diff options
Diffstat (limited to 'kex.c')
-rw-r--r-- | kex.c | 81 |
1 files changed, 18 insertions, 63 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.131 2017/03/15 07:07:39 markus Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.134 2017/06/13 12:13:59 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -58,17 +58,9 @@ | |||
58 | #include "ssh-gss.h" | 58 | #include "ssh-gss.h" |
59 | #endif | 59 | #endif |
60 | 60 | ||
61 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L | ||
62 | # if defined(HAVE_EVP_SHA256) | ||
63 | # define evp_ssh_sha256 EVP_sha256 | ||
64 | # else | ||
65 | extern const EVP_MD *evp_ssh_sha256(void); | ||
66 | # endif | ||
67 | #endif | ||
68 | |||
69 | /* prototype */ | 61 | /* prototype */ |
70 | static int kex_choose_conf(struct ssh *); | 62 | static int kex_choose_conf(struct ssh *); |
71 | static int kex_input_newkeys(int, u_int32_t, void *); | 63 | static int kex_input_newkeys(int, u_int32_t, struct ssh *); |
72 | 64 | ||
73 | static const char *proposal_names[PROPOSAL_MAX] = { | 65 | static const char *proposal_names[PROPOSAL_MAX] = { |
74 | "KEX algorithms", | 66 | "KEX algorithms", |
@@ -339,9 +331,8 @@ kex_prop_free(char **proposal) | |||
339 | 331 | ||
340 | /* ARGSUSED */ | 332 | /* ARGSUSED */ |
341 | static int | 333 | static int |
342 | kex_protocol_error(int type, u_int32_t seq, void *ctxt) | 334 | kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh) |
343 | { | 335 | { |
344 | struct ssh *ssh = active_state; /* XXX */ | ||
345 | int r; | 336 | int r; |
346 | 337 | ||
347 | error("kex protocol error: type %d seq %u", type, seq); | 338 | error("kex protocol error: type %d seq %u", type, seq); |
@@ -399,12 +390,13 @@ kex_send_newkeys(struct ssh *ssh) | |||
399 | } | 390 | } |
400 | 391 | ||
401 | int | 392 | int |
402 | kex_input_ext_info(int type, u_int32_t seq, void *ctxt) | 393 | kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) |
403 | { | 394 | { |
404 | struct ssh *ssh = ctxt; | ||
405 | struct kex *kex = ssh->kex; | 395 | struct kex *kex = ssh->kex; |
406 | u_int32_t i, ninfo; | 396 | u_int32_t i, ninfo; |
407 | char *name, *val, *found; | 397 | char *name, *found; |
398 | u_char *val; | ||
399 | size_t vlen; | ||
408 | int r; | 400 | int r; |
409 | 401 | ||
410 | debug("SSH2_MSG_EXT_INFO received"); | 402 | debug("SSH2_MSG_EXT_INFO received"); |
@@ -414,12 +406,17 @@ kex_input_ext_info(int type, u_int32_t seq, void *ctxt) | |||
414 | for (i = 0; i < ninfo; i++) { | 406 | for (i = 0; i < ninfo; i++) { |
415 | if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0) | 407 | if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0) |
416 | return r; | 408 | return r; |
417 | if ((r = sshpkt_get_cstring(ssh, &val, NULL)) != 0) { | 409 | if ((r = sshpkt_get_string(ssh, &val, &vlen)) != 0) { |
418 | free(name); | 410 | free(name); |
419 | return r; | 411 | return r; |
420 | } | 412 | } |
421 | debug("%s: %s=<%s>", __func__, name, val); | ||
422 | if (strcmp(name, "server-sig-algs") == 0) { | 413 | if (strcmp(name, "server-sig-algs") == 0) { |
414 | /* Ensure no \0 lurking in value */ | ||
415 | if (memchr(val, '\0', vlen) != NULL) { | ||
416 | error("%s: nul byte in %s", __func__, name); | ||
417 | return SSH_ERR_INVALID_FORMAT; | ||
418 | } | ||
419 | debug("%s: %s=<%s>", __func__, name, val); | ||
423 | found = match_list("rsa-sha2-256", val, NULL); | 420 | found = match_list("rsa-sha2-256", val, NULL); |
424 | if (found) { | 421 | if (found) { |
425 | kex->rsa_sha2 = 256; | 422 | kex->rsa_sha2 = 256; |
@@ -430,7 +427,8 @@ kex_input_ext_info(int type, u_int32_t seq, void *ctxt) | |||
430 | kex->rsa_sha2 = 512; | 427 | kex->rsa_sha2 = 512; |
431 | free(found); | 428 | free(found); |
432 | } | 429 | } |
433 | } | 430 | } else |
431 | debug("%s: %s (unrecognised)", __func__, name); | ||
434 | free(name); | 432 | free(name); |
435 | free(val); | 433 | free(val); |
436 | } | 434 | } |
@@ -438,9 +436,8 @@ kex_input_ext_info(int type, u_int32_t seq, void *ctxt) | |||
438 | } | 436 | } |
439 | 437 | ||
440 | static int | 438 | static int |
441 | kex_input_newkeys(int type, u_int32_t seq, void *ctxt) | 439 | kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh) |
442 | { | 440 | { |
443 | struct ssh *ssh = ctxt; | ||
444 | struct kex *kex = ssh->kex; | 441 | struct kex *kex = ssh->kex; |
445 | int r; | 442 | int r; |
446 | 443 | ||
@@ -491,9 +488,8 @@ kex_send_kexinit(struct ssh *ssh) | |||
491 | 488 | ||
492 | /* ARGSUSED */ | 489 | /* ARGSUSED */ |
493 | int | 490 | int |
494 | kex_input_kexinit(int type, u_int32_t seq, void *ctxt) | 491 | kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh) |
495 | { | 492 | { |
496 | struct ssh *ssh = ctxt; | ||
497 | struct kex *kex = ssh->kex; | 493 | struct kex *kex = ssh->kex; |
498 | const u_char *ptr; | 494 | const u_char *ptr; |
499 | u_int i; | 495 | u_int i; |
@@ -1007,47 +1003,6 @@ kex_derive_keys_bn(struct ssh *ssh, u_char *hash, u_int hashlen, | |||
1007 | } | 1003 | } |
1008 | #endif | 1004 | #endif |
1009 | 1005 | ||
1010 | #ifdef WITH_SSH1 | ||
1011 | int | ||
1012 | derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, | ||
1013 | u_int8_t cookie[8], u_int8_t id[16]) | ||
1014 | { | ||
1015 | u_int8_t hbuf[2048], sbuf[2048], obuf[SSH_DIGEST_MAX_LENGTH]; | ||
1016 | struct ssh_digest_ctx *hashctx = NULL; | ||
1017 | size_t hlen, slen; | ||
1018 | int r; | ||
1019 | |||
1020 | hlen = BN_num_bytes(host_modulus); | ||
1021 | slen = BN_num_bytes(server_modulus); | ||
1022 | if (hlen < (512 / 8) || (u_int)hlen > sizeof(hbuf) || | ||
1023 | slen < (512 / 8) || (u_int)slen > sizeof(sbuf)) | ||
1024 | return SSH_ERR_KEY_BITS_MISMATCH; | ||
1025 | if (BN_bn2bin(host_modulus, hbuf) <= 0 || | ||
1026 | BN_bn2bin(server_modulus, sbuf) <= 0) { | ||
1027 | r = SSH_ERR_LIBCRYPTO_ERROR; | ||
1028 | goto out; | ||
1029 | } | ||
1030 | if ((hashctx = ssh_digest_start(SSH_DIGEST_MD5)) == NULL) { | ||
1031 | r = SSH_ERR_ALLOC_FAIL; | ||
1032 | goto out; | ||
1033 | } | ||
1034 | if (ssh_digest_update(hashctx, hbuf, hlen) != 0 || | ||
1035 | ssh_digest_update(hashctx, sbuf, slen) != 0 || | ||
1036 | ssh_digest_update(hashctx, cookie, 8) != 0 || | ||
1037 | ssh_digest_final(hashctx, obuf, sizeof(obuf)) != 0) { | ||
1038 | r = SSH_ERR_LIBCRYPTO_ERROR; | ||
1039 | goto out; | ||
1040 | } | ||
1041 | memcpy(id, obuf, ssh_digest_bytes(SSH_DIGEST_MD5)); | ||
1042 | r = 0; | ||
1043 | out: | ||
1044 | ssh_digest_free(hashctx); | ||
1045 | explicit_bzero(hbuf, sizeof(hbuf)); | ||
1046 | explicit_bzero(sbuf, sizeof(sbuf)); | ||
1047 | explicit_bzero(obuf, sizeof(obuf)); | ||
1048 | return r; | ||
1049 | } | ||
1050 | #endif | ||
1051 | 1006 | ||
1052 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) | 1007 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) |
1053 | void | 1008 | void |