*/
#include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.18 2002/03/18 17:50:31 provos Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.7 2001/09/17 19:27:15 stevesk Exp $");
#include <openssl/crypto.h>
#include <openssl/bn.h>
#include "packet.h"
#include "dh.h"
#include "ssh2.h"
-#include "monitor_wrap.h"
static u_char *
kex_dh_hash(
{
Buffer b;
static u_char digest[EVP_MAX_MD_SIZE];
- const EVP_MD *evp_md = EVP_sha1();
+ EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
buffer_init(&b);
buffer_free(&b);
#ifdef DEBUG_KEX
- dump_digest("hash", digest, EVP_MD_size(evp_md));
+ dump_digest("hash", digest, evp_md->md_size);
#endif
return digest;
}
u_char *server_host_key_blob = NULL, *signature = NULL;
u_char *kbuf, *hash;
u_int klen, kout, slen, sbloblen;
+ int dlen, plen;
/* generate and send 'e', client DH public key */
dh = dh_new_group1();
#endif
debug("expecting SSH2_MSG_KEXDH_REPLY");
- packet_read_expect(SSH2_MSG_KEXDH_REPLY);
+ packet_read_expect(&plen, SSH2_MSG_KEXDH_REPLY);
/* key, cert */
server_host_key_blob = packet_get_string(&sbloblen);
server_host_key = key_from_blob(server_host_key_blob, sbloblen);
if (server_host_key == NULL)
fatal("cannot decode server_host_key_blob");
- if (server_host_key->type != kex->hostkey_type)
- fatal("type mismatch for decoded server_host_key_blob");
+
if (kex->verify_host_key == NULL)
fatal("cannot verify server_host_key");
if (kex->verify_host_key(server_host_key) == -1)
fatal("server_host_key verification failed");
/* DH paramter f, server public DH key */
- if ((dh_server_pub = BN_new()) == NULL)
+ dh_server_pub = BN_new();
+ if (dh_server_pub == NULL)
fatal("dh_server_pub == NULL");
- packet_get_bignum2(dh_server_pub);
+ packet_get_bignum2(dh_server_pub, &dlen);
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_server_pub= ");
/* signed H */
signature = packet_get_string(&slen);
- packet_check_eom();
+ packet_done();
if (!dh_pub_is_valid(dh, dh_server_pub))
packet_disconnect("bad server public DH value");
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
- if ((shared_secret = BN_new()) == NULL)
- fatal("kexdh_client: BN_new failed");
+ shared_secret = BN_new();
BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
shared_secret
);
xfree(server_host_key_blob);
- BN_clear_free(dh_server_pub);
+ BN_free(dh_server_pub);
DH_free(dh);
if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
Key *server_host_key;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int sbloblen, klen, kout;
- u_int slen;
+ int dlen, slen, plen;
/* generate server DH public key */
dh = dh_new_group1();
dh_gen_key(dh, kex->we_need * 8);
debug("expecting SSH2_MSG_KEXDH_INIT");
- packet_read_expect(SSH2_MSG_KEXDH_INIT);
+ packet_read_expect(&plen, SSH2_MSG_KEXDH_INIT);
if (kex->load_host_key == NULL)
fatal("Cannot load hostkey");
fatal("Unsupported hostkey type %d", kex->hostkey_type);
/* key, cert */
- if ((dh_client_pub = BN_new()) == NULL)
+ dh_client_pub = BN_new();
+ if (dh_client_pub == NULL)
fatal("dh_client_pub == NULL");
- packet_get_bignum2(dh_client_pub);
- packet_check_eom();
+ packet_get_bignum2(dh_client_pub, &dlen);
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_client_pub= ");
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
- if ((shared_secret = BN_new()) == NULL)
- fatal("kexdh_server: BN_new failed");
+ shared_secret = BN_new();
BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
dh->pub_key,
shared_secret
);
- BN_clear_free(dh_client_pub);
+ BN_free(dh_client_pub);
/* save session id := H */
/* XXX hashlen depends on KEX */
/* sign H */
/* XXX hashlen depends on KEX */
- PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
+ key_sign(server_host_key, &signature, &slen, hash, 20);
/* destroy_sensitive_data(); */
andersk / gssapi-openssh.git / blobdiff