diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-29 00:36:16 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-29 00:36:16 +0000 |
commit | df221391e620776789e40af9a885c7c9cd945bd3 (patch) | |
tree | 1639ed6e2923e7bb67cc3ebfc0c1bbae03150298 /sshd.c | |
parent | 60a4381f1a6ebc2f8eeeb2ba4e005ede91ac9af3 (diff) |
- provos@cvs.openbsd.org 2001/03/27 17:46:50
[compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
make dh group exchange more flexible, allow min and max group size,
okay markus@, deraadt@
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 34 |
1 files changed, 29 insertions, 5 deletions
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: sshd.c,v 1.180 2001/03/27 10:34:08 markus Exp $"); | 43 | RCSID("$OpenBSD: sshd.c,v 1.181 2001/03/27 17:46:49 provos Exp $"); |
44 | 44 | ||
45 | #include <openssl/dh.h> | 45 | #include <openssl/dh.h> |
46 | #include <openssl/bn.h> | 46 | #include <openssl/bn.h> |
@@ -1614,7 +1614,7 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) | |||
1614 | int i; | 1614 | int i; |
1615 | #endif | 1615 | #endif |
1616 | int payload_len, dlen; | 1616 | int payload_len, dlen; |
1617 | int slen, nbits; | 1617 | int slen, nbits, type, min, max; |
1618 | u_char *signature = NULL; | 1618 | u_char *signature = NULL; |
1619 | u_char *server_host_key_blob = NULL; | 1619 | u_char *server_host_key_blob = NULL; |
1620 | u_int sbloblen; | 1620 | u_int sbloblen; |
@@ -1632,9 +1632,33 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) | |||
1632 | 1632 | ||
1633 | /* KEXDHGEX */ | 1633 | /* KEXDHGEX */ |
1634 | debug("Wait SSH2_MSG_KEX_DH_GEX_REQUEST."); | 1634 | debug("Wait SSH2_MSG_KEX_DH_GEX_REQUEST."); |
1635 | packet_read_expect(&payload_len, SSH2_MSG_KEX_DH_GEX_REQUEST); | 1635 | type = packet_read(&payload_len); |
1636 | nbits = packet_get_int(); | 1636 | if (type != SSH2_MSG_KEX_DH_GEX_REQUEST_OLD && |
1637 | dh = choose_dh(nbits); | 1637 | type != SSH2_MSG_KEX_DH_GEX_REQUEST) |
1638 | packet_disconnect("Protocol error: expected type %d or %d, got %d", | ||
1639 | SSH2_MSG_KEX_DH_GEX_REQUEST_OLD, | ||
1640 | SSH2_MSG_KEX_DH_GEX_REQUEST, | ||
1641 | type); | ||
1642 | if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) { | ||
1643 | nbits = packet_get_int(); | ||
1644 | min = DH_GRP_MIN; | ||
1645 | max = DH_GRP_MAX; | ||
1646 | } else { | ||
1647 | min = packet_get_int(); | ||
1648 | nbits = packet_get_int(); | ||
1649 | max = packet_get_int(); | ||
1650 | |||
1651 | min = MAX(DH_GRP_MIN, min); | ||
1652 | max = MIN(DH_GRP_MAX, max); | ||
1653 | } | ||
1654 | |||
1655 | if (max < min || nbits < min || max < nbits) | ||
1656 | fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", | ||
1657 | min, nbits, max); | ||
1658 | |||
1659 | dh = choose_dh(min, nbits, max); | ||
1660 | if (dh == NULL) | ||
1661 | packet_disconnect("Protocol error: no matching DH grp found"); | ||
1638 | 1662 | ||
1639 | debug("Sending SSH2_MSG_KEX_DH_GEX_GROUP."); | 1663 | debug("Sending SSH2_MSG_KEX_DH_GEX_GROUP."); |
1640 | packet_start(SSH2_MSG_KEX_DH_GEX_GROUP); | 1664 | packet_start(SSH2_MSG_KEX_DH_GEX_GROUP); |