| version 1.53, 2013/11/21 00:45:44 |
version 1.54, 2015/01/19 20:16:15 |
|
|
| #include "pathnames.h" |
#include "pathnames.h" |
| #include "log.h" |
#include "log.h" |
| #include "misc.h" |
#include "misc.h" |
| |
#include "ssherr.h" |
| |
|
| static int |
static int |
| parse_prime(int linenum, char *line, struct dhgroup *dhg) |
parse_prime(int linenum, char *line, struct dhgroup *dhg) |
|
|
| goto fail; |
goto fail; |
| } |
} |
| |
|
| if ((dhg->g = BN_new()) == NULL) |
if ((dhg->g = BN_new()) == NULL || |
| fatal("parse_prime: BN_new failed"); |
(dhg->p = BN_new()) == NULL) { |
| if ((dhg->p = BN_new()) == NULL) |
error("parse_prime: BN_new failed"); |
| fatal("parse_prime: BN_new failed"); |
goto fail; |
| |
} |
| if (BN_hex2bn(&dhg->g, gen) == 0) { |
if (BN_hex2bn(&dhg->g, gen) == 0) { |
| error("moduli:%d: could not parse generator value", linenum); |
error("moduli:%d: could not parse generator value", linenum); |
| goto fail; |
goto fail; |
|
|
| error("moduli:%d: generator is invalid", linenum); |
error("moduli:%d: generator is invalid", linenum); |
| goto fail; |
goto fail; |
| } |
} |
| |
|
| return 1; |
return 1; |
| |
|
| fail: |
fail: |
|
|
| if (dhg->p != NULL) |
if (dhg->p != NULL) |
| BN_clear_free(dhg->p); |
BN_clear_free(dhg->p); |
| dhg->g = dhg->p = NULL; |
dhg->g = dhg->p = NULL; |
| error("Bad prime description in line %d", linenum); |
|
| return 0; |
return 0; |
| } |
} |
| |
|
|
|
| break; |
break; |
| } |
} |
| fclose(f); |
fclose(f); |
| if (linenum != which+1) |
if (linenum != which+1) { |
| fatal("WARNING: line %d disappeared in %s, giving up", |
logit("WARNING: line %d disappeared in %s, giving up", |
| which, _PATH_DH_PRIMES); |
which, _PATH_DH_PRIMES); |
| |
return (dh_new_group14()); |
| |
} |
| |
|
| return (dh_new_group(dhg.g, dhg.p)); |
return (dh_new_group(dhg.g, dhg.p)); |
| } |
} |
|
|
| return 0; |
return 0; |
| } |
} |
| |
|
| void |
int |
| dh_gen_key(DH *dh, int need) |
dh_gen_key(DH *dh, int need) |
| { |
{ |
| int pbits; |
int pbits; |
| |
|
| if (need <= 0) |
if (need < 0 || dh->p == NULL || |
| fatal("%s: need <= 0", __func__); |
(pbits = BN_num_bits(dh->p)) <= 0 || |
| if (dh->p == NULL) |
need > INT_MAX / 2 || 2 * need >= pbits) |
| fatal("%s: dh->p == NULL", __func__); |
return SSH_ERR_INVALID_ARGUMENT; |
| if ((pbits = BN_num_bits(dh->p)) <= 0) |
|
| fatal("%s: bits(p) <= 0", __func__); |
|
| dh->length = MIN(need * 2, pbits - 1); |
dh->length = MIN(need * 2, pbits - 1); |
| if (DH_generate_key(dh) == 0) |
if (DH_generate_key(dh) == 0 || |
| fatal("%s: key generation failed", __func__); |
!dh_pub_is_valid(dh, dh->pub_key)) { |
| if (!dh_pub_is_valid(dh, dh->pub_key)) |
BN_clear_free(dh->priv_key); |
| fatal("%s: generated invalid key", __func__); |
return SSH_ERR_LIBCRYPTO_ERROR; |
| |
} |
| |
return 0; |
| } |
} |
| |
|
| DH * |
DH * |
|
|
| DH *dh; |
DH *dh; |
| |
|
| if ((dh = DH_new()) == NULL) |
if ((dh = DH_new()) == NULL) |
| fatal("dh_new_group_asc: DH_new"); |
return NULL; |
| |
if (BN_hex2bn(&dh->p, modulus) == 0 || |
| if (BN_hex2bn(&dh->p, modulus) == 0) |
BN_hex2bn(&dh->g, gen) == 0) { |
| fatal("BN_hex2bn p"); |
DH_free(dh); |
| if (BN_hex2bn(&dh->g, gen) == 0) |
return NULL; |
| fatal("BN_hex2bn g"); |
} |
| |
|
| return (dh); |
return (dh); |
| } |
} |
| |
|
|
|
| DH *dh; |
DH *dh; |
| |
|
| if ((dh = DH_new()) == NULL) |
if ((dh = DH_new()) == NULL) |
| fatal("dh_new_group: DH_new"); |
return NULL; |
| dh->p = modulus; |
dh->p = modulus; |
| dh->g = gen; |
dh->g = gen; |
| |
|
|
|
| * from RFC4419 section 3. |
* from RFC4419 section 3. |
| */ |
*/ |
| |
|
| int |
u_int |
| dh_estimate(int bits) |
dh_estimate(int bits) |
| { |
{ |
| if (bits <= 112) |
if (bits <= 112) |
![[BACK]](/icons/back.gif){kind=icon}
Return to dh.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh