[BACK]Return to kexdhc.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/Attic/kexdhc.c between version 1.2 and 1.2.6.3

version 1.2, 2004/06/13 12:53:24 version 1.2.6.3, 2006/11/08 00:44:05
Line 1 
Line 1 
   /* $OpenBSD$ */
 /*  /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.   * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *   *
Line 22 
Line 23 
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.   * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */   */
   
 #include "includes.h"  #include <sys/types.h>
 RCSID("$OpenBSD$");  
   
   #include <stdio.h>
   #include <string.h>
   #include <signal.h>
   
 #include "xmalloc.h"  #include "xmalloc.h"
   #include "buffer.h"
 #include "key.h"  #include "key.h"
   #include "cipher.h"
 #include "kex.h"  #include "kex.h"
 #include "log.h"  #include "log.h"
 #include "packet.h"  #include "packet.h"
Line 41 
Line 47 
         Key *server_host_key;          Key *server_host_key;
         u_char *server_host_key_blob = NULL, *signature = NULL;          u_char *server_host_key_blob = NULL, *signature = NULL;
         u_char *kbuf, *hash;          u_char *kbuf, *hash;
         u_int klen, kout, slen, sbloblen;          u_int klen, slen, sbloblen, hashlen;
           int kout;
   
         /* generate and send 'e', client DH public key */          /* generate and send 'e', client DH public key */
         switch (kex->kex_type) {          switch (kex->kex_type) {
Line 82 
Line 89 
         if (kex->verify_host_key(server_host_key) == -1)          if (kex->verify_host_key(server_host_key) == -1)
                 fatal("server_host_key verification failed");                  fatal("server_host_key verification failed");
   
         /* DH paramter f, server public DH key */          /* DH parameter f, server public DH key */
         if ((dh_server_pub = BN_new()) == NULL)          if ((dh_server_pub = BN_new()) == NULL)
                 fatal("dh_server_pub == NULL");                  fatal("dh_server_pub == NULL");
         packet_get_bignum2(dh_server_pub);          packet_get_bignum2(dh_server_pub);
Line 103 
Line 110 
   
         klen = DH_size(dh);          klen = DH_size(dh);
         kbuf = xmalloc(klen);          kbuf = xmalloc(klen);
         kout = DH_compute_key(kbuf, dh_server_pub, dh);          if ((kout = DH_compute_key(kbuf, dh_server_pub, dh)) < 0)
                   fatal("DH_compute_key: failed");
 #ifdef DEBUG_KEXDH  #ifdef DEBUG_KEXDH
         dump_digest("shared secret", kbuf, kout);          dump_digest("shared secret", kbuf, kout);
 #endif  #endif
         if ((shared_secret = BN_new()) == NULL)          if ((shared_secret = BN_new()) == NULL)
                 fatal("kexdh_client: BN_new failed");                  fatal("kexdh_client: BN_new failed");
         BN_bin2bn(kbuf, kout, shared_secret);          if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
                   fatal("kexdh_client: BN_bin2bn failed");
         memset(kbuf, 0, klen);          memset(kbuf, 0, klen);
         xfree(kbuf);          xfree(kbuf);
   
         /* calc and verify H */          /* calc and verify H */
         hash = kex_dh_hash(          kex_dh_hash(
             kex->client_version_string,              kex->client_version_string,
             kex->server_version_string,              kex->server_version_string,
             buffer_ptr(&kex->my), buffer_len(&kex->my),              buffer_ptr(&kex->my), buffer_len(&kex->my),
Line 122 
Line 131 
             server_host_key_blob, sbloblen,              server_host_key_blob, sbloblen,
             dh->pub_key,              dh->pub_key,
             dh_server_pub,              dh_server_pub,
             shared_secret              shared_secret,
               &hash, &hashlen
         );          );
         xfree(server_host_key_blob);          xfree(server_host_key_blob);
         BN_clear_free(dh_server_pub);          BN_clear_free(dh_server_pub);
         DH_free(dh);          DH_free(dh);
   
         if (key_verify(server_host_key, signature, slen, hash, 20) != 1)          if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
                 fatal("key_verify failed for server_host_key");                  fatal("key_verify failed for server_host_key");
         key_free(server_host_key);          key_free(server_host_key);
         xfree(signature);          xfree(signature);
   
         /* save session id */          /* save session id */
         if (kex->session_id == NULL) {          if (kex->session_id == NULL) {
                 kex->session_id_len = 20;                  kex->session_id_len = hashlen;
                 kex->session_id = xmalloc(kex->session_id_len);                  kex->session_id = xmalloc(kex->session_id_len);
                 memcpy(kex->session_id, hash, kex->session_id_len);                  memcpy(kex->session_id, hash, kex->session_id_len);
         }          }
   
         kex_derive_keys(kex, hash, shared_secret);          kex_derive_keys(kex, hash, hashlen, shared_secret);
         BN_clear_free(shared_secret);          BN_clear_free(shared_secret);
         kex_finish(kex);          kex_finish(kex);
 }  }
Legend:
Removed from v.1.2  
changed lines
  Added in v.1.2.6.3