src/usr.bin/ssh/kexecdh.c - diff

Return to kexecdh.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/kexecdh.c between version 1.5 and 1.6

-version 1.5, 2014/01/09 23:20:00
+version 1.6, 2015/01/19 20:16:15
 Line 34
 Line 34
 Line 34
  #include <openssl/ec.h>
  #include <openssl/ecdh.h>
- #include "buffer.h"
  #include "ssh2.h"
- #include "key.h"
+ #include "sshkey.h"
  #include "cipher.h"
  #include "kex.h"
- #include "log.h"
+ #include "sshbuf.h"
  #include "digest.h"
+ #include "ssherr.h"
- void
+ int
  kex_ecdh_hash(
      int hash_alg,
      const EC_GROUP *ec_group,
-     char *client_version_string,
+     const char *client_version_string,
-     char *server_version_string,
+     const char *server_version_string,
-     char *ckexinit, int ckexinitlen,
+     const u_char *ckexinit, size_t ckexinitlen,
-     char *skexinit, int skexinitlen,
+     const u_char *skexinit, size_t skexinitlen,
-     u_char *serverhostkeyblob, int sbloblen,
+     const u_char *serverhostkeyblob, size_t sbloblen,
      const EC_POINT *client_dh_pub,
      const EC_POINT *server_dh_pub,
      const BIGNUM *shared_secret,
-     u_char **hash, u_int *hashlen)
+     u_char *hash, size_t *hashlen)
  {
-         Buffer b;
+         struct sshbuf *b;
-         static u_char digest[SSH_DIGEST_MAX_LENGTH];
+         int r;
-         buffer_init(&b);
+         if (*hashlen < ssh_digest_bytes(hash_alg))
-         buffer_put_cstring(&b, client_version_string);
+                 return SSH_ERR_INVALID_ARGUMENT;
-         buffer_put_cstring(&b, server_version_string);
+         if ((b = sshbuf_new()) == NULL)
+                 return SSH_ERR_ALLOC_FAIL;
-         /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
+         if ((r = sshbuf_put_cstring(b, client_version_string)) != 0 ||
-         buffer_put_int(&b, ckexinitlen+1);
+             (r = sshbuf_put_cstring(b, server_version_string)) != 0 ||
-         buffer_put_char(&b, SSH2_MSG_KEXINIT);
+             /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
-         buffer_append(&b, ckexinit, ckexinitlen);
+             (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 ||
-         buffer_put_int(&b, skexinitlen+1);
+             (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
-         buffer_put_char(&b, SSH2_MSG_KEXINIT);
+             (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 ||
-         buffer_append(&b, skexinit, skexinitlen);
+             (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 ||
+             (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
-         buffer_put_string(&b, serverhostkeyblob, sbloblen);
+             (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 ||
-         buffer_put_ecpoint(&b, ec_group, client_dh_pub);
+             (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 ||
-         buffer_put_ecpoint(&b, ec_group, server_dh_pub);
+             (r = sshbuf_put_ec(b, client_dh_pub, ec_group)) != 0 ||
-         buffer_put_bignum2(&b, shared_secret);
+             (r = sshbuf_put_ec(b, server_dh_pub, ec_group)) != 0 ||
+             (r = sshbuf_put_bignum2(b, shared_secret)) != 0) {
+                 sshbuf_free(b);
+                 return r;
+         }
  #ifdef DEBUG_KEX
-         buffer_dump(&b);
+         sshbuf_dump(b, stderr);
  #endif
-         if (ssh_digest_buffer(hash_alg, &b, digest, sizeof(digest)) != 0)
+         if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) {
-                 fatal("%s: ssh_digest_buffer failed", __func__);
+                 sshbuf_free(b);
+                 return SSH_ERR_LIBCRYPTO_ERROR;
-         buffer_free(&b);
+         }
+         sshbuf_free(b);
+         *hashlen = ssh_digest_bytes(hash_alg);
  #ifdef DEBUG_KEX
-         dump_digest("hash", digest, ssh_digest_bytes(hash_alg));
+         dump_digest("hash", hash, *hashlen);
  #endif
-         *hash = digest;
+         return 0;
-         *hashlen = ssh_digest_bytes(hash_alg);
  }