diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-09-13 02:08:33 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-09-13 12:12:33 +1000 |
| commit | 482d23bcacdd3664f21cc82a5135f66fc598275f (patch) | |
| tree | 362f697a94da0a765d1dabcfbf33370b2a4df121 /dh.c | |
| parent | d70d061828730a56636ab6f1f24fe4a8ccefcfc1 (diff) | |
| download | openssh-git-482d23bcacdd3664f21cc82a5135f66fc598275f.tar.gz | |
upstream: hold our collective noses and use the openssl-1.1.x API in
OpenSSH; feedback and ok tb@ jsing@ markus@
OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
Diffstat (limited to 'dh.c')
| -rw-r--r-- | dh.c | 60 |
1 files changed, 37 insertions, 23 deletions
@@ -216,14 +216,17 @@ choose_dh(int min, int wantbits, int max) /* diffie-hellman-groupN-sha1 */ int -dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) +dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub) { int i; int n = BN_num_bits(dh_pub); int bits_set = 0; BIGNUM *tmp; + const BIGNUM *dh_p; - if (dh_pub->neg) { + DH_get0_pqg(dh, &dh_p, NULL, NULL); + + if (BN_is_negative(dh_pub)) { logit("invalid public DH value: negative"); return 0; } @@ -236,7 +239,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) error("%s: BN_new failed", __func__); return 0; } - if (!BN_sub(tmp, dh->p, BN_value_one()) || + if (!BN_sub(tmp, dh_p, BN_value_one()) || BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ BN_clear_free(tmp); logit("invalid public DH value: >= p-1"); @@ -247,14 +250,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) for (i = 0; i <= n; i++) if (BN_is_bit_set(dh_pub, i)) bits_set++; - debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); + debug2("bits set: %d/%d", bits_set, BN_num_bits(dh_p)); /* * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ if (bits_set < 4) { logit("invalid public DH value (%d/%d)", - bits_set, BN_num_bits(dh->p)); + bits_set, BN_num_bits(dh_p)); return 0; } return 1; @@ -264,9 +267,12 @@ int dh_gen_key(DH *dh, int need) { int pbits; + const BIGNUM *dh_p, *pub_key; + + DH_get0_pqg(dh, &dh_p, NULL, NULL); - if (need < 0 || dh->p == NULL || - (pbits = BN_num_bits(dh->p)) <= 0 || + if (need < 0 || dh_p == NULL || + (pbits = BN_num_bits(dh_p)) <= 0 || need > INT_MAX / 2 || 2 * need > pbits) return SSH_ERR_INVALID_ARGUMENT; if (need < 256) @@ -275,13 +281,14 @@ dh_gen_key(DH *dh, int need) * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)), * so double requested need here. */ - dh->length = MINIMUM(need * 2, pbits - 1); - if (DH_generate_key(dh) == 0 || - !dh_pub_is_valid(dh, dh->pub_key)) { - BN_clear_free(dh->priv_key); - dh->priv_key = NULL; + if (!DH_set_length(dh, MINIMUM(need * 2, pbits - 1))) return SSH_ERR_LIBCRYPTO_ERROR; - } + + if (DH_generate_key(dh) == 0) + return SSH_ERR_LIBCRYPTO_ERROR; + DH_get0_key(dh, &pub_key, NULL); + if (!dh_pub_is_valid(dh, pub_key)) + return SSH_ERR_INVALID_FORMAT; return 0; } @@ -289,22 +296,27 @@ DH * dh_new_group_asc(const char *gen, const char *modulus) { DH *dh; + BIGNUM *dh_p = NULL, *dh_g = NULL; if ((dh = DH_new()) == NULL) return NULL; - if (BN_hex2bn(&dh->p, modulus) == 0 || - BN_hex2bn(&dh->g, gen) == 0) { - DH_free(dh); - return NULL; - } - return (dh); + if (BN_hex2bn(&dh_p, modulus) == 0 || + BN_hex2bn(&dh_g, gen) == 0) + goto fail; + if (!DH_set0_pqg(dh, dh_p, NULL, dh_g)) + goto fail; + return dh; + fail: + DH_free(dh); + BN_clear_free(dh_p); + BN_clear_free(dh_g); + return NULL; } /* * This just returns the group, we still need to generate the exchange * value. */ - DH * dh_new_group(BIGNUM *gen, BIGNUM *modulus) { @@ -312,10 +324,12 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus) if ((dh = DH_new()) == NULL) return NULL; - dh->p = modulus; - dh->g = gen; + if (!DH_set0_pqg(dh, modulus, NULL, gen)) { + DH_free(dh); + return NULL; + } - return (dh); + return dh; } /* rfc2409 "Second Oakley Group" (1024 bits) */ |