aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <mail@cynapses.org>2009-04-16 14:04:19 +0000
committerAndreas Schneider <mail@cynapses.org>2009-04-16 14:04:19 +0000
commit1ed7c908908593346bc2e3cdf37aa26a4ac200ed (patch)
tree4f79d636f6bd04baed456097f95728da014f7efd
parent24fc1b2028ed03ac7355c05ad2c93d81f0d5497a (diff)
downloadlibssh-1ed7c908908593346bc2e3cdf37aa26a4ac200ed.tar.gz
libssh-1ed7c908908593346bc2e3cdf37aa26a4ac200ed.tar.xz
libssh-1ed7c908908593346bc2e3cdf37aa26a4ac200ed.zip
Revert commit 491.
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@492 7dcaeef0-15fb-0310-b436-a5af3365683c
-rw-r--r--include/libssh/priv.h9
-rw-r--r--libssh/client.c7
-rw-r--r--libssh/dh.c89
-rw-r--r--libssh/init.c1
-rw-r--r--libssh/server.c4
5 files changed, 41 insertions, 69 deletions
diff --git a/include/libssh/priv.h b/include/libssh/priv.h
index 4a4023bc..50b82f63 100644
--- a/include/libssh/priv.h
+++ b/include/libssh/priv.h
@@ -339,10 +339,6 @@ struct ssh_session {
int dh_handshake_state;
STRING *dh_server_signature; //information used by dh_handshake.
- /* dh crypto */
- bignum dh_g;
- bignum dh_p;
-
KEX server_kex;
KEX client_kex;
BUFFER *in_hashbuf;
@@ -524,8 +520,9 @@ void dh_generate_x(SSH_SESSION *session);
void dh_generate_y(SSH_SESSION *session);
void dh_generate_f(SSH_SESSION *session);
-int ssh_crypto_init(SSH_SESSION *session);
-void ssh_crypto_finalize(SSH_SESSION *session);
+/* FIXME: replace me with a thread safe function */
+void ssh_crypto_init(void);
+void ssh_crypto_finalize(void);
STRING *dh_get_e(SSH_SESSION *session);
STRING *dh_get_f(SSH_SESSION *session);
diff --git a/libssh/client.c b/libssh/client.c
index 26277f03..09f522ae 100644
--- a/libssh/client.c
+++ b/libssh/client.c
@@ -449,11 +449,7 @@ int ssh_connect(SSH_SESSION *session) {
session->alive = 0;
session->client = 1;
- if (ssh_crypto_init(session) < 0) {
- ssh_set_error(session, SSH_FATAL, "Initializing crypto functions failed");
- leave_function();
- return SSH_ERROR;
- }
+ ssh_crypto_init();
ssh_socket_init();
if (options->fd == -1 && options->host == NULL) {
@@ -632,7 +628,6 @@ void ssh_disconnect(SSH_SESSION *session) {
error:
leave_function();
- ssh_crypto_finalize(session);
ssh_cleanup(session);
}
diff --git a/libssh/dh.c b/libssh/dh.c
index 93bd090b..1d825b2e 100644
--- a/libssh/dh.c
+++ b/libssh/dh.c
@@ -69,6 +69,9 @@ static unsigned char p_value[] = {
#define P_LEN 128 /* Size in bytes of the p number */
static unsigned long g_int = 2 ; /* G is defined as 2 by the ssh2 standards */
+static bignum g;
+static bignum p;
+static int ssh_crypto_inited=0;
int ssh_get_random(void *where, int len, int strong){
@@ -93,51 +96,37 @@ int ssh_get_random(void *where, int len, int strong){
/* it inits the values g and p which are used for DH key agreement */
-int ssh_crypto_init(struct ssh_session *session) {
+void ssh_crypto_init(void){
+ if(ssh_crypto_inited == 0){
#ifdef HAVE_LIBGCRYPT
- gcry_check_version(NULL);
-
- if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P,0)) {
- gcry_control(GCRYCTL_INIT_SECMEM, 4096);
- gcry_control(GCRYCTL_INITIALIZATION_FINISHED,0);
- }
-#endif
-
- session->dh_g = bignum_new();
- if (session->dh_g == NULL) {
- return -1;
- }
- bignum_set_word(session->dh_g, g_int);
-
+ gcry_check_version(NULL);
+ if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P,0))
+ {
+ gcry_control(GCRYCTL_INIT_SECMEM, 4096);
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED,0);
+ }
+#endif
+ g=bignum_new();
+ bignum_set_word(g,g_int);
#ifdef HAVE_LIBGCRYPT
- bignum_bin2bn(p_value, P_LEN, &session->dh_p);
- if (session->dh_p == NULL) {
- bignum_free(session->dh_g);
- session->dh_g = NULL;
- return -1;
- }
+ bignum_bin2bn(p_value,P_LEN,&p);
#elif defined HAVE_LIBCRYPTO
- session->dh_p = bignum_new();
- if (session->dh_p == NULL) {
- bignum_free(session->dh_g);
- session->dh_g = NULL;
- return -1;
- }
- bignum_bin2bn(p_value, P_LEN, session->dh_p);
- OpenSSL_add_all_algorithms();
+ p=bignum_new();
+ bignum_bin2bn(p_value,P_LEN,p);
+ OpenSSL_add_all_algorithms();
#endif
-
- return 0;
+ ssh_crypto_inited++;
+ }
}
-void ssh_crypto_finalize(struct ssh_session *session) {
- bignum_free(session->dh_g);
- session->dh_g = NULL;
-
- bignum_free(session->dh_p);
- session->dh_p = NULL;
+void ssh_crypto_finalize(void){
+ if(ssh_crypto_inited){
+ bignum_free(g);
+ bignum_free(p);
+ ssh_crypto_inited=0;
+ }
}
-
+
/* prints the bignum on stderr */
void ssh_print_bignum(const char *which,bignum num){
#ifdef HAVE_LIBGCRYPT
@@ -234,11 +223,9 @@ void dh_generate_e(SSH_SESSION *session){
#endif
session->next_crypto->e=bignum_new();
#ifdef HAVE_LIBGCRYPT
- bignum_mod_exp(session->next_crypto->e, session->dh_g,
- session->next_crypto->x, session->dh_p);
+ bignum_mod_exp(session->next_crypto->e,g,session->next_crypto->x,p);
#elif defined HAVE_LIBCRYPTO
- bignum_mod_exp(session->next_crypto->e, session->dh_g,
- session->next_crypto->x, session->dh_p, ctx);
+ bignum_mod_exp(session->next_crypto->e,g,session->next_crypto->x,p,ctx);
#endif
#ifdef DEBUG_CRYPTO
ssh_print_bignum("e",session->next_crypto->e);
@@ -254,11 +241,9 @@ void dh_generate_f(SSH_SESSION *session){
#endif
session->next_crypto->f=bignum_new();
#ifdef HAVE_LIBGCRYPT
- bignum_mod_exp(session->next_crypto->f, session->dh_g,
- session->next_crypto->y, session->dh_p);
+ bignum_mod_exp(session->next_crypto->f,g,session->next_crypto->y,p);
#elif defined HAVE_LIBCRYPTO
- bignum_mod_exp(session->next_crypto->f, session->dh_g,
- session->next_crypto->y, session->dh_p, ctx);
+ bignum_mod_exp(session->next_crypto->f,g,session->next_crypto->y,p,ctx);
#endif
#ifdef DEBUG_CRYPTO
ssh_print_bignum("f",session->next_crypto->f);
@@ -342,19 +327,15 @@ void dh_build_k(SSH_SESSION *session){
/* the server and clients don't use the same numbers */
#ifdef HAVE_LIBGCRYPT
if(session->client){
- bignum_mod_exp(session->next_crypto->k, session->next_crypto->f,
- session->next_crypto->x, session->dh_p);
+ bignum_mod_exp(session->next_crypto->k,session->next_crypto->f,session->next_crypto->x,p);
} else {
- bignum_mod_exp(session->next_crypto->k, session->next_crypto->e,
- session->next_crypto->y, session->dh_p);
+ bignum_mod_exp(session->next_crypto->k,session->next_crypto->e,session->next_crypto->y,p);
}
#elif defined HAVE_LIBCRYPTO
if(session->client){
- bignum_mod_exp(session->next_crypto->k, session->next_crypto->f,
- session->next_crypto->x, session->dh_p, ctx);
+ bignum_mod_exp(session->next_crypto->k,session->next_crypto->f,session->next_crypto->x,p,ctx);
} else {
- bignum_mod_exp(session->next_crypto->k, session->next_crypto->e,
- session->next_crypto->y, session->dh_p, ctx);
+ bignum_mod_exp(session->next_crypto->k,session->next_crypto->e,session->next_crypto->y,p,ctx);
}
#endif
#ifdef DEBUG_CRYPTO
diff --git a/libssh/init.c b/libssh/init.c
index e9c05393..6b10033b 100644
--- a/libssh/init.c
+++ b/libssh/init.c
@@ -38,6 +38,7 @@
*/
int ssh_finalize(void)
{
+ ssh_crypto_finalize();
#ifdef HAVE_LIBGCRYPT
gcry_control(GCRYCTL_TERM_SECMEM);
#elif defined HAVE_LIBCRYPTO
diff --git a/libssh/server.c b/libssh/server.c
index 7193a285..358b13e7 100644
--- a/libssh/server.c
+++ b/libssh/server.c
@@ -332,9 +332,7 @@ static int dh_handshake_server(SSH_SESSION *session){
/* do the banner and key exchange */
int ssh_accept(SSH_SESSION *session){
ssh_send_banner(session,1);
- if (ssh_crypto_init(session) < 0) {
- return -1;
- }
+ ssh_crypto_init();
session->alive=1;
session->clientbanner=ssh_get_banner(session);
if (server_set_kex(session) < 0) {