summaryrefslogtreecommitdiff
path: root/kex.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2006-05-12 08:53:37 +0000
committerColin Watson <cjwatson@debian.org>2006-05-12 08:53:37 +0000
commit2ee73b36b9a35daeaa4b065046882dc1f5f551b6 (patch)
treef64a4ace625514e94759878c0b94ab0a79805bbd /kex.c
parent3c190ec8e469477ea65fbf4cc83062c65c281434 (diff)
parent3e2e0ac10674d77618c4c7339e18b83ced247492 (diff)
Merge 4.3p2 to the trunk.
Diffstat (limited to 'kex.c')
-rw-r--r--kex.c37
1 files changed, 22 insertions, 15 deletions
diff --git a/kex.c b/kex.c
index e7147ae74..e0b9d5872 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kex.c,v 1.64 2005/07/25 11:59:39 markus Exp $"); 26RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04 05:15:59 djm Exp $");
27 27
28#include <openssl/crypto.h> 28#include <openssl/crypto.h>
29 29
@@ -298,18 +298,23 @@ choose_kex(Kex *k, char *client, char *server)
298 fatal("no kex alg"); 298 fatal("no kex alg");
299 if (strcmp(k->name, KEX_DH1) == 0) { 299 if (strcmp(k->name, KEX_DH1) == 0) {
300 k->kex_type = KEX_DH_GRP1_SHA1; 300 k->kex_type = KEX_DH_GRP1_SHA1;
301 k->evp_md = EVP_sha1();
301 } else if (strcmp(k->name, KEX_DH14) == 0) { 302 } else if (strcmp(k->name, KEX_DH14) == 0) {
302 k->kex_type = KEX_DH_GRP14_SHA1; 303 k->kex_type = KEX_DH_GRP14_SHA1;
303 } else if (strcmp(k->name, KEX_DHGEX) == 0) { 304 k->evp_md = EVP_sha1();
305 } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) {
304 k->kex_type = KEX_DH_GEX_SHA1; 306 k->kex_type = KEX_DH_GEX_SHA1;
307 k->evp_md = EVP_sha1();
305#ifdef GSSAPI 308#ifdef GSSAPI
306 } else if (strncmp(k->name, KEX_GSS_SHA1, 309 } else if (strncmp(k->name, KEX_GSS_SHA1,
307 sizeof(KEX_GSS_SHA1)-1) == 0) { 310 sizeof(KEX_GSS_SHA1)-1) == 0) {
308 k->kex_type = KEX_GSS_GRP1_SHA1; 311 k->kex_type = KEX_GSS_GRP1_SHA1;
312 k->evp_md = EVP_sha1();
309#endif 313#endif
310 } else 314 } else
311 fatal("bad kex alg %s", k->name); 315 fatal("bad kex alg %s", k->name);
312} 316}
317
313static void 318static void
314choose_hostkeyalg(Kex *k, char *client, char *server) 319choose_hostkeyalg(Kex *k, char *client, char *server)
315{ 320{
@@ -413,28 +418,28 @@ kex_choose_conf(Kex *kex)
413} 418}
414 419
415static u_char * 420static u_char *
416derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret) 421derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen,
422 BIGNUM *shared_secret)
417{ 423{
418 Buffer b; 424 Buffer b;
419 const EVP_MD *evp_md = EVP_sha1();
420 EVP_MD_CTX md; 425 EVP_MD_CTX md;
421 char c = id; 426 char c = id;
422 u_int have; 427 u_int have;
423 int mdsz = EVP_MD_size(evp_md); 428 int mdsz;
424 u_char *digest; 429 u_char *digest;
425 430
426 if (mdsz < 0) 431 if ((mdsz = EVP_MD_size(kex->evp_md)) <= 0)
427 fatal("derive_key: mdsz < 0"); 432 fatal("bad kex md size %d", mdsz);
428 digest = xmalloc(roundup(need, mdsz)); 433 digest = xmalloc(roundup(need, mdsz));
429 434
430 buffer_init(&b); 435 buffer_init(&b);
431 buffer_put_bignum2(&b, shared_secret); 436 buffer_put_bignum2(&b, shared_secret);
432 437
433 /* K1 = HASH(K || H || "A" || session_id) */ 438 /* K1 = HASH(K || H || "A" || session_id) */
434 EVP_DigestInit(&md, evp_md); 439 EVP_DigestInit(&md, kex->evp_md);
435 if (!(datafellows & SSH_BUG_DERIVEKEY)) 440 if (!(datafellows & SSH_BUG_DERIVEKEY))
436 EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); 441 EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
437 EVP_DigestUpdate(&md, hash, mdsz); 442 EVP_DigestUpdate(&md, hash, hashlen);
438 EVP_DigestUpdate(&md, &c, 1); 443 EVP_DigestUpdate(&md, &c, 1);
439 EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len); 444 EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len);
440 EVP_DigestFinal(&md, digest, NULL); 445 EVP_DigestFinal(&md, digest, NULL);
@@ -445,10 +450,10 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret)
445 * Key = K1 || K2 || ... || Kn 450 * Key = K1 || K2 || ... || Kn
446 */ 451 */
447 for (have = mdsz; need > have; have += mdsz) { 452 for (have = mdsz; need > have; have += mdsz) {
448 EVP_DigestInit(&md, evp_md); 453 EVP_DigestInit(&md, kex->evp_md);
449 if (!(datafellows & SSH_BUG_DERIVEKEY)) 454 if (!(datafellows & SSH_BUG_DERIVEKEY))
450 EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); 455 EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
451 EVP_DigestUpdate(&md, hash, mdsz); 456 EVP_DigestUpdate(&md, hash, hashlen);
452 EVP_DigestUpdate(&md, digest, have); 457 EVP_DigestUpdate(&md, digest, have);
453 EVP_DigestFinal(&md, digest + have, NULL); 458 EVP_DigestFinal(&md, digest + have, NULL);
454 } 459 }
@@ -464,13 +469,15 @@ Newkeys *current_keys[MODE_MAX];
464 469
465#define NKEYS 6 470#define NKEYS 6
466void 471void
467kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret) 472kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret)
468{ 473{
469 u_char *keys[NKEYS]; 474 u_char *keys[NKEYS];
470 u_int i, mode, ctos; 475 u_int i, mode, ctos;
471 476
472 for (i = 0; i < NKEYS; i++) 477 for (i = 0; i < NKEYS; i++) {
473 keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); 478 keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, hashlen,
479 shared_secret);
480 }
474 481
475 debug2("kex_derive_keys"); 482 debug2("kex_derive_keys");
476 for (mode = 0; mode < MODE_MAX; mode++) { 483 for (mode = 0; mode < MODE_MAX; mode++) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-28 17:48:27 +0000