*/
#include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.14 2001/12/28 13:57:33 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.17 2002/01/31 13:35:11 markus Exp $");
#include <openssl/bn.h>
buffer_free(&b);
#ifdef DEBUG_KEXDH
- dump_digest("hash", digest, evp_md->md_size);
+ dump_digest("hash", digest, EVP_MD_size(evp_md));
#endif
return digest;
}
Key *server_host_key;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int klen, kout, slen, sbloblen;
- int plen, min, max, nbits;
+ int min, max, nbits;
DH *dh;
nbits = dh_estimate(kex->we_need * 8);
packet_send();
debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP");
- packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_GROUP);
+ packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP);
if ((p = BN_new()) == NULL)
fatal("BN_new");
packet_send();
debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY");
- packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_REPLY);
+ packet_read_expect(SSH2_MSG_KEX_DH_GEX_REPLY);
/* key, cert */
server_host_key_blob = packet_get_string(&sbloblen);
server_host_key = key_from_blob(server_host_key_blob, sbloblen);
if (server_host_key == NULL)
fatal("cannot decode server_host_key_blob");
-
+ if (server_host_key->type != kex->hostkey_type)
+ fatal("type mismatch for decoded server_host_key_blob");
if (kex->verify_host_key == NULL)
fatal("cannot verify server_host_key");
if (kex->verify_host_key(server_host_key) == -1)
DH *dh = dh;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int sbloblen, klen, kout;
- int min = -1, max = -1, nbits = -1, type, plen, slen;
+ int min = -1, max = -1, nbits = -1, type, slen;
if (kex->load_host_key == NULL)
fatal("Cannot load hostkey");
if (server_host_key == NULL)
fatal("Unsupported hostkey type %d", kex->hostkey_type);
- type = packet_read(&plen);
+ type = packet_read();
switch (type) {
case SSH2_MSG_KEX_DH_GEX_REQUEST:
debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
dh_gen_key(dh, kex->we_need * 8);
debug("expecting SSH2_MSG_KEX_DH_GEX_INIT");
- packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_INIT);
+ packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT);
/* key, cert */
if ((dh_client_pub = BN_new()) == NULL)