summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--kex.c30
2 files changed, 26 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog
index 3bf991d65..7eb915bda 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,9 @@
20 - markus@cvs.openbsd.org 2002/03/26 23:13:03 20 - markus@cvs.openbsd.org 2002/03/26 23:13:03
21 [auth-rsa.c] 21 [auth-rsa.c]
22 disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth) 22 disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth)
23 - markus@cvs.openbsd.org 2002/03/26 23:14:51
24 [kex.c]
25 generate a new cookie for each SSH2_MSG_KEXINIT message we send out
23 26
2420020325 2720020325
25 - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h" 28 - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h"
@@ -8083,4 +8086,4 @@
8083 - Wrote replacements for strlcpy and mkdtemp 8086 - Wrote replacements for strlcpy and mkdtemp
8084 - Released 1.0pre1 8087 - Released 1.0pre1
8085 8088
8086$Id: ChangeLog,v 1.1999 2002/03/27 17:38:43 mouring Exp $ 8089$Id: ChangeLog,v 1.2000 2002/03/27 17:42:57 mouring Exp $
diff --git a/kex.c b/kex.c
index 8097ab0f2..194a865ad 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kex.c,v 1.48 2002/03/18 17:50:31 provos Exp $"); 26RCSID("$OpenBSD: kex.c,v 1.49 2002/03/26 23:14:51 markus Exp $");
27 27
28#include <openssl/crypto.h> 28#include <openssl/crypto.h>
29 29
@@ -57,16 +57,15 @@ static void kex_choose_conf(Kex *);
57static void 57static void
58kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) 58kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
59{ 59{
60 u_int32_t rand = 0;
61 int i; 60 int i;
62 61
63 buffer_clear(b); 62 buffer_clear(b);
64 for (i = 0; i < KEX_COOKIE_LEN; i++) { 63 /*
65 if (i % 4 == 0) 64 * add a dummy cookie, the cookie will be overwritten by
66 rand = arc4random(); 65 * kex_send_kexinit(), each time a kexinit is set
67 buffer_put_char(b, rand & 0xff); 66 */
68 rand >>= 8; 67 for (i = 0; i < KEX_COOKIE_LEN; i++)
69 } 68 buffer_put_char(b, 0);
70 for (i = 0; i < PROPOSAL_MAX; i++) 69 for (i = 0; i < PROPOSAL_MAX; i++)
71 buffer_put_cstring(b, proposal[i]); 70 buffer_put_cstring(b, proposal[i]);
72 buffer_put_char(b, 0); /* first_kex_packet_follows */ 71 buffer_put_char(b, 0); /* first_kex_packet_follows */
@@ -152,6 +151,10 @@ kex_finish(Kex *kex)
152void 151void
153kex_send_kexinit(Kex *kex) 152kex_send_kexinit(Kex *kex)
154{ 153{
154 u_int32_t rand = 0;
155 u_char *cookie;
156 int i;
157
155 if (kex == NULL) { 158 if (kex == NULL) {
156 error("kex_send_kexinit: no kex, cannot rekey"); 159 error("kex_send_kexinit: no kex, cannot rekey");
157 return; 160 return;
@@ -161,6 +164,17 @@ kex_send_kexinit(Kex *kex)
161 return; 164 return;
162 } 165 }
163 kex->done = 0; 166 kex->done = 0;
167
168 /* generate a random cookie */
169 if (buffer_len(&kex->my) < KEX_COOKIE_LEN)
170 fatal("kex_send_kexinit: kex proposal too short");
171 cookie = buffer_ptr(&kex->my);
172 for (i = 0; i < KEX_COOKIE_LEN; i++) {
173 if (i % 4 == 0)
174 rand = arc4random();
175 cookie[i] = rand;
176 rand >>= 8;
177 }
164 packet_start(SSH2_MSG_KEXINIT); 178 packet_start(SSH2_MSG_KEXINIT);
165 packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my)); 179 packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));
166 packet_send(); 180 packet_send();