- Merge big update to OpenSSH-2.0 from OpenBSD CVS

   [README.openssh2]
   - interop w/ F-secure windows client
   - sync documentation
   - ssh_host_dsa_key not ssh_dsa_key
   [auth-rsa.c]
   - missing fclose
   [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
   [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
   [sshd.c uuencode.c uuencode.h authfile.h]
   - add DSA pubkey auth and other SSH2 fixes.  use ssh-keygen -[xX]
     for trading keys with the real and the original SSH, directly from the
     people who invented the SSH protocol.
   [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
   [sshconnect1.c sshconnect2.c]
   - split auth/sshconnect in one file per protocol version
   [sshconnect2.c]
   - remove debug
   [uuencode.c]
   - add trailing =
   [version.h]
   - OpenSSH-2.0
   [ssh-keygen.1 ssh-keygen.c]
   - add -R flag: exit code indicates if RSA is alive
   [sshd.c]
   - remove unused
     silent if -Q is specified
   [ssh.h]
   - host key becomes /etc/ssh_host_dsa_key
   [readconf.c servconf.c ]
   - ssh/sshd default to proto 1 and 2
   [uuencode.c]
   - remove debug
   [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
   - xfree DSA blobs
   [auth2.c serverloop.c session.c]
   - cleanup logging for sshd/2, respect PasswordAuth no
   [sshconnect2.c]
   - less debug, respect .ssh/config
   [README.openssh2 channels.c channels.h]
   - clientloop.c session.c ssh.c
   - support for x11-fwding, client+server

1 files changed, 37 insertions, 41 deletions

diff --git a/dsa.c b/dsa.c
index 1594c14f..a4f6d3e7 100644
--- a/dsa.c
+++ b/dsa.c
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: dsa.c,v 1.4 2000/04/14 10:30:31 markus Exp $");
+RCSID("$Id: dsa.c,v 1.5 2000/04/26 20:56:29 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -47,13 +47,14 @@ RCSID("$Id: dsa.c,v 1.4 2000/04/14 10:30:31 markus Exp $");
 #include <openssl/hmac.h>
 #include "kex.h"
 #include "key.h"
+#include "uuencode.h"
 
 #define INTBLOB_LEN	20
 #define SIGBLOB_LEN	(2*INTBLOB_LEN)
 
 Key *
-dsa_serverkey_from_blob(
-    char *serverhostkey, int serverhostkeylen)
+dsa_key_from_blob(
+    char *blob, int blen)
 {
 	Buffer b;
 	char *ktype;
@@ -61,14 +62,17 @@ dsa_serverkey_from_blob(
 	DSA *dsa;
 	Key *key;
 
+#ifdef DEBUG_DSS
+	dump_base64(blob, blen);
+#endif
 	/* fetch & parse DSA/DSS pubkey */
 	key = key_new(KEY_DSA);
 	dsa = key->dsa;
 	buffer_init(&b);
-	buffer_append(&b, serverhostkey, serverhostkeylen);
+	buffer_append(&b, blob, blen);
 	ktype = buffer_get_string(&b, NULL);
 	if (strcmp(KEX_DSS, ktype) != 0) {
-		error("dsa_serverkey_from_blob: cannot handle type  %s", ktype);
+		error("dsa_key_from_blob: cannot handle type  %s", ktype);
 		key_free(key);
 		return NULL;
 	}
@@ -78,7 +82,7 @@ dsa_serverkey_from_blob(
 	buffer_get_bignum2(&b, dsa->pub_key);
 	rlen = buffer_len(&b);
 	if(rlen != 0)
-		error("dsa_serverkey_from_blob: remaining bytes in serverhostkey %d", rlen);
+		error("dsa_key_from_blob: remaining bytes in key blob %d", rlen);
 	buffer_free(&b);
 
 	debug("keytype %s", ktype);
@@ -87,37 +91,8 @@ dsa_serverkey_from_blob(
 #endif
 	return key;
 }
-DSA *
-dsa_load_private(char *filename)
-{
-	DSA *dsa;
-	BIO *in;
-
-	in = BIO_new(BIO_s_file());
-	if (in == NULL)
-		fatal("BIO_new failed");
-	if (BIO_read_filename(in, filename) <= 0)
-		fatal("BIO_read failed %s: %s", filename, strerror(errno));
-	fprintf(stderr, "read DSA private key\n");
-	dsa = PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
-	if (dsa == NULL)
-		fatal("PEM_read_bio_DSAPrivateKey failed %s", filename);
-	BIO_free(in);
-	return dsa;
-}
-Key *
-dsa_get_serverkey(char *filename)
-{
-	Key *k = key_new(KEY_EMPTY);
-	k->type = KEY_DSA;
-	k->dsa = dsa_load_private(filename);
-#ifdef DEBUG_DSS
-	DSA_print_fp(stderr, dsa, 8);
-#endif
-	return k;
-}
 int
-dsa_make_serverkey_blob(Key *key, unsigned char **blobp, unsigned int *lenp)
+dsa_make_key_blob(Key *key, unsigned char **blobp, unsigned int *lenp)
 {
 	Buffer b;
 	int len;
@@ -146,7 +121,7 @@ int
 dsa_sign(
     Key *key,
     unsigned char **sigp, int *lenp,
-    unsigned char *hash, int hlen)
+    unsigned char *data, int datalen)
 {
 	unsigned char *digest;
 	unsigned char *ret;
@@ -165,10 +140,13 @@ dsa_sign(
 	}
 	digest = xmalloc(evp_md->md_size);
 	EVP_DigestInit(&md, evp_md);
-	EVP_DigestUpdate(&md, hash, hlen);
+	EVP_DigestUpdate(&md, data, datalen);
 	EVP_DigestFinal(&md, digest, NULL);
 
 	sig = DSA_do_sign(digest, evp_md->md_size, key->dsa);
+	if (sig == NULL) {
+		fatal("dsa_sign: cannot sign");
+	}
 
 	rlen = BN_num_bytes(sig->r);
 	slen = BN_num_bytes(sig->s);
@@ -212,7 +190,7 @@ int
 dsa_verify(
     Key *key,
     unsigned char *signature, int signaturelen,
-    unsigned char *hash, int hlen)
+    unsigned char *data, int datalen)
 {
 	Buffer b;
 	unsigned char *digest;
@@ -269,10 +247,10 @@ dsa_verify(
 		xfree(sigblob);
 	}
 	
-	/* sha1 the signed data (== session_id == hash) */
+	/* sha1 the data */
 	digest = xmalloc(evp_md->md_size);
 	EVP_DigestInit(&md, evp_md);
-	EVP_DigestUpdate(&md, hash, hlen);
+	EVP_DigestUpdate(&md, data, datalen);
 	EVP_DigestFinal(&md, digest, NULL);
 
 	ret = DSA_do_verify(digest, evp_md->md_size, sig, key->dsa);
@@ -296,3 +274,21 @@ dsa_verify(
 	debug("dsa_verify: signature %s", txt);
 	return ret;
 }
+
+Key *
+dsa_generate_key(unsigned int bits)
+{
+	DSA *dsa = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
+	Key *k;
+	if (dsa == NULL) {
+		fatal("DSA_generate_parameters failed");
+	}
+	if (!DSA_generate_key(dsa)) {
+		fatal("DSA_generate_keys failed");
+	}
+
+	k = key_new(KEY_EMPTY);
+	k->type = KEY_DSA;
+	k->dsa = dsa;
+	return k;
+}