summaryrefslogtreecommitdiff
path: root/kex.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2016-12-20 00:22:52 +0000
committerColin Watson <cjwatson@debian.org>2016-12-20 00:22:52 +0000
commit971a7653746a6972b907dfe0ce139c06e4a6f482 (patch)
tree70fb964265d57ae4967be55b75dbb2a122e9b969 /kex.c
parenta8ed8d256b2e2c05b0c15565a7938028c5192277 (diff)
parent4a354fc231174901f2629437c2a6e924a2dd6772 (diff)
Import openssh_7.4p1.orig.tar.gz
Diffstat (limited to 'kex.c')
-rw-r--r--kex.c44
1 files changed, 26 insertions, 18 deletions
diff --git a/kex.c b/kex.c
index 50c7a0f9b..6a94bc535 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.118 2016/05/02 10:26:04 djm Exp $ */ 1/* $OpenBSD: kex.c,v 1.127 2016/10/10 19:28:48 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -25,7 +25,6 @@
25 25
26#include "includes.h" 26#include "includes.h"
27 27
28#include <sys/param.h> /* MAX roundup */
29 28
30#include <signal.h> 29#include <signal.h>
31#include <stdarg.h> 30#include <stdarg.h>
@@ -110,6 +109,7 @@ static const struct kexalg kexalgs[] = {
110#endif /* WITH_OPENSSL */ 109#endif /* WITH_OPENSSL */
111#if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL) 110#if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
112 { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, 111 { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
112 { KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
113#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ 113#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
114 { NULL, -1, -1, -1}, 114 { NULL, -1, -1, -1},
115}; 115};
@@ -341,14 +341,21 @@ static int
341kex_send_ext_info(struct ssh *ssh) 341kex_send_ext_info(struct ssh *ssh)
342{ 342{
343 int r; 343 int r;
344 char *algs;
344 345
346 if ((algs = sshkey_alg_list(0, 1, ',')) == NULL)
347 return SSH_ERR_ALLOC_FAIL;
345 if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || 348 if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 ||
346 (r = sshpkt_put_u32(ssh, 1)) != 0 || 349 (r = sshpkt_put_u32(ssh, 1)) != 0 ||
347 (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 || 350 (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 ||
348 (r = sshpkt_put_cstring(ssh, "rsa-sha2-256,rsa-sha2-512")) != 0 || 351 (r = sshpkt_put_cstring(ssh, algs)) != 0 ||
349 (r = sshpkt_send(ssh)) != 0) 352 (r = sshpkt_send(ssh)) != 0)
350 return r; 353 goto out;
351 return 0; 354 /* success */
355 r = 0;
356 out:
357 free(algs);
358 return r;
352} 359}
353 360
354int 361int
@@ -419,6 +426,8 @@ kex_input_newkeys(int type, u_int32_t seq, void *ctxt)
419 ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error); 426 ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error);
420 if ((r = sshpkt_get_end(ssh)) != 0) 427 if ((r = sshpkt_get_end(ssh)) != 0)
421 return r; 428 return r;
429 if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
430 return r;
422 kex->done = 1; 431 kex->done = 1;
423 sshbuf_reset(kex->peer); 432 sshbuf_reset(kex->peer);
424 /* sshbuf_reset(kex->my); */ 433 /* sshbuf_reset(kex->my); */
@@ -472,6 +481,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
472 if (kex == NULL) 481 if (kex == NULL)
473 return SSH_ERR_INVALID_ARGUMENT; 482 return SSH_ERR_INVALID_ARGUMENT;
474 483
484 ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
475 ptr = sshpkt_ptr(ssh, &dlen); 485 ptr = sshpkt_ptr(ssh, &dlen);
476 if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) 486 if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
477 return r; 487 return r;
@@ -775,10 +785,8 @@ kex_choose_conf(struct ssh *ssh)
775 char *ext; 785 char *ext;
776 786
777 ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL); 787 ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL);
778 if (ext) { 788 kex->ext_info_c = (ext != NULL);
779 kex->ext_info_c = 1; 789 free(ext);
780 free(ext);
781 }
782 } 790 }
783 791
784 /* Algorithm Negotiation */ 792 /* Algorithm Negotiation */
@@ -835,14 +843,14 @@ kex_choose_conf(struct ssh *ssh)
835 need = dh_need = 0; 843 need = dh_need = 0;
836 for (mode = 0; mode < MODE_MAX; mode++) { 844 for (mode = 0; mode < MODE_MAX; mode++) {
837 newkeys = kex->newkeys[mode]; 845 newkeys = kex->newkeys[mode];
838 need = MAX(need, newkeys->enc.key_len); 846 need = MAXIMUM(need, newkeys->enc.key_len);
839 need = MAX(need, newkeys->enc.block_size); 847 need = MAXIMUM(need, newkeys->enc.block_size);
840 need = MAX(need, newkeys->enc.iv_len); 848 need = MAXIMUM(need, newkeys->enc.iv_len);
841 need = MAX(need, newkeys->mac.key_len); 849 need = MAXIMUM(need, newkeys->mac.key_len);
842 dh_need = MAX(dh_need, cipher_seclen(newkeys->enc.cipher)); 850 dh_need = MAXIMUM(dh_need, cipher_seclen(newkeys->enc.cipher));
843 dh_need = MAX(dh_need, newkeys->enc.block_size); 851 dh_need = MAXIMUM(dh_need, newkeys->enc.block_size);
844 dh_need = MAX(dh_need, newkeys->enc.iv_len); 852 dh_need = MAXIMUM(dh_need, newkeys->enc.iv_len);
845 dh_need = MAX(dh_need, newkeys->mac.key_len); 853 dh_need = MAXIMUM(dh_need, newkeys->mac.key_len);
846 } 854 }
847 /* XXX need runden? */ 855 /* XXX need runden? */
848 kex->we_need = need; 856 kex->we_need = need;
@@ -873,7 +881,7 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
873 881
874 if ((mdsz = ssh_digest_bytes(kex->hash_alg)) == 0) 882 if ((mdsz = ssh_digest_bytes(kex->hash_alg)) == 0)
875 return SSH_ERR_INVALID_ARGUMENT; 883 return SSH_ERR_INVALID_ARGUMENT;
876 if ((digest = calloc(1, roundup(need, mdsz))) == NULL) { 884 if ((digest = calloc(1, ROUNDUP(need, mdsz))) == NULL) {
877 r = SSH_ERR_ALLOC_FAIL; 885 r = SSH_ERR_ALLOC_FAIL;
878 goto out; 886 goto out;
879 } 887 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 09:46:50 +0000