From 1ed7c908908593346bc2e3cdf37aa26a4ac200ed Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Thu, 16 Apr 2009 14:04:19 +0000 Subject: [PATCH] Revert commit 491. git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@492 7dcaeef0-15fb-0310-b436-a5af3365683c --- include/libssh/priv.h | 9 ++--- libssh/client.c | 7 +--- libssh/dh.c | 87 +++++++++++++++++-------------------------- libssh/init.c | 1 + libssh/server.c | 4 +- 5 files changed, 40 insertions(+), 68 deletions(-) diff --git a/include/libssh/priv.h b/include/libssh/priv.h index 4a4023bc..50b82f63 100644 --- a/include/libssh/priv.h +++ b/include/libssh/priv.h @@ -339,10 +339,6 @@ struct ssh_session { int dh_handshake_state; STRING *dh_server_signature; //information used by dh_handshake. - /* dh crypto */ - bignum dh_g; - bignum dh_p; - KEX server_kex; KEX client_kex; BUFFER *in_hashbuf; @@ -524,8 +520,9 @@ void dh_generate_x(SSH_SESSION *session); void dh_generate_y(SSH_SESSION *session); void dh_generate_f(SSH_SESSION *session); -int ssh_crypto_init(SSH_SESSION *session); -void ssh_crypto_finalize(SSH_SESSION *session); +/* FIXME: replace me with a thread safe function */ +void ssh_crypto_init(void); +void ssh_crypto_finalize(void); STRING *dh_get_e(SSH_SESSION *session); STRING *dh_get_f(SSH_SESSION *session); diff --git a/libssh/client.c b/libssh/client.c index 26277f03..09f522ae 100644 --- a/libssh/client.c +++ b/libssh/client.c @@ -449,11 +449,7 @@ int ssh_connect(SSH_SESSION *session) { session->alive = 0; session->client = 1; - if (ssh_crypto_init(session) < 0) { - ssh_set_error(session, SSH_FATAL, "Initializing crypto functions failed"); - leave_function(); - return SSH_ERROR; - } + ssh_crypto_init(); ssh_socket_init(); if (options->fd == -1 && options->host == NULL) { @@ -632,7 +628,6 @@ void ssh_disconnect(SSH_SESSION *session) { error: leave_function(); - ssh_crypto_finalize(session); ssh_cleanup(session); } diff --git a/libssh/dh.c b/libssh/dh.c index 93bd090b..1d825b2e 100644 --- a/libssh/dh.c +++ b/libssh/dh.c @@ -69,6 +69,9 @@ static unsigned char p_value[] = { #define P_LEN 128 /* Size in bytes of the p number */ static unsigned long g_int = 2 ; /* G is defined as 2 by the ssh2 standards */ +static bignum g; +static bignum p; +static int ssh_crypto_inited=0; int ssh_get_random(void *where, int len, int strong){ @@ -93,51 +96,37 @@ int ssh_get_random(void *where, int len, int strong){ /* it inits the values g and p which are used for DH key agreement */ -int ssh_crypto_init(struct ssh_session *session) { +void ssh_crypto_init(void){ + if(ssh_crypto_inited == 0){ #ifdef HAVE_LIBGCRYPT - gcry_check_version(NULL); - - if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P,0)) { - gcry_control(GCRYCTL_INIT_SECMEM, 4096); - gcry_control(GCRYCTL_INITIALIZATION_FINISHED,0); - } + gcry_check_version(NULL); + if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P,0)) + { + gcry_control(GCRYCTL_INIT_SECMEM, 4096); + gcry_control(GCRYCTL_INITIALIZATION_FINISHED,0); + } #endif - - session->dh_g = bignum_new(); - if (session->dh_g == NULL) { - return -1; - } - bignum_set_word(session->dh_g, g_int); - + g=bignum_new(); + bignum_set_word(g,g_int); #ifdef HAVE_LIBGCRYPT - bignum_bin2bn(p_value, P_LEN, &session->dh_p); - if (session->dh_p == NULL) { - bignum_free(session->dh_g); - session->dh_g = NULL; - return -1; - } + bignum_bin2bn(p_value,P_LEN,&p); #elif defined HAVE_LIBCRYPTO - session->dh_p = bignum_new(); - if (session->dh_p == NULL) { - bignum_free(session->dh_g); - session->dh_g = NULL; - return -1; - } - bignum_bin2bn(p_value, P_LEN, session->dh_p); - OpenSSL_add_all_algorithms(); + p=bignum_new(); + bignum_bin2bn(p_value,P_LEN,p); + OpenSSL_add_all_algorithms(); #endif - - return 0; + ssh_crypto_inited++; + } } -void ssh_crypto_finalize(struct ssh_session *session) { - bignum_free(session->dh_g); - session->dh_g = NULL; - - bignum_free(session->dh_p); - session->dh_p = NULL; +void ssh_crypto_finalize(void){ + if(ssh_crypto_inited){ + bignum_free(g); + bignum_free(p); + ssh_crypto_inited=0; + } } - + /* prints the bignum on stderr */ void ssh_print_bignum(const char *which,bignum num){ #ifdef HAVE_LIBGCRYPT @@ -234,11 +223,9 @@ void dh_generate_e(SSH_SESSION *session){ #endif session->next_crypto->e=bignum_new(); #ifdef HAVE_LIBGCRYPT - bignum_mod_exp(session->next_crypto->e, session->dh_g, - session->next_crypto->x, session->dh_p); + bignum_mod_exp(session->next_crypto->e,g,session->next_crypto->x,p); #elif defined HAVE_LIBCRYPTO - bignum_mod_exp(session->next_crypto->e, session->dh_g, - session->next_crypto->x, session->dh_p, ctx); + bignum_mod_exp(session->next_crypto->e,g,session->next_crypto->x,p,ctx); #endif #ifdef DEBUG_CRYPTO ssh_print_bignum("e",session->next_crypto->e); @@ -254,11 +241,9 @@ void dh_generate_f(SSH_SESSION *session){ #endif session->next_crypto->f=bignum_new(); #ifdef HAVE_LIBGCRYPT - bignum_mod_exp(session->next_crypto->f, session->dh_g, - session->next_crypto->y, session->dh_p); + bignum_mod_exp(session->next_crypto->f,g,session->next_crypto->y,p); #elif defined HAVE_LIBCRYPTO - bignum_mod_exp(session->next_crypto->f, session->dh_g, - session->next_crypto->y, session->dh_p, ctx); + bignum_mod_exp(session->next_crypto->f,g,session->next_crypto->y,p,ctx); #endif #ifdef DEBUG_CRYPTO ssh_print_bignum("f",session->next_crypto->f); @@ -342,19 +327,15 @@ void dh_build_k(SSH_SESSION *session){ /* the server and clients don't use the same numbers */ #ifdef HAVE_LIBGCRYPT if(session->client){ - bignum_mod_exp(session->next_crypto->k, session->next_crypto->f, - session->next_crypto->x, session->dh_p); + bignum_mod_exp(session->next_crypto->k,session->next_crypto->f,session->next_crypto->x,p); } else { - bignum_mod_exp(session->next_crypto->k, session->next_crypto->e, - session->next_crypto->y, session->dh_p); + bignum_mod_exp(session->next_crypto->k,session->next_crypto->e,session->next_crypto->y,p); } #elif defined HAVE_LIBCRYPTO if(session->client){ - bignum_mod_exp(session->next_crypto->k, session->next_crypto->f, - session->next_crypto->x, session->dh_p, ctx); + bignum_mod_exp(session->next_crypto->k,session->next_crypto->f,session->next_crypto->x,p,ctx); } else { - bignum_mod_exp(session->next_crypto->k, session->next_crypto->e, - session->next_crypto->y, session->dh_p, ctx); + bignum_mod_exp(session->next_crypto->k,session->next_crypto->e,session->next_crypto->y,p,ctx); } #endif #ifdef DEBUG_CRYPTO diff --git a/libssh/init.c b/libssh/init.c index e9c05393..6b10033b 100644 --- a/libssh/init.c +++ b/libssh/init.c @@ -38,6 +38,7 @@ */ int ssh_finalize(void) { + ssh_crypto_finalize(); #ifdef HAVE_LIBGCRYPT gcry_control(GCRYCTL_TERM_SECMEM); #elif defined HAVE_LIBCRYPTO diff --git a/libssh/server.c b/libssh/server.c index 7193a285..358b13e7 100644 --- a/libssh/server.c +++ b/libssh/server.c @@ -332,9 +332,7 @@ static int dh_handshake_server(SSH_SESSION *session){ /* do the banner and key exchange */ int ssh_accept(SSH_SESSION *session){ ssh_send_banner(session,1); - if (ssh_crypto_init(session) < 0) { - return -1; - } + ssh_crypto_init(); session->alive=1; session->clientbanner=ssh_get_banner(session); if (server_set_kex(session) < 0) {