openssh-portable/kexgex.c

/* $OpenBSD: kexgex.c,v 1.32 2019/01/23 00:30:41 djm Exp $ */
/*
 * Copyright (c) 2000 Niels Provos.  All rights reserved.
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "includes.h"

#ifdef WITH_OPENSSL

#include <sys/types.h>

#include <openssl/evp.h>
#include <signal.h>

#include "openbsd-compat/openssl-compat.h"

#include "sshkey.h"
#include "cipher.h"
#include "kex.h"
#include "ssh2.h"
#include "ssherr.h"
#include "sshbuf.h"
#include "digest.h"

int
kexgex_hash(
    int hash_alg,
    const struct sshbuf *client_version,
    const struct sshbuf *server_version,
    const struct sshbuf *client_kexinit,
    const struct sshbuf *server_kexinit,
    const struct sshbuf *server_host_key_blob,
    int min, int wantbits, int max,
    const BIGNUM *prime,
    const BIGNUM *gen,
    const BIGNUM *client_dh_pub,
    const BIGNUM *server_dh_pub,
    const u_char *shared_secret, size_t secretlen,
    u_char *hash, size_t *hashlen)
{
	struct sshbuf *b;
	int r;

	if (*hashlen < ssh_digest_bytes(SSH_DIGEST_SHA1))
		return SSH_ERR_INVALID_ARGUMENT;
	if ((b = sshbuf_new()) == NULL)
		return SSH_ERR_ALLOC_FAIL;
	if ((r = sshbuf_put_stringb(b, client_version)) < 0 ||
	    (r = sshbuf_put_stringb(b, server_version)) < 0 ||
	    /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
	    (r = sshbuf_put_u32(b, sshbuf_len(client_kexinit) + 1)) != 0 ||
	    (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
	    (r = sshbuf_putb(b, client_kexinit)) != 0 ||
	    (r = sshbuf_put_u32(b, sshbuf_len(server_kexinit) + 1)) != 0 ||
	    (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
	    (r = sshbuf_putb(b, server_kexinit)) != 0 ||
	    (r = sshbuf_put_stringb(b, server_host_key_blob)) != 0 ||
	    (min != -1 && (r = sshbuf_put_u32(b, min)) != 0) ||
	    (r = sshbuf_put_u32(b, wantbits)) != 0 ||
	    (max != -1 && (r = sshbuf_put_u32(b, max)) != 0) ||
	    (r = sshbuf_put_bignum2(b, prime)) != 0 ||
	    (r = sshbuf_put_bignum2(b, gen)) != 0 ||
	    (r = sshbuf_put_bignum2(b, client_dh_pub)) != 0 ||
	    (r = sshbuf_put_bignum2(b, server_dh_pub)) != 0 ||
	    (r = sshbuf_put(b, shared_secret, secretlen)) != 0) {
		sshbuf_free(b);
		return r;
	}
#ifdef DEBUG_KEXDH
	sshbuf_dump(b, stderr);
#endif
	if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) {
		sshbuf_free(b);
		return SSH_ERR_LIBCRYPTO_ERROR;
	}
	sshbuf_free(b);
	*hashlen = ssh_digest_bytes(hash_alg);
#ifdef DEBUG_KEXDH
	dump_digest("hash", hash, *hashlen);
#endif
	return 0;
}
#endif /* WITH_OPENSSL */
upstream: pass most arguments to the KEX hash functions as sshbuf rather than pointer+length; ok markus@ OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7 2019-01-23 01:30:41 +01:00			`/* $OpenBSD: kexgex.c,v 1.32 2019/01/23 00:30:41 djm Exp $ */`
- (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync. 2001-04-04 19:39:19 +02:00			`/*`
			`* Copyright (c) 2000 Niels Provos. All rights reserved.`
			`* Copyright (c) 2001 Markus Friedl. All rights reserved.`
			`*`
			`* Redistribution and use in source and binary forms, with or without`
			`* modification, are permitted provided that the following conditions`
			`* are met:`
			`* 1. Redistributions of source code must retain the above copyright`
			`* notice, this list of conditions and the following disclaimer.`
			`* 2. Redistributions in binary form must reproduce the above copyright`
			`* notice, this list of conditions and the following disclaimer in the`
			`* documentation and/or other materials provided with the distribution.`
			`*`
			* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
			`* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES`
			`* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.`
			`* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,`
			`* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT`
			`* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,`
			`* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY`
			`* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT`
			`* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF`
			`* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.`
			`*/`

			`#include "includes.h"`

support --without-openssl at configure time Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now. 2015-01-14 16:21:31 +01:00			`#ifdef WITH_OPENSSL`

- deraadt@cvs.openbsd.org 2006/08/03 03:34:42 [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything except removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy") 2006-08-05 04:39:39 +02:00			`#include <sys/types.h>`

- markus@cvs.openbsd.org 2003/02/16 17:09:57 [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c] split kex into client and server code, no need to link server code into the client; ok provos@ 2003-02-24 02:03:03 +01:00			`#include <openssl/evp.h>`
- deraadt@cvs.openbsd.org 2006/08/03 03:34:42 [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything except removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy") 2006-08-05 04:39:39 +02:00			`#include <signal.h>`
- (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync. 2001-04-04 19:39:19 +02:00
adapt -portable to OpenSSL 1.1x API Polyfill missing API with replacement functions extracted from LibreSSL 2018-09-13 04:13:50 +02:00			`#include "openbsd-compat/openssl-compat.h"`

upstream commit adapt kex to sshbuf and struct ssh; ok djm@ 2015-01-19 21:16:15 +01:00			`#include "sshkey.h"`
- deraadt@cvs.openbsd.org 2006/08/03 03:34:42 [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything except removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy") 2006-08-05 04:39:39 +02:00			`#include "cipher.h"`
- (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync. 2001-04-04 19:39:19 +02:00			`#include "kex.h"`
			`#include "ssh2.h"`
upstream commit adapt kex to sshbuf and struct ssh; ok djm@ 2015-01-19 21:16:15 +01:00			`#include "ssherr.h"`
			`#include "sshbuf.h"`
- djm@cvs.openbsd.org 2014/01/09 23:20:00 [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c] [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c] [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c] [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c] Introduce digest API and use it to perform all hashing operations rather than calling OpenSSL EVP_Digest* directly. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in future; feedback, ok markus@ 2014-01-10 00:58:53 +01:00			`#include "digest.h"`
- (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync. 2001-04-04 19:39:19 +02:00
upstream commit adapt kex to sshbuf and struct ssh; ok djm@ 2015-01-19 21:16:15 +01:00			`int`
- (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync. 2001-04-04 19:39:19 +02:00			`kexgex_hash(`
- djm@cvs.openbsd.org 2014/01/09 23:20:00 [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c] [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c] [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c] [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c] Introduce digest API and use it to perform all hashing operations rather than calling OpenSSL EVP_Digest* directly. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in future; feedback, ok markus@ 2014-01-10 00:58:53 +01:00			`int hash_alg,`
upstream: move client/server SSH-* banners to buffers under ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@ OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b 2018-12-27 04:25:24 +01:00			`const struct sshbuf *client_version,`
			`const struct sshbuf *server_version,`
upstream: pass most arguments to the KEX hash functions as sshbuf rather than pointer+length; ok markus@ OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7 2019-01-23 01:30:41 +01:00			`const struct sshbuf *client_kexinit,`
			`const struct sshbuf *server_kexinit,`
			`const struct sshbuf *server_host_key_blob,`
upstream commit adapt kex to sshbuf and struct ssh; ok djm@ 2015-01-19 21:16:15 +01:00			`int min, int wantbits, int max,`
			`const BIGNUM *prime,`
			`const BIGNUM *gen,`
			`const BIGNUM *client_dh_pub,`
			`const BIGNUM *server_dh_pub,`
upstream: factor out kex_dh_compute_key() - it's shared between plain DH KEX and DH GEX in both the client and server implementations from markus@ ok djm@ OpenBSD-Commit-ID: 12186e18791fffcd4642c82e7e0cfdd7ea37e2ec 2019-01-21 11:03:37 +01:00			`const u_char *shared_secret, size_t secretlen,`
upstream commit adapt kex to sshbuf and struct ssh; ok djm@ 2015-01-19 21:16:15 +01:00			`u_char hash, size_t hashlen)`
- (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync. 2001-04-04 19:39:19 +02:00			`{`
upstream commit adapt kex to sshbuf and struct ssh; ok djm@ 2015-01-19 21:16:15 +01:00			`struct sshbuf *b;`
			`int r;`
- (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync. 2001-04-04 19:39:19 +02:00
upstream commit adapt kex to sshbuf and struct ssh; ok djm@ 2015-01-19 21:16:15 +01:00			`if (*hashlen < ssh_digest_bytes(SSH_DIGEST_SHA1))`
			`return SSH_ERR_INVALID_ARGUMENT;`
			`if ((b = sshbuf_new()) == NULL)`
			`return SSH_ERR_ALLOC_FAIL;`
upstream: move client/server SSH-* banners to buffers under ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@ OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b 2018-12-27 04:25:24 +01:00			`if ((r = sshbuf_put_stringb(b, client_version)) < 0 \|\|`
			`(r = sshbuf_put_stringb(b, server_version)) < 0 \|\|`
upstream commit adapt kex to sshbuf and struct ssh; ok djm@ 2015-01-19 21:16:15 +01:00			`/* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */`
upstream: pass most arguments to the KEX hash functions as sshbuf rather than pointer+length; ok markus@ OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7 2019-01-23 01:30:41 +01:00			`(r = sshbuf_put_u32(b, sshbuf_len(client_kexinit) + 1)) != 0 \|\|`
upstream commit adapt kex to sshbuf and struct ssh; ok djm@ 2015-01-19 21:16:15 +01:00			`(r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 \|\|`
upstream: pass most arguments to the KEX hash functions as sshbuf rather than pointer+length; ok markus@ OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7 2019-01-23 01:30:41 +01:00			`(r = sshbuf_putb(b, client_kexinit)) != 0 \|\|`
			`(r = sshbuf_put_u32(b, sshbuf_len(server_kexinit) + 1)) != 0 \|\|`
upstream commit adapt kex to sshbuf and struct ssh; ok djm@ 2015-01-19 21:16:15 +01:00			`(r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 \|\|`
upstream: pass most arguments to the KEX hash functions as sshbuf rather than pointer+length; ok markus@ OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7 2019-01-23 01:30:41 +01:00			`(r = sshbuf_putb(b, server_kexinit)) != 0 \|\|`
			`(r = sshbuf_put_stringb(b, server_host_key_blob)) != 0 \|\|`
upstream commit adapt kex to sshbuf and struct ssh; ok djm@ 2015-01-19 21:16:15 +01:00			`(min != -1 && (r = sshbuf_put_u32(b, min)) != 0) \|\|`
			`(r = sshbuf_put_u32(b, wantbits)) != 0 \|\|`
			`(max != -1 && (r = sshbuf_put_u32(b, max)) != 0) \|\|`
			`(r = sshbuf_put_bignum2(b, prime)) != 0 \|\|`
			`(r = sshbuf_put_bignum2(b, gen)) != 0 \|\|`
			`(r = sshbuf_put_bignum2(b, client_dh_pub)) != 0 \|\|`
			`(r = sshbuf_put_bignum2(b, server_dh_pub)) != 0 \|\|`
upstream: factor out kex_dh_compute_key() - it's shared between plain DH KEX and DH GEX in both the client and server implementations from markus@ ok djm@ OpenBSD-Commit-ID: 12186e18791fffcd4642c82e7e0cfdd7ea37e2ec 2019-01-21 11:03:37 +01:00			`(r = sshbuf_put(b, shared_secret, secretlen)) != 0) {`
upstream commit adapt kex to sshbuf and struct ssh; ok djm@ 2015-01-19 21:16:15 +01:00			`sshbuf_free(b);`
			`return r;`
- (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync. 2001-04-04 19:39:19 +02:00			`}`
			`#ifdef DEBUG_KEXDH`
upstream commit adapt kex to sshbuf and struct ssh; ok djm@ 2015-01-19 21:16:15 +01:00			`sshbuf_dump(b, stderr);`
- (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync. 2001-04-04 19:39:19 +02:00			`#endif`
upstream commit adapt kex to sshbuf and struct ssh; ok djm@ 2015-01-19 21:16:15 +01:00			`if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) {`
			`sshbuf_free(b);`
			`return SSH_ERR_LIBCRYPTO_ERROR;`
			`}`
			`sshbuf_free(b);`
- djm@cvs.openbsd.org 2014/01/09 23:20:00 [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c] [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c] [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c] [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c] Introduce digest API and use it to perform all hashing operations rather than calling OpenSSL EVP_Digest* directly. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in future; feedback, ok markus@ 2014-01-10 00:58:53 +01:00			`*hashlen = ssh_digest_bytes(hash_alg);`
upstream commit adapt kex to sshbuf and struct ssh; ok djm@ 2015-01-19 21:16:15 +01:00			`#ifdef DEBUG_KEXDH`
			`dump_digest("hash", hash, *hashlen);`
			`#endif`
			`return 0;`
- (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync. 2001-04-04 19:39:19 +02:00			`}`
support --without-openssl at configure time Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now. 2015-01-14 16:21:31 +01:00			`#endif /* WITH_OPENSSL */`