diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-01-21 09:55:52 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-01-21 21:47:28 +1100 |
commit | 5ae3f6d314465026d028af82609c1d49ad197655 (patch) | |
tree | 6fa154f6478dd9b35d90716573420f3c517c49ab | |
parent | 7be8572b32a15d5c3dba897f252e2e04e991c307 (diff) |
upstream: save the derived session id in kex_derive_keys() rather
than making each kex method implementation do it.
from markus@ ok djm@
OpenBSD-Commit-ID: d61ade9c8d1e13f665f8663c552abff8c8a30673
-rw-r--r-- | kex.c | 10 | ||||
-rw-r--r-- | kexc25519c.c | 13 | ||||
-rw-r--r-- | kexc25519s.c | 13 | ||||
-rw-r--r-- | kexdhc.c | 13 | ||||
-rw-r--r-- | kexdhs.c | 13 | ||||
-rw-r--r-- | kexecdhc.c | 13 | ||||
-rw-r--r-- | kexecdhs.c | 13 | ||||
-rw-r--r-- | kexgexc.c | 13 | ||||
-rw-r--r-- | kexgexs.c | 13 |
9 files changed, 17 insertions, 97 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.143 2018/12/27 03:25:25 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.144 2019/01/21 09:55:52 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -1009,6 +1009,14 @@ kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen, | |||
1009 | u_int i, j, mode, ctos; | 1009 | u_int i, j, mode, ctos; |
1010 | int r; | 1010 | int r; |
1011 | 1011 | ||
1012 | /* save initial hash as session id */ | ||
1013 | if (kex->session_id == NULL) { | ||
1014 | kex->session_id_len = hashlen; | ||
1015 | kex->session_id = malloc(kex->session_id_len); | ||
1016 | if (kex->session_id == NULL) | ||
1017 | return SSH_ERR_ALLOC_FAIL; | ||
1018 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
1019 | } | ||
1012 | for (i = 0; i < NKEYS; i++) { | 1020 | for (i = 0; i < NKEYS; i++) { |
1013 | if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen, | 1021 | if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen, |
1014 | shared_secret, &keys[i])) != 0) { | 1022 | shared_secret, &keys[i])) != 0) { |
diff --git a/kexc25519c.c b/kexc25519c.c index 75e7d8c57..59b4e4cc0 100644 --- a/kexc25519c.c +++ b/kexc25519c.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexc25519c.c,v 1.10 2018/12/27 03:25:25 djm Exp $ */ | 1 | /* $OpenBSD: kexc25519c.c,v 1.11 2019/01/21 09:55:52 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -144,17 +144,6 @@ input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh) | |||
144 | kex->hostkey_alg, ssh->compat)) != 0) | 144 | kex->hostkey_alg, ssh->compat)) != 0) |
145 | goto out; | 145 | goto out; |
146 | 146 | ||
147 | /* save session id */ | ||
148 | if (kex->session_id == NULL) { | ||
149 | kex->session_id_len = hashlen; | ||
150 | kex->session_id = malloc(kex->session_id_len); | ||
151 | if (kex->session_id == NULL) { | ||
152 | r = SSH_ERR_ALLOC_FAIL; | ||
153 | goto out; | ||
154 | } | ||
155 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
156 | } | ||
157 | |||
158 | if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) | 147 | if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) |
159 | r = kex_send_newkeys(ssh); | 148 | r = kex_send_newkeys(ssh); |
160 | out: | 149 | out: |
diff --git a/kexc25519s.c b/kexc25519s.c index 9ff74d912..65df18c4b 100644 --- a/kexc25519s.c +++ b/kexc25519s.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexc25519s.c,v 1.13 2019/01/19 21:43:56 djm Exp $ */ | 1 | /* $OpenBSD: kexc25519s.c,v 1.14 2019/01/21 09:55:52 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -121,17 +121,6 @@ input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh) | |||
121 | hash, &hashlen)) < 0) | 121 | hash, &hashlen)) < 0) |
122 | goto out; | 122 | goto out; |
123 | 123 | ||
124 | /* save session id := H */ | ||
125 | if (kex->session_id == NULL) { | ||
126 | kex->session_id_len = hashlen; | ||
127 | kex->session_id = malloc(kex->session_id_len); | ||
128 | if (kex->session_id == NULL) { | ||
129 | r = SSH_ERR_ALLOC_FAIL; | ||
130 | goto out; | ||
131 | } | ||
132 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
133 | } | ||
134 | |||
135 | /* sign H */ | 124 | /* sign H */ |
136 | if ((r = kex->sign(ssh, server_host_private, server_host_public, | 125 | if ((r = kex->sign(ssh, server_host_private, server_host_public, |
137 | &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) | 126 | &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexdhc.c,v 1.25 2019/01/21 09:54:11 djm Exp $ */ | 1 | /* $OpenBSD: kexdhc.c,v 1.26 2019/01/21 09:55:52 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -188,17 +188,6 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) | |||
188 | kex->hostkey_alg, ssh->compat)) != 0) | 188 | kex->hostkey_alg, ssh->compat)) != 0) |
189 | goto out; | 189 | goto out; |
190 | 190 | ||
191 | /* save session id */ | ||
192 | if (kex->session_id == NULL) { | ||
193 | kex->session_id_len = hashlen; | ||
194 | kex->session_id = malloc(kex->session_id_len); | ||
195 | if (kex->session_id == NULL) { | ||
196 | r = SSH_ERR_ALLOC_FAIL; | ||
197 | goto out; | ||
198 | } | ||
199 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
200 | } | ||
201 | |||
202 | if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) | 191 | if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) |
203 | r = kex_send_newkeys(ssh); | 192 | r = kex_send_newkeys(ssh); |
204 | out: | 193 | out: |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexdhs.c,v 1.31 2019/01/21 09:54:11 djm Exp $ */ | 1 | /* $OpenBSD: kexdhs.c,v 1.32 2019/01/21 09:55:52 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -173,17 +173,6 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) | |||
173 | hash, &hashlen)) != 0) | 173 | hash, &hashlen)) != 0) |
174 | goto out; | 174 | goto out; |
175 | 175 | ||
176 | /* save session id := H */ | ||
177 | if (kex->session_id == NULL) { | ||
178 | kex->session_id_len = hashlen; | ||
179 | kex->session_id = malloc(kex->session_id_len); | ||
180 | if (kex->session_id == NULL) { | ||
181 | r = SSH_ERR_ALLOC_FAIL; | ||
182 | goto out; | ||
183 | } | ||
184 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
185 | } | ||
186 | |||
187 | /* sign H */ | 176 | /* sign H */ |
188 | if ((r = kex->sign(ssh, server_host_private, server_host_public, | 177 | if ((r = kex->sign(ssh, server_host_private, server_host_public, |
189 | &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) | 178 | &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) |
diff --git a/kexecdhc.c b/kexecdhc.c index af556dc58..2cff34347 100644 --- a/kexecdhc.c +++ b/kexecdhc.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexecdhc.c,v 1.14 2018/12/27 03:25:25 djm Exp $ */ | 1 | /* $OpenBSD: kexecdhc.c,v 1.15 2019/01/21 09:55:52 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -190,17 +190,6 @@ input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh) | |||
190 | hashlen, kex->hostkey_alg, ssh->compat)) != 0) | 190 | hashlen, kex->hostkey_alg, ssh->compat)) != 0) |
191 | goto out; | 191 | goto out; |
192 | 192 | ||
193 | /* save session id */ | ||
194 | if (kex->session_id == NULL) { | ||
195 | kex->session_id_len = hashlen; | ||
196 | kex->session_id = malloc(kex->session_id_len); | ||
197 | if (kex->session_id == NULL) { | ||
198 | r = SSH_ERR_ALLOC_FAIL; | ||
199 | goto out; | ||
200 | } | ||
201 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
202 | } | ||
203 | |||
204 | if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) | 193 | if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) |
205 | r = kex_send_newkeys(ssh); | 194 | r = kex_send_newkeys(ssh); |
206 | out: | 195 | out: |
diff --git a/kexecdhs.c b/kexecdhs.c index 45ac3f794..4ba2072df 100644 --- a/kexecdhs.c +++ b/kexecdhs.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexecdhs.c,v 1.19 2019/01/19 21:43:56 djm Exp $ */ | 1 | /* $OpenBSD: kexecdhs.c,v 1.20 2019/01/21 09:55:52 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -156,17 +156,6 @@ input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh) | |||
156 | hash, &hashlen)) != 0) | 156 | hash, &hashlen)) != 0) |
157 | goto out; | 157 | goto out; |
158 | 158 | ||
159 | /* save session id := H */ | ||
160 | if (kex->session_id == NULL) { | ||
161 | kex->session_id_len = hashlen; | ||
162 | kex->session_id = malloc(kex->session_id_len); | ||
163 | if (kex->session_id == NULL) { | ||
164 | r = SSH_ERR_ALLOC_FAIL; | ||
165 | goto out; | ||
166 | } | ||
167 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
168 | } | ||
169 | |||
170 | /* sign H */ | 159 | /* sign H */ |
171 | if ((r = kex->sign(ssh, server_host_private, server_host_public, | 160 | if ((r = kex->sign(ssh, server_host_private, server_host_public, |
172 | &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) | 161 | &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexc.c,v 1.30 2019/01/21 09:54:11 djm Exp $ */ | 1 | /* $OpenBSD: kexgexc.c,v 1.31 2019/01/21 09:55:52 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -229,17 +229,6 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) | |||
229 | hashlen, kex->hostkey_alg, ssh->compat)) != 0) | 229 | hashlen, kex->hostkey_alg, ssh->compat)) != 0) |
230 | goto out; | 230 | goto out; |
231 | 231 | ||
232 | /* save session id */ | ||
233 | if (kex->session_id == NULL) { | ||
234 | kex->session_id_len = hashlen; | ||
235 | kex->session_id = malloc(kex->session_id_len); | ||
236 | if (kex->session_id == NULL) { | ||
237 | r = SSH_ERR_ALLOC_FAIL; | ||
238 | goto out; | ||
239 | } | ||
240 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
241 | } | ||
242 | |||
243 | if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) | 232 | if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) |
244 | r = kex_send_newkeys(ssh); | 233 | r = kex_send_newkeys(ssh); |
245 | out: | 234 | out: |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexs.c,v 1.38 2019/01/21 09:54:11 djm Exp $ */ | 1 | /* $OpenBSD: kexgexs.c,v 1.39 2019/01/21 09:55:52 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -207,17 +207,6 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) | |||
207 | hash, &hashlen)) != 0) | 207 | hash, &hashlen)) != 0) |
208 | goto out; | 208 | goto out; |
209 | 209 | ||
210 | /* save session id := H */ | ||
211 | if (kex->session_id == NULL) { | ||
212 | kex->session_id_len = hashlen; | ||
213 | kex->session_id = malloc(kex->session_id_len); | ||
214 | if (kex->session_id == NULL) { | ||
215 | r = SSH_ERR_ALLOC_FAIL; | ||
216 | goto out; | ||
217 | } | ||
218 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
219 | } | ||
220 | |||
221 | /* sign H */ | 210 | /* sign H */ |
222 | if ((r = kex->sign(ssh, server_host_private, server_host_public, | 211 | if ((r = kex->sign(ssh, server_host_private, server_host_public, |
223 | &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) | 212 | &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) |