diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | kex.c | 30 |
2 files changed, 26 insertions, 9 deletions
| @@ -20,6 +20,9 @@ | |||
| 20 | - markus@cvs.openbsd.org 2002/03/26 23:13:03 | 20 | - markus@cvs.openbsd.org 2002/03/26 23:13:03 |
| 21 | [auth-rsa.c] | 21 | [auth-rsa.c] |
| 22 | disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth) | 22 | disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth) |
| 23 | - markus@cvs.openbsd.org 2002/03/26 23:14:51 | ||
| 24 | [kex.c] | ||
| 25 | generate a new cookie for each SSH2_MSG_KEXINIT message we send out | ||
| 23 | 26 | ||
| 24 | 20020325 | 27 | 20020325 |
| 25 | - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h" | 28 | - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h" |
| @@ -8083,4 +8086,4 @@ | |||
| 8083 | - Wrote replacements for strlcpy and mkdtemp | 8086 | - Wrote replacements for strlcpy and mkdtemp |
| 8084 | - Released 1.0pre1 | 8087 | - Released 1.0pre1 |
| 8085 | 8088 | ||
| 8086 | $Id: ChangeLog,v 1.1999 2002/03/27 17:38:43 mouring Exp $ | 8089 | $Id: ChangeLog,v 1.2000 2002/03/27 17:42:57 mouring Exp $ |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: kex.c,v 1.48 2002/03/18 17:50:31 provos Exp $"); | 26 | RCSID("$OpenBSD: kex.c,v 1.49 2002/03/26 23:14:51 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/crypto.h> | 28 | #include <openssl/crypto.h> |
| 29 | 29 | ||
| @@ -57,16 +57,15 @@ static void kex_choose_conf(Kex *); | |||
| 57 | static void | 57 | static void |
| 58 | kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) | 58 | kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) |
| 59 | { | 59 | { |
| 60 | u_int32_t rand = 0; | ||
| 61 | int i; | 60 | int i; |
| 62 | 61 | ||
| 63 | buffer_clear(b); | 62 | buffer_clear(b); |
| 64 | for (i = 0; i < KEX_COOKIE_LEN; i++) { | 63 | /* |
| 65 | if (i % 4 == 0) | 64 | * add a dummy cookie, the cookie will be overwritten by |
| 66 | rand = arc4random(); | 65 | * kex_send_kexinit(), each time a kexinit is set |
| 67 | buffer_put_char(b, rand & 0xff); | 66 | */ |
| 68 | rand >>= 8; | 67 | for (i = 0; i < KEX_COOKIE_LEN; i++) |
| 69 | } | 68 | buffer_put_char(b, 0); |
| 70 | for (i = 0; i < PROPOSAL_MAX; i++) | 69 | for (i = 0; i < PROPOSAL_MAX; i++) |
| 71 | buffer_put_cstring(b, proposal[i]); | 70 | buffer_put_cstring(b, proposal[i]); |
| 72 | buffer_put_char(b, 0); /* first_kex_packet_follows */ | 71 | buffer_put_char(b, 0); /* first_kex_packet_follows */ |
| @@ -152,6 +151,10 @@ kex_finish(Kex *kex) | |||
| 152 | void | 151 | void |
| 153 | kex_send_kexinit(Kex *kex) | 152 | kex_send_kexinit(Kex *kex) |
| 154 | { | 153 | { |
| 154 | u_int32_t rand = 0; | ||
| 155 | u_char *cookie; | ||
| 156 | int i; | ||
| 157 | |||
| 155 | if (kex == NULL) { | 158 | if (kex == NULL) { |
| 156 | error("kex_send_kexinit: no kex, cannot rekey"); | 159 | error("kex_send_kexinit: no kex, cannot rekey"); |
| 157 | return; | 160 | return; |
| @@ -161,6 +164,17 @@ kex_send_kexinit(Kex *kex) | |||
| 161 | return; | 164 | return; |
| 162 | } | 165 | } |
| 163 | kex->done = 0; | 166 | kex->done = 0; |
| 167 | |||
| 168 | /* generate a random cookie */ | ||
| 169 | if (buffer_len(&kex->my) < KEX_COOKIE_LEN) | ||
| 170 | fatal("kex_send_kexinit: kex proposal too short"); | ||
| 171 | cookie = buffer_ptr(&kex->my); | ||
| 172 | for (i = 0; i < KEX_COOKIE_LEN; i++) { | ||
| 173 | if (i % 4 == 0) | ||
| 174 | rand = arc4random(); | ||
| 175 | cookie[i] = rand; | ||
| 176 | rand >>= 8; | ||
| 177 | } | ||
| 164 | packet_start(SSH2_MSG_KEXINIT); | 178 | packet_start(SSH2_MSG_KEXINIT); |
| 165 | packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my)); | 179 | packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my)); |
| 166 | packet_send(); | 180 | packet_send(); |