[Ttssh2-commit] [6568] DH構造体のメンバーアクセスを関数アクセスに変更した。

svnno****@sourc***** svnno****@sourc*****
2017年 1月 11日 (水) 23:18:17 JST


Revision: 6568
          http://sourceforge.jp/projects/ttssh2/scm/svn/commits/6568
Author:   yutakapon
Date:     2017-01-11 23:18:17 +0900 (Wed, 11 Jan 2017)
Log Message:
-----------
DH構造体のメンバーアクセスを関数アクセスに変更した。
save_bcrypt_private_key関数で EVP_CIPHER_CTX ポインタ指定ミスを修正した。

Modified Paths:
--------------
    branches/openssl_1_1_0/ttssh2/ttxssh/kex.c
    branches/openssl_1_1_0/ttssh2/ttxssh/ssh.c
    branches/openssl_1_1_0/ttssh2/ttxssh/ttxssh.c

-------------- next part --------------
Modified: branches/openssl_1_1_0/ttssh2/ttxssh/kex.c
===================================================================
--- branches/openssl_1_1_0/ttssh2/ttxssh/kex.c	2017-01-09 13:04:00 UTC (rev 6567)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/kex.c	2017-01-11 14:18:17 UTC (rev 6568)
@@ -34,6 +34,7 @@
 static DH *dh_new_group_asc(const char *gen, const char *modulus)
 {
 	DH *dh = NULL;
+	BIGNUM *p, *g;
 
 	if ((dh = DH_new()) == NULL) {
 		printf("dh_new_group_asc: DH_new");
@@ -40,13 +41,15 @@
 		goto error;
 	}
 
+	DH_get0_pqg(dh, &p, NULL, &g);
+
 	// P\x82\xC6G\x82͌\xF6\x8AJ\x82\xB5\x82Ă\xE0\x82悢\x91f\x90\x94\x82̑g\x82ݍ\x87\x82킹
-	if (BN_hex2bn(&dh->p, modulus) == 0) {
+	if (BN_hex2bn(&p, modulus) == 0) {
 		printf("BN_hex2bn p");
 		goto error;
 	}
 
-	if (BN_hex2bn(&dh->g, gen) == 0) {
+	if (BN_hex2bn(&g, gen) == 0) {
 		printf("BN_hex2bn g");
 		goto error;
 	}
@@ -231,22 +234,26 @@
 void dh_gen_key(PTInstVar pvar, DH *dh, int we_need /* bytes */ )
 {
 	int i;
+	BIGNUM *pub_key;
+	BIGNUM *priv_key;
 
-	dh->priv_key = NULL;
+	priv_key = NULL;
 
 	// \x94閧\x82ɂ\xB7\x82ׂ\xAB\x97\x90\x90\x94(X)\x82𐶐\xAC
 	for (i = 0 ; i < 10 ; i++) { // retry counter
-		if (dh->priv_key != NULL) {
-			BN_clear_free(dh->priv_key);
+		if (priv_key != NULL) {
+			BN_clear_free(priv_key);
 		}
-		dh->priv_key = BN_new();
-		if (dh->priv_key == NULL)
+		priv_key = BN_new();
+		DH_set0_key(dh, NULL, priv_key);
+		if (priv_key == NULL)
 			goto error;
-		if (BN_rand(dh->priv_key, 2*(we_need*8), 0, 0) == 0)
+		if (BN_rand(priv_key, 2*(we_need*8), 0, 0) == 0)
 			goto error;
 		if (DH_generate_key(dh) == 0)
 			goto error;
-		if (dh_pub_is_valid(dh, dh->pub_key))
+		DH_get0_key(dh, &pub_key, NULL);
+		if (dh_pub_is_valid(dh, pub_key))
 			break;
 	}
 	if (i >= 10) {
@@ -467,6 +474,7 @@
 	int i;
 	int n = BN_num_bits(dh_pub);
 	int bits_set = 0;
+	const BIGNUM *p;
 
 	// OpenSSL 1.1.0\x82ŁABIGNUM\x8D\\x91\xA2\x91̂\xCCneg\x83\x81\x83\x93\x83o\x81[\x82ɒ\xBC\x90ڃA\x83N\x83Z\x83X\x82ł\xAB\x82Ȃ\xAD\x82Ȃ\xC1\x82\xBD\x82\xBD\x82߁A
 	// BN_is_negative\x8A֐\x94\x82ɒu\x8A\xB7\x82\xB7\x82\xE9\x81BOpenSSL 1.0.2\x82ł̓}\x83N\x83\x8D\x92\xE8\x8B`\x82\xB3\x82\xEA\x82Ă\xA2\x82\xE9\x81B
@@ -480,7 +488,8 @@
 	//debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
 
 	/* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */
-	if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
+	DH_get0_pqg(dh, &p, NULL, NULL);
+	if (bits_set > 1 && (BN_cmp(dh_pub, p) == -1))
 		return 1;
 	//logit("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p));
 	return 0;

Modified: branches/openssl_1_1_0/ttssh2/ttxssh/ssh.c
===================================================================
--- branches/openssl_1_1_0/ttssh2/ttxssh/ssh.c	2017-01-09 13:04:00 UTC (rev 6567)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/ssh.c	2017-01-11 14:18:17 UTC (rev 6568)
@@ -5195,6 +5195,7 @@
 	buffer_t *msg = NULL;
 	unsigned char *outmsg;
 	int len;
+	BIGNUM *pub_key;
 
 	// Diffie-Hellman key agreement
 	switch (pvar->kex_type) {
@@ -5224,7 +5225,8 @@
 		return;
 	}
 
-	buffer_put_bignum2(msg, dh->pub_key);
+	DH_get0_key(dh, &pub_key, NULL);
+	buffer_put_bignum2(msg, pub_key);
 
 	len = buffer_len(msg);
 	outmsg = begin_send_packet(pvar, SSH2_MSG_KEXDH_INIT, len);
@@ -5349,6 +5351,7 @@
 	buffer_t *msg = NULL;
 	unsigned char *outmsg;
 	char tmpbuf[256];
+	BIGNUM *pub_key;
 
 	notify_verbose_message(pvar, "SSH2_MSG_KEX_DH_GEX_GROUP was received.", LOG_LEVEL_VERBOSE);
 
@@ -5434,8 +5437,7 @@
 	dh = DH_new();
 	if (dh == NULL)
 		goto error;
-	dh->p = p;
-	dh->g = g;
+	DH_set0_pqg(dh, p, NULL, g);
 
 	// \x94閧\x82ɂ\xB7\x82ׂ\xAB\x97\x90\x90\x94(X)\x82𐶐\xAC
 	dh_gen_key(pvar, dh, pvar->we_need);
@@ -5445,7 +5447,8 @@
 	if (msg == NULL) {
 		goto error;
 	}
-	buffer_put_bignum2(msg, dh->pub_key);
+	DH_get0_key(dh, &pub_key, NULL);
+	buffer_put_bignum2(msg, pub_key);
 	len = buffer_len(msg);
 	outmsg = begin_send_packet(pvar, SSH2_MSG_KEX_DH_GEX_INIT, len);
 	memcpy(outmsg, buffer_ptr(msg), len);
@@ -5460,9 +5463,14 @@
 	pvar->kexdh = dh;
 
 	{
-		push_bignum_memdump("DH_GEX_GROUP", "p", dh->p);
-		push_bignum_memdump("DH_GEX_GROUP", "g", dh->g);
-		push_bignum_memdump("DH_GEX_GROUP", "pub_key", dh->pub_key);
+		BIGNUM *p, *q, *pub_key;
+
+		DH_get0_pqg(dh, &p, &q, NULL);
+		DH_get0_key(dh, &pub_key, NULL);
+
+		push_bignum_memdump("DH_GEX_GROUP", "p", p);
+		push_bignum_memdump("DH_GEX_GROUP", "g", g);
+		push_bignum_memdump("DH_GEX_GROUP", "pub_key", pub_key);
 	}
 
 	SSH2_dispatch_init(2);
@@ -5585,6 +5593,7 @@
 	char *emsg, emsg_tmp[1024];  // error message
 	int ret, hashlen;
 	Key *hostkey;  // hostkey
+	BIGNUM *pub_key;
 
 	notify_verbose_message(pvar, "SSH2_MSG_KEXDH_REPLY was received.", LOG_LEVEL_VERBOSE);
 
@@ -5665,6 +5674,7 @@
 
 	// \x83n\x83b\x83V\x83\x85\x82̌v\x8EZ
 	/* calc and verify H */
+	DH_get0_key(pvar->kexdh, &pub_key, NULL);
 	hash = kex_dh_hash(get_kex_algorithm_EVP_MD(pvar->kex_type),
 	                   pvar->client_version_string,
 	                   pvar->server_version_string,
@@ -5671,7 +5681,7 @@
 	                   buffer_ptr(pvar->my_kex), buffer_len(pvar->my_kex),
 	                   buffer_ptr(pvar->peer_kex), buffer_len(pvar->peer_kex),
 	                   server_host_key_blob, bloblen,
-	                   pvar->kexdh->pub_key,
+	                   pub_key,
 	                   dh_server_pub,
 	                   share_key,
 	                   &hashlen);
@@ -5765,7 +5775,8 @@
 	}
 
 	// TTSSH\x83o\x81[\x83W\x83\x87\x83\x93\x8F\xEE\x95\xF1\x82ɕ\\x8E\xA6\x82\xB7\x82\xE9\x83L\x81[\x83r\x83b\x83g\x90\x94\x82\xF0\x8B\x81\x82߂Ă\xA8\x82\xAD (2004.10.30 yutaka)
-	pvar->client_key_bits = BN_num_bits(pvar->kexdh->pub_key);
+	DH_get0_key(pvar->kexdh, &pub_key, NULL);
+	pvar->client_key_bits = BN_num_bits(pub_key);
 	pvar->server_key_bits = BN_num_bits(dh_server_pub);
 
 	SSH2_dispatch_init(3);
@@ -5813,6 +5824,8 @@
 	char *emsg, emsg_tmp[1024];  // error message
 	int ret, hashlen;
 	Key *hostkey = NULL;  // hostkey
+	BIGNUM *p, *g;
+	BIGNUM *pub_key;
 
 	notify_verbose_message(pvar, "SSH2_MSG_KEX_DH_GEX_REPLY was received.", LOG_LEVEL_VERBOSE);
 
@@ -5894,6 +5907,8 @@
 
 	// \x83n\x83b\x83V\x83\x85\x82̌v\x8EZ
 	/* calc and verify H */
+	DH_get0_pqg(pvar->kexdh, &p, NULL, &g);
+	DH_get0_key(pvar->kexdh, &pub_key, NULL);
 	hash = kex_dh_gex_hash(
 		get_kex_algorithm_EVP_MD(pvar->kex_type),
 		pvar->client_version_string,
@@ -5905,9 +5920,9 @@
 		pvar->kexgex_min,
 		pvar->kexgex_bits,
 		pvar->kexgex_max,
-		pvar->kexdh->p,
-		pvar->kexdh->g,
-		pvar->kexdh->pub_key,
+		p,
+		g,
+		pub_key,
 		/////// KEXGEX
 		dh_server_pub,
 		share_key,
@@ -6002,7 +6017,8 @@
 	}
 
 	// TTSSH\x83o\x81[\x83W\x83\x87\x83\x93\x8F\xEE\x95\xF1\x82ɕ\\x8E\xA6\x82\xB7\x82\xE9\x83L\x81[\x83r\x83b\x83g\x90\x94\x82\xF0\x8B\x81\x82߂Ă\xA8\x82\xAD (2004.10.30 yutaka)
-	pvar->client_key_bits = BN_num_bits(pvar->kexdh->pub_key);
+	DH_get0_key(pvar->kexdh, &pub_key, NULL);
+	pvar->client_key_bits = BN_num_bits(pub_key);
 	pvar->server_key_bits = BN_num_bits(dh_server_pub);
 
 	SSH2_dispatch_init(3);

Modified: branches/openssl_1_1_0/ttssh2/ttxssh/ttxssh.c
===================================================================
--- branches/openssl_1_1_0/ttssh2/ttxssh/ttxssh.c	2017-01-09 13:04:00 UTC (rev 6567)
+++ branches/openssl_1_1_0/ttssh2/ttxssh/ttxssh.c	2017-01-11 14:18:17 UTC (rev 6568)
@@ -4346,7 +4346,7 @@
 	// \x88Í\x86\x89\xBB\x82̏\x80\x94\xF5
 	// TODO: OpenSSH 6.5\x82ł\xCD -Z \x83I\x83v\x83V\x83\x87\x83\x93\x82ŁA\x88Í\x86\x89\xBB\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82\xF0\x8Ew\x92\xE8\x89”\\x82\xBE\x82\xAA\x81A
 	// \x82\xB1\x82\xB1\x82ł\xCD"AES256-CBC"\x82ɌŒ\xE8\x82Ƃ\xB7\x82\xE9\x81B
-	cipher_init_SSH2(&cipher_ctx, key, keylen, key + keylen, ivlen, CIPHER_ENCRYPT, 
+	cipher_init_SSH2(cipher_ctx, key, keylen, key + keylen, ivlen, CIPHER_ENCRYPT, 
 		get_cipher_EVP_CIPHER(ciphernameval), 0, pvar);
 	SecureZeroMemory(key, keylen + ivlen);
 	free(key);
@@ -4390,12 +4390,12 @@
 
 	/* encrypt */
 	cp = buffer_append_space(encoded, buffer_len(b) + authlen);
-	if (EVP_Cipher(&cipher_ctx, cp, buffer_ptr(b), buffer_len(b)) == 0) {
+	if (EVP_Cipher(cipher_ctx, cp, buffer_ptr(b), buffer_len(b)) == 0) {
 		//strncpy_s(errmsg, errmsg_len, "Key decrypt error", _TRUNCATE);
 		//free(decrypted);
 		//goto error;
 	}
-	cipher_cleanup_SSH2(&cipher_ctx);
+	cipher_cleanup_SSH2(cipher_ctx);
 
 	len = 2 * buffer_len(encoded);
 	cp = malloc(len);



Ttssh2-commit メーリングリストの案内