diff options
author | Colin Watson <cjwatson@debian.org> | 2016-08-06 10:49:59 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2016-08-07 12:18:58 +0100 |
commit | 477bb7636238c106f8cd7c868a8c0c5eabcfb3db (patch) | |
tree | 601176af2ecf358c36b766776a86845ad7a3cd6f /sshd.c | |
parent | 747fac2de0d889183f67f6900194c0462c558544 (diff) | |
parent | 4c914ccd85bbf391c4dc61b85e3c178fef465e3f (diff) |
New upstream release (7.3p1).
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 179 |
1 files changed, 121 insertions, 58 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.465 2016/02/15 09:47:49 dtucker Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.470 2016/05/24 04:43:45 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -386,7 +386,8 @@ grace_alarm_handler(int sig) | |||
386 | } | 386 | } |
387 | 387 | ||
388 | /* Log error and exit. */ | 388 | /* Log error and exit. */ |
389 | sigdie("Timeout before authentication for %s", get_remote_ipaddr()); | 389 | sigdie("Timeout before authentication for %s port %d", |
390 | ssh_remote_ipaddr(active_state), ssh_remote_port(active_state)); | ||
390 | } | 391 | } |
391 | 392 | ||
392 | /* | 393 | /* |
@@ -422,7 +423,7 @@ key_regeneration_alarm(int sig) | |||
422 | } | 423 | } |
423 | 424 | ||
424 | static void | 425 | static void |
425 | sshd_exchange_identification(int sock_in, int sock_out) | 426 | sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) |
426 | { | 427 | { |
427 | u_int i; | 428 | u_int i; |
428 | int mismatch; | 429 | int mismatch; |
@@ -455,7 +456,8 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
455 | if (atomicio(vwrite, sock_out, server_version_string, | 456 | if (atomicio(vwrite, sock_out, server_version_string, |
456 | strlen(server_version_string)) | 457 | strlen(server_version_string)) |
457 | != strlen(server_version_string)) { | 458 | != strlen(server_version_string)) { |
458 | logit("Could not write ident string to %s", get_remote_ipaddr()); | 459 | logit("Could not write ident string to %s port %d", |
460 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); | ||
459 | cleanup_exit(255); | 461 | cleanup_exit(255); |
460 | } | 462 | } |
461 | 463 | ||
@@ -463,8 +465,9 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
463 | memset(buf, 0, sizeof(buf)); | 465 | memset(buf, 0, sizeof(buf)); |
464 | for (i = 0; i < sizeof(buf) - 1; i++) { | 466 | for (i = 0; i < sizeof(buf) - 1; i++) { |
465 | if (atomicio(read, sock_in, &buf[i], 1) != 1) { | 467 | if (atomicio(read, sock_in, &buf[i], 1) != 1) { |
466 | logit("Did not receive identification string from %s", | 468 | logit("Did not receive identification string " |
467 | get_remote_ipaddr()); | 469 | "from %s port %d", |
470 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); | ||
468 | cleanup_exit(255); | 471 | cleanup_exit(255); |
469 | } | 472 | } |
470 | if (buf[i] == '\r') { | 473 | if (buf[i] == '\r') { |
@@ -493,7 +496,7 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
493 | (void) atomicio(vwrite, sock_out, s, strlen(s)); | 496 | (void) atomicio(vwrite, sock_out, s, strlen(s)); |
494 | logit("Bad protocol version identification '%.100s' " | 497 | logit("Bad protocol version identification '%.100s' " |
495 | "from %s port %d", client_version_string, | 498 | "from %s port %d", client_version_string, |
496 | get_remote_ipaddr(), get_remote_port()); | 499 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); |
497 | close(sock_in); | 500 | close(sock_in); |
498 | close(sock_out); | 501 | close(sock_out); |
499 | cleanup_exit(255); | 502 | cleanup_exit(255); |
@@ -501,23 +504,25 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
501 | debug("Client protocol version %d.%d; client software version %.100s", | 504 | debug("Client protocol version %d.%d; client software version %.100s", |
502 | remote_major, remote_minor, remote_version); | 505 | remote_major, remote_minor, remote_version); |
503 | 506 | ||
504 | active_state->compat = compat_datafellows(remote_version); | 507 | ssh->compat = compat_datafellows(remote_version); |
505 | 508 | ||
506 | if ((datafellows & SSH_BUG_PROBE) != 0) { | 509 | if ((ssh->compat & SSH_BUG_PROBE) != 0) { |
507 | logit("probed from %s with %s. Don't panic.", | 510 | logit("probed from %s port %d with %s. Don't panic.", |
508 | get_remote_ipaddr(), client_version_string); | 511 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), |
512 | client_version_string); | ||
509 | cleanup_exit(255); | 513 | cleanup_exit(255); |
510 | } | 514 | } |
511 | if ((datafellows & SSH_BUG_SCANNER) != 0) { | 515 | if ((ssh->compat & SSH_BUG_SCANNER) != 0) { |
512 | logit("scanned from %s with %s. Don't panic.", | 516 | logit("scanned from %s port %d with %s. Don't panic.", |
513 | get_remote_ipaddr(), client_version_string); | 517 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), |
518 | client_version_string); | ||
514 | cleanup_exit(255); | 519 | cleanup_exit(255); |
515 | } | 520 | } |
516 | if ((datafellows & SSH_BUG_RSASIGMD5) != 0) { | 521 | if ((ssh->compat & SSH_BUG_RSASIGMD5) != 0) { |
517 | logit("Client version \"%.100s\" uses unsafe RSA signature " | 522 | logit("Client version \"%.100s\" uses unsafe RSA signature " |
518 | "scheme; disabling use of RSA keys", remote_version); | 523 | "scheme; disabling use of RSA keys", remote_version); |
519 | } | 524 | } |
520 | if ((datafellows & SSH_BUG_DERIVEKEY) != 0) { | 525 | if ((ssh->compat & SSH_BUG_DERIVEKEY) != 0) { |
521 | fatal("Client version \"%.100s\" uses unsafe key agreement; " | 526 | fatal("Client version \"%.100s\" uses unsafe key agreement; " |
522 | "refusing connection", remote_version); | 527 | "refusing connection", remote_version); |
523 | } | 528 | } |
@@ -562,8 +567,9 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
562 | (void) atomicio(vwrite, sock_out, s, strlen(s)); | 567 | (void) atomicio(vwrite, sock_out, s, strlen(s)); |
563 | close(sock_in); | 568 | close(sock_in); |
564 | close(sock_out); | 569 | close(sock_out); |
565 | logit("Protocol major versions differ for %s: %.200s vs. %.200s", | 570 | logit("Protocol major versions differ for %s port %d: " |
566 | get_remote_ipaddr(), | 571 | "%.200s vs. %.200s", |
572 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), | ||
567 | server_version_string, client_version_string); | 573 | server_version_string, client_version_string); |
568 | cleanup_exit(255); | 574 | cleanup_exit(255); |
569 | } | 575 | } |
@@ -855,8 +861,8 @@ list_hostkey_types(void) | |||
855 | break; | 861 | break; |
856 | } | 862 | } |
857 | } | 863 | } |
858 | buffer_append(&b, "\0", 1); | 864 | if ((ret = sshbuf_dup_string(&b)) == NULL) |
859 | ret = xstrdup(buffer_ptr(&b)); | 865 | fatal("%s: sshbuf_dup_string failed", __func__); |
860 | buffer_free(&b); | 866 | buffer_free(&b); |
861 | debug("list_hostkey_types: %s", ret); | 867 | debug("list_hostkey_types: %s", ret); |
862 | return ret; | 868 | return ret; |
@@ -1037,12 +1043,13 @@ usage(void) | |||
1037 | } | 1043 | } |
1038 | 1044 | ||
1039 | static void | 1045 | static void |
1040 | send_rexec_state(int fd, Buffer *conf) | 1046 | send_rexec_state(int fd, struct sshbuf *conf) |
1041 | { | 1047 | { |
1042 | Buffer m; | 1048 | struct sshbuf *m; |
1049 | int r; | ||
1043 | 1050 | ||
1044 | debug3("%s: entering fd = %d config len %d", __func__, fd, | 1051 | debug3("%s: entering fd = %d config len %zu", __func__, fd, |
1045 | buffer_len(conf)); | 1052 | sshbuf_len(conf)); |
1046 | 1053 | ||
1047 | /* | 1054 | /* |
1048 | * Protocol from reexec master to child: | 1055 | * Protocol from reexec master to child: |
@@ -1056,31 +1063,41 @@ send_rexec_state(int fd, Buffer *conf) | |||
1056 | * bignum q " | 1063 | * bignum q " |
1057 | * string rngseed (only if OpenSSL is not self-seeded) | 1064 | * string rngseed (only if OpenSSL is not self-seeded) |
1058 | */ | 1065 | */ |
1059 | buffer_init(&m); | 1066 | if ((m = sshbuf_new()) == NULL) |
1060 | buffer_put_cstring(&m, buffer_ptr(conf)); | 1067 | fatal("%s: sshbuf_new failed", __func__); |
1068 | if ((r = sshbuf_put_stringb(m, conf)) != 0) | ||
1069 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1061 | 1070 | ||
1062 | #ifdef WITH_SSH1 | 1071 | #ifdef WITH_SSH1 |
1063 | if (sensitive_data.server_key != NULL && | 1072 | if (sensitive_data.server_key != NULL && |
1064 | sensitive_data.server_key->type == KEY_RSA1) { | 1073 | sensitive_data.server_key->type == KEY_RSA1) { |
1065 | buffer_put_int(&m, 1); | 1074 | if ((r = sshbuf_put_u32(m, 1)) != 0 || |
1066 | buffer_put_bignum(&m, sensitive_data.server_key->rsa->e); | 1075 | (r = sshbuf_put_bignum1(m, |
1067 | buffer_put_bignum(&m, sensitive_data.server_key->rsa->n); | 1076 | sensitive_data.server_key->rsa->e)) != 0 || |
1068 | buffer_put_bignum(&m, sensitive_data.server_key->rsa->d); | 1077 | (r = sshbuf_put_bignum1(m, |
1069 | buffer_put_bignum(&m, sensitive_data.server_key->rsa->iqmp); | 1078 | sensitive_data.server_key->rsa->n)) != 0 || |
1070 | buffer_put_bignum(&m, sensitive_data.server_key->rsa->p); | 1079 | (r = sshbuf_put_bignum1(m, |
1071 | buffer_put_bignum(&m, sensitive_data.server_key->rsa->q); | 1080 | sensitive_data.server_key->rsa->d)) != 0 || |
1081 | (r = sshbuf_put_bignum1(m, | ||
1082 | sensitive_data.server_key->rsa->iqmp)) != 0 || | ||
1083 | (r = sshbuf_put_bignum1(m, | ||
1084 | sensitive_data.server_key->rsa->p)) != 0 || | ||
1085 | (r = sshbuf_put_bignum1(m, | ||
1086 | sensitive_data.server_key->rsa->q)) != 0) | ||
1087 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1072 | } else | 1088 | } else |
1073 | #endif | 1089 | #endif |
1074 | buffer_put_int(&m, 0); | 1090 | if ((r = sshbuf_put_u32(m, 1)) != 0) |
1091 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1075 | 1092 | ||
1076 | #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) | 1093 | #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) |
1077 | rexec_send_rng_seed(&m); | 1094 | rexec_send_rng_seed(m); |
1078 | #endif | 1095 | #endif |
1079 | 1096 | ||
1080 | if (ssh_msg_send(fd, 0, &m) == -1) | 1097 | if (ssh_msg_send(fd, 0, m) == -1) |
1081 | fatal("%s: ssh_msg_send failed", __func__); | 1098 | fatal("%s: ssh_msg_send failed", __func__); |
1082 | 1099 | ||
1083 | buffer_free(&m); | 1100 | sshbuf_free(m); |
1084 | 1101 | ||
1085 | debug3("%s: done", __func__); | 1102 | debug3("%s: done", __func__); |
1086 | } | 1103 | } |
@@ -1103,7 +1120,7 @@ recv_rexec_state(int fd, Buffer *conf) | |||
1103 | 1120 | ||
1104 | cp = buffer_get_string(&m, &len); | 1121 | cp = buffer_get_string(&m, &len); |
1105 | if (conf != NULL) | 1122 | if (conf != NULL) |
1106 | buffer_append(conf, cp, len + 1); | 1123 | buffer_append(conf, cp, len); |
1107 | free(cp); | 1124 | free(cp); |
1108 | 1125 | ||
1109 | if (buffer_get_int(&m)) { | 1126 | if (buffer_get_int(&m)) { |
@@ -1468,6 +1485,47 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | |||
1468 | } | 1485 | } |
1469 | } | 1486 | } |
1470 | 1487 | ||
1488 | /* | ||
1489 | * If IP options are supported, make sure there are none (log and | ||
1490 | * return an error if any are found). Basically we are worried about | ||
1491 | * source routing; it can be used to pretend you are somebody | ||
1492 | * (ip-address) you are not. That itself may be "almost acceptable" | ||
1493 | * under certain circumstances, but rhosts autentication is useless | ||
1494 | * if source routing is accepted. Notice also that if we just dropped | ||
1495 | * source routing here, the other side could use IP spoofing to do | ||
1496 | * rest of the interaction and could still bypass security. So we | ||
1497 | * exit here if we detect any IP options. | ||
1498 | */ | ||
1499 | static void | ||
1500 | check_ip_options(struct ssh *ssh) | ||
1501 | { | ||
1502 | #ifdef IP_OPTIONS | ||
1503 | int sock_in = ssh_packet_get_connection_in(ssh); | ||
1504 | struct sockaddr_storage from; | ||
1505 | socklen_t option_size, i, fromlen = sizeof(from); | ||
1506 | u_char opts[200]; | ||
1507 | char text[sizeof(opts) * 3 + 1]; | ||
1508 | |||
1509 | memset(&from, 0, sizeof(from)); | ||
1510 | if (getpeername(sock_in, (struct sockaddr *)&from, | ||
1511 | &fromlen) < 0) | ||
1512 | return; | ||
1513 | if (from.ss_family != AF_INET) | ||
1514 | return; | ||
1515 | /* XXX IPv6 options? */ | ||
1516 | |||
1517 | if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts, | ||
1518 | &option_size) >= 0 && option_size != 0) { | ||
1519 | text[0] = '\0'; | ||
1520 | for (i = 0; i < option_size; i++) | ||
1521 | snprintf(text + i*3, sizeof(text) - i*3, | ||
1522 | " %2.2x", opts[i]); | ||
1523 | fatal("Connection from %.100s port %d with IP opts: %.800s", | ||
1524 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text); | ||
1525 | } | ||
1526 | return; | ||
1527 | #endif /* IP_OPTIONS */ | ||
1528 | } | ||
1471 | 1529 | ||
1472 | /* | 1530 | /* |
1473 | * Main program for the daemon. | 1531 | * Main program for the daemon. |
@@ -1475,6 +1533,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | |||
1475 | int | 1533 | int |
1476 | main(int ac, char **av) | 1534 | main(int ac, char **av) |
1477 | { | 1535 | { |
1536 | struct ssh *ssh = NULL; | ||
1478 | extern char *optarg; | 1537 | extern char *optarg; |
1479 | extern int optind; | 1538 | extern int optind; |
1480 | int r, opt, i, j, on = 1; | 1539 | int r, opt, i, j, on = 1; |
@@ -2152,28 +2211,25 @@ main(int ac, char **av) | |||
2152 | */ | 2211 | */ |
2153 | packet_set_connection(sock_in, sock_out); | 2212 | packet_set_connection(sock_in, sock_out); |
2154 | packet_set_server(); | 2213 | packet_set_server(); |
2214 | ssh = active_state; /* XXX */ | ||
2215 | check_ip_options(ssh); | ||
2155 | 2216 | ||
2156 | /* Set SO_KEEPALIVE if requested. */ | 2217 | /* Set SO_KEEPALIVE if requested. */ |
2157 | if (options.tcp_keep_alive && packet_connection_is_on_socket() && | 2218 | if (options.tcp_keep_alive && packet_connection_is_on_socket() && |
2158 | setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) | 2219 | setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) |
2159 | error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); | 2220 | error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); |
2160 | 2221 | ||
2161 | if ((remote_port = get_remote_port()) < 0) { | 2222 | if ((remote_port = ssh_remote_port(ssh)) < 0) { |
2162 | debug("get_remote_port failed"); | 2223 | debug("ssh_remote_port failed"); |
2163 | cleanup_exit(255); | 2224 | cleanup_exit(255); |
2164 | } | 2225 | } |
2165 | 2226 | ||
2166 | /* | 2227 | /* |
2167 | * We use get_canonical_hostname with usedns = 0 instead of | ||
2168 | * get_remote_ipaddr here so IP options will be checked. | ||
2169 | */ | ||
2170 | (void) get_canonical_hostname(0); | ||
2171 | /* | ||
2172 | * The rest of the code depends on the fact that | 2228 | * The rest of the code depends on the fact that |
2173 | * get_remote_ipaddr() caches the remote ip, even if | 2229 | * ssh_remote_ipaddr() caches the remote ip, even if |
2174 | * the socket goes away. | 2230 | * the socket goes away. |
2175 | */ | 2231 | */ |
2176 | remote_ip = get_remote_ipaddr(); | 2232 | remote_ip = ssh_remote_ipaddr(ssh); |
2177 | 2233 | ||
2178 | #ifdef SSH_AUDIT_EVENTS | 2234 | #ifdef SSH_AUDIT_EVENTS |
2179 | audit_connection_from(remote_ip, remote_port); | 2235 | audit_connection_from(remote_ip, remote_port); |
@@ -2200,7 +2256,7 @@ main(int ac, char **av) | |||
2200 | /* Log the connection. */ | 2256 | /* Log the connection. */ |
2201 | laddr = get_local_ipaddr(sock_in); | 2257 | laddr = get_local_ipaddr(sock_in); |
2202 | verbose("Connection from %s port %d on %s port %d", | 2258 | verbose("Connection from %s port %d on %s port %d", |
2203 | remote_ip, remote_port, laddr, get_local_port()); | 2259 | remote_ip, remote_port, laddr, ssh_local_port(ssh)); |
2204 | free(laddr); | 2260 | free(laddr); |
2205 | 2261 | ||
2206 | #ifdef USE_SECURITY_SESSION_API | 2262 | #ifdef USE_SECURITY_SESSION_API |
@@ -2269,7 +2325,7 @@ main(int ac, char **av) | |||
2269 | if (!debug_flag) | 2325 | if (!debug_flag) |
2270 | alarm(options.login_grace_time); | 2326 | alarm(options.login_grace_time); |
2271 | 2327 | ||
2272 | sshd_exchange_identification(sock_in, sock_out); | 2328 | sshd_exchange_identification(ssh, sock_in, sock_out); |
2273 | 2329 | ||
2274 | /* In inetd mode, generate ephemeral key only for proto 1 connections */ | 2330 | /* In inetd mode, generate ephemeral key only for proto 1 connections */ |
2275 | if (!compat20 && inetd_flag && sensitive_data.server_key == NULL) | 2331 | if (!compat20 && inetd_flag && sensitive_data.server_key == NULL) |
@@ -2405,6 +2461,7 @@ main(int ac, char **av) | |||
2405 | int | 2461 | int |
2406 | ssh1_session_key(BIGNUM *session_key_int) | 2462 | ssh1_session_key(BIGNUM *session_key_int) |
2407 | { | 2463 | { |
2464 | struct ssh *ssh = active_state; /* XXX */ | ||
2408 | int rsafail = 0; | 2465 | int rsafail = 0; |
2409 | 2466 | ||
2410 | if (BN_cmp(sensitive_data.server_key->rsa->n, | 2467 | if (BN_cmp(sensitive_data.server_key->rsa->n, |
@@ -2413,9 +2470,9 @@ ssh1_session_key(BIGNUM *session_key_int) | |||
2413 | if (BN_num_bits(sensitive_data.server_key->rsa->n) < | 2470 | if (BN_num_bits(sensitive_data.server_key->rsa->n) < |
2414 | BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + | 2471 | BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + |
2415 | SSH_KEY_BITS_RESERVED) { | 2472 | SSH_KEY_BITS_RESERVED) { |
2416 | fatal("do_connection: %s: " | 2473 | fatal("do_connection: %s port %d: " |
2417 | "server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d", | 2474 | "server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d", |
2418 | get_remote_ipaddr(), | 2475 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), |
2419 | BN_num_bits(sensitive_data.server_key->rsa->n), | 2476 | BN_num_bits(sensitive_data.server_key->rsa->n), |
2420 | BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), | 2477 | BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), |
2421 | SSH_KEY_BITS_RESERVED); | 2478 | SSH_KEY_BITS_RESERVED); |
@@ -2431,9 +2488,9 @@ ssh1_session_key(BIGNUM *session_key_int) | |||
2431 | if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) < | 2488 | if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) < |
2432 | BN_num_bits(sensitive_data.server_key->rsa->n) + | 2489 | BN_num_bits(sensitive_data.server_key->rsa->n) + |
2433 | SSH_KEY_BITS_RESERVED) { | 2490 | SSH_KEY_BITS_RESERVED) { |
2434 | fatal("do_connection: %s: " | 2491 | fatal("do_connection: %s port %d: " |
2435 | "host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d", | 2492 | "host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d", |
2436 | get_remote_ipaddr(), | 2493 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), |
2437 | BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), | 2494 | BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), |
2438 | BN_num_bits(sensitive_data.server_key->rsa->n), | 2495 | BN_num_bits(sensitive_data.server_key->rsa->n), |
2439 | SSH_KEY_BITS_RESERVED); | 2496 | SSH_KEY_BITS_RESERVED); |
@@ -2454,6 +2511,7 @@ ssh1_session_key(BIGNUM *session_key_int) | |||
2454 | static void | 2511 | static void |
2455 | do_ssh1_kex(void) | 2512 | do_ssh1_kex(void) |
2456 | { | 2513 | { |
2514 | struct ssh *ssh = active_state; /* XXX */ | ||
2457 | int i, len; | 2515 | int i, len; |
2458 | int rsafail = 0; | 2516 | int rsafail = 0; |
2459 | BIGNUM *session_key_int, *fake_key_int, *real_key_int; | 2517 | BIGNUM *session_key_int, *fake_key_int, *real_key_int; |
@@ -2571,9 +2629,10 @@ do_ssh1_kex(void) | |||
2571 | (void) BN_mask_bits(session_key_int, sizeof(session_key) * 8); | 2629 | (void) BN_mask_bits(session_key_int, sizeof(session_key) * 8); |
2572 | len = BN_num_bytes(session_key_int); | 2630 | len = BN_num_bytes(session_key_int); |
2573 | if (len < 0 || (u_int)len > sizeof(session_key)) { | 2631 | if (len < 0 || (u_int)len > sizeof(session_key)) { |
2574 | error("do_ssh1_kex: bad session key len from %s: " | 2632 | error("%s: bad session key len from %s port %d: " |
2575 | "session_key_int %d > sizeof(session_key) %lu", | 2633 | "session_key_int %d > sizeof(session_key) %lu", __func__, |
2576 | get_remote_ipaddr(), len, (u_long)sizeof(session_key)); | 2634 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), |
2635 | len, (u_long)sizeof(session_key)); | ||
2577 | rsafail++; | 2636 | rsafail++; |
2578 | } else { | 2637 | } else { |
2579 | explicit_bzero(session_key, sizeof(session_key)); | 2638 | explicit_bzero(session_key, sizeof(session_key)); |
@@ -2664,10 +2723,11 @@ do_ssh2_kex(void) | |||
2664 | 2723 | ||
2665 | if (options.compression == COMP_NONE) { | 2724 | if (options.compression == COMP_NONE) { |
2666 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = | 2725 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
2667 | myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; | 2726 | myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; |
2668 | } else if (options.compression == COMP_DELAYED) { | 2727 | } else if (options.compression == COMP_DELAYED) { |
2669 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = | 2728 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
2670 | myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com"; | 2729 | myproposal[PROPOSAL_COMP_ALGS_STOC] = |
2730 | "none,zlib@openssh.com"; | ||
2671 | } | 2731 | } |
2672 | 2732 | ||
2673 | if (options.rekey_limit || options.rekey_interval) | 2733 | if (options.rekey_limit || options.rekey_interval) |
@@ -2726,6 +2786,9 @@ do_ssh2_kex(void) | |||
2726 | #ifdef WITH_OPENSSL | 2786 | #ifdef WITH_OPENSSL |
2727 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 2787 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
2728 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; | 2788 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; |
2789 | kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; | ||
2790 | kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; | ||
2791 | kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; | ||
2729 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 2792 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
2730 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 2793 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
2731 | # ifdef OPENSSL_HAS_ECC | 2794 | # ifdef OPENSSL_HAS_ECC |