diff options
Diffstat (limited to 'kex.c')
| -rw-r--r-- | kex.c | 40 |
1 files changed, 36 insertions, 4 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kex.c,v 1.82 2009/10/24 11:13:54 andreas Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.86 2010/09/22 05:01:29 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -66,6 +66,34 @@ extern const EVP_MD *evp_ssh_sha256(void); | |||
| 66 | static void kex_kexinit_finish(Kex *); | 66 | static void kex_kexinit_finish(Kex *); |
| 67 | static void kex_choose_conf(Kex *); | 67 | static void kex_choose_conf(Kex *); |
| 68 | 68 | ||
| 69 | /* Validate KEX method name list */ | ||
| 70 | int | ||
| 71 | kex_names_valid(const char *names) | ||
| 72 | { | ||
| 73 | char *s, *cp, *p; | ||
| 74 | |||
| 75 | if (names == NULL || strcmp(names, "") == 0) | ||
| 76 | return 0; | ||
| 77 | s = cp = xstrdup(names); | ||
| 78 | for ((p = strsep(&cp, ",")); p && *p != '\0'; | ||
| 79 | (p = strsep(&cp, ","))) { | ||
| 80 | if (strcmp(p, KEX_DHGEX_SHA256) != 0 && | ||
| 81 | strcmp(p, KEX_DHGEX_SHA1) != 0 && | ||
| 82 | strcmp(p, KEX_DH14) != 0 && | ||
| 83 | strcmp(p, KEX_DH1) != 0 && | ||
| 84 | (strncmp(p, KEX_ECDH_SHA2_STEM, | ||
| 85 | sizeof(KEX_ECDH_SHA2_STEM) - 1) != 0 || | ||
| 86 | kex_ecdh_name_to_nid(p) == -1)) { | ||
| 87 | error("Unsupported KEX algorithm \"%.100s\"", p); | ||
| 88 | xfree(s); | ||
| 89 | return 0; | ||
| 90 | } | ||
| 91 | } | ||
| 92 | debug3("kex names ok: [%s]", names); | ||
| 93 | xfree(s); | ||
| 94 | return 1; | ||
| 95 | } | ||
| 96 | |||
| 69 | /* put algorithm proposal into buffer */ | 97 | /* put algorithm proposal into buffer */ |
| 70 | static void | 98 | static void |
| 71 | kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) | 99 | kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) |
| @@ -102,7 +130,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows) | |||
| 102 | buffer_get_char(&b); | 130 | buffer_get_char(&b); |
| 103 | /* extract kex init proposal strings */ | 131 | /* extract kex init proposal strings */ |
| 104 | for (i = 0; i < PROPOSAL_MAX; i++) { | 132 | for (i = 0; i < PROPOSAL_MAX; i++) { |
| 105 | proposal[i] = buffer_get_string(&b,NULL); | 133 | proposal[i] = buffer_get_cstring(&b,NULL); |
| 106 | debug2("kex_parse_kexinit: %s", proposal[i]); | 134 | debug2("kex_parse_kexinit: %s", proposal[i]); |
| 107 | } | 135 | } |
| 108 | /* first kex follows / reserved */ | 136 | /* first kex follows / reserved */ |
| @@ -329,6 +357,10 @@ choose_kex(Kex *k, char *client, char *server) | |||
| 329 | } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { | 357 | } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { |
| 330 | k->kex_type = KEX_DH_GEX_SHA256; | 358 | k->kex_type = KEX_DH_GEX_SHA256; |
| 331 | k->evp_md = evp_ssh_sha256(); | 359 | k->evp_md = evp_ssh_sha256(); |
| 360 | } else if (strncmp(k->name, KEX_ECDH_SHA2_STEM, | ||
| 361 | sizeof(KEX_ECDH_SHA2_STEM) - 1) == 0) { | ||
| 362 | k->kex_type = KEX_ECDH_SHA2; | ||
| 363 | k->evp_md = kex_ecdh_name_to_evpmd(k->name); | ||
| 332 | #endif | 364 | #endif |
| 333 | #ifdef GSSAPI | 365 | #ifdef GSSAPI |
| 334 | } else if (strncmp(k->name, KEX_GSS_GEX_SHA1_ID, | 366 | } else if (strncmp(k->name, KEX_GSS_GEX_SHA1_ID, |
| @@ -577,11 +609,11 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, | |||
| 577 | memset(&md, 0, sizeof(md)); | 609 | memset(&md, 0, sizeof(md)); |
| 578 | } | 610 | } |
| 579 | 611 | ||
| 580 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) | 612 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) |
| 581 | void | 613 | void |
| 582 | dump_digest(char *msg, u_char *digest, int len) | 614 | dump_digest(char *msg, u_char *digest, int len) |
| 583 | { | 615 | { |
| 584 | u_int i; | 616 | int i; |
| 585 | 617 | ||
| 586 | fprintf(stderr, "%s\n", msg); | 618 | fprintf(stderr, "%s\n", msg); |
| 587 | for (i = 0; i < len; i++) { | 619 | for (i = 0; i < len; i++) { |