*/
#include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.2 2001/04/03 23:32:12 markus Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.6 2001/06/23 15:12:18 itojun Exp $");
#include <openssl/crypto.h>
#include <openssl/bn.h>
#include "dh.h"
#include "ssh2.h"
-u_char *
+static u_char *
kex_dh_hash(
char *client_version_string,
char *server_version_string,
EVP_MD_CTX md;
buffer_init(&b);
- buffer_put_string(&b, client_version_string, strlen(client_version_string));
- buffer_put_string(&b, server_version_string, strlen(server_version_string));
+ buffer_put_cstring(&b, client_version_string);
+ buffer_put_cstring(&b, server_version_string);
/* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
buffer_put_int(&b, ckexinitlen+1);
/* client */
-void
+static void
kexdh_client(Kex *kex)
{
BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
if (server_host_key == NULL)
fatal("cannot decode server_host_key_blob");
- if (kex->check_host_key == NULL)
- fatal("cannot check server_host_key");
- kex->check_host_key(server_host_key);
+ if (kex->verify_host_key == NULL)
+ fatal("cannot verify server_host_key");
+ if (kex->verify_host_key(server_host_key) == -1)
+ fatal("server_host_key verification failed");
/* DH paramter f, server public DH key */
dh_server_pub = BN_new();
shared_secret
);
xfree(server_host_key_blob);
- DH_free(dh);
BN_free(dh_server_pub);
+ DH_free(dh);
if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
fatal("key_verify failed for server_host_key");
kex_derive_keys(kex, hash, shared_secret);
BN_clear_free(shared_secret);
- kex_send_newkeys();
+ kex_finish(kex);
}
/* server */
-void
+static void
kexdh_server(Kex *kex)
{
BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
packet_put_bignum2(dh->pub_key); /* f */
packet_put_string((char *)signature, slen);
packet_send();
+
xfree(signature);
xfree(server_host_key_blob);
+ /* have keys, free DH */
+ DH_free(dh);
kex_derive_keys(kex, hash, shared_secret);
BN_clear_free(shared_secret);
- kex_send_newkeys();
-
- /* have keys, free DH */
- DH_free(dh);
+ kex_finish(kex);
}
void