diff options
Diffstat (limited to 'kex.c')
| -rw-r--r-- | kex.c | 18 |
1 files changed, 13 insertions, 5 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kex.c,v 1.98 2014/02/02 03:44:31 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.99 2014/04/29 18:01:49 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -33,7 +33,9 @@ | |||
| 33 | #include <stdlib.h> | 33 | #include <stdlib.h> |
| 34 | #include <string.h> | 34 | #include <string.h> |
| 35 | 35 | ||
| 36 | #ifdef WITH_OPENSSL | ||
| 36 | #include <openssl/crypto.h> | 37 | #include <openssl/crypto.h> |
| 38 | #endif | ||
| 37 | 39 | ||
| 38 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
| 39 | #include "ssh2.h" | 41 | #include "ssh2.h" |
| @@ -74,12 +76,13 @@ struct kexalg { | |||
| 74 | int hash_alg; | 76 | int hash_alg; |
| 75 | }; | 77 | }; |
| 76 | static const struct kexalg kexalgs[] = { | 78 | static const struct kexalg kexalgs[] = { |
| 79 | #ifdef WITH_OPENSSL | ||
| 77 | { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, | 80 | { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, |
| 78 | { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, | 81 | { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, |
| 79 | { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, | 82 | { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, |
| 80 | #ifdef HAVE_EVP_SHA256 | 83 | #ifdef HAVE_EVP_SHA256 |
| 81 | { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, | 84 | { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, |
| 82 | #endif | 85 | #endif /* HAVE_EVP_SHA256 */ |
| 83 | #ifdef OPENSSL_HAS_ECC | 86 | #ifdef OPENSSL_HAS_ECC |
| 84 | { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, | 87 | { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, |
| 85 | NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, | 88 | NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, |
| @@ -88,12 +91,13 @@ static const struct kexalg kexalgs[] = { | |||
| 88 | # ifdef OPENSSL_HAS_NISTP521 | 91 | # ifdef OPENSSL_HAS_NISTP521 |
| 89 | { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, | 92 | { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, |
| 90 | SSH_DIGEST_SHA512 }, | 93 | SSH_DIGEST_SHA512 }, |
| 91 | # endif | 94 | # endif /* OPENSSL_HAS_NISTP521 */ |
| 92 | #endif | 95 | #endif /* OPENSSL_HAS_ECC */ |
| 93 | { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, | 96 | { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, |
| 97 | #endif /* WITH_OPENSSL */ | ||
| 94 | #ifdef HAVE_EVP_SHA256 | 98 | #ifdef HAVE_EVP_SHA256 |
| 95 | { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, | 99 | { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, |
| 96 | #endif | 100 | #endif /* HAVE_EVP_SHA256 */ |
| 97 | { NULL, -1, -1, -1}, | 101 | { NULL, -1, -1, -1}, |
| 98 | }; | 102 | }; |
| 99 | static const struct kexalg kexalg_prefixes[] = { | 103 | static const struct kexalg kexalg_prefixes[] = { |
| @@ -631,6 +635,7 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, | |||
| 631 | } | 635 | } |
| 632 | } | 636 | } |
| 633 | 637 | ||
| 638 | #ifdef WITH_OPENSSL | ||
| 634 | void | 639 | void |
| 635 | kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret) | 640 | kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret) |
| 636 | { | 641 | { |
| @@ -642,6 +647,7 @@ kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret) | |||
| 642 | buffer_ptr(&shared_secret), buffer_len(&shared_secret)); | 647 | buffer_ptr(&shared_secret), buffer_len(&shared_secret)); |
| 643 | buffer_free(&shared_secret); | 648 | buffer_free(&shared_secret); |
| 644 | } | 649 | } |
| 650 | #endif | ||
| 645 | 651 | ||
| 646 | Newkeys * | 652 | Newkeys * |
| 647 | kex_get_newkeys(int mode) | 653 | kex_get_newkeys(int mode) |
| @@ -653,6 +659,7 @@ kex_get_newkeys(int mode) | |||
| 653 | return ret; | 659 | return ret; |
| 654 | } | 660 | } |
| 655 | 661 | ||
| 662 | #ifdef WITH_SSH1 | ||
| 656 | void | 663 | void |
| 657 | derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, | 664 | derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, |
| 658 | u_int8_t cookie[8], u_int8_t id[16]) | 665 | u_int8_t cookie[8], u_int8_t id[16]) |
| @@ -685,6 +692,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, | |||
| 685 | explicit_bzero(nbuf, sizeof(nbuf)); | 692 | explicit_bzero(nbuf, sizeof(nbuf)); |
| 686 | explicit_bzero(obuf, sizeof(obuf)); | 693 | explicit_bzero(obuf, sizeof(obuf)); |
| 687 | } | 694 | } |
| 695 | #endif | ||
| 688 | 696 | ||
| 689 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) | 697 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) |
| 690 | void | 698 | void |