| version 1.31, 2004/08/04 10:37:52 |
version 1.31.8.1, 2006/09/30 04:06:50 |
|
|
| |
/* $OpenBSD$ */ |
| /* |
/* |
| * Copyright (c) 2000 Niels Provos. All rights reserved. |
* Copyright (c) 2000 Niels Provos. All rights reserved. |
| * |
* |
|
|
| * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| */ |
*/ |
| |
|
| #include "includes.h" |
#include <sys/param.h> |
| RCSID("$OpenBSD$"); |
|
| |
|
| #include "xmalloc.h" |
|
| |
|
| #include <openssl/bn.h> |
#include <openssl/bn.h> |
| #include <openssl/dh.h> |
#include <openssl/dh.h> |
| #include <openssl/evp.h> |
|
| |
|
| #include "buffer.h" |
#include <stdio.h> |
| #include "cipher.h" |
#include <stdlib.h> |
| #include "kex.h" |
#include <string.h> |
| |
|
| #include "dh.h" |
#include "dh.h" |
| #include "pathnames.h" |
#include "pathnames.h" |
| #include "log.h" |
#include "log.h" |
|
|
| { |
{ |
| char *cp, *arg; |
char *cp, *arg; |
| char *strsize, *gen, *prime; |
char *strsize, *gen, *prime; |
| |
const char *errstr = NULL; |
| |
|
| cp = line; |
cp = line; |
| arg = strdelim(&cp); |
if ((arg = strdelim(&cp)) == NULL) |
| |
return 0; |
| /* Ignore leading whitespace */ |
/* Ignore leading whitespace */ |
| if (*arg == '\0') |
if (*arg == '\0') |
| arg = strdelim(&cp); |
arg = strdelim(&cp); |
|
|
| goto fail; |
goto fail; |
| strsize = strsep(&cp, " "); /* size */ |
strsize = strsep(&cp, " "); /* size */ |
| if (cp == NULL || *strsize == '\0' || |
if (cp == NULL || *strsize == '\0' || |
| (dhg->size = atoi(strsize)) == 0) |
(dhg->size = (u_int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 || |
| |
errstr) |
| goto fail; |
goto fail; |
| /* The whole group is one bit larger */ |
/* The whole group is one bit larger */ |
| dhg->size++; |
dhg->size++; |
|
|
| int i; |
int i; |
| int n = BN_num_bits(dh_pub); |
int n = BN_num_bits(dh_pub); |
| int bits_set = 0; |
int bits_set = 0; |
| |
BIGNUM *tmp; |
| |
|
| if (dh_pub->neg) { |
if (dh_pub->neg) { |
| logit("invalid public DH value: negativ"); |
logit("invalid public DH value: negativ"); |
| return 0; |
return 0; |
| } |
} |
| |
if (BN_cmp(dh_pub, BN_value_one()) != 1) { /* pub_exp <= 1 */ |
| |
logit("invalid public DH value: <= 1"); |
| |
return 0; |
| |
} |
| |
|
| |
if ((tmp = BN_new()) == NULL) |
| |
return (-1); |
| |
if (!BN_sub(tmp, dh->p, BN_value_one()) || |
| |
BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ |
| |
BN_clear_free(tmp); |
| |
logit("invalid public DH value: >= p-1"); |
| |
return 0; |
| |
} |
| |
BN_clear_free(tmp); |
| |
|
| for (i = 0; i <= n; i++) |
for (i = 0; i <= n; i++) |
| if (BN_is_bit_set(dh_pub, i)) |
if (BN_is_bit_set(dh_pub, i)) |
| bits_set++; |
bits_set++; |
| debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); |
debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); |
| |
|
| /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ |
/* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ |
| if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1)) |
if (bits_set > 1) |
| return 1; |
return 1; |
| |
|
| logit("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p)); |
logit("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p)); |
| return 0; |
return 0; |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to dh.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh