upstream commit

deprecate ancient, pre-RFC4419 and undocumented SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems reasonable" dtucker@
author: djm@openbsd.org <djm@openbsd.org> 2015-04-13 02:04:08 +0000
committer: Damien Miller <djm@mindrot.org> 2015-04-13 14:37:20 +1000
commit: 318be28cda1fd9108f2e6f2f86b0b7589ba2aed0 (patch)
tree: 9651309f44099c3027441916c53622a58f34e1a5 /kexgexs.c
parent: d8f391caef62378463a0e6b36f940170dadfe605 (diff)
1 files changed, 13 insertions, 36 deletions
diff --git a/kexgexs.c b/kexgexs.c
index 9c281d288..ff6c6879e 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.24 2015/01/26 06:10:03 djm Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.25 2015/04/13 02:04:08 djm Exp $ */
 /*
 * Copyright (c) 2000 Niels Provos.  All rights reserved.
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -60,8 +60,6 @@ static int input_kex_dh_gex_init(int, u_int32_t, void *);
 int
 kexgex_server(struct ssh *ssh)
 {
-        ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST_OLD,
-            &input_kex_dh_gex_request);
        ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST,
            &input_kex_dh_gex_request);
        debug("expecting SSH2_MSG_KEX_DH_GEX_REQUEST");
@@ -76,36 +74,19 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt)
        int r;
        u_int min = 0, max = 0, nbits = 0;
-        switch (type) {
+        debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
-        case SSH2_MSG_KEX_DH_GEX_REQUEST:
+        if ((r = sshpkt_get_u32(ssh, &min)) != 0 ||
-                debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
+            (r = sshpkt_get_u32(ssh, &nbits)) != 0 ||
-                if ((r = sshpkt_get_u32(ssh, &min)) != 0 ||
+            (r = sshpkt_get_u32(ssh, &max)) != 0 ||
-                    (r = sshpkt_get_u32(ssh, &nbits)) != 0 ||
+            (r = sshpkt_get_end(ssh)) != 0)
-                    (r = sshpkt_get_u32(ssh, &max)) != 0 ||
-                    (r = sshpkt_get_end(ssh)) != 0)
-                        goto out;
-                kex->nbits = nbits;
-                kex->min = min;
-                kex->max = max;
-                min = MAX(DH_GRP_MIN, min);
-                max = MIN(DH_GRP_MAX, max);
-                nbits = MAX(DH_GRP_MIN, nbits);
-                nbits = MIN(DH_GRP_MAX, nbits);
-                break;
-        case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
-                debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
-                if ((r = sshpkt_get_u32(ssh, &nbits)) != 0 ||
-                    (r = sshpkt_get_end(ssh)) != 0)
-                        goto out;
-                kex->nbits = nbits;
-                /* unused for old GEX */
-                kex->min = min = DH_GRP_MIN;
-                kex->max = max = DH_GRP_MAX;
-                break;
-        default:
-                r = SSH_ERR_INVALID_ARGUMENT;
                goto out;
-        }
+        kex->nbits = nbits;
+        kex->min = min;
+        kex->max = max;
+        min = MAX(DH_GRP_MIN, min);
+        max = MIN(DH_GRP_MAX, max);
+        nbits = MAX(DH_GRP_MIN, nbits);
+        nbits = MIN(DH_GRP_MAX, nbits);
        if (kex->max < kex->min || kex->nbits < kex->min ||
            kex->max < kex->nbits) {
@@ -131,10 +112,6 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt)
        if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
                goto out;
-        /* old KEX does not use min/max in kexgex_hash() */
-        if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
-                kex->min = kex->max = -1;
        debug("expecting SSH2_MSG_KEX_DH_GEX_INIT");
        ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init);
        r = 0;
author	djm@openbsd.org <djm@openbsd.org>	2015-04-13 02:04:08 +0000
committer	Damien Miller <djm@mindrot.org>	2015-04-13 14:37:20 +1000
commit	318be28cda1fd9108f2e6f2f86b0b7589ba2aed0 (patch)
tree	9651309f44099c3027441916c53622a58f34e1a5 /kexgexs.c
parent	d8f391caef62378463a0e6b36f940170dadfe605 (diff)