- djm@cvs.openbsd.org 2005/11/04 05:15:59

     [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
     remove hardcoded hash lengths in key exchange code, allowing
     implementation of KEX methods with different hashes (e.g. SHA-256);
     ok markus@ dtucker@ stevesk@

1 files changed, 9 insertions, 7 deletions

diff --git a/kexgex.c b/kexgex.c
index b0c39c8c..705484a4 100644
--- a/kexgex.c
+++ b/kexgex.c
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.24 2005/11/04 05:15:59 djm Exp $");
 
 #include <openssl/evp.h>
 
@@ -33,8 +33,9 @@ RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $");
 #include "kex.h"
 #include "ssh2.h"
 
-u_char *
+void
 kexgex_hash(
+    const EVP_MD *evp_md,
     char *client_version_string,
     char *server_version_string,
     char *ckexinit, int ckexinitlen,
@@ -43,11 +44,11 @@ kexgex_hash(
     int min, int wantbits, int max, BIGNUM *prime, BIGNUM *gen,
     BIGNUM *client_dh_pub,
     BIGNUM *server_dh_pub,
-    BIGNUM *shared_secret)
+    BIGNUM *shared_secret,
+    u_char **hash, u_int *hashlen)
 {
 	Buffer b;
 	static u_char digest[EVP_MAX_MD_SIZE];
-	const EVP_MD *evp_md = EVP_sha1();
 	EVP_MD_CTX md;
 
 	buffer_init(&b);
@@ -79,14 +80,15 @@ kexgex_hash(
 #ifdef DEBUG_KEXDH
 	buffer_dump(&b);
 #endif
+
 	EVP_DigestInit(&md, evp_md);
 	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
 	EVP_DigestFinal(&md, digest, NULL);
 
 	buffer_free(&b);
-
+	*hash = digest;
+	*hashlen = EVP_MD_size(evp_md);
 #ifdef DEBUG_KEXDH
-	dump_digest("hash", digest, EVP_MD_size(evp_md));
+	dump_digest("hash", digest, *hashlen);
 #endif
-	return digest;
 }