- djm@cvs.openbsd.org 2004/05/09 00:06:47
[moduli.c ssh-keygen.c] removed: moduli.h
zap another tiny header; ok deraadt@
+ - djm@cvs.openbsd.org 2004/05/09 01:19:28
+ [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
+ sshd.c] removed: mpaux.c mpaux.h
+ kill some more tiny files; ok deraadt@
20040502
- (dtucker) OpenBSD CVS Sync
Multiple Precision Integer Library
- Uses the SSLeay BIGNUM sublibrary.
- - Some auxiliary functions for mp-int manipulation are in mpaux.c.
Random Numbers
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.59 2004/05/09 01:19:27 djm Exp $");
#include <openssl/rsa.h>
#include <openssl/md5.h>
#include "packet.h"
#include "xmalloc.h"
#include "ssh1.h"
-#include "mpaux.h"
#include "uidswap.h"
#include "match.h"
#include "auth-options.h"
*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.55 2003/11/08 16:02:40 jakob Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.56 2004/05/09 01:19:27 djm Exp $");
#include "xmalloc.h"
#include "rsa.h"
#include "ssh1.h"
#include "packet.h"
#include "buffer.h"
-#include "mpaux.h"
#include "log.h"
#include "servconf.h"
#include "compat.h"
*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.56 2003/11/21 11:57:03 djm Exp $");
+RCSID("$OpenBSD: kex.c,v 1.57 2004/05/09 01:19:27 djm Exp $");
#include <openssl/crypto.h>
return ret;
}
+void
+derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
+ u_int8_t cookie[8], u_int8_t id[16])
+{
+ const EVP_MD *evp_md = EVP_md5();
+ EVP_MD_CTX md;
+ u_int8_t nbuf[2048], obuf[EVP_MAX_MD_SIZE];
+ int len;
+
+ EVP_DigestInit(&md, evp_md);
+
+ len = BN_num_bytes(host_modulus);
+ if (len < (512 / 8) || len > sizeof(nbuf))
+ fatal("%s: bad host modulus (len %d)", __func__, len);
+ BN_bn2bin(host_modulus, nbuf);
+ EVP_DigestUpdate(&md, nbuf, len);
+
+ len = BN_num_bytes(server_modulus);
+ if (len < (512 / 8) || len > sizeof(nbuf))
+ fatal("%s: bad server modulus (len %d)", __func__, len);
+ BN_bn2bin(server_modulus, nbuf);
+ EVP_DigestUpdate(&md, nbuf, len);
+
+ EVP_DigestUpdate(&md, cookie, 8);
+
+ EVP_DigestFinal(&md, id, NULL);
+ memcpy(id, obuf, 16);
+
+ memset(nbuf, 0, sizeof(nbuf));
+ memset(obuf, 0, sizeof(obuf));
+ memset(&md, 0, sizeof(md));
+}
+
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
void
dump_digest(char *msg, u_char *digest, int len)
*/
#include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.56 2004/05/09 01:19:27 djm Exp $");
#include <openssl/dh.h>
#include "bufaux.h"
#include "compat.h"
#include "ssh2.h"
-#include "mpaux.h"
#ifdef GSSAPI
#include "ssh-gss.h"
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.173 2004/04/27 09:46:37 djm Exp $");
+RCSID("$OpenBSD: session.c,v 1.174 2004/05/09 01:19:28 djm Exp $");
#include "ssh.h"
#include "ssh1.h"
#include "packet.h"
#include "buffer.h"
#include "match.h"
-#include "mpaux.h"
#include "uidswap.h"
#include "compat.h"
#include "channels.h"
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.57 2004/05/08 00:21:31 djm Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.58 2004/05/09 01:19:28 djm Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
#include "rsa.h"
#include "buffer.h"
#include "packet.h"
-#include "mpaux.h"
+#include "kex.h"
#include "uidswap.h"
#include "log.h"
#include "readconf.h"
client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
- compute_session_id(session_id, cookie, host_key->rsa->n, server_key->rsa->n);
+ derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id);
/* Generate a session key. */
arc4random_stir();
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.290 2004/03/11 10:21:17 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.291 2004/05/09 01:19:28 djm Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
#include "rsa.h"
#include "sshpty.h"
#include "packet.h"
-#include "mpaux.h"
#include "log.h"
#include "servconf.h"
#include "uidswap.h"
BN_bn2bin(session_key_int,
session_key + sizeof(session_key) - len);
- compute_session_id(session_id, cookie,
- sensitive_data.ssh1_host_key->rsa->n,
- sensitive_data.server_key->rsa->n);
+ derive_ssh1_session_id(
+ sensitive_data.ssh1_host_key->rsa->n,
+ sensitive_data.server_key->rsa->n,
+ cookie, session_id);
/*
* Xor the first 16 bytes of the session key with the
* session id.