Skip to content

Commit

Permalink
Merge pull request wolfSSL#566 from JacobBarthelmeh/dh
Browse files Browse the repository at this point in the history 
fix for dh group connections
  • Loading branch information
@dgarske
dgarske authored Aug 8, 2023
2 parents e089f2d + 5439016 commit 837393a
Showing 1 changed file with 52 additions and 29 deletions.
81 changes: 52 additions & 29 deletions src/internal.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8478,6 +8478,46 @@ static int BuildRFC6187Info(WOLFSSH* ssh, int pubKeyID,
#endif /* WOLFSSH_CERTS */


#ifndef WOLFSSH_NO_DH
static int GetDHPrimeGroup(int kexId, const byte** primeGroup,
word32* primeGroupSz, const byte** generator, word32* generatorSz)
{
int ret = WS_SUCCESS;

switch (kexId) {
#ifndef WOLFSSH_NO_DH_GROUP1_SHA1
case ID_DH_GROUP1_SHA1:
*primeGroup = dhPrimeGroup1;
*primeGroupSz = dhPrimeGroup1Sz;
*generator = dhGenerator;
*generatorSz = dhGeneratorSz;
break;
#endif
#ifndef WOLFSSH_NO_DH_GROUP14_SHA1
case ID_DH_GROUP14_SHA1:
*primeGroup = dhPrimeGroup14;
*primeGroupSz = dhPrimeGroup14Sz;
*generator = dhGenerator;
*generatorSz = dhGeneratorSz;
break;
#endif
#ifndef WOLFSSH_NO_DH_GEX_SHA256
case ID_DH_GEX_SHA256:
*primeGroup = dhPrimeGroup14;
*primeGroupSz = dhPrimeGroup14Sz;
*generator = dhGenerator;
*generatorSz = dhGeneratorSz;
break;
#endif
default:
ret = WS_INVALID_ALGO_ID;
}

return ret;
}
#endif /* !WOLFSSH_NO_DH */


/* Sets the signing key and hashes in the public key
* returns WS_SUCCESS on success */
static int SendKexGetSigningKey(WOLFSSH* ssh,
Expand Down Expand Up @@ -8721,6 +8761,11 @@ static int SendKexGetSigningKey(WOLFSSH* ssh,
if (ssh->handshake->kexId == ID_DH_GEX_SHA256) {
byte primeGroupPad = 0, generatorPad = 0;

if (GetDHPrimeGroup(ssh->handshake->kexId, &primeGroup,
&primeGroupSz, &generator, &generatorSz) != WS_SUCCESS) {
ret = WS_BAD_ARGUMENT;
}

/* Hash in the client's requested minimum key size. */
if (ret == 0) {
c32toa(ssh->handshake->dhGexMinSz, scratchLen);
Expand Down Expand Up @@ -8995,35 +9040,13 @@ int SendKexDhReply(WOLFSSH* ssh)
y_ptr = y_s;
#endif
if (ret == WS_SUCCESS) {
switch (ssh->handshake->kexId) {
#ifndef WOLFSSH_NO_DH_GROUP1_SHA1
case ID_DH_GROUP1_SHA1:
primeGroup = dhPrimeGroup1;
primeGroupSz = dhPrimeGroup1Sz;
generator = dhGenerator;
generatorSz = dhGeneratorSz;
break;
#endif
#ifndef WOLFSSH_NO_DH_GROUP14_SHA1
case ID_DH_GROUP14_SHA1:
primeGroup = dhPrimeGroup14;
primeGroupSz = dhPrimeGroup14Sz;
generator = dhGenerator;
generatorSz = dhGeneratorSz;
break;
#endif
#ifndef WOLFSSH_NO_DH_GEX_SHA256
case ID_DH_GEX_SHA256:
primeGroup = dhPrimeGroup14;
primeGroupSz = dhPrimeGroup14Sz;
generator = dhGenerator;
generatorSz = dhGeneratorSz;
msgId = MSGID_KEXDH_GEX_REPLY;
break;
#endif
default:
ret = WS_INVALID_ALGO_ID;
}
ret = GetDHPrimeGroup(ssh->handshake->kexId, &primeGroup,
&primeGroupSz, &generator, &generatorSz);
#ifndef WOLFSSH_NO_DH_GEX_SHA256
if (ssh->handshake->kexId == ID_DH_GEX_SHA256)
msgId = MSGID_KEXDH_GEX_REPLY;
#endif

if (ret == WS_SUCCESS) {
ret = wc_InitDhKey(privKey);
}
Expand Down

0 comments on commit 837393a

Please sign in to comment.