1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
--- modules/mod_authen/SS5Supa.c.orig 2011-08-26 12:28:01 UTC
+++ modules/mod_authen/SS5Supa.c
@@ -188,6 +188,7 @@ static unsigned char * ss5_secure_dh_compute_key (int
DH * ss = DH_new();
BIGNUM * a = NULL;
+ BIGNUM *p, *g;
int len = 1;
unsigned char * public_key = NULL;
uint32_t len_key = 0;
@@ -205,41 +206,75 @@ static unsigned char * ss5_secure_dh_compute_key (int
else
pid=(UINT)pthread_self();
- ss->p = BN_bin2bn ((pippo->p), pippo->lenp, NULL);
- ss->g = BN_bin2bn ((pippo->g), pippo->leng, NULL);
+ p = BN_bin2bn ((pippo->p), pippo->lenp, NULL);
+ g = BN_bin2bn ((pippo->g), pippo->leng, NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ DH_set0_pqg(ss, p, NULL, g);
+#else
+ ss->p = p;
+ ss->g = g;
+#endif
a = BN_bin2bn ((pippo->a), pippo->lena, NULL);
- if (!a || !ss->p || !ss->g){
+ if (!a || !p || !g) {
if( VERBOSE() ) {
snprintf(logString,256 - 1,"[%u] [VERB] ss5_secure_dh_compute_key - Error when compute a, p, g",pid);
LOGUPDATE()
}
+ BN_free(a);
+ BN_free(g);
+ BN_free(p);
+ DH_free(ss);
return NULL;
}
do {
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ if (DH_get0_pub_key(ss)) {
+ BN_free(DH_get0_pub_key(ss));
+ BN_free(DH_get0_priv_key(ss));
+#else
if (ss->pub_key){
BN_free(ss->pub_key);
BN_free(ss->priv_key);
+#endif
}
if ( DH_generate_key(ss) == 0){
if( VERBOSE() ) {
snprintf(logString,256 - 1,"[%u] [VERB] ss5_secure_dh_compute_key - Error when compute the keys",pid);
LOGUPDATE()
}
+ BN_free(a);
+ BN_free(g);
+ BN_free(p);
+ DH_free(ss);
return NULL;
}
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ } while (BN_is_negative(DH_get0_pub_key(ss)));
+
+ len_key = BN_num_bytes(DH_get0_pub_key(ss));
+#else
}while(ss->pub_key->neg);
len_key = BN_num_bytes(ss->pub_key);
+#endif
public_key = malloc(len_key);
if (!public_key){
if( VERBOSE() ) {
snprintf(logString,256 - 1,"[%u] [VERB] ss5_secure_dh_compute_key - malloc error",pid);
LOGUPDATE()
}
+ BN_free(a);
+ BN_free(g);
+ BN_free(p);
+ DH_free(ss);
return NULL;
}
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ BN_bn2bin (DH_get0_pub_key(ss), public_key);
+#else
BN_bn2bin (ss->pub_key, public_key);
+#endif
ss5_create_dh_response(s, public_key, len_key);
#if 0
printf("B computed: len is %d\n",len_key);
@@ -256,6 +291,10 @@ static unsigned char * ss5_secure_dh_compute_key (int
snprintf(logString,256 - 1,"[%u] [VERB] ss5_secure_dh_compute_key - malloc error",pid);
LOGUPDATE()
}
+ BN_free(a);
+ BN_free(g);
+ BN_free(p);
+ DH_free(ss);
return NULL;
}
bzero(session_key, DH_size (ss));
@@ -266,6 +305,10 @@ static unsigned char * ss5_secure_dh_compute_key (int
printf("%02x ", session_key[len]);
printf("\n");
#endif
+ BN_free(a);
+ BN_free(g);
+ BN_free(p);
+ DH_free(ss);
return session_key;
}
|
