.h"
 #include "compat.h"
+#include "monitor_wrap.h"
 
 static u_char *
 kexgex_hash(
@@ -259,7 +260,7 @@ kexgex_server(Kex *kex)
 {
        BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
        Key *server_host_key;
-       DH *dh = dh;
+       DH *dh;
        u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
        u_int sbloblen, klen, kout, slen;
        int min = -1, max = -1, nbits = -1, type;
@@ -296,7 +297,8 @@ kexgex_server(Kex *kex)
                fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
                    min, nbits, max);
 
-       dh = choose_dh(min, nbits, max);
+       /* Contact privileged parent */
+       dh = PRIVSEP(choose_dh(min, nbits, max));
        if (dh == NULL)
                packet_disconnect("Protocol error: no matching DH grp found");
 
@@ -379,7 +381,7 @@ kexgex_server(Kex *kex)
 
        /* sign H */
        /* XXX hashlen depends on KEX */
-       key_sign(server_host_key, &signature, &slen, hash, 20);
+       PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
 
        /* destroy_sensitive_data(); */
 
@@ -390,6 +392,7 @@ kexgex_server(Kex *kex)
        packet_put_bignum2(dh->pub_key);        /* f */
        packet_put_string(signature, slen);
        packet_send();
+
        xfree(signature);
        xfree(server_host_key_blob);
        /* have keys, free DH */