diff options
Diffstat (limited to 'kex.c')
| -rw-r--r-- | kex.c | 30 |
1 files changed, 22 insertions, 8 deletions
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: kex.c,v 1.48 2002/03/18 17:50:31 provos Exp $"); | 26 | RCSID("$OpenBSD: kex.c,v 1.49 2002/03/26 23:14:51 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/crypto.h> | 28 | #include <openssl/crypto.h> |
| 29 | 29 | ||
| @@ -57,16 +57,15 @@ static void kex_choose_conf(Kex *); | |||
| 57 | static void | 57 | static void |
| 58 | kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) | 58 | kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) |
| 59 | { | 59 | { |
| 60 | u_int32_t rand = 0; | ||
| 61 | int i; | 60 | int i; |
| 62 | 61 | ||
| 63 | buffer_clear(b); | 62 | buffer_clear(b); |
| 64 | for (i = 0; i < KEX_COOKIE_LEN; i++) { | 63 | /* |
| 65 | if (i % 4 == 0) | 64 | * add a dummy cookie, the cookie will be overwritten by |
| 66 | rand = arc4random(); | 65 | * kex_send_kexinit(), each time a kexinit is set |
| 67 | buffer_put_char(b, rand & 0xff); | 66 | */ |
| 68 | rand >>= 8; | 67 | for (i = 0; i < KEX_COOKIE_LEN; i++) |
| 69 | } | 68 | buffer_put_char(b, 0); |
| 70 | for (i = 0; i < PROPOSAL_MAX; i++) | 69 | for (i = 0; i < PROPOSAL_MAX; i++) |
| 71 | buffer_put_cstring(b, proposal[i]); | 70 | buffer_put_cstring(b, proposal[i]); |
| 72 | buffer_put_char(b, 0); /* first_kex_packet_follows */ | 71 | buffer_put_char(b, 0); /* first_kex_packet_follows */ |
| @@ -152,6 +151,10 @@ kex_finish(Kex *kex) | |||
| 152 | void | 151 | void |
| 153 | kex_send_kexinit(Kex *kex) | 152 | kex_send_kexinit(Kex *kex) |
| 154 | { | 153 | { |
| 154 | u_int32_t rand = 0; | ||
| 155 | u_char *cookie; | ||
| 156 | int i; | ||
| 157 | |||
| 155 | if (kex == NULL) { | 158 | if (kex == NULL) { |
| 156 | error("kex_send_kexinit: no kex, cannot rekey"); | 159 | error("kex_send_kexinit: no kex, cannot rekey"); |
| 157 | return; | 160 | return; |
| @@ -161,6 +164,17 @@ kex_send_kexinit(Kex *kex) | |||
| 161 | return; | 164 | return; |
| 162 | } | 165 | } |
| 163 | kex->done = 0; | 166 | kex->done = 0; |
| 167 | |||
| 168 | /* generate a random cookie */ | ||
| 169 | if (buffer_len(&kex->my) < KEX_COOKIE_LEN) | ||
| 170 | fatal("kex_send_kexinit: kex proposal too short"); | ||
| 171 | cookie = buffer_ptr(&kex->my); | ||
| 172 | for (i = 0; i < KEX_COOKIE_LEN; i++) { | ||
| 173 | if (i % 4 == 0) | ||
| 174 | rand = arc4random(); | ||
| 175 | cookie[i] = rand; | ||
| 176 | rand >>= 8; | ||
| 177 | } | ||
| 164 | packet_start(SSH2_MSG_KEXINIT); | 178 | packet_start(SSH2_MSG_KEXINIT); |
| 165 | packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my)); | 179 | packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my)); |
| 166 | packet_send(); | 180 | packet_send(); |