6 files changed, 55 insertions, 42 deletions

diff --git a/ChangeLog b/ChangeLog
index 568477786..664f86266 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,6 +30,11 @@
       ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
       xmalloc.h]
      KNF done automatically while reading....
+   - markus@cvs.openbsd.org 2002/06/19 18:01:00
+     [cipher.c monitor.c monitor_wrap.c packet.c packet.h]
+     make the monitor sync the transfer ssh1 session key;
+     transfer keycontext only for RC4 (this is still depends on EVP
+     implementation details and is broken).
  - (bal) Cygwin special handling of empty passwords wrong.  Patch by
    vinschen@redhat.com
 
@@ -960,4 +965,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2225 2002/06/21 00:41:51 mouring Exp $
+$Id: ChangeLog,v 1.2226 2002/06/21 00:43:42 mouring Exp $
diff --git a/cipher.c b/cipher.c
index 39807d5c2..b18c701fb 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.58 2002/06/04 23:05:49 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.59 2002/06/19 18:01:00 markus Exp $");
 
 #include "xmalloc.h"
 #include "log.h"
@@ -689,28 +689,14 @@ int
 cipher_get_keycontext(CipherContext *cc, u_char *dat)
 {
         Cipher *c = cc->cipher;
-        int plen;
+        int plen = 0;
 
-        if (c->number == SSH_CIPHER_3DES) {
-                struct ssh1_3des_ctx *desc;
-                desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
-                if (desc == NULL)
-                        fatal("%s: no 3des context", __func__);
-                plen = EVP_X_STATE_LEN(desc->k1);
+        if (c->evptype == EVP_rc4) {
+                plen = EVP_X_STATE_LEN(cc->evp);
                 if (dat == NULL)
-                        return (3*plen);
-                memcpy(dat, EVP_X_STATE(desc->k1), plen);
-                memcpy(dat + plen, EVP_X_STATE(desc->k2), plen);
-                memcpy(dat + 2*plen, EVP_X_STATE(desc->k3), plen);
-                return (3*plen);
+                        return (plen);
+                memcpy(dat, EVP_X_STATE(cc->evp), plen);
         }
-
-        /* Generic EVP */
-        plen = EVP_X_STATE_LEN(cc->evp);
-        if (dat == NULL)
-                return (plen);
-
-        memcpy(dat, EVP_X_STATE(cc->evp), plen);
         return (plen);
 }
 
@@ -720,16 +706,7 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat)
         Cipher *c = cc->cipher;
         int plen;
 
-        if (c->number == SSH_CIPHER_3DES) {
-                struct ssh1_3des_ctx *desc;
-                desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
-                if (desc == NULL)
-                        fatal("%s: no 3des context", __func__);
-                plen = EVP_X_STATE_LEN(desc->k1);
-                memcpy(EVP_X_STATE(desc->k1), dat, plen);
-                memcpy(EVP_X_STATE(desc->k2), dat + plen, plen);
-                memcpy(EVP_X_STATE(desc->k3), dat + 2*plen, plen);
-        } else {
+        if (c->evptype == EVP_rc4) {
                 plen = EVP_X_STATE_LEN(cc->evp);
                 memcpy(EVP_X_STATE(cc->evp), dat, plen);
         }
diff --git a/monitor.c b/monitor.c
index 39009f703..c769f12e7 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.14 2002/06/04 23:05:49 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.15 2002/06/19 18:01:00 markus Exp $");
 
 #include <openssl/dh.h>
 
@@ -83,6 +83,8 @@ struct {
         u_int ivinlen;
         u_char *ivout;
         u_int ivoutlen;
+        u_char *ssh1key;
+        u_int ssh1keylen;
         int ssh1cipher;
         int ssh1protoflags;
         u_char *input;
@@ -1303,14 +1305,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
                 set_newkeys(MODE_IN);
                 set_newkeys(MODE_OUT);
         } else {
-                u_char key[SSH_SESSION_KEY_LENGTH];
-
-                memset(key, 'a', sizeof(key));
                 packet_set_protocol_flags(child_state.ssh1protoflags);
-                packet_set_encryption_key(key, SSH_SESSION_KEY_LENGTH,
-                    child_state.ssh1cipher);
+                packet_set_encryption_key(child_state.ssh1key,
+                    child_state.ssh1keylen, child_state.ssh1cipher);
+                xfree(child_state.ssh1key);
         }
 
+        /* for rc4 and other stateful ciphers */
         packet_set_keycontext(MODE_OUT, child_state.keyout);
         xfree(child_state.keyout);
         packet_set_keycontext(MODE_IN, child_state.keyin);
@@ -1396,6 +1397,8 @@ mm_get_keystate(struct monitor *pmonitor)
         if (!compat20) {
                 child_state.ssh1protoflags = buffer_get_int(&m);
                 child_state.ssh1cipher = buffer_get_int(&m);
+                child_state.ssh1key = buffer_get_string(&m,
+                    &child_state.ssh1keylen);
                 child_state.ivout = buffer_get_string(&m,
                     &child_state.ivoutlen);
                 child_state.ivin = buffer_get_string(&m, &child_state.ivinlen);
diff --git a/monitor_wrap.c b/monitor_wrap.c
index e40874627..f7e332d8e 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.10 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.11 2002/06/19 18:01:00 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dh.h>
@@ -520,13 +520,21 @@ mm_send_keystate(struct monitor *pmonitor)
 
         if (!compat20) {
                 u_char iv[24];
-                int ivlen;
+                u_char *key;
+                u_int ivlen, keylen;
 
                 buffer_put_int(&m, packet_get_protocol_flags());
 
                 buffer_put_int(&m, packet_get_ssh1_cipher());
 
-                debug3("%s: Sending ssh1 IV", __func__);
+                debug3("%s: Sending ssh1 KEY+IV", __func__);
+                keylen = packet_get_encryption_key(NULL);
+                key = xmalloc(keylen+1);        /* add 1 if keylen == 0 */
+                keylen = packet_get_encryption_key(key);
+                buffer_put_string(&m, key, keylen);
+                memset(key, 0, keylen);
+                xfree(key);
+
                 ivlen = packet_get_keyiv_len(MODE_OUT);
                 packet_get_keyiv(MODE_OUT, iv, ivlen);
                 buffer_put_string(&m, iv, ivlen);
diff --git a/packet.c b/packet.c
index abc89e76c..86511276f 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.94 2002/06/04 23:02:06 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.95 2002/06/19 18:01:00 markus Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -60,6 +60,7 @@ RCSID("$OpenBSD: packet.c,v 1.94 2002/06/04 23:02:06 markus Exp $");
 #include "log.h"
 #include "canohost.h"
 #include "misc.h"
+#include "ssh.h"
 
 #ifdef PACKET_DEBUG
 #define DBG(x) x
@@ -118,6 +119,10 @@ Newkeys *newkeys[MODE_MAX];
 static u_int32_t read_seqnr = 0;
 static u_int32_t send_seqnr = 0;
 
+/* Session key for protocol v1 */
+static u_char ssh1_key[SSH_SESSION_KEY_LENGTH];
+static u_int ssh1_keylen;
+
 /* roundup current message to extra_pad bytes */
 static u_char extra_pad = 0;
 
@@ -391,6 +396,7 @@ packet_start_compression(int level)
  * key is used for both sending and reception.  However, both directions are
  * encrypted independently of each other.
  */
+
 void
 packet_set_encryption_key(const u_char *key, u_int keylen,
     int number)
@@ -400,10 +406,23 @@ packet_set_encryption_key(const u_char *key, u_int keylen,
                 fatal("packet_set_encryption_key: unknown cipher number %d", number);
         if (keylen < 20)
                 fatal("packet_set_encryption_key: keylen too small: %d", keylen);
+        if (keylen > SSH_SESSION_KEY_LENGTH)
+                fatal("packet_set_encryption_key: keylen too big: %d", keylen);
+        memcpy(ssh1_key, key, keylen);
+        ssh1_keylen = keylen;
         cipher_init(&send_context, cipher, key, keylen, NULL, 0, CIPHER_ENCRYPT);
         cipher_init(&receive_context, cipher, key, keylen, NULL, 0, CIPHER_DECRYPT);
 }
 
+u_int
+packet_get_encryption_key(u_char *key)
+{
+        if (key == NULL)
+                return (ssh1_keylen);
+        memcpy(key, ssh1_key, ssh1_keylen);
+        return (ssh1_keylen);
+}
+
 /* Start constructing a packet to send. */
 void
 packet_start(u_char type)
diff --git a/packet.h b/packet.h
index 151ca74a1..3ff75593a 100644
--- a/packet.h
+++ b/packet.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: packet.h,v 1.34 2002/03/18 17:16:38 markus Exp $      */
+/*      $OpenBSD: packet.h,v 1.35 2002/06/19 18:01:00 markus Exp $      */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -24,6 +24,7 @@ int      packet_get_connection_in(void);
 int      packet_get_connection_out(void);
 void     packet_close(void);
 void     packet_set_encryption_key(const u_char *, u_int, int);
+u_int    packet_get_encryption_key(u_char *);
 void     packet_set_protocol_flags(u_int);
 u_int    packet_get_protocol_flags(void);
 void     packet_start_compression(int);