- provos@cvs.openbsd.org 2000/12/15 10:30:15

[kex.c kex.h sshconnect2.c sshd.c]
     compute diffie-hellman in parallel between server and client. okay markus@

ChangeLog

@@ -27,6 +27,9 @@
    - deraadt@cvs.openbsd.org 2000/12/11 10:27:33
      [scp.c]
      when copying 0-sized files, do not re-print ETA time at completion
+   - provos@cvs.openbsd.org 2000/12/15 10:30:15
+     [kex.c kex.h sshconnect2.c sshd.c]
+     compute diffie-hellman in parallel between server and client. okay markus@
 
 20001213
  - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report

kex.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.13 2000/11/12 19:50:37 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.14 2000/12/15 17:30:14 provos Exp $");
 
 #include "ssh.h"
 #include "ssh2.h"
@@ -139,7 +139,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
 	return 0;
 }
 
-DH *
+void
 dh_gen_key(DH *dh)
 {
 	int tries = 0;
@@ -150,7 +150,6 @@ dh_gen_key(DH *dh)
 		if (tries++ > 10)
 			fatal("dh_new_group1: too many bad keys: giving up");
 	} while (!dh_pub_is_valid(dh, dh->pub_key));
-	return dh;
 }
 
 DH *
@@ -168,9 +167,14 @@ dh_new_group_asc(const char *gen, const char *modulus)
 	if ((ret = BN_hex2bn(&dh->g, gen)) < 0)
 		fatal("BN_hex2bn g");
 
-	return (dh_gen_key(dh));
+	return (dh);
 }
 
+/*
+ * This just returns the group, we still need to generate the exchange
+ * value.
+ */
+
 DH *
 dh_new_group(BIGNUM *gen, BIGNUM *modulus)
 {
@@ -182,7 +186,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus)
 	dh->p = modulus;
 	dh->g = gen;
 
-	return (dh_gen_key(dh));
+	return (dh);
 }
 
 DH *

kex.h

@@ -102,6 +102,7 @@ void	packet_set_kex(Kex *k);
 int	dh_pub_is_valid(DH *dh, BIGNUM *dh_pub);
 DH	*dh_new_group_asc(const char *, const char *);
 DH	*dh_new_group(BIGNUM *, BIGNUM *);
+void	dh_gen_key();
 DH	*dh_new_group1();
 
 unsigned char *

sshconnect2.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.30 2000/12/03 11:15:04 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.31 2000/12/15 17:30:14 provos Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
@@ -166,6 +166,7 @@ ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr,
 	debug("Sending SSH2_MSG_KEXDH_INIT.");
 	/* generate and send 'e', client DH public key */
 	dh = dh_new_group1();
+	dh_gen_key(dh);
 	packet_start(SSH2_MSG_KEXDH_INIT);
 	packet_put_bignum2(dh->pub_key);
 	packet_send();
@@ -334,6 +335,8 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr,
 	if ((dh = dh_new_group(g, p)) == NULL)
 		fatal("dh_new_group");
 
+	dh_gen_key(dh);
+
 #ifdef DEBUG_KEXDH
 	fprintf(stderr, "\np= ");
 	BN_print_fp(stderr, dh->p);

sshd.c

@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.137 2000/12/12 21:45:21 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.139 2000/12/15 17:30:14 provos Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -1452,6 +1452,10 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
 		fatal("Unsupported hostkey type %d", kex->hostkey_type);
 
 /* KEXDH */
+	/* generate DH key */
+	dh = dh_new_group1();			/* XXX depends on 'kex' */
+	dh_gen_key(dh);
+
 	debug("Wait SSH2_MSG_KEXDH_INIT.");
 	packet_read_expect(&payload_len, SSH2_MSG_KEXDH_INIT);
 
@@ -1468,9 +1472,6 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
 	debug("bits %d", BN_num_bits(dh_client_pub));
 #endif
 
-	/* generate DH key */
-	dh = dh_new_group1();			/* XXX depends on 'kex' */
-
 #ifdef DEBUG_KEXDH
 	fprintf(stderr, "\np= ");
 	BN_print_fp(stderr, dh->p);
@@ -1592,6 +1593,10 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
 	packet_send();
 	packet_write_wait();
 
+	/* Compute our exchange value in parallel with the client */
+
+	dh_gen_key(dh);
+
 	debug("Wait SSH2_MSG_KEX_DH_GEX_INIT.");
 	packet_read_expect(&payload_len, SSH2_MSG_KEX_DH_GEX_INIT);