- djm@cvs.openbsd.org 2004/05/09 01:19:28

[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c sshd.c] removed: mpaux.c mpaux.h kill some more tiny files; ok deraadt@
author: Darren Tucker <dtucker@zip.com.au> 2004-05-13 16:30:44 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2004-05-13 16:30:44 +1000
commit: e14e005f41cf541017ab4e285f0b2ec23a21b7ff (patch)
tree: dc39d17aec412258454cf026c2c3e27cf1b45411
parent: 770fc01078ffd4952ceb91f617063b390730499c (diff)
9 files changed, 51 insertions, 19 deletions
diff --git a/ChangeLog b/ChangeLog
index e12b47b0..582632af 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,10 @@
    - djm@cvs.openbsd.org 2004/05/09 00:06:47
      [moduli.c ssh-keygen.c] removed: moduli.h
      zap another tiny header; ok deraadt@
+   - djm@cvs.openbsd.org 2004/05/09 01:19:28
+     [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
+     sshd.c] removed: mpaux.c mpaux.h
+     kill some more tiny files; ok deraadt@
 
 20040502
  - (dtucker) OpenBSD CVS Sync
@@ -1096,4 +1100,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3347 2004/05/13 06:24:32 dtucker Exp $
+$Id: ChangeLog,v 1.3348 2004/05/13 06:30:44 dtucker Exp $
diff --git a/OVERVIEW b/OVERVIEW
index df46ec28..d1a768c1 100644
--- a/OVERVIEW
+++ b/OVERVIEW
@@ -40,7 +40,6 @@ these programs.
   Multiple Precision Integer Library
 
     - Uses the SSLeay BIGNUM sublibrary.
-    - Some auxiliary functions for mp-int manipulation are in mpaux.c.
 
   Random Numbers
 
diff --git a/auth-rsa.c b/auth-rsa.c
index 2f0746b3..8a02b8a8 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.59 2004/05/09 01:19:27 djm Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -23,7 +23,6 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $");
 #include "packet.h"
 #include "xmalloc.h"
 #include "ssh1.h"
-#include "mpaux.h"
 #include "uidswap.h"
 #include "match.h"
 #include "auth-options.h"
diff --git a/auth1.c b/auth1.c
index f145cf03..376007a0 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,14 +10,13 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.55 2003/11/08 16:02:40 jakob Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.56 2004/05/09 01:19:27 djm Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
 #include "ssh1.h"
 #include "packet.h"
 #include "buffer.h"
-#include "mpaux.h"
 #include "log.h"
 #include "servconf.h"
 #include "compat.h"
diff --git a/kex.c b/kex.c
index 5a952c9c..30dd58a7 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.56 2003/11/21 11:57:03 djm Exp $");
+RCSID("$OpenBSD: kex.c,v 1.57 2004/05/09 01:19:27 djm Exp $");
 
 #include <openssl/crypto.h>
 
@@ -479,6 +479,39 @@ kex_get_newkeys(int mode)
 	return ret;
 }
 
+void
+derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
+    u_int8_t cookie[8], u_int8_t id[16])
+{
+	const EVP_MD *evp_md = EVP_md5();
+	EVP_MD_CTX md;
+	u_int8_t nbuf[2048], obuf[EVP_MAX_MD_SIZE];
+	int len;
+
+	EVP_DigestInit(&md, evp_md);
+
+	len = BN_num_bytes(host_modulus);
+	if (len < (512 / 8) || len > sizeof(nbuf))
+		fatal("%s: bad host modulus (len %d)", __func__, len);
+	BN_bn2bin(host_modulus, nbuf);
+	EVP_DigestUpdate(&md, nbuf, len);
+
+	len = BN_num_bytes(server_modulus);
+	if (len < (512 / 8) || len > sizeof(nbuf))
+		fatal("%s: bad server modulus (len %d)", __func__, len);
+	BN_bn2bin(server_modulus, nbuf);
+	EVP_DigestUpdate(&md, nbuf, len);
+
+	EVP_DigestUpdate(&md, cookie, 8);
+
+	EVP_DigestFinal(&md, id, NULL);
+	memcpy(id, obuf, 16);
+
+	memset(nbuf, 0, sizeof(nbuf));
+	memset(obuf, 0, sizeof(obuf));
+	memset(&md, 0, sizeof(md));
+}
+
 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
 void
 dump_digest(char *msg, u_char *digest, int len)
diff --git a/monitor.c b/monitor.c
index 9c30c1c3..4636000b 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.56 2004/05/09 01:19:27 djm Exp $");
 
 #include <openssl/dh.h>
 
@@ -63,7 +63,6 @@ RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $");
 #include "bufaux.h"
 #include "compat.h"
 #include "ssh2.h"
-#include "mpaux.h"
 
 #ifdef GSSAPI
 #include "ssh-gss.h"
diff --git a/session.c b/session.c
index da11e554..2ecf637f 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.173 2004/04/27 09:46:37 djm Exp $");
+RCSID("$OpenBSD: session.c,v 1.174 2004/05/09 01:19:28 djm Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -43,7 +43,6 @@ RCSID("$OpenBSD: session.c,v 1.173 2004/04/27 09:46:37 djm Exp $");
 #include "packet.h"
 #include "buffer.h"
 #include "match.h"
-#include "mpaux.h"
 #include "uidswap.h"
 #include "compat.h"
 #include "channels.h"
diff --git a/sshconnect1.c b/sshconnect1.c
index c579b01c..ae33ab39 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.57 2004/05/08 00:21:31 djm Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.58 2004/05/09 01:19:28 djm Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -24,7 +24,7 @@ RCSID("$OpenBSD: sshconnect1.c,v 1.57 2004/05/08 00:21:31 djm Exp $");
 #include "rsa.h"
 #include "buffer.h"
 #include "packet.h"
-#include "mpaux.h"
+#include "kex.h"
 #include "uidswap.h"
 #include "log.h"
 #include "readconf.h"
@@ -528,7 +528,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
 
 	client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
 
-	compute_session_id(session_id, cookie, host_key->rsa->n, server_key->rsa->n);
+	derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id);
 
 	/* Generate a session key. */
 	arc4random_stir();
diff --git a/sshd.c b/sshd.c
index 63428425..696978f0 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.290 2004/03/11 10:21:17 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.291 2004/05/09 01:19:28 djm Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -60,7 +60,6 @@ RCSID("$OpenBSD: sshd.c,v 1.290 2004/03/11 10:21:17 markus Exp $");
 #include "rsa.h"
 #include "sshpty.h"
 #include "packet.h"
-#include "mpaux.h"
 #include "log.h"
 #include "servconf.h"
 #include "uidswap.h"
@@ -1689,9 +1688,10 @@ do_ssh1_kex(void)
 			BN_bn2bin(session_key_int,
 			    session_key + sizeof(session_key) - len);
 
-			compute_session_id(session_id, cookie,
-			    sensitive_data.ssh1_host_key->rsa->n,
-			    sensitive_data.server_key->rsa->n);
+			derive_ssh1_session_id(
+			    sensitive_data.ssh1_host_key->rsa->n, 
+			    sensitive_data.server_key->rsa->n,
+			    cookie, session_id);
 			/*
 			 * Xor the first 16 bytes of the session key with the
 			 * session id.
author	Darren Tucker <dtucker@zip.com.au>	2004-05-13 16:30:44 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2004-05-13 16:30:44 +1000
commit	e14e005f41cf541017ab4e285f0b2ec23a21b7ff (patch)
tree	dc39d17aec412258454cf026c2c3e27cf1b45411
parent	770fc01078ffd4952ceb91f617063b390730499c (diff)