diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | OVERVIEW | 1 | ||||
-rw-r--r-- | auth-rsa.c | 3 | ||||
-rw-r--r-- | auth1.c | 3 | ||||
-rw-r--r-- | kex.c | 35 | ||||
-rw-r--r-- | monitor.c | 3 | ||||
-rw-r--r-- | session.c | 3 | ||||
-rw-r--r-- | sshconnect1.c | 6 | ||||
-rw-r--r-- | sshd.c | 10 |
9 files changed, 51 insertions, 19 deletions
@@ -20,6 +20,10 @@ | |||
20 | - djm@cvs.openbsd.org 2004/05/09 00:06:47 | 20 | - djm@cvs.openbsd.org 2004/05/09 00:06:47 |
21 | [moduli.c ssh-keygen.c] removed: moduli.h | 21 | [moduli.c ssh-keygen.c] removed: moduli.h |
22 | zap another tiny header; ok deraadt@ | 22 | zap another tiny header; ok deraadt@ |
23 | - djm@cvs.openbsd.org 2004/05/09 01:19:28 | ||
24 | [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c | ||
25 | sshd.c] removed: mpaux.c mpaux.h | ||
26 | kill some more tiny files; ok deraadt@ | ||
23 | 27 | ||
24 | 20040502 | 28 | 20040502 |
25 | - (dtucker) OpenBSD CVS Sync | 29 | - (dtucker) OpenBSD CVS Sync |
@@ -1096,4 +1100,4 @@ | |||
1096 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 1100 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
1097 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 1101 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
1098 | 1102 | ||
1099 | $Id: ChangeLog,v 1.3347 2004/05/13 06:24:32 dtucker Exp $ | 1103 | $Id: ChangeLog,v 1.3348 2004/05/13 06:30:44 dtucker Exp $ |
@@ -40,7 +40,6 @@ these programs. | |||
40 | Multiple Precision Integer Library | 40 | Multiple Precision Integer Library |
41 | 41 | ||
42 | - Uses the SSLeay BIGNUM sublibrary. | 42 | - Uses the SSLeay BIGNUM sublibrary. |
43 | - Some auxiliary functions for mp-int manipulation are in mpaux.c. | ||
44 | 43 | ||
45 | Random Numbers | 44 | Random Numbers |
46 | 45 | ||
diff --git a/auth-rsa.c b/auth-rsa.c index 2f0746b30..8a02b8a8f 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $"); | 17 | RCSID("$OpenBSD: auth-rsa.c,v 1.59 2004/05/09 01:19:27 djm Exp $"); |
18 | 18 | ||
19 | #include <openssl/rsa.h> | 19 | #include <openssl/rsa.h> |
20 | #include <openssl/md5.h> | 20 | #include <openssl/md5.h> |
@@ -23,7 +23,6 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $"); | |||
23 | #include "packet.h" | 23 | #include "packet.h" |
24 | #include "xmalloc.h" | 24 | #include "xmalloc.h" |
25 | #include "ssh1.h" | 25 | #include "ssh1.h" |
26 | #include "mpaux.h" | ||
27 | #include "uidswap.h" | 26 | #include "uidswap.h" |
28 | #include "match.h" | 27 | #include "match.h" |
29 | #include "auth-options.h" | 28 | #include "auth-options.h" |
@@ -10,14 +10,13 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth1.c,v 1.55 2003/11/08 16:02:40 jakob Exp $"); | 13 | RCSID("$OpenBSD: auth1.c,v 1.56 2004/05/09 01:19:27 djm Exp $"); |
14 | 14 | ||
15 | #include "xmalloc.h" | 15 | #include "xmalloc.h" |
16 | #include "rsa.h" | 16 | #include "rsa.h" |
17 | #include "ssh1.h" | 17 | #include "ssh1.h" |
18 | #include "packet.h" | 18 | #include "packet.h" |
19 | #include "buffer.h" | 19 | #include "buffer.h" |
20 | #include "mpaux.h" | ||
21 | #include "log.h" | 20 | #include "log.h" |
22 | #include "servconf.h" | 21 | #include "servconf.h" |
23 | #include "compat.h" | 22 | #include "compat.h" |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: kex.c,v 1.56 2003/11/21 11:57:03 djm Exp $"); | 26 | RCSID("$OpenBSD: kex.c,v 1.57 2004/05/09 01:19:27 djm Exp $"); |
27 | 27 | ||
28 | #include <openssl/crypto.h> | 28 | #include <openssl/crypto.h> |
29 | 29 | ||
@@ -479,6 +479,39 @@ kex_get_newkeys(int mode) | |||
479 | return ret; | 479 | return ret; |
480 | } | 480 | } |
481 | 481 | ||
482 | void | ||
483 | derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, | ||
484 | u_int8_t cookie[8], u_int8_t id[16]) | ||
485 | { | ||
486 | const EVP_MD *evp_md = EVP_md5(); | ||
487 | EVP_MD_CTX md; | ||
488 | u_int8_t nbuf[2048], obuf[EVP_MAX_MD_SIZE]; | ||
489 | int len; | ||
490 | |||
491 | EVP_DigestInit(&md, evp_md); | ||
492 | |||
493 | len = BN_num_bytes(host_modulus); | ||
494 | if (len < (512 / 8) || len > sizeof(nbuf)) | ||
495 | fatal("%s: bad host modulus (len %d)", __func__, len); | ||
496 | BN_bn2bin(host_modulus, nbuf); | ||
497 | EVP_DigestUpdate(&md, nbuf, len); | ||
498 | |||
499 | len = BN_num_bytes(server_modulus); | ||
500 | if (len < (512 / 8) || len > sizeof(nbuf)) | ||
501 | fatal("%s: bad server modulus (len %d)", __func__, len); | ||
502 | BN_bn2bin(server_modulus, nbuf); | ||
503 | EVP_DigestUpdate(&md, nbuf, len); | ||
504 | |||
505 | EVP_DigestUpdate(&md, cookie, 8); | ||
506 | |||
507 | EVP_DigestFinal(&md, id, NULL); | ||
508 | memcpy(id, obuf, 16); | ||
509 | |||
510 | memset(nbuf, 0, sizeof(nbuf)); | ||
511 | memset(obuf, 0, sizeof(obuf)); | ||
512 | memset(&md, 0, sizeof(md)); | ||
513 | } | ||
514 | |||
482 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) | 515 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) |
483 | void | 516 | void |
484 | dump_digest(char *msg, u_char *digest, int len) | 517 | dump_digest(char *msg, u_char *digest, int len) |
@@ -25,7 +25,7 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $"); | 28 | RCSID("$OpenBSD: monitor.c,v 1.56 2004/05/09 01:19:27 djm Exp $"); |
29 | 29 | ||
30 | #include <openssl/dh.h> | 30 | #include <openssl/dh.h> |
31 | 31 | ||
@@ -63,7 +63,6 @@ RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $"); | |||
63 | #include "bufaux.h" | 63 | #include "bufaux.h" |
64 | #include "compat.h" | 64 | #include "compat.h" |
65 | #include "ssh2.h" | 65 | #include "ssh2.h" |
66 | #include "mpaux.h" | ||
67 | 66 | ||
68 | #ifdef GSSAPI | 67 | #ifdef GSSAPI |
69 | #include "ssh-gss.h" | 68 | #include "ssh-gss.h" |
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.173 2004/04/27 09:46:37 djm Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.174 2004/05/09 01:19:28 djm Exp $"); |
37 | 37 | ||
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
@@ -43,7 +43,6 @@ RCSID("$OpenBSD: session.c,v 1.173 2004/04/27 09:46:37 djm Exp $"); | |||
43 | #include "packet.h" | 43 | #include "packet.h" |
44 | #include "buffer.h" | 44 | #include "buffer.h" |
45 | #include "match.h" | 45 | #include "match.h" |
46 | #include "mpaux.h" | ||
47 | #include "uidswap.h" | 46 | #include "uidswap.h" |
48 | #include "compat.h" | 47 | #include "compat.h" |
49 | #include "channels.h" | 48 | #include "channels.h" |
diff --git a/sshconnect1.c b/sshconnect1.c index c579b01cc..ae33ab39d 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect1.c,v 1.57 2004/05/08 00:21:31 djm Exp $"); | 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.58 2004/05/09 01:19:28 djm Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | #include <openssl/md5.h> | 19 | #include <openssl/md5.h> |
@@ -24,7 +24,7 @@ RCSID("$OpenBSD: sshconnect1.c,v 1.57 2004/05/08 00:21:31 djm Exp $"); | |||
24 | #include "rsa.h" | 24 | #include "rsa.h" |
25 | #include "buffer.h" | 25 | #include "buffer.h" |
26 | #include "packet.h" | 26 | #include "packet.h" |
27 | #include "mpaux.h" | 27 | #include "kex.h" |
28 | #include "uidswap.h" | 28 | #include "uidswap.h" |
29 | #include "log.h" | 29 | #include "log.h" |
30 | #include "readconf.h" | 30 | #include "readconf.h" |
@@ -528,7 +528,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr) | |||
528 | 528 | ||
529 | client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; | 529 | client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; |
530 | 530 | ||
531 | compute_session_id(session_id, cookie, host_key->rsa->n, server_key->rsa->n); | 531 | derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id); |
532 | 532 | ||
533 | /* Generate a session key. */ | 533 | /* Generate a session key. */ |
534 | arc4random_stir(); | 534 | arc4random_stir(); |
@@ -42,7 +42,7 @@ | |||
42 | */ | 42 | */ |
43 | 43 | ||
44 | #include "includes.h" | 44 | #include "includes.h" |
45 | RCSID("$OpenBSD: sshd.c,v 1.290 2004/03/11 10:21:17 markus Exp $"); | 45 | RCSID("$OpenBSD: sshd.c,v 1.291 2004/05/09 01:19:28 djm Exp $"); |
46 | 46 | ||
47 | #include <openssl/dh.h> | 47 | #include <openssl/dh.h> |
48 | #include <openssl/bn.h> | 48 | #include <openssl/bn.h> |
@@ -60,7 +60,6 @@ RCSID("$OpenBSD: sshd.c,v 1.290 2004/03/11 10:21:17 markus Exp $"); | |||
60 | #include "rsa.h" | 60 | #include "rsa.h" |
61 | #include "sshpty.h" | 61 | #include "sshpty.h" |
62 | #include "packet.h" | 62 | #include "packet.h" |
63 | #include "mpaux.h" | ||
64 | #include "log.h" | 63 | #include "log.h" |
65 | #include "servconf.h" | 64 | #include "servconf.h" |
66 | #include "uidswap.h" | 65 | #include "uidswap.h" |
@@ -1689,9 +1688,10 @@ do_ssh1_kex(void) | |||
1689 | BN_bn2bin(session_key_int, | 1688 | BN_bn2bin(session_key_int, |
1690 | session_key + sizeof(session_key) - len); | 1689 | session_key + sizeof(session_key) - len); |
1691 | 1690 | ||
1692 | compute_session_id(session_id, cookie, | 1691 | derive_ssh1_session_id( |
1693 | sensitive_data.ssh1_host_key->rsa->n, | 1692 | sensitive_data.ssh1_host_key->rsa->n, |
1694 | sensitive_data.server_key->rsa->n); | 1693 | sensitive_data.server_key->rsa->n, |
1694 | cookie, session_id); | ||
1695 | /* | 1695 | /* |
1696 | * Xor the first 16 bytes of the session key with the | 1696 | * Xor the first 16 bytes of the session key with the |
1697 | * session id. | 1697 | * session id. |