Tera TermRevision: 7797
https://osdn.net/projects/ttssh2/scm/svn/commits/7797
Author: yutakapon
Date: 2019-06-24 15:22:05 +0900 (Mon, 24 Jun 2019)
Log Message:
-----------
DH構造体のメンバーアクセスが不可となったため、関数経由でのアクセスに変更した。
チケット #36876
Ticket Links:
------------
https://osdn.net/projects/ttssh2/tracker/detail/36876
Modified Paths:
--------------
branches/openssl_1_1_1_v2/ttssh2/ttxssh/kex.c
branches/openssl_1_1_1_v2/ttssh2/ttxssh/ssh.c
-------------- next part --------------
Modified: branches/openssl_1_1_1_v2/ttssh2/ttxssh/kex.c
===================================================================
--- branches/openssl_1_1_1_v2/ttssh2/ttxssh/kex.c 2019-06-24 06:04:37 UTC (rev 7796)
+++ branches/openssl_1_1_1_v2/ttssh2/ttxssh/kex.c 2019-06-24 06:22:05 UTC (rev 7797)
@@ -33,7 +33,9 @@
static DH *dh_new_group_asc(const char *gen, const char *modulus)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
DH *dh = NULL;
+ BIGNUM *p, *g;
if ((dh = DH_new()) == NULL) {
printf("dh_new_group_asc: DH_new");
@@ -40,13 +42,15 @@
goto error;
}
+ DH_get0_pqg(dh, &p, NULL, &g);
+
// P\x82\xC6G\x82͌\xF6\x8AJ\x82\xB5\x82Ă\xE0\x82悢\x91f\x90\x94\x82̑g\x82ݍ\x87\x82킹
- if (BN_hex2bn(&dh->p, modulus) == 0) {
+ if (BN_hex2bn(&p, modulus) == 0) {
printf("BN_hex2bn p");
goto error;
}
- if (BN_hex2bn(&dh->g, gen) == 0) {
+ if (BN_hex2bn(&g, gen) == 0) {
printf("BN_hex2bn g");
goto error;
}
@@ -230,23 +234,28 @@
// DH\x8C\xAE\x82\xAC\x82\xB7\x82\xE9
void dh_gen_key(PTInstVar pvar, DH *dh, int we_need /* bytes */ )
{
+ /********* OPENSSL1.1.1 NOTEST *********/
int i;
+ BIGNUM *pub_key;
+ BIGNUM *priv_key;
- dh->priv_key = NULL;
+ priv_key = NULL;
// \x94閧\x82ɂ\xB7\x82ׂ\xAB\x97\x90\x90\x94(X)\x82\xAC
for (i = 0 ; i < 10 ; i++) { // retry counter
- if (dh->priv_key != NULL) {
- BN_clear_free(dh->priv_key);
+ if (priv_key != NULL) {
+ BN_clear_free(priv_key);
}
- dh->priv_key = BN_new();
- if (dh->priv_key == NULL)
+ priv_key = BN_new();
+ DH_set0_key(dh, NULL, priv_key);
+ if (priv_key == NULL)
goto error;
- if (BN_rand(dh->priv_key, 2*(we_need*8), 0, 0) == 0)
+ if (BN_rand(priv_key, 2*(we_need*8), 0, 0) == 0)
goto error;
if (DH_generate_key(dh) == 0)
goto error;
- if (dh_pub_is_valid(dh, dh->pub_key))
+ DH_get0_key(dh, &pub_key, NULL);
+ if (dh_pub_is_valid(dh, pub_key))
break;
}
if (i >= 10) {
@@ -467,9 +476,11 @@
int dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
int i;
int n = BN_num_bits(dh_pub);
int bits_set = 0;
+ const BIGNUM *p;
/********* OPENSSL1.1.1 NOTEST *********/
// OpenSSL 1.1.0\x82ŁABIGNUM\x8D\\x91\xA2\x91̂\xCCneg\x83\x81\x83\x93\x83o\x81[\x82ɒ\xBC\x90ڃA\x83N\x83Z\x83X\x82ł\xAB\x82Ȃ\xAD\x82Ȃ\xC1\x82\xBD\x82\xBD\x82߁A
@@ -485,7 +496,8 @@
//debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
/* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */
- if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
+ DH_get0_pqg(dh, &p, NULL, NULL);
+ if (bits_set > 1 && (BN_cmp(dh_pub, p) == -1))
return 1;
//logit("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p));
return 0;
Modified: branches/openssl_1_1_1_v2/ttssh2/ttxssh/ssh.c
===================================================================
--- branches/openssl_1_1_1_v2/ttssh2/ttxssh/ssh.c 2019-06-24 06:04:37 UTC (rev 7796)
+++ branches/openssl_1_1_1_v2/ttssh2/ttxssh/ssh.c 2019-06-24 06:22:05 UTC (rev 7797)
@@ -5366,10 +5366,12 @@
//
static void SSH2_dh_kex_init(PTInstVar pvar)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
DH *dh = NULL;
buffer_t *msg = NULL;
unsigned char *outmsg;
int len;
+ BIGNUM *pub_key;
// Diffie-Hellman key agreement
switch (pvar->kex_type) {
@@ -5400,7 +5402,8 @@
return;
}
- buffer_put_bignum2(msg, dh->pub_key);
+ DH_get0_key(dh, &pub_key, NULL);
+ buffer_put_bignum2(msg, pub_key);
len = buffer_len(msg);
outmsg = begin_send_packet(pvar, SSH2_MSG_KEXDH_INIT, len);
@@ -5536,6 +5539,7 @@
*/
static BOOL handle_SSH2_dh_gex_group(PTInstVar pvar)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
int len, grp_bits;
BIGNUM *p = NULL, *g = NULL;
DH *dh = NULL;
@@ -5542,6 +5546,7 @@
buffer_t *msg = NULL;
unsigned char *outmsg;
char tmpbuf[256];
+ BIGNUM *pub_key;
logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_KEX_DH_GEX_GROUP was received.");
@@ -5616,8 +5621,7 @@
dh = DH_new();
if (dh == NULL)
goto error;
- dh->p = p;
- dh->g = g;
+ DH_set0_pqg(dh, p, NULL, g);
// \x94閧\x82ɂ\xB7\x82ׂ\xAB\x97\x90\x90\x94(X)\x82\xAC
dh_gen_key(pvar, dh, pvar->we_need);
@@ -5627,7 +5631,8 @@
if (msg == NULL) {
goto error;
}
- buffer_put_bignum2(msg, dh->pub_key);
+ DH_get0_key(dh, &pub_key, NULL);
+ buffer_put_bignum2(msg, pub_key);
len = buffer_len(msg);
outmsg = begin_send_packet(pvar, SSH2_MSG_KEX_DH_GEX_INIT, len);
memcpy(outmsg, buffer_ptr(msg), len);
@@ -5642,9 +5647,14 @@
pvar->kexdh = dh;
{
- push_bignum_memdump("DH_GEX_GROUP", "p", dh->p);
- push_bignum_memdump("DH_GEX_GROUP", "g", dh->g);
- push_bignum_memdump("DH_GEX_GROUP", "pub_key", dh->pub_key);
+ BIGNUM *p, *q, *pub_key;
+
+ DH_get0_pqg(dh, &p, &q, NULL);
+ DH_get0_key(dh, &pub_key, NULL);
+
+ push_bignum_memdump("DH_GEX_GROUP", "p", p);
+ push_bignum_memdump("DH_GEX_GROUP", "g", g);
+ push_bignum_memdump("DH_GEX_GROUP", "pub_key", pub_key);
}
SSH2_dispatch_init(2);
@@ -5836,6 +5846,7 @@
//
static BOOL handle_SSH2_dh_kex_reply(PTInstVar pvar)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
char *data;
int len;
int offset = 0;
@@ -5851,6 +5862,7 @@
int hashlen;
Key *hostkey = NULL; // hostkey
BOOL result = FALSE;
+ BIGNUM *pub_key;
logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_KEXDH_REPLY was received.");
@@ -5944,6 +5956,7 @@
// \x83n\x83b\x83V\x83\x85\x82̌v\x8EZ
/* calc and verify H */
+ DH_get0_key(pvar->kexdh, &pub_key, NULL);
hash = kex_dh_hash(
get_kex_algorithm_EVP_MD(pvar->kex_type),
pvar->client_version_string,
@@ -5951,7 +5964,7 @@
buffer_ptr(pvar->my_kex), buffer_len(pvar->my_kex),
buffer_ptr(pvar->peer_kex), buffer_len(pvar->peer_kex),
server_host_key_blob, bloblen,
- pvar->kexdh->pub_key,
+ pub_key,
server_public,
share_key,
&hashlen);
@@ -5967,7 +5980,8 @@
}
// TTSSH\x83o\x81[\x83W\x83\x87\x83\x93\x8F\xEE\x95\xF1\x82ɕ\\x8E\xA6\x82\xB7\x82\xE9\x83L\x81[\x83r\x83b\x83g\x90\x94\x82\xF0\x8B\x81\x82߂Ă\xA8\x82\xAD
- pvar->client_key_bits = BN_num_bits(pvar->kexdh->pub_key);
+ DH_get0_key(pvar->kexdh, &pub_key, NULL);
+ pvar->client_key_bits = BN_num_bits(pub_key);
pvar->server_key_bits = BN_num_bits(server_public);
result = ssh2_kex_finish(pvar, hash, hashlen, share_key, hostkey, signature, siglen);
@@ -5991,6 +6005,7 @@
//
static BOOL handle_SSH2_dh_gex_reply(PTInstVar pvar)
{
+ /********* OPENSSL1.1.1 NOTEST *********/
char *data;
int len;
int offset = 0;
@@ -6006,6 +6021,8 @@
int hashlen;
Key *hostkey = NULL; // hostkey
BOOL result = FALSE;
+ BIGNUM *p, *g;
+ BIGNUM *pub_key;
logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_KEX_DH_GEX_REPLY was received.");
@@ -6099,6 +6116,8 @@
// \x83n\x83b\x83V\x83\x85\x82̌v\x8EZ
/* calc and verify H */
+ DH_get0_pqg(pvar->kexdh, &p, NULL, &g);
+ DH_get0_key(pvar->kexdh, &pub_key, NULL);
hash = kex_dh_gex_hash(
get_kex_algorithm_EVP_MD(pvar->kex_type),
pvar->client_version_string,
@@ -6109,9 +6128,9 @@
pvar->kexgex_min,
pvar->kexgex_bits,
pvar->kexgex_max,
- pvar->kexdh->p,
- pvar->kexdh->g,
- pvar->kexdh->pub_key,
+ p,
+ g,
+ pub_key,
server_public,
share_key,
&hashlen);
@@ -6127,7 +6146,8 @@
}
// TTSSH\x83o\x81[\x83W\x83\x87\x83\x93\x8F\xEE\x95\xF1\x82ɕ\\x8E\xA6\x82\xB7\x82\xE9\x83L\x81[\x83r\x83b\x83g\x90\x94\x82\xF0\x8B\x81\x82߂Ă\xA8\x82\xAD
- pvar->client_key_bits = BN_num_bits(pvar->kexdh->pub_key);
+ DH_get0_key(pvar->kexdh, &pub_key, NULL);
+ pvar->client_key_bits = BN_num_bits(pub_key);
pvar->server_key_bits = BN_num_bits(server_public);
result = ssh2_kex_finish(pvar, hash, hashlen, share_key, hostkey, signature, siglen);