diff options
author | Damien Miller <djm@mindrot.org> | 2001-03-30 10:47:14 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2001-03-30 10:47:14 +1000 |
commit | 2557bfc5d712cd3422921253be60be2fbb88a4f7 (patch) | |
tree | c615d4eaf1aa41da73112a41c950cb4b69200a53 | |
parent | d8f72ca6d5c8234699fc2c49b56837de554b2cf6 (diff) |
- (djm) OpenBSD CVS Sync
- provos@cvs.openbsd.org 2001/03/28 21:59:41
[kex.c kex.h sshconnect2.c sshd.c]
forgot to include min and max params in hash, okay markus@
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | kex.c | 12 | ||||
-rw-r--r-- | kex.h | 5 | ||||
-rw-r--r-- | sshconnect2.c | 11 | ||||
-rw-r--r-- | sshd.c | 11 |
5 files changed, 35 insertions, 10 deletions
@@ -1,5 +1,9 @@ | |||
1 | 20010330 | 1 | 20010330 |
2 | - (djm) Another openbsd-compat/glob.c sync | 2 | - (djm) Another openbsd-compat/glob.c sync |
3 | - (djm) OpenBSD CVS Sync | ||
4 | - provos@cvs.openbsd.org 2001/03/28 21:59:41 | ||
5 | [kex.c kex.h sshconnect2.c sshd.c] | ||
6 | forgot to include min and max params in hash, okay markus@ | ||
3 | 7 | ||
4 | 20010329 | 8 | 20010329 |
5 | - OpenBSD CVS Sync | 9 | - OpenBSD CVS Sync |
@@ -4770,4 +4774,4 @@ | |||
4770 | - Wrote replacements for strlcpy and mkdtemp | 4774 | - Wrote replacements for strlcpy and mkdtemp |
4771 | - Released 1.0pre1 | 4775 | - Released 1.0pre1 |
4772 | 4776 | ||
4773 | $Id: ChangeLog,v 1.1035 2001/03/30 00:23:17 djm Exp $ | 4777 | $Id: ChangeLog,v 1.1036 2001/03/30 00:47:14 djm Exp $ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: kex.c,v 1.23 2001/03/10 17:51:04 markus Exp $"); | 26 | RCSID("$OpenBSD: kex.c,v 1.24 2001/03/28 21:59:40 provos Exp $"); |
27 | 27 | ||
28 | #include <openssl/crypto.h> | 28 | #include <openssl/crypto.h> |
29 | #include <openssl/bio.h> | 29 | #include <openssl/bio.h> |
@@ -290,7 +290,7 @@ kex_hash_gex( | |||
290 | char *ckexinit, int ckexinitlen, | 290 | char *ckexinit, int ckexinitlen, |
291 | char *skexinit, int skexinitlen, | 291 | char *skexinit, int skexinitlen, |
292 | char *serverhostkeyblob, int sbloblen, | 292 | char *serverhostkeyblob, int sbloblen, |
293 | int minbits, BIGNUM *prime, BIGNUM *gen, | 293 | int min, int wantbits, int max, BIGNUM *prime, BIGNUM *gen, |
294 | BIGNUM *client_dh_pub, | 294 | BIGNUM *client_dh_pub, |
295 | BIGNUM *server_dh_pub, | 295 | BIGNUM *server_dh_pub, |
296 | BIGNUM *shared_secret) | 296 | BIGNUM *shared_secret) |
@@ -313,7 +313,13 @@ kex_hash_gex( | |||
313 | buffer_append(&b, skexinit, skexinitlen); | 313 | buffer_append(&b, skexinit, skexinitlen); |
314 | 314 | ||
315 | buffer_put_string(&b, serverhostkeyblob, sbloblen); | 315 | buffer_put_string(&b, serverhostkeyblob, sbloblen); |
316 | buffer_put_int(&b, minbits); | 316 | if (min == -1 || max == -1) |
317 | buffer_put_int(&b, wantbits); | ||
318 | else { | ||
319 | buffer_put_int(&b, min); | ||
320 | buffer_put_int(&b, wantbits); | ||
321 | buffer_put_int(&b, max); | ||
322 | } | ||
317 | buffer_put_bignum2(&b, prime); | 323 | buffer_put_bignum2(&b, prime); |
318 | buffer_put_bignum2(&b, gen); | 324 | buffer_put_bignum2(&b, gen); |
319 | buffer_put_bignum2(&b, client_dh_pub); | 325 | buffer_put_bignum2(&b, client_dh_pub); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.h,v 1.15 2001/03/05 17:17:20 markus Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.16 2001/03/28 21:59:40 provos Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -127,7 +127,8 @@ kex_hash_gex( | |||
127 | char *ckexinit, int ckexinitlen, | 127 | char *ckexinit, int ckexinitlen, |
128 | char *skexinit, int skexinitlen, | 128 | char *skexinit, int skexinitlen, |
129 | char *serverhostkeyblob, int sbloblen, | 129 | char *serverhostkeyblob, int sbloblen, |
130 | int minbits, BIGNUM *prime, BIGNUM *gen, | 130 | int min, int wantbits, int max, |
131 | BIGNUM *prime, BIGNUM *gen, | ||
131 | BIGNUM *client_dh_pub, | 132 | BIGNUM *client_dh_pub, |
132 | BIGNUM *server_dh_pub, | 133 | BIGNUM *server_dh_pub, |
133 | BIGNUM *shared_secret); | 134 | BIGNUM *shared_secret); |
diff --git a/sshconnect2.c b/sshconnect2.c index da8c8229c..7a8c77b67 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.57 2001/03/27 17:46:49 provos Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.58 2001/03/28 21:59:40 provos Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/md5.h> | 29 | #include <openssl/md5.h> |
@@ -440,6 +440,12 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
440 | memset(kbuf, 0, klen); | 440 | memset(kbuf, 0, klen); |
441 | xfree(kbuf); | 441 | xfree(kbuf); |
442 | 442 | ||
443 | if (datafellows & SSH_OLD_DHGEX) { | ||
444 | /* These values are not included in the hash */ | ||
445 | min = -1; | ||
446 | max = -1; | ||
447 | } | ||
448 | |||
443 | /* calc and verify H */ | 449 | /* calc and verify H */ |
444 | hash = kex_hash_gex( | 450 | hash = kex_hash_gex( |
445 | client_version_string, | 451 | client_version_string, |
@@ -447,7 +453,8 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
447 | buffer_ptr(client_kexinit), buffer_len(client_kexinit), | 453 | buffer_ptr(client_kexinit), buffer_len(client_kexinit), |
448 | buffer_ptr(server_kexinit), buffer_len(server_kexinit), | 454 | buffer_ptr(server_kexinit), buffer_len(server_kexinit), |
449 | server_host_key_blob, sbloblen, | 455 | server_host_key_blob, sbloblen, |
450 | nbits, dh->p, dh->g, | 456 | min, nbits, max, |
457 | dh->p, dh->g, | ||
451 | dh->pub_key, | 458 | dh->pub_key, |
452 | dh_server_pub, | 459 | dh_server_pub, |
453 | shared_secret | 460 | shared_secret |
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: sshd.c,v 1.182 2001/03/28 20:50:45 markus Exp $"); | 43 | RCSID("$OpenBSD: sshd.c,v 1.183 2001/03/28 21:59:41 provos Exp $"); |
44 | 44 | ||
45 | #include <openssl/dh.h> | 45 | #include <openssl/dh.h> |
46 | #include <openssl/bn.h> | 46 | #include <openssl/bn.h> |
@@ -1720,6 +1720,12 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) | |||
1720 | /* XXX precompute? */ | 1720 | /* XXX precompute? */ |
1721 | key_to_blob(hostkey, &server_host_key_blob, &sbloblen); | 1721 | key_to_blob(hostkey, &server_host_key_blob, &sbloblen); |
1722 | 1722 | ||
1723 | if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) { | ||
1724 | /* These values are not included in the hash */ | ||
1725 | min = -1; | ||
1726 | max = -1; | ||
1727 | } | ||
1728 | |||
1723 | /* calc H */ /* XXX depends on 'kex' */ | 1729 | /* calc H */ /* XXX depends on 'kex' */ |
1724 | hash = kex_hash_gex( | 1730 | hash = kex_hash_gex( |
1725 | client_version_string, | 1731 | client_version_string, |
@@ -1727,7 +1733,8 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) | |||
1727 | buffer_ptr(client_kexinit), buffer_len(client_kexinit), | 1733 | buffer_ptr(client_kexinit), buffer_len(client_kexinit), |
1728 | buffer_ptr(server_kexinit), buffer_len(server_kexinit), | 1734 | buffer_ptr(server_kexinit), buffer_len(server_kexinit), |
1729 | (char *)server_host_key_blob, sbloblen, | 1735 | (char *)server_host_key_blob, sbloblen, |
1730 | nbits, dh->p, dh->g, | 1736 | min, nbits, max, |
1737 | dh->p, dh->g, | ||
1731 | dh_client_pub, | 1738 | dh_client_pub, |
1732 | dh->pub_key, | 1739 | dh->pub_key, |
1733 | shared_secret | 1740 | shared_secret |