split out ssh1 session key decryption; ok provos@

author: markus <markus@openbsd.org> 2002-03-14 16:38:26 +0000
committer: markus <markus@openbsd.org> 2002-03-14 16:38:26 +0000
commit: 2b78d0996a396477ec22cf56d0a188d8e72a9a05 (patch)
tree: 857c7f2bb517df8846e40ce9d83e2b5dc43c6216
parent: Fix error; open(2) is not supposed to restart when SA_RESTART is set, (diff)
download: wireguard-openbsd-2b78d0996a396477ec22cf56d0a188d8e72a9a05.tar.xz
wireguard-openbsd-2b78d0996a396477ec22cf56d0a188d8e72a9a05.zip
1 files changed, 47 insertions, 38 deletions
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index eca004fa092..4dfe130f09d 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.228 2002/02/27 21:23:13 stevesk Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.229 2002/03/14 16:38:26 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1219,6 +1219,50 @@ main(int ac, char **av)
 }
 
 /*
+ * Decrypt session_key_int using our private server key and private host key
+ * (key with larger modulus first).
+ */
+static int
+ssh1_session_key(BIGNUM *session_key_int)
+{
+	int rsafail = 0;
+
+	if (BN_cmp(sensitive_data.server_key->rsa->n, sensitive_data.ssh1_host_key->rsa->n) > 0) {
+		/* Server key has bigger modulus. */
+		if (BN_num_bits(sensitive_data.server_key->rsa->n) <
+		    BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
+			fatal("do_connection: %s: server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d",
+			    get_remote_ipaddr(),
+			    BN_num_bits(sensitive_data.server_key->rsa->n),
+			    BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
+			    SSH_KEY_BITS_RESERVED);
+		}
+		if (rsa_private_decrypt(session_key_int, session_key_int,
+		    sensitive_data.server_key->rsa) <= 0)
+			rsafail++;
+		if (rsa_private_decrypt(session_key_int, session_key_int,
+		    sensitive_data.ssh1_host_key->rsa) <= 0)
+			rsafail++;
+	} else {
+		/* Host key has bigger modulus (or they are equal). */
+		if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) <
+		    BN_num_bits(sensitive_data.server_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
+			fatal("do_connection: %s: host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d",
+			    get_remote_ipaddr(),
+			    BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
+			    BN_num_bits(sensitive_data.server_key->rsa->n),
+			    SSH_KEY_BITS_RESERVED);
+		}
+		if (rsa_private_decrypt(session_key_int, session_key_int,
+		    sensitive_data.ssh1_host_key->rsa) < 0)
+			rsafail++;
+		if (rsa_private_decrypt(session_key_int, session_key_int,
+		    sensitive_data.server_key->rsa) < 0)
+			rsafail++;
+	}
+	return (rsafail);
+}
+/*
  * SSH1 key exchange
  */
 static void
@@ -1333,43 +1377,8 @@ do_ssh1_kex(void)
 	packet_set_protocol_flags(protocol_flags);
 	packet_check_eom();
 
-	/*
-	 * Decrypt it using our private server key and private host key (key
-	 * with larger modulus first).
-	 */
-	if (BN_cmp(sensitive_data.server_key->rsa->n, sensitive_data.ssh1_host_key->rsa->n) > 0) {
-		/* Server key has bigger modulus. */
-		if (BN_num_bits(sensitive_data.server_key->rsa->n) <
-		    BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
-			fatal("do_connection: %s: server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d",
-			    get_remote_ipaddr(),
-			    BN_num_bits(sensitive_data.server_key->rsa->n),
-			    BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
-			    SSH_KEY_BITS_RESERVED);
-		}
-		if (rsa_private_decrypt(session_key_int, session_key_int,
-		    sensitive_data.server_key->rsa) <= 0)
-			rsafail++;
-		if (rsa_private_decrypt(session_key_int, session_key_int,
-		    sensitive_data.ssh1_host_key->rsa) <= 0)
-			rsafail++;
-	} else {
-		/* Host key has bigger modulus (or they are equal). */
-		if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) <
-		    BN_num_bits(sensitive_data.server_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
-			fatal("do_connection: %s: host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d",
-			    get_remote_ipaddr(),
-			    BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
-			    BN_num_bits(sensitive_data.server_key->rsa->n),
-			    SSH_KEY_BITS_RESERVED);
-		}
-		if (rsa_private_decrypt(session_key_int, session_key_int,
-		    sensitive_data.ssh1_host_key->rsa) < 0)
-			rsafail++;
-		if (rsa_private_decrypt(session_key_int, session_key_int,
-		    sensitive_data.server_key->rsa) < 0)
-			rsafail++;
-	}
+	/* Decrypt session_key_int using host/server keys */
+	rsafail = ssh1_session_key(session_key_int);
 	/*
 	 * Extract session key from the decrypted integer.  The key is in the
 	 * least significant 256 bits of the integer; the first byte of the
author	markus <markus@openbsd.org>	2002-03-14 16:38:26 +0000
committer	markus <markus@openbsd.org>	2002-03-14 16:38:26 +0000
commit	2b78d0996a396477ec22cf56d0a188d8e72a9a05 (patch)
tree	857c7f2bb517df8846e40ce9d83e2b5dc43c6216
parent	Fix error; open(2) is not supposed to restart when SA_RESTART is set, (diff)
download	wireguard-openbsd-2b78d0996a396477ec22cf56d0a188d8e72a9a05.tar.xz wireguard-openbsd-2b78d0996a396477ec22cf56d0a188d8e72a9a05.zip