diff options
-rw-r--r-- | Makefile.in | 2 | ||||
-rw-r--r-- | kex.c | 4 | ||||
-rw-r--r-- | kex.h | 19 | ||||
-rw-r--r-- | kexc25519.c | 55 | ||||
-rw-r--r-- | kexdh.c | 4 | ||||
-rw-r--r-- | kexecdh.c | 4 | ||||
-rw-r--r-- | kexsntrup4591761x25519.c | 4 | ||||
-rw-r--r-- | monitor.c | 18 | ||||
-rw-r--r-- | ssh-keyscan.c | 18 | ||||
-rw-r--r-- | ssh_api.c | 34 | ||||
-rw-r--r-- | sshconnect2.c | 18 | ||||
-rw-r--r-- | sshd.c | 18 |
12 files changed, 68 insertions, 130 deletions
diff --git a/Makefile.in b/Makefile.in index fd539184a..6f001bb36 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -99,7 +99,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ | |||
99 | sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \ | 99 | sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \ |
100 | kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ | 100 | kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ |
101 | kexgexc.o kexgexs.o \ | 101 | kexgexc.o kexgexs.o \ |
102 | sntrup4591761.o kexsntrup4591761x25519.o kexkemc.o kexkems.o \ | 102 | sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \ |
103 | platform-pledge.o platform-tracing.o platform-misc.o | 103 | platform-pledge.o platform-tracing.o platform-misc.o |
104 | 104 | ||
105 | 105 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.148 2019/01/21 10:33:49 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.149 2019/01/21 10:40:11 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -655,7 +655,7 @@ kex_free(struct kex *kex) | |||
655 | sshbuf_free(kex->my); | 655 | sshbuf_free(kex->my); |
656 | sshbuf_free(kex->client_version); | 656 | sshbuf_free(kex->client_version); |
657 | sshbuf_free(kex->server_version); | 657 | sshbuf_free(kex->server_version); |
658 | sshbuf_free(kex->kem_client_pub); | 658 | sshbuf_free(kex->client_pub); |
659 | free(kex->session_id); | 659 | free(kex->session_id); |
660 | free(kex->failed_choice); | 660 | free(kex->failed_choice); |
661 | free(kex->hostkey_alg); | 661 | free(kex->hostkey_alg); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.h,v 1.104 2019/01/21 10:35:09 djm Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.106 2019/01/21 10:40:11 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -170,7 +170,7 @@ struct kex { | |||
170 | u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */ | 170 | u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */ |
171 | u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */ | 171 | u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */ |
172 | u_char sntrup4591761_client_key[crypto_kem_sntrup4591761_SECRETKEYBYTES]; /* KEM */ | 172 | u_char sntrup4591761_client_key[crypto_kem_sntrup4591761_SECRETKEYBYTES]; /* KEM */ |
173 | struct sshbuf *kem_client_pub; /* KEM */ | 173 | struct sshbuf *client_pub; |
174 | }; | 174 | }; |
175 | 175 | ||
176 | int kex_names_valid(const char *); | 176 | int kex_names_valid(const char *); |
@@ -199,16 +199,10 @@ int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *); | |||
199 | int kex_send_newkeys(struct ssh *); | 199 | int kex_send_newkeys(struct ssh *); |
200 | int kex_start_rekex(struct ssh *); | 200 | int kex_start_rekex(struct ssh *); |
201 | 201 | ||
202 | int kexdh_client(struct ssh *); | ||
203 | int kexdh_server(struct ssh *); | ||
204 | int kexgex_client(struct ssh *); | 202 | int kexgex_client(struct ssh *); |
205 | int kexgex_server(struct ssh *); | 203 | int kexgex_server(struct ssh *); |
206 | int kexecdh_client(struct ssh *); | 204 | int kex_gen_client(struct ssh *); |
207 | int kexecdh_server(struct ssh *); | 205 | int kex_gen_server(struct ssh *); |
208 | int kexc25519_client(struct ssh *); | ||
209 | int kexc25519_server(struct ssh *); | ||
210 | int kex_kem_client(struct ssh *); | ||
211 | int kex_kem_server(struct ssh *); | ||
212 | 206 | ||
213 | int kex_dh_keypair(struct kex *); | 207 | int kex_dh_keypair(struct kex *); |
214 | int kex_dh_enc(struct kex *, const struct sshbuf *, struct sshbuf **, | 208 | int kex_dh_enc(struct kex *, const struct sshbuf *, struct sshbuf **, |
@@ -241,11 +235,6 @@ int kexgex_hash(int, const struct sshbuf *, const struct sshbuf *, | |||
241 | const BIGNUM *, const u_char *, size_t, | 235 | const BIGNUM *, const u_char *, size_t, |
242 | u_char *, size_t *); | 236 | u_char *, size_t *); |
243 | 237 | ||
244 | int kex_c25519_hash(int, const struct sshbuf *, const struct sshbuf *, | ||
245 | const u_char *, size_t, const u_char *, size_t, | ||
246 | const u_char *, size_t, const struct sshbuf *, const struct sshbuf *, | ||
247 | const struct sshbuf *, u_char *, size_t *); | ||
248 | |||
249 | void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) | 238 | void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) |
250 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) | 239 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) |
251 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); | 240 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); |
diff --git a/kexc25519.c b/kexc25519.c index ec5bb574f..f13d766d7 100644 --- a/kexc25519.c +++ b/kexc25519.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexc25519.c,v 1.15 2019/01/21 10:35:09 djm Exp $ */ | 1 | /* $OpenBSD: kexc25519.c,v 1.17 2019/01/21 10:40:11 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -89,57 +89,6 @@ kexc25519_shared_key(const u_char key[CURVE25519_SIZE], | |||
89 | } | 89 | } |
90 | 90 | ||
91 | int | 91 | int |
92 | kex_c25519_hash( | ||
93 | int hash_alg, | ||
94 | const struct sshbuf *client_version, | ||
95 | const struct sshbuf *server_version, | ||
96 | const u_char *ckexinit, size_t ckexinitlen, | ||
97 | const u_char *skexinit, size_t skexinitlen, | ||
98 | const u_char *serverhostkeyblob, size_t sbloblen, | ||
99 | const struct sshbuf *client_pub, | ||
100 | const struct sshbuf *server_pub, | ||
101 | const struct sshbuf *shared_secret, | ||
102 | u_char *hash, size_t *hashlen) | ||
103 | { | ||
104 | struct sshbuf *b; | ||
105 | int r; | ||
106 | |||
107 | if (*hashlen < ssh_digest_bytes(hash_alg)) | ||
108 | return SSH_ERR_INVALID_ARGUMENT; | ||
109 | if ((b = sshbuf_new()) == NULL) | ||
110 | return SSH_ERR_ALLOC_FAIL; | ||
111 | if ((r = sshbuf_put_stringb(b, client_version)) != 0 || | ||
112 | (r = sshbuf_put_stringb(b, server_version)) != 0 || | ||
113 | /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ | ||
114 | (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || | ||
115 | (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || | ||
116 | (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || | ||
117 | (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 || | ||
118 | (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || | ||
119 | (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || | ||
120 | (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || | ||
121 | (r = sshbuf_put_stringb(b, client_pub)) != 0 || | ||
122 | (r = sshbuf_put_stringb(b, server_pub)) != 0 || | ||
123 | (r = sshbuf_putb(b, shared_secret)) != 0) { | ||
124 | sshbuf_free(b); | ||
125 | return r; | ||
126 | } | ||
127 | #ifdef DEBUG_KEX | ||
128 | sshbuf_dump(b, stderr); | ||
129 | #endif | ||
130 | if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) { | ||
131 | sshbuf_free(b); | ||
132 | return SSH_ERR_LIBCRYPTO_ERROR; | ||
133 | } | ||
134 | sshbuf_free(b); | ||
135 | *hashlen = ssh_digest_bytes(hash_alg); | ||
136 | #ifdef DEBUG_KEX | ||
137 | dump_digest("hash", hash, *hashlen); | ||
138 | #endif | ||
139 | return 0; | ||
140 | } | ||
141 | |||
142 | int | ||
143 | kex_c25519_keypair(struct kex *kex) | 92 | kex_c25519_keypair(struct kex *kex) |
144 | { | 93 | { |
145 | struct sshbuf *buf = NULL; | 94 | struct sshbuf *buf = NULL; |
@@ -154,7 +103,7 @@ kex_c25519_keypair(struct kex *kex) | |||
154 | #ifdef DEBUG_KEXECDH | 103 | #ifdef DEBUG_KEXECDH |
155 | dump_digest("client public key c25519:", cp, CURVE25519_SIZE); | 104 | dump_digest("client public key c25519:", cp, CURVE25519_SIZE); |
156 | #endif | 105 | #endif |
157 | kex->kem_client_pub = buf; | 106 | kex->client_pub = buf; |
158 | buf = NULL; | 107 | buf = NULL; |
159 | out: | 108 | out: |
160 | sshbuf_free(buf); | 109 | sshbuf_free(buf); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexdh.c,v 1.31 2019/01/21 10:35:09 djm Exp $ */ | 1 | /* $OpenBSD: kexdh.c,v 1.32 2019/01/21 10:40:11 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -128,7 +128,7 @@ kex_dh_keypair(struct kex *kex) | |||
128 | BN_print_fp(stderr, pub_key); | 128 | BN_print_fp(stderr, pub_key); |
129 | fprintf(stderr, "\n"); | 129 | fprintf(stderr, "\n"); |
130 | #endif | 130 | #endif |
131 | kex->kem_client_pub = buf; | 131 | kex->client_pub = buf; |
132 | buf = NULL; | 132 | buf = NULL; |
133 | out: | 133 | out: |
134 | sshbuf_free(buf); | 134 | sshbuf_free(buf); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexecdh.c,v 1.9 2019/01/21 10:35:09 djm Exp $ */ | 1 | /* $OpenBSD: kexecdh.c,v 1.10 2019/01/21 10:40:11 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 3 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
4 | * Copyright (c) 2019 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2019 Markus Friedl. All rights reserved. |
@@ -80,7 +80,7 @@ kex_ecdh_keypair(struct kex *kex) | |||
80 | kex->ec_client_key = client_key; | 80 | kex->ec_client_key = client_key; |
81 | kex->ec_group = group; | 81 | kex->ec_group = group; |
82 | client_key = NULL; /* owned by the kex */ | 82 | client_key = NULL; /* owned by the kex */ |
83 | kex->kem_client_pub = buf; | 83 | kex->client_pub = buf; |
84 | buf = NULL; | 84 | buf = NULL; |
85 | out: | 85 | out: |
86 | EC_KEY_free(client_key); | 86 | EC_KEY_free(client_key); |
diff --git a/kexsntrup4591761x25519.c b/kexsntrup4591761x25519.c index d845f3d44..b0605b96a 100644 --- a/kexsntrup4591761x25519.c +++ b/kexsntrup4591761x25519.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexsntrup4591761x25519.c,v 1.2 2019/01/21 10:35:09 djm Exp $ */ | 1 | /* $OpenBSD: kexsntrup4591761x25519.c,v 1.3 2019/01/21 10:40:11 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -58,7 +58,7 @@ kex_kem_sntrup4591761x25519_keypair(struct kex *kex) | |||
58 | #ifdef DEBUG_KEXECDH | 58 | #ifdef DEBUG_KEXECDH |
59 | dump_digest("client public key c25519:", cp, CURVE25519_SIZE); | 59 | dump_digest("client public key c25519:", cp, CURVE25519_SIZE); |
60 | #endif | 60 | #endif |
61 | kex->kem_client_pub = buf; | 61 | kex->client_pub = buf; |
62 | buf = NULL; | 62 | buf = NULL; |
63 | out: | 63 | out: |
64 | sshbuf_free(buf); | 64 | sshbuf_free(buf); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.196 2019/01/21 10:29:56 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.197 2019/01/21 10:38:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -1677,19 +1677,19 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) | |||
1677 | if ((kex = ssh->kex) != NULL) { | 1677 | if ((kex = ssh->kex) != NULL) { |
1678 | /* XXX set callbacks */ | 1678 | /* XXX set callbacks */ |
1679 | #ifdef WITH_OPENSSL | 1679 | #ifdef WITH_OPENSSL |
1680 | kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_server; | 1680 | kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; |
1681 | kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_server; | 1681 | kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; |
1682 | kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_server; | 1682 | kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; |
1683 | kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_server; | 1683 | kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; |
1684 | kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_server; | 1684 | kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; |
1685 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 1685 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
1686 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 1686 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
1687 | # ifdef OPENSSL_HAS_ECC | 1687 | # ifdef OPENSSL_HAS_ECC |
1688 | kex->kex[KEX_ECDH_SHA2] = kex_kem_server; | 1688 | kex->kex[KEX_ECDH_SHA2] = kex_gen_server; |
1689 | # endif | 1689 | # endif |
1690 | #endif /* WITH_OPENSSL */ | 1690 | #endif /* WITH_OPENSSL */ |
1691 | kex->kex[KEX_C25519_SHA256] = kex_kem_server; | 1691 | kex->kex[KEX_C25519_SHA256] = kex_gen_server; |
1692 | kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server; | 1692 | kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; |
1693 | kex->load_host_public_key=&get_hostkey_public_by_type; | 1693 | kex->load_host_public_key=&get_hostkey_public_by_type; |
1694 | kex->load_host_private_key=&get_hostkey_private_by_type; | 1694 | kex->load_host_private_key=&get_hostkey_private_by_type; |
1695 | kex->host_key_index=&get_hostkey_index; | 1695 | kex->host_key_index=&get_hostkey_index; |
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 9541ecf4a..144daa6df 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keyscan.c,v 1.124 2019/01/21 10:29:56 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.125 2019/01/21 10:38:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | * | 4 | * |
@@ -260,19 +260,19 @@ keygrab_ssh2(con *c) | |||
260 | exit(1); | 260 | exit(1); |
261 | } | 261 | } |
262 | #ifdef WITH_OPENSSL | 262 | #ifdef WITH_OPENSSL |
263 | c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_client; | 263 | c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client; |
264 | c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_client; | 264 | c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client; |
265 | c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_client; | 265 | c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client; |
266 | c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_client; | 266 | c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client; |
267 | c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_client; | 267 | c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client; |
268 | c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | 268 | c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
269 | c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; | 269 | c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
270 | # ifdef OPENSSL_HAS_ECC | 270 | # ifdef OPENSSL_HAS_ECC |
271 | c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_client; | 271 | c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; |
272 | # endif | 272 | # endif |
273 | #endif | 273 | #endif |
274 | c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client; | 274 | c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; |
275 | c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client; | 275 | c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client; |
276 | ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper); | 276 | ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper); |
277 | /* | 277 | /* |
278 | * do the key-exchange until an error occurs or until | 278 | * do the key-exchange until an error occurs or until |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh_api.c,v 1.14 2019/01/21 10:29:56 djm Exp $ */ | 1 | /* $OpenBSD: ssh_api.c,v 1.15 2019/01/21 10:38:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2012 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2012 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -99,37 +99,37 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) | |||
99 | ssh->kex->server = is_server; | 99 | ssh->kex->server = is_server; |
100 | if (is_server) { | 100 | if (is_server) { |
101 | #ifdef WITH_OPENSSL | 101 | #ifdef WITH_OPENSSL |
102 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_server; | 102 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; |
103 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_server; | 103 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; |
104 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_server; | 104 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; |
105 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_server; | 105 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; |
106 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_server; | 106 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; |
107 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 107 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
108 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 108 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
109 | # ifdef OPENSSL_HAS_ECC | 109 | # ifdef OPENSSL_HAS_ECC |
110 | ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_server; | 110 | ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_server; |
111 | # endif | 111 | # endif |
112 | #endif /* WITH_OPENSSL */ | 112 | #endif /* WITH_OPENSSL */ |
113 | ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_server; | 113 | ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_server; |
114 | ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server; | 114 | ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; |
115 | ssh->kex->load_host_public_key=&_ssh_host_public_key; | 115 | ssh->kex->load_host_public_key=&_ssh_host_public_key; |
116 | ssh->kex->load_host_private_key=&_ssh_host_private_key; | 116 | ssh->kex->load_host_private_key=&_ssh_host_private_key; |
117 | ssh->kex->sign=&_ssh_host_key_sign; | 117 | ssh->kex->sign=&_ssh_host_key_sign; |
118 | } else { | 118 | } else { |
119 | #ifdef WITH_OPENSSL | 119 | #ifdef WITH_OPENSSL |
120 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_client; | 120 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client; |
121 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_client; | 121 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client; |
122 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_client; | 122 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client; |
123 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_client; | 123 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client; |
124 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_client; | 124 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client; |
125 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | 125 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
126 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; | 126 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
127 | # ifdef OPENSSL_HAS_ECC | 127 | # ifdef OPENSSL_HAS_ECC |
128 | ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_client; | 128 | ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; |
129 | # endif | 129 | # endif |
130 | #endif /* WITH_OPENSSL */ | 130 | #endif /* WITH_OPENSSL */ |
131 | ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client; | 131 | ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; |
132 | ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client; | 132 | ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client; |
133 | ssh->kex->verify_host_key =&_ssh_verify_host_key; | 133 | ssh->kex->verify_host_key =&_ssh_verify_host_key; |
134 | } | 134 | } |
135 | *sshp = ssh; | 135 | *sshp = ssh; |
diff --git a/sshconnect2.c b/sshconnect2.c index aa5160185..2aa7b9933 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.300 2019/01/21 10:29:56 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.301 2019/01/21 10:38:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -201,19 +201,19 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) | |||
201 | if ((r = kex_setup(ssh, myproposal)) != 0) | 201 | if ((r = kex_setup(ssh, myproposal)) != 0) |
202 | fatal("kex_setup: %s", ssh_err(r)); | 202 | fatal("kex_setup: %s", ssh_err(r)); |
203 | #ifdef WITH_OPENSSL | 203 | #ifdef WITH_OPENSSL |
204 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_client; | 204 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client; |
205 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_client; | 205 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client; |
206 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_client; | 206 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client; |
207 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_client; | 207 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client; |
208 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_client; | 208 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client; |
209 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | 209 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
210 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; | 210 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
211 | # ifdef OPENSSL_HAS_ECC | 211 | # ifdef OPENSSL_HAS_ECC |
212 | ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_client; | 212 | ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; |
213 | # endif | 213 | # endif |
214 | #endif | 214 | #endif |
215 | ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client; | 215 | ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; |
216 | ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client; | 216 | ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client; |
217 | ssh->kex->verify_host_key=&verify_host_key_callback; | 217 | ssh->kex->verify_host_key=&verify_host_key_callback; |
218 | 218 | ||
219 | ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done); | 219 | ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.531 2019/01/21 10:29:56 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.532 2019/01/21 10:38:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -2207,19 +2207,19 @@ do_ssh2_kex(struct ssh *ssh) | |||
2207 | fatal("kex_setup: %s", ssh_err(r)); | 2207 | fatal("kex_setup: %s", ssh_err(r)); |
2208 | kex = ssh->kex; | 2208 | kex = ssh->kex; |
2209 | #ifdef WITH_OPENSSL | 2209 | #ifdef WITH_OPENSSL |
2210 | kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_server; | 2210 | kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; |
2211 | kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_server; | 2211 | kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; |
2212 | kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_server; | 2212 | kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; |
2213 | kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_server; | 2213 | kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; |
2214 | kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_server; | 2214 | kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; |
2215 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 2215 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
2216 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 2216 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
2217 | # ifdef OPENSSL_HAS_ECC | 2217 | # ifdef OPENSSL_HAS_ECC |
2218 | kex->kex[KEX_ECDH_SHA2] = kex_kem_server; | 2218 | kex->kex[KEX_ECDH_SHA2] = kex_gen_server; |
2219 | # endif | 2219 | # endif |
2220 | #endif | 2220 | #endif |
2221 | kex->kex[KEX_C25519_SHA256] = kex_kem_server; | 2221 | kex->kex[KEX_C25519_SHA256] = kex_gen_server; |
2222 | kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server; | 2222 | kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; |
2223 | kex->load_host_public_key=&get_hostkey_public_by_type; | 2223 | kex->load_host_public_key=&get_hostkey_public_by_type; |
2224 | kex->load_host_private_key=&get_hostkey_private_by_type; | 2224 | kex->load_host_private_key=&get_hostkey_private_by_type; |
2225 | kex->host_key_index=&get_hostkey_index; | 2225 | kex->host_key_index=&get_hostkey_index; |