summaryrefslogtreecommitdiff
path: root/sshconnect2.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-12-27 03:25:24 +0000
committerDamien Miller <djm@mindrot.org>2018-12-27 14:38:22 +1100
commit0a843d9a0e805f14653a555f5c7a8ba99d62c12d (patch)
tree481f36e9fd1918be5449e369a97c086a1a8d2432 /sshconnect2.c
parent434b587afe41c19391821e7392005068fda76248 (diff)
upstream: move client/server SSH-* banners to buffers under
ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@ OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
Diffstat (limited to 'sshconnect2.c')
-rw-r--r--sshconnect2.c49
1 files changed, 23 insertions, 26 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index adb4e4cbd..19caebabc 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.290 2018/11/28 06:00:38 djm Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.291 2018/12/27 03:25:25 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -155,11 +155,10 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
155} 155}
156 156
157void 157void
158ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) 158ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
159{ 159{
160 char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; 160 char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
161 char *s, *all_key; 161 char *s, *all_key;
162 struct kex *kex;
163 int r; 162 int r;
164 163
165 xxx_host = host; 164 xxx_host = host;
@@ -199,36 +198,33 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
199 options.rekey_interval); 198 options.rekey_interval);
200 199
201 /* start key exchange */ 200 /* start key exchange */
202 if ((r = kex_setup(active_state, myproposal)) != 0) 201 if ((r = kex_setup(ssh, myproposal)) != 0)
203 fatal("kex_setup: %s", ssh_err(r)); 202 fatal("kex_setup: %s", ssh_err(r));
204 kex = active_state->kex;
205#ifdef WITH_OPENSSL 203#ifdef WITH_OPENSSL
206 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; 204 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
207 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; 205 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
208 kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; 206 ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
209 kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; 207 ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
210 kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; 208 ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
211 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 209 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
212 kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; 210 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
213# ifdef OPENSSL_HAS_ECC 211# ifdef OPENSSL_HAS_ECC
214 kex->kex[KEX_ECDH_SHA2] = kexecdh_client; 212 ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
215# endif 213# endif
216#endif 214#endif
217 kex->kex[KEX_C25519_SHA256] = kexc25519_client; 215 ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
218 kex->client_version_string=client_version_string; 216 ssh->kex->verify_host_key=&verify_host_key_callback;
219 kex->server_version_string=server_version_string;
220 kex->verify_host_key=&verify_host_key_callback;
221 217
222 ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done); 218 ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);
223 219
224 /* remove ext-info from the KEX proposals for rekeying */ 220 /* remove ext-info from the KEX proposals for rekeying */
225 myproposal[PROPOSAL_KEX_ALGS] = 221 myproposal[PROPOSAL_KEX_ALGS] =
226 compat_kex_proposal(options.kex_algorithms); 222 compat_kex_proposal(options.kex_algorithms);
227 if ((r = kex_prop2buf(kex->my, myproposal)) != 0) 223 if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
228 fatal("kex_prop2buf: %s", ssh_err(r)); 224 fatal("kex_prop2buf: %s", ssh_err(r));
229 225
230 session_id2 = kex->session_id; 226 session_id2 = ssh->kex->session_id;
231 session_id2_len = kex->session_id_len; 227 session_id2_len = ssh->kex->session_id_len;
232 228
233#ifdef DEBUG_KEXDH 229#ifdef DEBUG_KEXDH
234 /* send 1st encrypted/maced/compressed message */ 230 /* send 1st encrypted/maced/compressed message */
@@ -365,10 +361,9 @@ Authmethod authmethods[] = {
365}; 361};
366 362
367void 363void
368ssh_userauth2(const char *local_user, const char *server_user, char *host, 364ssh_userauth2(struct ssh *ssh, const char *local_user,
369 Sensitive *sensitive) 365 const char *server_user, char *host, Sensitive *sensitive)
370{ 366{
371 struct ssh *ssh = active_state;
372 Authctxt authctxt; 367 Authctxt authctxt;
373 int r; 368 int r;
374 369
@@ -392,8 +387,10 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
392 authctxt.info_req_seen = 0; 387 authctxt.info_req_seen = 0;
393 authctxt.agent_fd = -1; 388 authctxt.agent_fd = -1;
394 pubkey_prepare(&authctxt); 389 pubkey_prepare(&authctxt);
395 if (authctxt.method == NULL) 390 if (authctxt.method == NULL) {
396 fatal("ssh_userauth2: internal error: cannot send userauth none request"); 391 fatal("%s: internal error: cannot send userauth none request",
392 __func__);
393 }
397 394
398 if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 || 395 if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 ||
399 (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 || 396 (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 ||