*/
#include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.7 2001/09/17 19:27:15 stevesk Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.12 2001/12/28 14:50:54 markus Exp $");
#include <openssl/crypto.h>
#include <openssl/bn.h>
u_char *server_host_key_blob = NULL, *signature = NULL;
u_char *kbuf, *hash;
u_int klen, kout, slen, sbloblen;
- int dlen, plen;
/* generate and send 'e', client DH public key */
dh = dh_new_group1();
#endif
debug("expecting SSH2_MSG_KEXDH_REPLY");
- packet_read_expect(&plen, SSH2_MSG_KEXDH_REPLY);
+ packet_read_expect(SSH2_MSG_KEXDH_REPLY);
/* key, cert */
server_host_key_blob = packet_get_string(&sbloblen);
fatal("server_host_key verification failed");
/* DH paramter f, server public DH key */
- dh_server_pub = BN_new();
- if (dh_server_pub == NULL)
+ if ((dh_server_pub = BN_new()) == NULL)
fatal("dh_server_pub == NULL");
- packet_get_bignum2(dh_server_pub, &dlen);
+ packet_get_bignum2(dh_server_pub);
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_server_pub= ");
/* signed H */
signature = packet_get_string(&slen);
- packet_done();
+ packet_check_eom();
if (!dh_pub_is_valid(dh, dh_server_pub))
packet_disconnect("bad server public DH value");
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
- shared_secret = BN_new();
+ if ((shared_secret = BN_new()) == NULL)
+ fatal("kexdh_client: BN_new failed");
BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
shared_secret
);
xfree(server_host_key_blob);
- BN_free(dh_server_pub);
+ BN_clear_free(dh_server_pub);
DH_free(dh);
if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
Key *server_host_key;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int sbloblen, klen, kout;
- int dlen, slen, plen;
+ int slen;
/* generate server DH public key */
dh = dh_new_group1();
dh_gen_key(dh, kex->we_need * 8);
debug("expecting SSH2_MSG_KEXDH_INIT");
- packet_read_expect(&plen, SSH2_MSG_KEXDH_INIT);
+ packet_read_expect(SSH2_MSG_KEXDH_INIT);
if (kex->load_host_key == NULL)
fatal("Cannot load hostkey");
fatal("Unsupported hostkey type %d", kex->hostkey_type);
/* key, cert */
- dh_client_pub = BN_new();
- if (dh_client_pub == NULL)
+ if ((dh_client_pub = BN_new()) == NULL)
fatal("dh_client_pub == NULL");
- packet_get_bignum2(dh_client_pub, &dlen);
+ packet_get_bignum2(dh_client_pub);
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_client_pub= ");
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
- shared_secret = BN_new();
+ if ((shared_secret = BN_new()) == NULL)
+ fatal("kexdh_server: BN_new failed");
BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
dh->pub_key,
shared_secret
);
- BN_free(dh_client_pub);
+ BN_clear_free(dh_client_pub);
/* save session id := H */
/* XXX hashlen depends on KEX */