• R/O
  • SSH
  • HTTPS

ttssh2: Commit


Commit MetaInfo

Revision6568 (tree)
Time2017-01-11 23:18:17
Authoryutakapon

Log Message

DH構造体のメンバーアクセスを関数アクセスに変更した。
save_bcrypt_private_key関数で EVP_CIPHER_CTX ポインタ指定ミスを修正した。

Change Summary

Incremental Difference

--- branches/openssl_1_1_0/ttssh2/ttxssh/kex.c (revision 6567)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/kex.c (revision 6568)
@@ -34,6 +34,7 @@
3434 static DH *dh_new_group_asc(const char *gen, const char *modulus)
3535 {
3636 DH *dh = NULL;
37+ BIGNUM *p, *g;
3738
3839 if ((dh = DH_new()) == NULL) {
3940 printf("dh_new_group_asc: DH_new");
@@ -40,13 +41,15 @@
4041 goto error;
4142 }
4243
44+ DH_get0_pqg(dh, &p, NULL, &g);
45+
4346 // PとGは公開してもよい素数の組み合わせ
44- if (BN_hex2bn(&dh->p, modulus) == 0) {
47+ if (BN_hex2bn(&p, modulus) == 0) {
4548 printf("BN_hex2bn p");
4649 goto error;
4750 }
4851
49- if (BN_hex2bn(&dh->g, gen) == 0) {
52+ if (BN_hex2bn(&g, gen) == 0) {
5053 printf("BN_hex2bn g");
5154 goto error;
5255 }
@@ -231,22 +234,26 @@
231234 void dh_gen_key(PTInstVar pvar, DH *dh, int we_need /* bytes */ )
232235 {
233236 int i;
237+ BIGNUM *pub_key;
238+ BIGNUM *priv_key;
234239
235- dh->priv_key = NULL;
240+ priv_key = NULL;
236241
237242 // 秘密にすべき乱数(X)を生成
238243 for (i = 0 ; i < 10 ; i++) { // retry counter
239- if (dh->priv_key != NULL) {
240- BN_clear_free(dh->priv_key);
244+ if (priv_key != NULL) {
245+ BN_clear_free(priv_key);
241246 }
242- dh->priv_key = BN_new();
243- if (dh->priv_key == NULL)
247+ priv_key = BN_new();
248+ DH_set0_key(dh, NULL, priv_key);
249+ if (priv_key == NULL)
244250 goto error;
245- if (BN_rand(dh->priv_key, 2*(we_need*8), 0, 0) == 0)
251+ if (BN_rand(priv_key, 2*(we_need*8), 0, 0) == 0)
246252 goto error;
247253 if (DH_generate_key(dh) == 0)
248254 goto error;
249- if (dh_pub_is_valid(dh, dh->pub_key))
255+ DH_get0_key(dh, &pub_key, NULL);
256+ if (dh_pub_is_valid(dh, pub_key))
250257 break;
251258 }
252259 if (i >= 10) {
@@ -467,6 +474,7 @@
467474 int i;
468475 int n = BN_num_bits(dh_pub);
469476 int bits_set = 0;
477+ const BIGNUM *p;
470478
471479 // OpenSSL 1.1.0で、BIGNUM構造体のnegメンバーに直接アクセスできなくなったため、
472480 // BN_is_negative関数に置換する。OpenSSL 1.0.2ではマクロ定義されている。
@@ -480,7 +488,8 @@
480488 //debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
481489
482490 /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */
483- if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
491+ DH_get0_pqg(dh, &p, NULL, NULL);
492+ if (bits_set > 1 && (BN_cmp(dh_pub, p) == -1))
484493 return 1;
485494 //logit("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p));
486495 return 0;
--- branches/openssl_1_1_0/ttssh2/ttxssh/ttxssh.c (revision 6567)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/ttxssh.c (revision 6568)
@@ -4346,7 +4346,7 @@
43464346 // 暗号化の準備
43474347 // TODO: OpenSSH 6.5では -Z オプションで、暗号化アルゴリズムを指定可能だが、
43484348 // ここでは"AES256-CBC"に固定とする。
4349- cipher_init_SSH2(&cipher_ctx, key, keylen, key + keylen, ivlen, CIPHER_ENCRYPT,
4349+ cipher_init_SSH2(cipher_ctx, key, keylen, key + keylen, ivlen, CIPHER_ENCRYPT,
43504350 get_cipher_EVP_CIPHER(ciphernameval), 0, pvar);
43514351 SecureZeroMemory(key, keylen + ivlen);
43524352 free(key);
@@ -4390,12 +4390,12 @@
43904390
43914391 /* encrypt */
43924392 cp = buffer_append_space(encoded, buffer_len(b) + authlen);
4393- if (EVP_Cipher(&cipher_ctx, cp, buffer_ptr(b), buffer_len(b)) == 0) {
4393+ if (EVP_Cipher(cipher_ctx, cp, buffer_ptr(b), buffer_len(b)) == 0) {
43944394 //strncpy_s(errmsg, errmsg_len, "Key decrypt error", _TRUNCATE);
43954395 //free(decrypted);
43964396 //goto error;
43974397 }
4398- cipher_cleanup_SSH2(&cipher_ctx);
4398+ cipher_cleanup_SSH2(cipher_ctx);
43994399
44004400 len = 2 * buffer_len(encoded);
44014401 cp = malloc(len);
--- branches/openssl_1_1_0/ttssh2/ttxssh/ssh.c (revision 6567)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/ssh.c (revision 6568)
@@ -5195,6 +5195,7 @@
51955195 buffer_t *msg = NULL;
51965196 unsigned char *outmsg;
51975197 int len;
5198+ BIGNUM *pub_key;
51985199
51995200 // Diffie-Hellman key agreement
52005201 switch (pvar->kex_type) {
@@ -5224,7 +5225,8 @@
52245225 return;
52255226 }
52265227
5227- buffer_put_bignum2(msg, dh->pub_key);
5228+ DH_get0_key(dh, &pub_key, NULL);
5229+ buffer_put_bignum2(msg, pub_key);
52285230
52295231 len = buffer_len(msg);
52305232 outmsg = begin_send_packet(pvar, SSH2_MSG_KEXDH_INIT, len);
@@ -5349,6 +5351,7 @@
53495351 buffer_t *msg = NULL;
53505352 unsigned char *outmsg;
53515353 char tmpbuf[256];
5354+ BIGNUM *pub_key;
53525355
53535356 notify_verbose_message(pvar, "SSH2_MSG_KEX_DH_GEX_GROUP was received.", LOG_LEVEL_VERBOSE);
53545357
@@ -5434,8 +5437,7 @@
54345437 dh = DH_new();
54355438 if (dh == NULL)
54365439 goto error;
5437- dh->p = p;
5438- dh->g = g;
5440+ DH_set0_pqg(dh, p, NULL, g);
54395441
54405442 // 秘密にすべき乱数(X)を生成
54415443 dh_gen_key(pvar, dh, pvar->we_need);
@@ -5445,7 +5447,8 @@
54455447 if (msg == NULL) {
54465448 goto error;
54475449 }
5448- buffer_put_bignum2(msg, dh->pub_key);
5450+ DH_get0_key(dh, &pub_key, NULL);
5451+ buffer_put_bignum2(msg, pub_key);
54495452 len = buffer_len(msg);
54505453 outmsg = begin_send_packet(pvar, SSH2_MSG_KEX_DH_GEX_INIT, len);
54515454 memcpy(outmsg, buffer_ptr(msg), len);
@@ -5460,9 +5463,14 @@
54605463 pvar->kexdh = dh;
54615464
54625465 {
5463- push_bignum_memdump("DH_GEX_GROUP", "p", dh->p);
5464- push_bignum_memdump("DH_GEX_GROUP", "g", dh->g);
5465- push_bignum_memdump("DH_GEX_GROUP", "pub_key", dh->pub_key);
5466+ BIGNUM *p, *q, *pub_key;
5467+
5468+ DH_get0_pqg(dh, &p, &q, NULL);
5469+ DH_get0_key(dh, &pub_key, NULL);
5470+
5471+ push_bignum_memdump("DH_GEX_GROUP", "p", p);
5472+ push_bignum_memdump("DH_GEX_GROUP", "g", g);
5473+ push_bignum_memdump("DH_GEX_GROUP", "pub_key", pub_key);
54665474 }
54675475
54685476 SSH2_dispatch_init(2);
@@ -5585,6 +5593,7 @@
55855593 char *emsg, emsg_tmp[1024]; // error message
55865594 int ret, hashlen;
55875595 Key *hostkey; // hostkey
5596+ BIGNUM *pub_key;
55885597
55895598 notify_verbose_message(pvar, "SSH2_MSG_KEXDH_REPLY was received.", LOG_LEVEL_VERBOSE);
55905599
@@ -5665,6 +5674,7 @@
56655674
56665675 // ハッシュの計算
56675676 /* calc and verify H */
5677+ DH_get0_key(pvar->kexdh, &pub_key, NULL);
56685678 hash = kex_dh_hash(get_kex_algorithm_EVP_MD(pvar->kex_type),
56695679 pvar->client_version_string,
56705680 pvar->server_version_string,
@@ -5671,7 +5681,7 @@
56715681 buffer_ptr(pvar->my_kex), buffer_len(pvar->my_kex),
56725682 buffer_ptr(pvar->peer_kex), buffer_len(pvar->peer_kex),
56735683 server_host_key_blob, bloblen,
5674- pvar->kexdh->pub_key,
5684+ pub_key,
56755685 dh_server_pub,
56765686 share_key,
56775687 &hashlen);
@@ -5765,7 +5775,8 @@
57655775 }
57665776
57675777 // TTSSHバージョン情報に表示するキービット数を求めておく (2004.10.30 yutaka)
5768- pvar->client_key_bits = BN_num_bits(pvar->kexdh->pub_key);
5778+ DH_get0_key(pvar->kexdh, &pub_key, NULL);
5779+ pvar->client_key_bits = BN_num_bits(pub_key);
57695780 pvar->server_key_bits = BN_num_bits(dh_server_pub);
57705781
57715782 SSH2_dispatch_init(3);
@@ -5813,6 +5824,8 @@
58135824 char *emsg, emsg_tmp[1024]; // error message
58145825 int ret, hashlen;
58155826 Key *hostkey = NULL; // hostkey
5827+ BIGNUM *p, *g;
5828+ BIGNUM *pub_key;
58165829
58175830 notify_verbose_message(pvar, "SSH2_MSG_KEX_DH_GEX_REPLY was received.", LOG_LEVEL_VERBOSE);
58185831
@@ -5894,6 +5907,8 @@
58945907
58955908 // ハッシュの計算
58965909 /* calc and verify H */
5910+ DH_get0_pqg(pvar->kexdh, &p, NULL, &g);
5911+ DH_get0_key(pvar->kexdh, &pub_key, NULL);
58975912 hash = kex_dh_gex_hash(
58985913 get_kex_algorithm_EVP_MD(pvar->kex_type),
58995914 pvar->client_version_string,
@@ -5905,9 +5920,9 @@
59055920 pvar->kexgex_min,
59065921 pvar->kexgex_bits,
59075922 pvar->kexgex_max,
5908- pvar->kexdh->p,
5909- pvar->kexdh->g,
5910- pvar->kexdh->pub_key,
5923+ p,
5924+ g,
5925+ pub_key,
59115926 /////// KEXGEX
59125927 dh_server_pub,
59135928 share_key,
@@ -6002,7 +6017,8 @@
60026017 }
60036018
60046019 // TTSSHバージョン情報に表示するキービット数を求めておく (2004.10.30 yutaka)
6005- pvar->client_key_bits = BN_num_bits(pvar->kexdh->pub_key);
6020+ DH_get0_key(pvar->kexdh, &pub_key, NULL);
6021+ pvar->client_key_bits = BN_num_bits(pub_key);
60066022 pvar->server_key_bits = BN_num_bits(dh_server_pub);
60076023
60086024 SSH2_dispatch_init(3);
Show on old repository browser