diff options
author | markus@openbsd.org <markus@openbsd.org> | 2015-01-19 20:16:15 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-01-20 09:19:39 +1100 |
commit | 57d10cbe861a235dd269c74fb2fe248469ecee9d (patch) | |
tree | c65deed24700490bd3b20300c4829d4d5466ff6d /sshd.c | |
parent | 3fdc88a0def4f86aa88a5846ac079dc964c0546a (diff) |
upstream commit
adapt kex to sshbuf and struct ssh; ok djm@
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 47 |
1 files changed, 24 insertions, 23 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.434 2015/01/19 19:52:16 markus Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.435 2015/01/19 20:16:15 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -836,7 +836,7 @@ list_hostkey_types(void) | |||
836 | } | 836 | } |
837 | 837 | ||
838 | static Key * | 838 | static Key * |
839 | get_hostkey_by_type(int type, int need_private) | 839 | get_hostkey_by_type(int type, int need_private, struct ssh *ssh) |
840 | { | 840 | { |
841 | int i; | 841 | int i; |
842 | Key *key; | 842 | Key *key; |
@@ -865,15 +865,15 @@ get_hostkey_by_type(int type, int need_private) | |||
865 | } | 865 | } |
866 | 866 | ||
867 | Key * | 867 | Key * |
868 | get_hostkey_public_by_type(int type) | 868 | get_hostkey_public_by_type(int type, struct ssh *ssh) |
869 | { | 869 | { |
870 | return get_hostkey_by_type(type, 0); | 870 | return get_hostkey_by_type(type, 0, ssh); |
871 | } | 871 | } |
872 | 872 | ||
873 | Key * | 873 | Key * |
874 | get_hostkey_private_by_type(int type) | 874 | get_hostkey_private_by_type(int type, struct ssh *ssh) |
875 | { | 875 | { |
876 | return get_hostkey_by_type(type, 1); | 876 | return get_hostkey_by_type(type, 1, ssh); |
877 | } | 877 | } |
878 | 878 | ||
879 | Key * | 879 | Key * |
@@ -885,7 +885,7 @@ get_hostkey_by_index(int ind) | |||
885 | } | 885 | } |
886 | 886 | ||
887 | Key * | 887 | Key * |
888 | get_hostkey_public_by_index(int ind) | 888 | get_hostkey_public_by_index(int ind, struct ssh *ssh) |
889 | { | 889 | { |
890 | if (ind < 0 || ind >= options.num_host_key_files) | 890 | if (ind < 0 || ind >= options.num_host_key_files) |
891 | return (NULL); | 891 | return (NULL); |
@@ -893,7 +893,7 @@ get_hostkey_public_by_index(int ind) | |||
893 | } | 893 | } |
894 | 894 | ||
895 | int | 895 | int |
896 | get_hostkey_index(Key *key) | 896 | get_hostkey_index(Key *key, struct ssh *ssh) |
897 | { | 897 | { |
898 | int i; | 898 | int i; |
899 | 899 | ||
@@ -2432,29 +2432,30 @@ do_ssh1_kex(void) | |||
2432 | } | 2432 | } |
2433 | #endif | 2433 | #endif |
2434 | 2434 | ||
2435 | void | 2435 | int |
2436 | sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen, | 2436 | sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen, |
2437 | u_char *data, u_int dlen) | 2437 | u_char *data, size_t dlen, u_int flag) |
2438 | { | 2438 | { |
2439 | int r; | 2439 | int r; |
2440 | u_int xxx_slen, xxx_dlen = dlen; | ||
2440 | 2441 | ||
2441 | if (privkey) { | 2442 | if (privkey) { |
2442 | if (PRIVSEP(key_sign(privkey, signature, slen, data, dlen) < 0)) | 2443 | if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen) < 0)) |
2443 | fatal("%s: key_sign failed", __func__); | 2444 | fatal("%s: key_sign failed", __func__); |
2445 | if (slen) | ||
2446 | *slen = xxx_slen; | ||
2444 | } else if (use_privsep) { | 2447 | } else if (use_privsep) { |
2445 | if (mm_key_sign(pubkey, signature, slen, data, dlen) < 0) | 2448 | if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen) < 0) |
2446 | fatal("%s: pubkey_sign failed", __func__); | 2449 | fatal("%s: pubkey_sign failed", __func__); |
2450 | if (slen) | ||
2451 | *slen = xxx_slen; | ||
2447 | } else { | 2452 | } else { |
2448 | size_t xxx_slen; | 2453 | if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen, |
2449 | |||
2450 | if ((r = ssh_agent_sign(auth_sock, pubkey, signature, &xxx_slen, | ||
2451 | data, dlen, datafellows)) != 0) | 2454 | data, dlen, datafellows)) != 0) |
2452 | fatal("%s: ssh_agent_sign failed: %s", | 2455 | fatal("%s: ssh_agent_sign failed: %s", |
2453 | __func__, ssh_err(r)); | 2456 | __func__, ssh_err(r)); |
2454 | /* XXX: Old API is u_int; new size_t */ | ||
2455 | if (slen != NULL) | ||
2456 | *slen = xxx_slen; | ||
2457 | } | 2457 | } |
2458 | return 0; | ||
2458 | } | 2459 | } |
2459 | 2460 | ||
2460 | /* | 2461 | /* |
@@ -2464,7 +2465,7 @@ static void | |||
2464 | do_ssh2_kex(void) | 2465 | do_ssh2_kex(void) |
2465 | { | 2466 | { |
2466 | char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; | 2467 | char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; |
2467 | Kex *kex; | 2468 | struct kex *kex; |
2468 | 2469 | ||
2469 | if (options.ciphers != NULL) { | 2470 | if (options.ciphers != NULL) { |
2470 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = | 2471 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = |
@@ -2500,8 +2501,8 @@ do_ssh2_kex(void) | |||
2500 | list_hostkey_types()); | 2501 | list_hostkey_types()); |
2501 | 2502 | ||
2502 | /* start key exchange */ | 2503 | /* start key exchange */ |
2503 | kex = kex_setup(myproposal); | 2504 | kex_setup(active_state, myproposal); |
2504 | active_state->kex = kex; | 2505 | kex = active_state->kex; |
2505 | #ifdef WITH_OPENSSL | 2506 | #ifdef WITH_OPENSSL |
2506 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 2507 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
2507 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; | 2508 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; |
@@ -2518,7 +2519,7 @@ do_ssh2_kex(void) | |||
2518 | kex->host_key_index=&get_hostkey_index; | 2519 | kex->host_key_index=&get_hostkey_index; |
2519 | kex->sign = sshd_hostkey_sign; | 2520 | kex->sign = sshd_hostkey_sign; |
2520 | 2521 | ||
2521 | dispatch_run(DISPATCH_BLOCK, &kex->done, kex); | 2522 | dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); |
2522 | 2523 | ||
2523 | session_id2 = kex->session_id; | 2524 | session_id2 = kex->session_id; |
2524 | session_id2_len = kex->session_id_len; | 2525 | session_id2_len = kex->session_id_len; |