version 1.33, 2019/01/21 10:07:22 |
version 1.34, 2019/01/23 00:30:41 |
|
|
BIGNUM *dh_server_pub = NULL; |
BIGNUM *dh_server_pub = NULL; |
const BIGNUM *pub_key, *dh_p, *dh_g; |
const BIGNUM *pub_key, *dh_p, *dh_g; |
struct sshbuf *shared_secret = NULL; |
struct sshbuf *shared_secret = NULL; |
|
struct sshbuf *tmp = NULL, *server_host_key_blob = NULL; |
struct sshkey *server_host_key = NULL; |
struct sshkey *server_host_key = NULL; |
u_char *signature = NULL, *server_host_key_blob = NULL; |
u_char *signature = NULL; |
u_char hash[SSH_DIGEST_MAX_LENGTH]; |
u_char hash[SSH_DIGEST_MAX_LENGTH]; |
size_t slen, sbloblen, hashlen; |
size_t slen, hashlen; |
int r; |
int r; |
|
|
debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); |
debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); |
/* key, cert */ |
/* key, cert */ |
if ((r = sshpkt_get_string(ssh, &server_host_key_blob, |
if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0) |
&sbloblen)) != 0 || |
|
(r = sshkey_from_blob(server_host_key_blob, sbloblen, |
|
&server_host_key)) != 0) |
|
goto out; |
goto out; |
if ((r = kex_verify_host_key(ssh, server_host_key)) != 0) |
/* sshkey_fromb() consumes its buffer, so make a copy */ |
|
if ((tmp = sshbuf_fromb(server_host_key_blob)) == NULL) { |
|
r = SSH_ERR_ALLOC_FAIL; |
goto out; |
goto out; |
|
} |
|
if ((r = sshkey_fromb(tmp, &server_host_key)) != 0 || |
|
(r = kex_verify_host_key(ssh, server_host_key)) != 0) |
|
goto out; |
/* DH parameter f, server public DH key, signed H */ |
/* DH parameter f, server public DH key, signed H */ |
if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || |
if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 || |
(r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || |
(r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || |
|
|
kex->hash_alg, |
kex->hash_alg, |
kex->client_version, |
kex->client_version, |
kex->server_version, |
kex->server_version, |
sshbuf_ptr(kex->my), sshbuf_len(kex->my), |
kex->my, |
sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), |
kex->peer, |
server_host_key_blob, sbloblen, |
server_host_key_blob, |
kex->min, kex->nbits, kex->max, |
kex->min, kex->nbits, kex->max, |
dh_p, dh_g, |
dh_p, dh_g, |
pub_key, |
pub_key, |
|
|
BN_clear_free(dh_server_pub); |
BN_clear_free(dh_server_pub); |
sshbuf_free(shared_secret); |
sshbuf_free(shared_secret); |
sshkey_free(server_host_key); |
sshkey_free(server_host_key); |
free(server_host_key_blob); |
sshbuf_free(tmp); |
|
sshbuf_free(server_host_key_blob); |
free(signature); |
free(signature); |
return r; |
return r; |
} |
} |