diff options
| -rw-r--r-- | Makefile.in | 2 | ||||
| -rw-r--r-- | kex.c | 4 | ||||
| -rw-r--r-- | kex.h | 19 | ||||
| -rw-r--r-- | kexc25519.c | 55 | ||||
| -rw-r--r-- | kexdh.c | 4 | ||||
| -rw-r--r-- | kexecdh.c | 4 | ||||
| -rw-r--r-- | kexsntrup4591761x25519.c | 4 | ||||
| -rw-r--r-- | monitor.c | 18 | ||||
| -rw-r--r-- | ssh-keyscan.c | 18 | ||||
| -rw-r--r-- | ssh_api.c | 34 | ||||
| -rw-r--r-- | sshconnect2.c | 18 | ||||
| -rw-r--r-- | sshd.c | 18 |
12 files changed, 68 insertions, 130 deletions
diff --git a/Makefile.in b/Makefile.in index fd539184a..6f001bb36 100644 --- a/Makefile.in +++ b/Makefile.in | |||
| @@ -99,7 +99,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ | |||
| 99 | sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \ | 99 | sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \ |
| 100 | kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ | 100 | kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ |
| 101 | kexgexc.o kexgexs.o \ | 101 | kexgexc.o kexgexs.o \ |
| 102 | sntrup4591761.o kexsntrup4591761x25519.o kexkemc.o kexkems.o \ | 102 | sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \ |
| 103 | platform-pledge.o platform-tracing.o platform-misc.o | 103 | platform-pledge.o platform-tracing.o platform-misc.o |
| 104 | 104 | ||
| 105 | 105 | ||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kex.c,v 1.148 2019/01/21 10:33:49 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.149 2019/01/21 10:40:11 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -655,7 +655,7 @@ kex_free(struct kex *kex) | |||
| 655 | sshbuf_free(kex->my); | 655 | sshbuf_free(kex->my); |
| 656 | sshbuf_free(kex->client_version); | 656 | sshbuf_free(kex->client_version); |
| 657 | sshbuf_free(kex->server_version); | 657 | sshbuf_free(kex->server_version); |
| 658 | sshbuf_free(kex->kem_client_pub); | 658 | sshbuf_free(kex->client_pub); |
| 659 | free(kex->session_id); | 659 | free(kex->session_id); |
| 660 | free(kex->failed_choice); | 660 | free(kex->failed_choice); |
| 661 | free(kex->hostkey_alg); | 661 | free(kex->hostkey_alg); |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kex.h,v 1.104 2019/01/21 10:35:09 djm Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.106 2019/01/21 10:40:11 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| @@ -170,7 +170,7 @@ struct kex { | |||
| 170 | u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */ | 170 | u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */ |
| 171 | u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */ | 171 | u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */ |
| 172 | u_char sntrup4591761_client_key[crypto_kem_sntrup4591761_SECRETKEYBYTES]; /* KEM */ | 172 | u_char sntrup4591761_client_key[crypto_kem_sntrup4591761_SECRETKEYBYTES]; /* KEM */ |
| 173 | struct sshbuf *kem_client_pub; /* KEM */ | 173 | struct sshbuf *client_pub; |
| 174 | }; | 174 | }; |
| 175 | 175 | ||
| 176 | int kex_names_valid(const char *); | 176 | int kex_names_valid(const char *); |
| @@ -199,16 +199,10 @@ int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *); | |||
| 199 | int kex_send_newkeys(struct ssh *); | 199 | int kex_send_newkeys(struct ssh *); |
| 200 | int kex_start_rekex(struct ssh *); | 200 | int kex_start_rekex(struct ssh *); |
| 201 | 201 | ||
| 202 | int kexdh_client(struct ssh *); | ||
| 203 | int kexdh_server(struct ssh *); | ||
| 204 | int kexgex_client(struct ssh *); | 202 | int kexgex_client(struct ssh *); |
| 205 | int kexgex_server(struct ssh *); | 203 | int kexgex_server(struct ssh *); |
| 206 | int kexecdh_client(struct ssh *); | 204 | int kex_gen_client(struct ssh *); |
| 207 | int kexecdh_server(struct ssh *); | 205 | int kex_gen_server(struct ssh *); |
| 208 | int kexc25519_client(struct ssh *); | ||
| 209 | int kexc25519_server(struct ssh *); | ||
| 210 | int kex_kem_client(struct ssh *); | ||
| 211 | int kex_kem_server(struct ssh *); | ||
| 212 | 206 | ||
| 213 | int kex_dh_keypair(struct kex *); | 207 | int kex_dh_keypair(struct kex *); |
| 214 | int kex_dh_enc(struct kex *, const struct sshbuf *, struct sshbuf **, | 208 | int kex_dh_enc(struct kex *, const struct sshbuf *, struct sshbuf **, |
| @@ -241,11 +235,6 @@ int kexgex_hash(int, const struct sshbuf *, const struct sshbuf *, | |||
| 241 | const BIGNUM *, const u_char *, size_t, | 235 | const BIGNUM *, const u_char *, size_t, |
| 242 | u_char *, size_t *); | 236 | u_char *, size_t *); |
| 243 | 237 | ||
| 244 | int kex_c25519_hash(int, const struct sshbuf *, const struct sshbuf *, | ||
| 245 | const u_char *, size_t, const u_char *, size_t, | ||
| 246 | const u_char *, size_t, const struct sshbuf *, const struct sshbuf *, | ||
| 247 | const struct sshbuf *, u_char *, size_t *); | ||
| 248 | |||
| 249 | void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) | 238 | void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) |
| 250 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) | 239 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) |
| 251 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); | 240 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); |
diff --git a/kexc25519.c b/kexc25519.c index ec5bb574f..f13d766d7 100644 --- a/kexc25519.c +++ b/kexc25519.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexc25519.c,v 1.15 2019/01/21 10:35:09 djm Exp $ */ | 1 | /* $OpenBSD: kexc25519.c,v 1.17 2019/01/21 10:40:11 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
| @@ -89,57 +89,6 @@ kexc25519_shared_key(const u_char key[CURVE25519_SIZE], | |||
| 89 | } | 89 | } |
| 90 | 90 | ||
| 91 | int | 91 | int |
| 92 | kex_c25519_hash( | ||
| 93 | int hash_alg, | ||
| 94 | const struct sshbuf *client_version, | ||
| 95 | const struct sshbuf *server_version, | ||
| 96 | const u_char *ckexinit, size_t ckexinitlen, | ||
| 97 | const u_char *skexinit, size_t skexinitlen, | ||
| 98 | const u_char *serverhostkeyblob, size_t sbloblen, | ||
| 99 | const struct sshbuf *client_pub, | ||
| 100 | const struct sshbuf *server_pub, | ||
| 101 | const struct sshbuf *shared_secret, | ||
| 102 | u_char *hash, size_t *hashlen) | ||
| 103 | { | ||
| 104 | struct sshbuf *b; | ||
| 105 | int r; | ||
| 106 | |||
| 107 | if (*hashlen < ssh_digest_bytes(hash_alg)) | ||
| 108 | return SSH_ERR_INVALID_ARGUMENT; | ||
| 109 | if ((b = sshbuf_new()) == NULL) | ||
| 110 | return SSH_ERR_ALLOC_FAIL; | ||
| 111 | if ((r = sshbuf_put_stringb(b, client_version)) != 0 || | ||
| 112 | (r = sshbuf_put_stringb(b, server_version)) != 0 || | ||
| 113 | /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ | ||
| 114 | (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || | ||
| 115 | (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || | ||
| 116 | (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || | ||
| 117 | (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 || | ||
| 118 | (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || | ||
| 119 | (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || | ||
| 120 | (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || | ||
| 121 | (r = sshbuf_put_stringb(b, client_pub)) != 0 || | ||
| 122 | (r = sshbuf_put_stringb(b, server_pub)) != 0 || | ||
| 123 | (r = sshbuf_putb(b, shared_secret)) != 0) { | ||
| 124 | sshbuf_free(b); | ||
| 125 | return r; | ||
| 126 | } | ||
| 127 | #ifdef DEBUG_KEX | ||
| 128 | sshbuf_dump(b, stderr); | ||
| 129 | #endif | ||
| 130 | if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) { | ||
| 131 | sshbuf_free(b); | ||
| 132 | return SSH_ERR_LIBCRYPTO_ERROR; | ||
| 133 | } | ||
| 134 | sshbuf_free(b); | ||
| 135 | *hashlen = ssh_digest_bytes(hash_alg); | ||
| 136 | #ifdef DEBUG_KEX | ||
| 137 | dump_digest("hash", hash, *hashlen); | ||
| 138 | #endif | ||
| 139 | return 0; | ||
| 140 | } | ||
| 141 | |||
| 142 | int | ||
| 143 | kex_c25519_keypair(struct kex *kex) | 92 | kex_c25519_keypair(struct kex *kex) |
| 144 | { | 93 | { |
| 145 | struct sshbuf *buf = NULL; | 94 | struct sshbuf *buf = NULL; |
| @@ -154,7 +103,7 @@ kex_c25519_keypair(struct kex *kex) | |||
| 154 | #ifdef DEBUG_KEXECDH | 103 | #ifdef DEBUG_KEXECDH |
| 155 | dump_digest("client public key c25519:", cp, CURVE25519_SIZE); | 104 | dump_digest("client public key c25519:", cp, CURVE25519_SIZE); |
| 156 | #endif | 105 | #endif |
| 157 | kex->kem_client_pub = buf; | 106 | kex->client_pub = buf; |
| 158 | buf = NULL; | 107 | buf = NULL; |
| 159 | out: | 108 | out: |
| 160 | sshbuf_free(buf); | 109 | sshbuf_free(buf); |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexdh.c,v 1.31 2019/01/21 10:35:09 djm Exp $ */ | 1 | /* $OpenBSD: kexdh.c,v 1.32 2019/01/21 10:40:11 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -128,7 +128,7 @@ kex_dh_keypair(struct kex *kex) | |||
| 128 | BN_print_fp(stderr, pub_key); | 128 | BN_print_fp(stderr, pub_key); |
| 129 | fprintf(stderr, "\n"); | 129 | fprintf(stderr, "\n"); |
| 130 | #endif | 130 | #endif |
| 131 | kex->kem_client_pub = buf; | 131 | kex->client_pub = buf; |
| 132 | buf = NULL; | 132 | buf = NULL; |
| 133 | out: | 133 | out: |
| 134 | sshbuf_free(buf); | 134 | sshbuf_free(buf); |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexecdh.c,v 1.9 2019/01/21 10:35:09 djm Exp $ */ | 1 | /* $OpenBSD: kexecdh.c,v 1.10 2019/01/21 10:40:11 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 3 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
| 4 | * Copyright (c) 2019 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2019 Markus Friedl. All rights reserved. |
| @@ -80,7 +80,7 @@ kex_ecdh_keypair(struct kex *kex) | |||
| 80 | kex->ec_client_key = client_key; | 80 | kex->ec_client_key = client_key; |
| 81 | kex->ec_group = group; | 81 | kex->ec_group = group; |
| 82 | client_key = NULL; /* owned by the kex */ | 82 | client_key = NULL; /* owned by the kex */ |
| 83 | kex->kem_client_pub = buf; | 83 | kex->client_pub = buf; |
| 84 | buf = NULL; | 84 | buf = NULL; |
| 85 | out: | 85 | out: |
| 86 | EC_KEY_free(client_key); | 86 | EC_KEY_free(client_key); |
diff --git a/kexsntrup4591761x25519.c b/kexsntrup4591761x25519.c index d845f3d44..b0605b96a 100644 --- a/kexsntrup4591761x25519.c +++ b/kexsntrup4591761x25519.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexsntrup4591761x25519.c,v 1.2 2019/01/21 10:35:09 djm Exp $ */ | 1 | /* $OpenBSD: kexsntrup4591761x25519.c,v 1.3 2019/01/21 10:40:11 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -58,7 +58,7 @@ kex_kem_sntrup4591761x25519_keypair(struct kex *kex) | |||
| 58 | #ifdef DEBUG_KEXECDH | 58 | #ifdef DEBUG_KEXECDH |
| 59 | dump_digest("client public key c25519:", cp, CURVE25519_SIZE); | 59 | dump_digest("client public key c25519:", cp, CURVE25519_SIZE); |
| 60 | #endif | 60 | #endif |
| 61 | kex->kem_client_pub = buf; | 61 | kex->client_pub = buf; |
| 62 | buf = NULL; | 62 | buf = NULL; |
| 63 | out: | 63 | out: |
| 64 | sshbuf_free(buf); | 64 | sshbuf_free(buf); |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: monitor.c,v 1.196 2019/01/21 10:29:56 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.197 2019/01/21 10:38:54 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
| 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
| @@ -1677,19 +1677,19 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) | |||
| 1677 | if ((kex = ssh->kex) != NULL) { | 1677 | if ((kex = ssh->kex) != NULL) { |
| 1678 | /* XXX set callbacks */ | 1678 | /* XXX set callbacks */ |
| 1679 | #ifdef WITH_OPENSSL | 1679 | #ifdef WITH_OPENSSL |
| 1680 | kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_server; | 1680 | kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; |
| 1681 | kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_server; | 1681 | kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; |
| 1682 | kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_server; | 1682 | kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; |
| 1683 | kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_server; | 1683 | kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; |
| 1684 | kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_server; | 1684 | kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; |
| 1685 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 1685 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
| 1686 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 1686 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
| 1687 | # ifdef OPENSSL_HAS_ECC | 1687 | # ifdef OPENSSL_HAS_ECC |
| 1688 | kex->kex[KEX_ECDH_SHA2] = kex_kem_server; | 1688 | kex->kex[KEX_ECDH_SHA2] = kex_gen_server; |
| 1689 | # endif | 1689 | # endif |
| 1690 | #endif /* WITH_OPENSSL */ | 1690 | #endif /* WITH_OPENSSL */ |
| 1691 | kex->kex[KEX_C25519_SHA256] = kex_kem_server; | 1691 | kex->kex[KEX_C25519_SHA256] = kex_gen_server; |
| 1692 | kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server; | 1692 | kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; |
| 1693 | kex->load_host_public_key=&get_hostkey_public_by_type; | 1693 | kex->load_host_public_key=&get_hostkey_public_by_type; |
| 1694 | kex->load_host_private_key=&get_hostkey_private_by_type; | 1694 | kex->load_host_private_key=&get_hostkey_private_by_type; |
| 1695 | kex->host_key_index=&get_hostkey_index; | 1695 | kex->host_key_index=&get_hostkey_index; |
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 9541ecf4a..144daa6df 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keyscan.c,v 1.124 2019/01/21 10:29:56 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.125 2019/01/21 10:38:54 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
| 4 | * | 4 | * |
| @@ -260,19 +260,19 @@ keygrab_ssh2(con *c) | |||
| 260 | exit(1); | 260 | exit(1); |
| 261 | } | 261 | } |
| 262 | #ifdef WITH_OPENSSL | 262 | #ifdef WITH_OPENSSL |
| 263 | c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_client; | 263 | c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client; |
| 264 | c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_client; | 264 | c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client; |
| 265 | c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_client; | 265 | c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client; |
| 266 | c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_client; | 266 | c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client; |
| 267 | c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_client; | 267 | c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client; |
| 268 | c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | 268 | c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
| 269 | c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; | 269 | c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
| 270 | # ifdef OPENSSL_HAS_ECC | 270 | # ifdef OPENSSL_HAS_ECC |
| 271 | c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_client; | 271 | c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; |
| 272 | # endif | 272 | # endif |
| 273 | #endif | 273 | #endif |
| 274 | c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client; | 274 | c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; |
| 275 | c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client; | 275 | c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client; |
| 276 | ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper); | 276 | ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper); |
| 277 | /* | 277 | /* |
| 278 | * do the key-exchange until an error occurs or until | 278 | * do the key-exchange until an error occurs or until |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh_api.c,v 1.14 2019/01/21 10:29:56 djm Exp $ */ | 1 | /* $OpenBSD: ssh_api.c,v 1.15 2019/01/21 10:38:54 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2012 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2012 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -99,37 +99,37 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) | |||
| 99 | ssh->kex->server = is_server; | 99 | ssh->kex->server = is_server; |
| 100 | if (is_server) { | 100 | if (is_server) { |
| 101 | #ifdef WITH_OPENSSL | 101 | #ifdef WITH_OPENSSL |
| 102 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_server; | 102 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; |
| 103 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_server; | 103 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; |
| 104 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_server; | 104 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; |
| 105 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_server; | 105 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; |
| 106 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_server; | 106 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; |
| 107 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 107 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
| 108 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 108 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
| 109 | # ifdef OPENSSL_HAS_ECC | 109 | # ifdef OPENSSL_HAS_ECC |
| 110 | ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_server; | 110 | ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_server; |
| 111 | # endif | 111 | # endif |
| 112 | #endif /* WITH_OPENSSL */ | 112 | #endif /* WITH_OPENSSL */ |
| 113 | ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_server; | 113 | ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_server; |
| 114 | ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server; | 114 | ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; |
| 115 | ssh->kex->load_host_public_key=&_ssh_host_public_key; | 115 | ssh->kex->load_host_public_key=&_ssh_host_public_key; |
| 116 | ssh->kex->load_host_private_key=&_ssh_host_private_key; | 116 | ssh->kex->load_host_private_key=&_ssh_host_private_key; |
| 117 | ssh->kex->sign=&_ssh_host_key_sign; | 117 | ssh->kex->sign=&_ssh_host_key_sign; |
| 118 | } else { | 118 | } else { |
| 119 | #ifdef WITH_OPENSSL | 119 | #ifdef WITH_OPENSSL |
| 120 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_client; | 120 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client; |
| 121 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_client; | 121 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client; |
| 122 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_client; | 122 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client; |
| 123 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_client; | 123 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client; |
| 124 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_client; | 124 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client; |
| 125 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | 125 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
| 126 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; | 126 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
| 127 | # ifdef OPENSSL_HAS_ECC | 127 | # ifdef OPENSSL_HAS_ECC |
| 128 | ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_client; | 128 | ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; |
| 129 | # endif | 129 | # endif |
| 130 | #endif /* WITH_OPENSSL */ | 130 | #endif /* WITH_OPENSSL */ |
| 131 | ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client; | 131 | ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; |
| 132 | ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client; | 132 | ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client; |
| 133 | ssh->kex->verify_host_key =&_ssh_verify_host_key; | 133 | ssh->kex->verify_host_key =&_ssh_verify_host_key; |
| 134 | } | 134 | } |
| 135 | *sshp = ssh; | 135 | *sshp = ssh; |
diff --git a/sshconnect2.c b/sshconnect2.c index aa5160185..2aa7b9933 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect2.c,v 1.300 2019/01/21 10:29:56 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.301 2019/01/21 10:38:54 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
| @@ -201,19 +201,19 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) | |||
| 201 | if ((r = kex_setup(ssh, myproposal)) != 0) | 201 | if ((r = kex_setup(ssh, myproposal)) != 0) |
| 202 | fatal("kex_setup: %s", ssh_err(r)); | 202 | fatal("kex_setup: %s", ssh_err(r)); |
| 203 | #ifdef WITH_OPENSSL | 203 | #ifdef WITH_OPENSSL |
| 204 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_client; | 204 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client; |
| 205 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_client; | 205 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client; |
| 206 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_client; | 206 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client; |
| 207 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_client; | 207 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client; |
| 208 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_client; | 208 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client; |
| 209 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | 209 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
| 210 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; | 210 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
| 211 | # ifdef OPENSSL_HAS_ECC | 211 | # ifdef OPENSSL_HAS_ECC |
| 212 | ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_client; | 212 | ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; |
| 213 | # endif | 213 | # endif |
| 214 | #endif | 214 | #endif |
| 215 | ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client; | 215 | ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; |
| 216 | ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client; | 216 | ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client; |
| 217 | ssh->kex->verify_host_key=&verify_host_key_callback; | 217 | ssh->kex->verify_host_key=&verify_host_key_callback; |
| 218 | 218 | ||
| 219 | ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done); | 219 | ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done); |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshd.c,v 1.531 2019/01/21 10:29:56 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.532 2019/01/21 10:38:54 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -2207,19 +2207,19 @@ do_ssh2_kex(struct ssh *ssh) | |||
| 2207 | fatal("kex_setup: %s", ssh_err(r)); | 2207 | fatal("kex_setup: %s", ssh_err(r)); |
| 2208 | kex = ssh->kex; | 2208 | kex = ssh->kex; |
| 2209 | #ifdef WITH_OPENSSL | 2209 | #ifdef WITH_OPENSSL |
| 2210 | kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_server; | 2210 | kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; |
| 2211 | kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_server; | 2211 | kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; |
| 2212 | kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_server; | 2212 | kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; |
| 2213 | kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_server; | 2213 | kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; |
| 2214 | kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_server; | 2214 | kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; |
| 2215 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 2215 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
| 2216 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 2216 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
| 2217 | # ifdef OPENSSL_HAS_ECC | 2217 | # ifdef OPENSSL_HAS_ECC |
| 2218 | kex->kex[KEX_ECDH_SHA2] = kex_kem_server; | 2218 | kex->kex[KEX_ECDH_SHA2] = kex_gen_server; |
| 2219 | # endif | 2219 | # endif |
| 2220 | #endif | 2220 | #endif |
| 2221 | kex->kex[KEX_C25519_SHA256] = kex_kem_server; | 2221 | kex->kex[KEX_C25519_SHA256] = kex_gen_server; |
| 2222 | kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server; | 2222 | kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; |
| 2223 | kex->load_host_public_key=&get_hostkey_public_by_type; | 2223 | kex->load_host_public_key=&get_hostkey_public_by_type; |
| 2224 | kex->load_host_private_key=&get_hostkey_private_by_type; | 2224 | kex->load_host_private_key=&get_hostkey_private_by_type; |
| 2225 | kex->host_key_index=&get_hostkey_index; | 2225 | kex->host_key_index=&get_hostkey_index; |