diff options
author | Colin Watson <cjwatson@debian.org> | 2006-05-12 08:53:37 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2006-05-12 08:53:37 +0000 |
commit | 2ee73b36b9a35daeaa4b065046882dc1f5f551b6 (patch) | |
tree | f64a4ace625514e94759878c0b94ab0a79805bbd /kex.c | |
parent | 3c190ec8e469477ea65fbf4cc83062c65c281434 (diff) | |
parent | 3e2e0ac10674d77618c4c7339e18b83ced247492 (diff) |
Merge 4.3p2 to the trunk.
Diffstat (limited to 'kex.c')
-rw-r--r-- | kex.c | 37 |
1 files changed, 22 insertions, 15 deletions
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: kex.c,v 1.64 2005/07/25 11:59:39 markus Exp $"); | 26 | RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04 05:15:59 djm Exp $"); |
27 | 27 | ||
28 | #include <openssl/crypto.h> | 28 | #include <openssl/crypto.h> |
29 | 29 | ||
@@ -298,18 +298,23 @@ choose_kex(Kex *k, char *client, char *server) | |||
298 | fatal("no kex alg"); | 298 | fatal("no kex alg"); |
299 | if (strcmp(k->name, KEX_DH1) == 0) { | 299 | if (strcmp(k->name, KEX_DH1) == 0) { |
300 | k->kex_type = KEX_DH_GRP1_SHA1; | 300 | k->kex_type = KEX_DH_GRP1_SHA1; |
301 | k->evp_md = EVP_sha1(); | ||
301 | } else if (strcmp(k->name, KEX_DH14) == 0) { | 302 | } else if (strcmp(k->name, KEX_DH14) == 0) { |
302 | k->kex_type = KEX_DH_GRP14_SHA1; | 303 | k->kex_type = KEX_DH_GRP14_SHA1; |
303 | } else if (strcmp(k->name, KEX_DHGEX) == 0) { | 304 | k->evp_md = EVP_sha1(); |
305 | } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) { | ||
304 | k->kex_type = KEX_DH_GEX_SHA1; | 306 | k->kex_type = KEX_DH_GEX_SHA1; |
307 | k->evp_md = EVP_sha1(); | ||
305 | #ifdef GSSAPI | 308 | #ifdef GSSAPI |
306 | } else if (strncmp(k->name, KEX_GSS_SHA1, | 309 | } else if (strncmp(k->name, KEX_GSS_SHA1, |
307 | sizeof(KEX_GSS_SHA1)-1) == 0) { | 310 | sizeof(KEX_GSS_SHA1)-1) == 0) { |
308 | k->kex_type = KEX_GSS_GRP1_SHA1; | 311 | k->kex_type = KEX_GSS_GRP1_SHA1; |
312 | k->evp_md = EVP_sha1(); | ||
309 | #endif | 313 | #endif |
310 | } else | 314 | } else |
311 | fatal("bad kex alg %s", k->name); | 315 | fatal("bad kex alg %s", k->name); |
312 | } | 316 | } |
317 | |||
313 | static void | 318 | static void |
314 | choose_hostkeyalg(Kex *k, char *client, char *server) | 319 | choose_hostkeyalg(Kex *k, char *client, char *server) |
315 | { | 320 | { |
@@ -413,28 +418,28 @@ kex_choose_conf(Kex *kex) | |||
413 | } | 418 | } |
414 | 419 | ||
415 | static u_char * | 420 | static u_char * |
416 | derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret) | 421 | derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen, |
422 | BIGNUM *shared_secret) | ||
417 | { | 423 | { |
418 | Buffer b; | 424 | Buffer b; |
419 | const EVP_MD *evp_md = EVP_sha1(); | ||
420 | EVP_MD_CTX md; | 425 | EVP_MD_CTX md; |
421 | char c = id; | 426 | char c = id; |
422 | u_int have; | 427 | u_int have; |
423 | int mdsz = EVP_MD_size(evp_md); | 428 | int mdsz; |
424 | u_char *digest; | 429 | u_char *digest; |
425 | 430 | ||
426 | if (mdsz < 0) | 431 | if ((mdsz = EVP_MD_size(kex->evp_md)) <= 0) |
427 | fatal("derive_key: mdsz < 0"); | 432 | fatal("bad kex md size %d", mdsz); |
428 | digest = xmalloc(roundup(need, mdsz)); | 433 | digest = xmalloc(roundup(need, mdsz)); |
429 | 434 | ||
430 | buffer_init(&b); | 435 | buffer_init(&b); |
431 | buffer_put_bignum2(&b, shared_secret); | 436 | buffer_put_bignum2(&b, shared_secret); |
432 | 437 | ||
433 | /* K1 = HASH(K || H || "A" || session_id) */ | 438 | /* K1 = HASH(K || H || "A" || session_id) */ |
434 | EVP_DigestInit(&md, evp_md); | 439 | EVP_DigestInit(&md, kex->evp_md); |
435 | if (!(datafellows & SSH_BUG_DERIVEKEY)) | 440 | if (!(datafellows & SSH_BUG_DERIVEKEY)) |
436 | EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); | 441 | EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); |
437 | EVP_DigestUpdate(&md, hash, mdsz); | 442 | EVP_DigestUpdate(&md, hash, hashlen); |
438 | EVP_DigestUpdate(&md, &c, 1); | 443 | EVP_DigestUpdate(&md, &c, 1); |
439 | EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len); | 444 | EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len); |
440 | EVP_DigestFinal(&md, digest, NULL); | 445 | EVP_DigestFinal(&md, digest, NULL); |
@@ -445,10 +450,10 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret) | |||
445 | * Key = K1 || K2 || ... || Kn | 450 | * Key = K1 || K2 || ... || Kn |
446 | */ | 451 | */ |
447 | for (have = mdsz; need > have; have += mdsz) { | 452 | for (have = mdsz; need > have; have += mdsz) { |
448 | EVP_DigestInit(&md, evp_md); | 453 | EVP_DigestInit(&md, kex->evp_md); |
449 | if (!(datafellows & SSH_BUG_DERIVEKEY)) | 454 | if (!(datafellows & SSH_BUG_DERIVEKEY)) |
450 | EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); | 455 | EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); |
451 | EVP_DigestUpdate(&md, hash, mdsz); | 456 | EVP_DigestUpdate(&md, hash, hashlen); |
452 | EVP_DigestUpdate(&md, digest, have); | 457 | EVP_DigestUpdate(&md, digest, have); |
453 | EVP_DigestFinal(&md, digest + have, NULL); | 458 | EVP_DigestFinal(&md, digest + have, NULL); |
454 | } | 459 | } |
@@ -464,13 +469,15 @@ Newkeys *current_keys[MODE_MAX]; | |||
464 | 469 | ||
465 | #define NKEYS 6 | 470 | #define NKEYS 6 |
466 | void | 471 | void |
467 | kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret) | 472 | kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret) |
468 | { | 473 | { |
469 | u_char *keys[NKEYS]; | 474 | u_char *keys[NKEYS]; |
470 | u_int i, mode, ctos; | 475 | u_int i, mode, ctos; |
471 | 476 | ||
472 | for (i = 0; i < NKEYS; i++) | 477 | for (i = 0; i < NKEYS; i++) { |
473 | keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); | 478 | keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, hashlen, |
479 | shared_secret); | ||
480 | } | ||
474 | 481 | ||
475 | debug2("kex_derive_keys"); | 482 | debug2("kex_derive_keys"); |
476 | for (mode = 0; mode < MODE_MAX; mode++) { | 483 | for (mode = 0; mode < MODE_MAX; mode++) { |