summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog10
-rw-r--r--kex.c22
-rw-r--r--kex.h7
-rw-r--r--kexdh.c14
-rw-r--r--kexgex.c17
-rw-r--r--packet.c5
-rw-r--r--sshconnect2.c6
-rw-r--r--sshd.c4
8 files changed, 46 insertions, 39 deletions
diff --git a/ChangeLog b/ChangeLog
index bc6879865..4ca9cf0b0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
120010405
2 - OpenBSD CVS Sync
3 - markus@cvs.openbsd.org 2001/04/04 09:48:35
4 [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
5 don't sent multiple kexinit-requests.
6 send newkeys, block while waiting for newkeys.
7 fix comments.
8
120010404 920010404
2 - OpenBSD CVS Sync 10 - OpenBSD CVS Sync
3 - deraadt@cvs.openbsd.org 2001/04/02 17:32:23 11 - deraadt@cvs.openbsd.org 2001/04/02 17:32:23
@@ -4836,4 +4844,4 @@
4836 - Wrote replacements for strlcpy and mkdtemp 4844 - Wrote replacements for strlcpy and mkdtemp
4837 - Released 1.0pre1 4845 - Released 1.0pre1
4838 4846
4839$Id: ChangeLog,v 1.1054 2001/04/04 17:39:19 mouring Exp $ 4847$Id: ChangeLog,v 1.1055 2001/04/04 17:52:53 mouring Exp $
diff --git a/kex.c b/kex.c
index 3b42d3240..1314270d4 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kex.c,v 1.27 2001/04/03 23:32:11 markus Exp $"); 26RCSID("$OpenBSD: kex.c,v 1.28 2001/04/04 09:48:34 markus Exp $");
27 27
28#include <openssl/crypto.h> 28#include <openssl/crypto.h>
29 29
@@ -112,20 +112,17 @@ kex_protocol_error(int type, int plen, void *ctxt)
112} 112}
113 113
114void 114void
115kex_send_newkeys(void) 115kex_finish(Kex *kex)
116{ 116{
117 int i, plen;
118
117 packet_start(SSH2_MSG_NEWKEYS); 119 packet_start(SSH2_MSG_NEWKEYS);
118 packet_send(); 120 packet_send();
119 /* packet_write_wait(); */ 121 /* packet_write_wait(); */
120 debug("SSH2_MSG_NEWKEYS sent"); 122 debug("SSH2_MSG_NEWKEYS sent");
121}
122
123void
124kex_input_newkeys(int type, int plen, void *ctxt)
125{
126 Kex *kex = ctxt;
127 int i;
128 123
124 debug("waiting for SSH2_MSG_NEWKEYS");
125 packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
129 debug("SSH2_MSG_NEWKEYS received"); 126 debug("SSH2_MSG_NEWKEYS received");
130 kex->newkeys = 1; 127 kex->newkeys = 1;
131 for (i = 30; i <= 49; i++) 128 for (i = 30; i <= 49; i++)
@@ -138,6 +135,10 @@ kex_input_newkeys(int type, int plen, void *ctxt)
138void 135void
139kex_send_kexinit(Kex *kex) 136kex_send_kexinit(Kex *kex)
140{ 137{
138 if (kex->flags & KEX_INIT_SENT) {
139 debug("KEX_INIT_SENT");
140 return;
141 }
141 packet_start(SSH2_MSG_KEXINIT); 142 packet_start(SSH2_MSG_KEXINIT);
142 packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my)); 143 packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));
143 packet_send(); 144 packet_send();
@@ -161,7 +162,7 @@ kex_input_kexinit(int type, int plen, void *ctxt)
161} 162}
162 163
163Kex * 164Kex *
164kex_start(char *proposal[PROPOSAL_MAX]) 165kex_setup(char *proposal[PROPOSAL_MAX])
165{ 166{
166 Kex *kex; 167 Kex *kex;
167 int i; 168 int i;
@@ -179,7 +180,6 @@ kex_start(char *proposal[PROPOSAL_MAX])
179 dispatch_set(i, kex_protocol_error); 180 dispatch_set(i, kex_protocol_error);
180 181
181 dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit); 182 dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
182 dispatch_set(SSH2_MSG_NEWKEYS, &kex_input_newkeys);
183 return kex; 183 return kex;
184} 184}
185 185
diff --git a/kex.h b/kex.h
index 83f54fd96..c37d3aa5f 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.h,v 1.19 2001/04/03 23:32:12 markus Exp $ */ 1/* $OpenBSD: kex.h,v 1.20 2001/04/04 09:48:34 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -111,8 +111,9 @@ struct Kex {
111 Key *(*load_host_key)(int type); 111 Key *(*load_host_key)(int type);
112}; 112};
113 113
114Kex *kex_start(char *proposal[PROPOSAL_MAX]); 114Kex *kex_setup(char *proposal[PROPOSAL_MAX]);
115void kex_send_newkeys(void); 115void kex_finish(Kex *kex);
116
116void kex_send_kexinit(Kex *kex); 117void kex_send_kexinit(Kex *kex);
117void kex_protocol_error(int type, int plen, void *ctxt); 118void kex_protocol_error(int type, int plen, void *ctxt);
118void kex_derive_keys(Kex *k, u_char *hash, BIGNUM *shared_secret); 119void kex_derive_keys(Kex *k, u_char *hash, BIGNUM *shared_secret);
diff --git a/kexdh.c b/kexdh.c
index 8449ec06a..7b6a22040 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kexdh.c,v 1.2 2001/04/03 23:32:12 markus Exp $"); 26RCSID("$OpenBSD: kexdh.c,v 1.3 2001/04/04 09:48:34 markus Exp $");
27 27
28#include <openssl/crypto.h> 28#include <openssl/crypto.h>
29#include <openssl/bn.h> 29#include <openssl/bn.h>
@@ -170,8 +170,8 @@ kexdh_client(Kex *kex)
170 shared_secret 170 shared_secret
171 ); 171 );
172 xfree(server_host_key_blob); 172 xfree(server_host_key_blob);
173 DH_free(dh);
174 BN_free(dh_server_pub); 173 BN_free(dh_server_pub);
174 DH_free(dh);
175 175
176 if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1) 176 if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
177 fatal("key_verify failed for server_host_key"); 177 fatal("key_verify failed for server_host_key");
@@ -187,7 +187,7 @@ kexdh_client(Kex *kex)
187 187
188 kex_derive_keys(kex, hash, shared_secret); 188 kex_derive_keys(kex, hash, shared_secret);
189 BN_clear_free(shared_secret); 189 BN_clear_free(shared_secret);
190 kex_send_newkeys(); 190 kex_finish(kex);
191} 191}
192 192
193/* server */ 193/* server */
@@ -283,15 +283,15 @@ kexdh_server(Kex *kex)
283 packet_put_bignum2(dh->pub_key); /* f */ 283 packet_put_bignum2(dh->pub_key); /* f */
284 packet_put_string((char *)signature, slen); 284 packet_put_string((char *)signature, slen);
285 packet_send(); 285 packet_send();
286
286 xfree(signature); 287 xfree(signature);
287 xfree(server_host_key_blob); 288 xfree(server_host_key_blob);
289 /* have keys, free DH */
290 DH_free(dh);
288 291
289 kex_derive_keys(kex, hash, shared_secret); 292 kex_derive_keys(kex, hash, shared_secret);
290 BN_clear_free(shared_secret); 293 BN_clear_free(shared_secret);
291 kex_send_newkeys(); 294 kex_finish(kex);
292
293 /* have keys, free DH */
294 DH_free(dh);
295} 295}
296 296
297void 297void
diff --git a/kexgex.c b/kexgex.c
index 6e8be78b5..df7e668b4 100644
--- a/kexgex.c
+++ b/kexgex.c
@@ -24,7 +24,7 @@
24 */ 24 */
25 25
26#include "includes.h" 26#include "includes.h"
27RCSID("$OpenBSD: kexgex.c,v 1.2 2001/04/03 23:32:12 markus Exp $"); 27RCSID("$OpenBSD: kexgex.c,v 1.3 2001/04/04 09:48:34 markus Exp $");
28 28
29#include <openssl/bn.h> 29#include <openssl/bn.h>
30 30
@@ -228,6 +228,8 @@ kexgex_client(Kex *kex)
228 dh_server_pub, 228 dh_server_pub,
229 shared_secret 229 shared_secret
230 ); 230 );
231 /* have keys, free DH */
232 DH_free(dh);
231 xfree(server_host_key_blob); 233 xfree(server_host_key_blob);
232 BN_free(dh_server_pub); 234 BN_free(dh_server_pub);
233 235
@@ -242,14 +244,10 @@ kexgex_client(Kex *kex)
242 kex->session_id = xmalloc(kex->session_id_len); 244 kex->session_id = xmalloc(kex->session_id_len);
243 memcpy(kex->session_id, hash, kex->session_id_len); 245 memcpy(kex->session_id, hash, kex->session_id_len);
244 } 246 }
245
246 kex_derive_keys(kex, hash, shared_secret); 247 kex_derive_keys(kex, hash, shared_secret);
247 BN_clear_free(shared_secret); 248 BN_clear_free(shared_secret);
248 249
249 kex_send_newkeys(); 250 kex_finish(kex);
250
251 /* have keys, free DH */
252 DH_free(dh);
253} 251}
254 252
255/* server */ 253/* server */
@@ -391,14 +389,13 @@ kexgex_server(Kex *kex)
391 packet_send(); 389 packet_send();
392 xfree(signature); 390 xfree(signature);
393 xfree(server_host_key_blob); 391 xfree(server_host_key_blob);
392 /* have keys, free DH */
393 DH_free(dh);
394 394
395 kex_derive_keys(kex, hash, shared_secret); 395 kex_derive_keys(kex, hash, shared_secret);
396 BN_clear_free(shared_secret); 396 BN_clear_free(shared_secret);
397 397
398 kex_send_newkeys(); 398 kex_finish(kex);
399
400 /* have keys, free DH */
401 DH_free(dh);
402} 399}
403 400
404void 401void
diff --git a/packet.c b/packet.c
index a4a0b0595..cf081a0f8 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: packet.c,v 1.57 2001/04/03 23:32:12 markus Exp $"); 40RCSID("$OpenBSD: packet.c,v 1.58 2001/04/04 09:48:34 markus Exp $");
41 41
42#include "xmalloc.h" 42#include "xmalloc.h"
43#include "buffer.h" 43#include "buffer.h"
@@ -525,7 +525,8 @@ set_newkeys(int mode)
525 if (newkeys[mode] != NULL) { 525 if (newkeys[mode] != NULL) {
526 debug("newkeys: rekeying"); 526 debug("newkeys: rekeying");
527 memset(cc, 0, sizeof(*cc)); 527 memset(cc, 0, sizeof(*cc));
528 // free old keys, reset compression cipher-contexts; 528 /* todo: free old keys, reset compression/cipher-ctxt; */
529 xfree(newkeys[mode]);
529 } 530 }
530 newkeys[mode] = kex_get_newkeys(mode); 531 newkeys[mode] = kex_get_newkeys(mode);
531 if (newkeys[mode] == NULL) 532 if (newkeys[mode] == NULL)
diff --git a/sshconnect2.c b/sshconnect2.c
index 1c52231b9..895156704 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.63 2001/04/04 00:06:54 markus Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.64 2001/04/04 09:48:35 markus Exp $");
27 27
28#include <openssl/bn.h> 28#include <openssl/bn.h>
29#include <openssl/md5.h> 29#include <openssl/md5.h>
@@ -111,7 +111,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
111 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; 111 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
112 } 112 }
113 113
114 kex = kex_start(myproposal); 114 kex = kex_setup(myproposal);
115 kex->client_version_string=client_version_string; 115 kex->client_version_string=client_version_string;
116 kex->server_version_string=server_version_string; 116 kex->server_version_string=server_version_string;
117 kex->check_host_key=&check_host_key_callback; 117 kex->check_host_key=&check_host_key_callback;
@@ -254,7 +254,7 @@ ssh_userauth2(const char *server_user, char *host)
254 /* initial userauth request */ 254 /* initial userauth request */
255 userauth_none(&authctxt); 255 userauth_none(&authctxt);
256 256
257 //dispatch_init(&input_userauth_error); 257 /* dispatch_init(&input_userauth_error); */
258 for (i = 50; i <= 254; i++) { 258 for (i = 50; i <= 254; i++) {
259 dispatch_set(i, &input_userauth_error); 259 dispatch_set(i, &input_userauth_error);
260 } 260 }
diff --git a/sshd.c b/sshd.c
index bdcae2cd4..0bb4269d5 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: sshd.c,v 1.187 2001/04/03 23:32:12 markus Exp $"); 43RCSID("$OpenBSD: sshd.c,v 1.188 2001/04/04 09:48:35 markus Exp $");
44 44
45#include <openssl/dh.h> 45#include <openssl/dh.h>
46#include <openssl/bn.h> 46#include <openssl/bn.h>
@@ -1425,7 +1425,7 @@ do_ssh2_kex(void)
1425 } 1425 }
1426 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); 1426 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
1427 1427
1428 kex = kex_start(myproposal); 1428 kex = kex_setup(myproposal);
1429 kex->server = 1; 1429 kex->server = 1;
1430 kex->client_version_string=client_version_string; 1430 kex->client_version_string=client_version_string;
1431 kex->server_version_string=server_version_string; 1431 kex->server_version_string=server_version_string;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 07:32:14 +0000