summaryrefslogtreecommitdiff
path: root/kex.c
diff options
context:
space:
mode:
Diffstat (limited to 'kex.c')
-rw-r--r--kex.c81
1 files changed, 18 insertions, 63 deletions
diff --git a/kex.c b/kex.c
index 556a32e98..bb1bd6616 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.131 2017/03/15 07:07:39 markus Exp $ */ 1/* $OpenBSD: kex.c,v 1.134 2017/06/13 12:13:59 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -58,17 +58,9 @@
58#include "ssh-gss.h" 58#include "ssh-gss.h"
59#endif 59#endif
60 60
61#if OPENSSL_VERSION_NUMBER >= 0x00907000L
62# if defined(HAVE_EVP_SHA256)
63# define evp_ssh_sha256 EVP_sha256
64# else
65extern const EVP_MD *evp_ssh_sha256(void);
66# endif
67#endif
68
69/* prototype */ 61/* prototype */
70static int kex_choose_conf(struct ssh *); 62static int kex_choose_conf(struct ssh *);
71static int kex_input_newkeys(int, u_int32_t, void *); 63static int kex_input_newkeys(int, u_int32_t, struct ssh *);
72 64
73static const char *proposal_names[PROPOSAL_MAX] = { 65static const char *proposal_names[PROPOSAL_MAX] = {
74 "KEX algorithms", 66 "KEX algorithms",
@@ -339,9 +331,8 @@ kex_prop_free(char **proposal)
339 331
340/* ARGSUSED */ 332/* ARGSUSED */
341static int 333static int
342kex_protocol_error(int type, u_int32_t seq, void *ctxt) 334kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh)
343{ 335{
344 struct ssh *ssh = active_state; /* XXX */
345 int r; 336 int r;
346 337
347 error("kex protocol error: type %d seq %u", type, seq); 338 error("kex protocol error: type %d seq %u", type, seq);
@@ -399,12 +390,13 @@ kex_send_newkeys(struct ssh *ssh)
399} 390}
400 391
401int 392int
402kex_input_ext_info(int type, u_int32_t seq, void *ctxt) 393kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh)
403{ 394{
404 struct ssh *ssh = ctxt;
405 struct kex *kex = ssh->kex; 395 struct kex *kex = ssh->kex;
406 u_int32_t i, ninfo; 396 u_int32_t i, ninfo;
407 char *name, *val, *found; 397 char *name, *found;
398 u_char *val;
399 size_t vlen;
408 int r; 400 int r;
409 401
410 debug("SSH2_MSG_EXT_INFO received"); 402 debug("SSH2_MSG_EXT_INFO received");
@@ -414,12 +406,17 @@ kex_input_ext_info(int type, u_int32_t seq, void *ctxt)
414 for (i = 0; i < ninfo; i++) { 406 for (i = 0; i < ninfo; i++) {
415 if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0) 407 if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0)
416 return r; 408 return r;
417 if ((r = sshpkt_get_cstring(ssh, &val, NULL)) != 0) { 409 if ((r = sshpkt_get_string(ssh, &val, &vlen)) != 0) {
418 free(name); 410 free(name);
419 return r; 411 return r;
420 } 412 }
421 debug("%s: %s=<%s>", __func__, name, val);
422 if (strcmp(name, "server-sig-algs") == 0) { 413 if (strcmp(name, "server-sig-algs") == 0) {
414 /* Ensure no \0 lurking in value */
415 if (memchr(val, '\0', vlen) != NULL) {
416 error("%s: nul byte in %s", __func__, name);
417 return SSH_ERR_INVALID_FORMAT;
418 }
419 debug("%s: %s=<%s>", __func__, name, val);
423 found = match_list("rsa-sha2-256", val, NULL); 420 found = match_list("rsa-sha2-256", val, NULL);
424 if (found) { 421 if (found) {
425 kex->rsa_sha2 = 256; 422 kex->rsa_sha2 = 256;
@@ -430,7 +427,8 @@ kex_input_ext_info(int type, u_int32_t seq, void *ctxt)
430 kex->rsa_sha2 = 512; 427 kex->rsa_sha2 = 512;
431 free(found); 428 free(found);
432 } 429 }
433 } 430 } else
431 debug("%s: %s (unrecognised)", __func__, name);
434 free(name); 432 free(name);
435 free(val); 433 free(val);
436 } 434 }
@@ -438,9 +436,8 @@ kex_input_ext_info(int type, u_int32_t seq, void *ctxt)
438} 436}
439 437
440static int 438static int
441kex_input_newkeys(int type, u_int32_t seq, void *ctxt) 439kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh)
442{ 440{
443 struct ssh *ssh = ctxt;
444 struct kex *kex = ssh->kex; 441 struct kex *kex = ssh->kex;
445 int r; 442 int r;
446 443
@@ -491,9 +488,8 @@ kex_send_kexinit(struct ssh *ssh)
491 488
492/* ARGSUSED */ 489/* ARGSUSED */
493int 490int
494kex_input_kexinit(int type, u_int32_t seq, void *ctxt) 491kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
495{ 492{
496 struct ssh *ssh = ctxt;
497 struct kex *kex = ssh->kex; 493 struct kex *kex = ssh->kex;
498 const u_char *ptr; 494 const u_char *ptr;
499 u_int i; 495 u_int i;
@@ -1007,47 +1003,6 @@ kex_derive_keys_bn(struct ssh *ssh, u_char *hash, u_int hashlen,
1007} 1003}
1008#endif 1004#endif
1009 1005
1010#ifdef WITH_SSH1
1011int
1012derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
1013 u_int8_t cookie[8], u_int8_t id[16])
1014{
1015 u_int8_t hbuf[2048], sbuf[2048], obuf[SSH_DIGEST_MAX_LENGTH];
1016 struct ssh_digest_ctx *hashctx = NULL;
1017 size_t hlen, slen;
1018 int r;
1019
1020 hlen = BN_num_bytes(host_modulus);
1021 slen = BN_num_bytes(server_modulus);
1022 if (hlen < (512 / 8) || (u_int)hlen > sizeof(hbuf) ||
1023 slen < (512 / 8) || (u_int)slen > sizeof(sbuf))
1024 return SSH_ERR_KEY_BITS_MISMATCH;
1025 if (BN_bn2bin(host_modulus, hbuf) <= 0 ||
1026 BN_bn2bin(server_modulus, sbuf) <= 0) {
1027 r = SSH_ERR_LIBCRYPTO_ERROR;
1028 goto out;
1029 }
1030 if ((hashctx = ssh_digest_start(SSH_DIGEST_MD5)) == NULL) {
1031 r = SSH_ERR_ALLOC_FAIL;
1032 goto out;
1033 }
1034 if (ssh_digest_update(hashctx, hbuf, hlen) != 0 ||
1035 ssh_digest_update(hashctx, sbuf, slen) != 0 ||
1036 ssh_digest_update(hashctx, cookie, 8) != 0 ||
1037 ssh_digest_final(hashctx, obuf, sizeof(obuf)) != 0) {
1038 r = SSH_ERR_LIBCRYPTO_ERROR;
1039 goto out;
1040 }
1041 memcpy(id, obuf, ssh_digest_bytes(SSH_DIGEST_MD5));
1042 r = 0;
1043 out:
1044 ssh_digest_free(hashctx);
1045 explicit_bzero(hbuf, sizeof(hbuf));
1046 explicit_bzero(sbuf, sizeof(sbuf));
1047 explicit_bzero(obuf, sizeof(obuf));
1048 return r;
1049}
1050#endif
1051 1006
1052#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) 1007#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
1053void 1008void