diff options
| author | Damien Miller <djm@mindrot.org> | 2005-11-05 05:19:35 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2005-11-05 05:19:35 +0100 |
| commit | 19bb3a57f88adc789d61964fcb8f50165026b322 (patch) | |
| tree | ba18e185c014c1da12ce4422a7e7bad9e71725f5 /kexdhc.c | |
| parent | - dtucker@cvs.openbsd.org 2005/11/03 13:38:29 (diff) | |
| download | openssh-19bb3a57f88adc789d61964fcb8f50165026b322.tar.xz openssh-19bb3a57f88adc789d61964fcb8f50165026b322.zip | |
- djm@cvs.openbsd.org 2005/11/04 05:15:59
[kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
remove hardcoded hash lengths in key exchange code, allowing
implementation of KEX methods with different hashes (e.g. SHA-256);
ok markus@ dtucker@ stevesk@
Diffstat (limited to 'kexdhc.c')
| -rw-r--r-- | kexdhc.c | 15 |
1 files changed, 8 insertions, 7 deletions
@@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdhc.c,v 1.2 2004/06/13 12:53:24 djm Exp $"); +RCSID("$OpenBSD: kexdhc.c,v 1.3 2005/11/04 05:15:59 djm Exp $"); #include "xmalloc.h" #include "key.h" @@ -41,7 +41,7 @@ kexdh_client(Kex *kex) Key *server_host_key; u_char *server_host_key_blob = NULL, *signature = NULL; u_char *kbuf, *hash; - u_int klen, kout, slen, sbloblen; + u_int klen, kout, slen, sbloblen, hashlen; /* generate and send 'e', client DH public key */ switch (kex->kex_type) { @@ -114,7 +114,7 @@ kexdh_client(Kex *kex) xfree(kbuf); /* calc and verify H */ - hash = kex_dh_hash( + kex_dh_hash( kex->client_version_string, kex->server_version_string, buffer_ptr(&kex->my), buffer_len(&kex->my), @@ -122,25 +122,26 @@ kexdh_client(Kex *kex) server_host_key_blob, sbloblen, dh->pub_key, dh_server_pub, - shared_secret + shared_secret, + &hash, &hashlen ); xfree(server_host_key_blob); BN_clear_free(dh_server_pub); DH_free(dh); - if (key_verify(server_host_key, signature, slen, hash, 20) != 1) + if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) fatal("key_verify failed for server_host_key"); key_free(server_host_key); xfree(signature); /* save session id */ if (kex->session_id == NULL) { - kex->session_id_len = 20; + kex->session_id_len = hashlen; kex->session_id = xmalloc(kex->session_id_len); memcpy(kex->session_id, hash, kex->session_id_len); } - kex_derive_keys(kex, hash, shared_secret); + kex_derive_keys(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); } |