upstream: factor out DH keygen; it's identical between the client

and the server from markus@ ok djm@ OpenBSD-Commit-ID: 2be57f6a0d44f1ab2c8de2b1b5d6f530c387fae9
2019-01-21 10:00:23 +00:00 · 2019-01-21 10:00:23 +00:00 · e93bd98eab
parent 5ae3f6d314
commit e93bd98eab
4 changed files with 37 additions and 57 deletions
--- a/kex.h
+++ b/kex.h
@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.94 2019/01/19 21:43:56 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.95 2019/01/21 10:00:23 djm Exp $ */

 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@ -202,6 +202,7 @@ int	 kexecdh_server(struct ssh *);
 int	 kexc25519_client(struct ssh *);
 int	 kexc25519_server(struct ssh *);

+int	 kex_dh_keygen(struct kex *);
 int	 kex_dh_hash(int, const struct sshbuf *, const struct sshbuf *,
    const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
    const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
--- a/kexdh.c
+++ b/kexdh.c
@ -1,4 +1,4 @@
-/* $OpenBSD: kexdh.c,v 1.27 2018/12/27 03:25:25 djm Exp $ */
+/* $OpenBSD: kexdh.c,v 1.28 2019/01/21 10:00:23 djm Exp $ */
 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 *
@ -39,10 +39,36 @@
 #include "sshkey.h"
 #include "cipher.h"
 #include "kex.h"
+#include "dh.h"
 #include "ssherr.h"
 #include "sshbuf.h"
 #include "digest.h"

+int
+kex_dh_keygen(struct kex *kex)
+{
+	switch (kex->kex_type) {
+	case KEX_DH_GRP1_SHA1:
+		kex->dh = dh_new_group1();
+		break;
+	case KEX_DH_GRP14_SHA1:
+	case KEX_DH_GRP14_SHA256:
+		kex->dh = dh_new_group14();
+		break;
+	case KEX_DH_GRP16_SHA512:
+		kex->dh = dh_new_group16();
+		break;
+	case KEX_DH_GRP18_SHA512:
+		kex->dh = dh_new_group18();
+		break;
+	default:
+		return SSH_ERR_INVALID_ARGUMENT;
+	}
+	if (kex->dh == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	return (dh_gen_key(kex->dh, kex->we_need * 8));
+}
+
 int
 kex_dh_hash(
    int hash_alg,
--- a/kexdhc.c
+++ b/kexdhc.c
@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhc.c,v 1.26 2019/01/21 09:55:52 djm Exp $ */
+/* $OpenBSD: kexdhc.c,v 1.27 2019/01/21 10:00:23 djm Exp $ */
 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 *
@ -41,10 +41,10 @@
 #include "sshkey.h"
 #include "cipher.h"
 #include "digest.h"
+#include "dh.h"
 #include "kex.h"
 #include "log.h"
 #include "packet.h"
-#include "dh.h"
 #include "ssh2.h"
 #include "dispatch.h"
 #include "compat.h"
@ -61,31 +61,9 @@ kexdh_client(struct ssh *ssh)
 	const BIGNUM *pub_key;

 	/* generate and send 'e', client DH public key */
-	switch (kex->kex_type) {
-	case KEX_DH_GRP1_SHA1:
-		kex->dh = dh_new_group1();
-		break;
-	case KEX_DH_GRP14_SHA1:
-	case KEX_DH_GRP14_SHA256:
-		kex->dh = dh_new_group14();
-		break;
-	case KEX_DH_GRP16_SHA512:
-		kex->dh = dh_new_group16();
-		break;
-	case KEX_DH_GRP18_SHA512:
-		kex->dh = dh_new_group18();
-		break;
-	default:
-		r = SSH_ERR_INVALID_ARGUMENT;
+	if ((r = kex_dh_keygen(kex)) != 0)
 		goto out;
-	}
-	if (kex->dh == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
 	debug("sending SSH2_MSG_KEXDH_INIT");
-	if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
-		goto out;
 	DH_get0_key(kex->dh, &pub_key, NULL);
 	if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 ||
 	    (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||
--- a/kexdhs.c
+++ b/kexdhs.c
@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhs.c,v 1.32 2019/01/21 09:55:52 djm Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.33 2019/01/21 10:00:23 djm Exp $ */
 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 *
@ -40,10 +40,10 @@
 #include "sshkey.h"
 #include "cipher.h"
 #include "digest.h"
+#include "dh.h"
 #include "kex.h"
 #include "log.h"
 #include "packet.h"
-#include "dh.h"
 #include "ssh2.h"

 #include "dispatch.h"
@ -60,36 +60,11 @@ kexdh_server(struct ssh *ssh)
 	int r;

 	/* generate server DH public key */
-	switch (kex->kex_type) {
-	case KEX_DH_GRP1_SHA1:
-		kex->dh = dh_new_group1();
-		break;
-	case KEX_DH_GRP14_SHA1:
-	case KEX_DH_GRP14_SHA256:
-		kex->dh = dh_new_group14();
-		break;
-	case KEX_DH_GRP16_SHA512:
-		kex->dh = dh_new_group16();
-		break;
-	case KEX_DH_GRP18_SHA512:
-		kex->dh = dh_new_group18();
-		break;
-	default:
-		r = SSH_ERR_INVALID_ARGUMENT;
-		goto out;
-	}
-	if (kex->dh == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
-		goto out;
-
+	if ((r = kex_dh_keygen(kex)) != 0)
+		return r;
 	debug("expecting SSH2_MSG_KEXDH_INIT");
 	ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init);
-	r = 0;
- out:
-	return r;
+	return 0;
 }

 int