diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-01-21 10:05:09 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-01-21 21:47:28 +1100 |
| commit | bb39bafb6dc520cc097780f4611a52da7f19c3e2 (patch) | |
| tree | b5721488b62d4e8cc1ffa322ae659e5265a0c707 | |
| parent | dec5e9d33891e3bc3f1395d7db0e56fdc7f86dfc (diff) | |
upstream: factor out kex_load_hostkey() - this is duplicated in
both the client and server implementations for most KEX methods.
from markus@ ok djm@
OpenBSD-Commit-ID: 8232fa7c21fbfbcaf838313b0c166dc6c8762f3c
| -rw-r--r-- | kex.c | 20 | ||||
| -rw-r--r-- | kex.h | 3 | ||||
| -rw-r--r-- | kexc25519s.c | 17 | ||||
| -rw-r--r-- | kexdhs.c | 16 | ||||
| -rw-r--r-- | kexecdhs.c | 16 | ||||
| -rw-r--r-- | kexgexs.c | 16 |
6 files changed, 33 insertions, 55 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.144 2019/01/21 09:55:52 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.145 2019/01/21 10:05:09 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -1052,6 +1052,24 @@ kex_derive_keys_bn(struct ssh *ssh, u_char *hash, u_int hashlen, } #endif +int +kex_load_hostkey(struct ssh *ssh, struct sshkey **pubp, struct sshkey **prvp) +{ + struct kex *kex = ssh->kex; + + *pubp = NULL; + *prvp = NULL; + if (kex->load_host_public_key == NULL || + kex->load_host_private_key == NULL) + return SSH_ERR_INVALID_ARGUMENT; + *pubp = kex->load_host_public_key(kex->hostkey_type, + kex->hostkey_nid, ssh); + *prvp = kex->load_host_private_key(kex->hostkey_type, + kex->hostkey_nid, ssh); + if (*pubp == NULL) + return SSH_ERR_NO_HOSTKEY_LOADED; + return 0; +} #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) void @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.96 2019/01/21 10:03:37 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.97 2019/01/21 10:05:09 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -184,6 +184,7 @@ void kex_free(struct kex *); int kex_buf2prop(struct sshbuf *, int *, char ***); int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]); void kex_prop_free(char **); +int kex_load_hostkey(struct ssh *, struct sshkey **, struct sshkey **); int kex_send_kexinit(struct ssh *); int kex_input_kexinit(int, u_int32_t, struct ssh *); diff --git a/kexc25519s.c b/kexc25519s.c index 65df18c4..d7cc70fe 100644 --- a/kexc25519s.c +++ b/kexc25519s.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519s.c,v 1.14 2019/01/21 09:55:52 djm Exp $ */ +/* $OpenBSD: kexc25519s.c,v 1.15 2019/01/21 10:05:09 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -70,20 +70,9 @@ input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh) #ifdef DEBUG_KEXECDH dump_digest("server private key:", server_key, sizeof(server_key)); #endif - if (kex->load_host_public_key == NULL || - kex->load_host_private_key == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; + if ((r = kex_load_hostkey(ssh, &server_host_private, + &server_host_public)) != 0) goto out; - } - server_host_public = kex->load_host_public_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - server_host_private = kex->load_host_private_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - if (server_host_public == NULL) { - r = SSH_ERR_NO_HOSTKEY_LOADED; - goto out; - } - if ((r = sshpkt_get_string(ssh, &client_pubkey, &pklen)) != 0 || (r = sshpkt_get_end(ssh)) != 0) goto out; @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.34 2019/01/21 10:03:37 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.35 2019/01/21 10:05:09 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -81,19 +81,9 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) size_t hashlen; int r; - if (kex->load_host_public_key == NULL || - kex->load_host_private_key == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; + if ((r = kex_load_hostkey(ssh, &server_host_private, + &server_host_public)) != 0) goto out; - } - server_host_public = kex->load_host_public_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - server_host_private = kex->load_host_private_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - if (server_host_public == NULL) { - r = SSH_ERR_NO_HOSTKEY_LOADED; - goto out; - } /* key, cert */ if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 || @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhs.c,v 1.20 2019/01/21 09:55:52 djm Exp $ */ +/* $OpenBSD: kexecdhs.c,v 1.21 2019/01/21 10:05:09 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -89,19 +89,9 @@ input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh) sshkey_dump_ec_key(server_key); #endif - if (kex->load_host_public_key == NULL || - kex->load_host_private_key == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; + if ((r = kex_load_hostkey(ssh, &server_host_private, + &server_host_public)) != 0) goto out; - } - server_host_public = kex->load_host_public_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - server_host_private = kex->load_host_private_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - if (server_host_public == NULL) { - r = SSH_ERR_NO_HOSTKEY_LOADED; - goto out; - } if ((client_public = EC_POINT_new(group)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.40 2019/01/21 10:03:37 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.41 2019/01/21 10:05:09 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -136,19 +136,9 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) size_t hashlen; int r; - if (kex->load_host_public_key == NULL || - kex->load_host_private_key == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; + if ((r = kex_load_hostkey(ssh, &server_host_private, + &server_host_public)) != 0) goto out; - } - server_host_public = kex->load_host_public_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - server_host_private = kex->load_host_private_key(kex->hostkey_type, - kex->hostkey_nid, ssh); - if (server_host_public == NULL) { - r = SSH_ERR_NO_HOSTKEY_LOADED; - goto out; - } /* key, cert */ if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 || |