*/
#include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.12 2001/12/28 14:50:54 markus Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.18 2002/03/18 17:50:31 provos Exp $");
#include <openssl/crypto.h>
#include <openssl/bn.h>
#include "packet.h"
#include "dh.h"
#include "ssh2.h"
+#include "monitor_wrap.h"
static u_char *
kex_dh_hash(
{
Buffer b;
static u_char digest[EVP_MAX_MD_SIZE];
- EVP_MD *evp_md = EVP_sha1();
+ const EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
buffer_init(&b);
buffer_free(&b);
#ifdef DEBUG_KEX
- dump_digest("hash", digest, evp_md->md_size);
+ dump_digest("hash", digest, EVP_MD_size(evp_md));
#endif
return digest;
}
server_host_key = key_from_blob(server_host_key_blob, sbloblen);
if (server_host_key == NULL)
fatal("cannot decode server_host_key_blob");
-
+ if (server_host_key->type != kex->hostkey_type)
+ fatal("type mismatch for decoded server_host_key_blob");
if (kex->verify_host_key == NULL)
fatal("cannot verify server_host_key");
if (kex->verify_host_key(server_host_key) == -1)
Key *server_host_key;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int sbloblen, klen, kout;
- int slen;
+ u_int slen;
/* generate server DH public key */
dh = dh_new_group1();
if ((dh_client_pub = BN_new()) == NULL)
fatal("dh_client_pub == NULL");
packet_get_bignum2(dh_client_pub);
+ packet_check_eom();
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_client_pub= ");
/* sign H */
/* XXX hashlen depends on KEX */
- key_sign(server_host_key, &signature, &slen, hash, 20);
+ PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
/* destroy_sensitive_data(); */