=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/kexdh.c,v retrieving revision 1.3 retrieving revision 1.3.2.3 diff -u -r1.3 -r1.3.2.3 --- src/usr.bin/ssh/kexdh.c 2001/04/04 09:48:34 1.3 +++ src/usr.bin/ssh/kexdh.c 2002/06/02 22:56:10 1.3.2.3 @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdh.c,v 1.3 2001/04/04 09:48:34 markus Exp $"); +RCSID("$OpenBSD: kexdh.c,v 1.3.2.3 2002/06/02 22:56:10 miod Exp $"); #include #include @@ -37,26 +37,27 @@ #include "packet.h" #include "dh.h" #include "ssh2.h" +#include "monitor_wrap.h" -u_char * +static u_char * kex_dh_hash( char *client_version_string, char *server_version_string, char *ckexinit, int ckexinitlen, char *skexinit, int skexinitlen, - char *serverhostkeyblob, int sbloblen, + u_char *serverhostkeyblob, int sbloblen, BIGNUM *client_dh_pub, BIGNUM *server_dh_pub, BIGNUM *shared_secret) { Buffer b; static u_char digest[EVP_MAX_MD_SIZE]; - EVP_MD *evp_md = EVP_sha1(); + const EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; buffer_init(&b); - buffer_put_string(&b, client_version_string, strlen(client_version_string)); - buffer_put_string(&b, server_version_string, strlen(server_version_string)); + buffer_put_cstring(&b, client_version_string); + buffer_put_cstring(&b, server_version_string); /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ buffer_put_int(&b, ckexinitlen+1); @@ -81,23 +82,22 @@ buffer_free(&b); #ifdef DEBUG_KEX - dump_digest("hash", digest, evp_md->md_size); + dump_digest("hash", digest, EVP_MD_size(evp_md)); #endif return digest; } /* client */ -void +static void kexdh_client(Kex *kex) { BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; DH *dh; Key *server_host_key; - char *server_host_key_blob = NULL, *signature = NULL; + u_char *server_host_key_blob = NULL, *signature = NULL; u_char *kbuf, *hash; u_int klen, kout, slen, sbloblen; - int dlen, plen; /* generate and send 'e', client DH public key */ dh = dh_new_group1(); @@ -115,23 +115,24 @@ #endif debug("expecting SSH2_MSG_KEXDH_REPLY"); - packet_read_expect(&plen, SSH2_MSG_KEXDH_REPLY); + packet_read_expect(SSH2_MSG_KEXDH_REPLY); /* key, cert */ server_host_key_blob = packet_get_string(&sbloblen); server_host_key = key_from_blob(server_host_key_blob, sbloblen); if (server_host_key == NULL) fatal("cannot decode server_host_key_blob"); + if (server_host_key->type != kex->hostkey_type) + fatal("type mismatch for decoded server_host_key_blob"); + if (kex->verify_host_key == NULL) + fatal("cannot verify server_host_key"); + if (kex->verify_host_key(server_host_key) == -1) + fatal("server_host_key verification failed"); - if (kex->check_host_key == NULL) - fatal("cannot check server_host_key"); - kex->check_host_key(server_host_key); - /* DH paramter f, server public DH key */ - dh_server_pub = BN_new(); - if (dh_server_pub == NULL) + if ((dh_server_pub = BN_new()) == NULL) fatal("dh_server_pub == NULL"); - packet_get_bignum2(dh_server_pub, &dlen); + packet_get_bignum2(dh_server_pub); #ifdef DEBUG_KEXDH fprintf(stderr, "dh_server_pub= "); @@ -142,7 +143,7 @@ /* signed H */ signature = packet_get_string(&slen); - packet_done(); + packet_check_eom(); if (!dh_pub_is_valid(dh, dh_server_pub)) packet_disconnect("bad server public DH value"); @@ -153,7 +154,8 @@ #ifdef DEBUG_KEXDH dump_digest("shared secret", kbuf, kout); #endif - shared_secret = BN_new(); + if ((shared_secret = BN_new()) == NULL) + fatal("kexdh_client: BN_new failed"); BN_bin2bn(kbuf, kout, shared_secret); memset(kbuf, 0, klen); xfree(kbuf); @@ -170,10 +172,10 @@ shared_secret ); xfree(server_host_key_blob); - BN_free(dh_server_pub); + BN_clear_free(dh_server_pub); DH_free(dh); - if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1) + if (key_verify(server_host_key, signature, slen, hash, 20) != 1) fatal("key_verify failed for server_host_key"); key_free(server_host_key); xfree(signature); @@ -192,7 +194,7 @@ /* server */ -void +static void kexdh_server(Kex *kex) { BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; @@ -200,14 +202,14 @@ Key *server_host_key; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; u_int sbloblen, klen, kout; - int dlen, slen, plen; + u_int slen; /* generate server DH public key */ dh = dh_new_group1(); dh_gen_key(dh, kex->we_need * 8); debug("expecting SSH2_MSG_KEXDH_INIT"); - packet_read_expect(&plen, SSH2_MSG_KEXDH_INIT); + packet_read_expect(SSH2_MSG_KEXDH_INIT); if (kex->load_host_key == NULL) fatal("Cannot load hostkey"); @@ -216,10 +218,10 @@ fatal("Unsupported hostkey type %d", kex->hostkey_type); /* key, cert */ - dh_client_pub = BN_new(); - if (dh_client_pub == NULL) + if ((dh_client_pub = BN_new()) == NULL) fatal("dh_client_pub == NULL"); - packet_get_bignum2(dh_client_pub, &dlen); + packet_get_bignum2(dh_client_pub); + packet_check_eom(); #ifdef DEBUG_KEXDH fprintf(stderr, "dh_client_pub= "); @@ -243,7 +245,8 @@ #ifdef DEBUG_KEXDH dump_digest("shared secret", kbuf, kout); #endif - shared_secret = BN_new(); + if ((shared_secret = BN_new()) == NULL) + fatal("kexdh_server: BN_new failed"); BN_bin2bn(kbuf, kout, shared_secret); memset(kbuf, 0, klen); xfree(kbuf); @@ -256,12 +259,12 @@ kex->server_version_string, buffer_ptr(&kex->peer), buffer_len(&kex->peer), buffer_ptr(&kex->my), buffer_len(&kex->my), - (char *)server_host_key_blob, sbloblen, + server_host_key_blob, sbloblen, dh_client_pub, dh->pub_key, shared_secret ); - BN_free(dh_client_pub); + BN_clear_free(dh_client_pub); /* save session id := H */ /* XXX hashlen depends on KEX */ @@ -273,15 +276,15 @@ /* sign H */ /* XXX hashlen depends on KEX */ - key_sign(server_host_key, &signature, &slen, hash, 20); + PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); /* destroy_sensitive_data(); */ /* send server hostkey, DH pubkey 'f' and singed H */ packet_start(SSH2_MSG_KEXDH_REPLY); - packet_put_string((char *)server_host_key_blob, sbloblen); + packet_put_string(server_host_key_blob, sbloblen); packet_put_bignum2(dh->pub_key); /* f */ - packet_put_string((char *)signature, slen); + packet_put_string(signature, slen); packet_send(); xfree(signature);