diff options
Diffstat (limited to 'kex.c')
| -rw-r--r-- | kex.c | 43 |
1 files changed, 23 insertions, 20 deletions
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 17:36:31 avsm Exp $"); | 26 | RCSID("$OpenBSD: kex.c,v 1.64 2005/07/25 11:59:39 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/crypto.h> | 28 | #include <openssl/crypto.h> |
| 29 | 29 | ||
| @@ -52,7 +52,7 @@ static void kex_choose_conf(Kex *); | |||
| 52 | static void | 52 | static void |
| 53 | kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) | 53 | kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) |
| 54 | { | 54 | { |
| 55 | int i; | 55 | u_int i; |
| 56 | 56 | ||
| 57 | buffer_clear(b); | 57 | buffer_clear(b); |
| 58 | /* | 58 | /* |
| @@ -101,7 +101,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows) | |||
| 101 | static void | 101 | static void |
| 102 | kex_prop_free(char **proposal) | 102 | kex_prop_free(char **proposal) |
| 103 | { | 103 | { |
| 104 | int i; | 104 | u_int i; |
| 105 | 105 | ||
| 106 | for (i = 0; i < PROPOSAL_MAX; i++) | 106 | for (i = 0; i < PROPOSAL_MAX; i++) |
| 107 | xfree(proposal[i]); | 107 | xfree(proposal[i]); |
| @@ -150,7 +150,7 @@ kex_send_kexinit(Kex *kex) | |||
| 150 | { | 150 | { |
| 151 | u_int32_t rnd = 0; | 151 | u_int32_t rnd = 0; |
| 152 | u_char *cookie; | 152 | u_char *cookie; |
| 153 | int i; | 153 | u_int i; |
| 154 | 154 | ||
| 155 | if (kex == NULL) { | 155 | if (kex == NULL) { |
| 156 | error("kex_send_kexinit: no kex, cannot rekey"); | 156 | error("kex_send_kexinit: no kex, cannot rekey"); |
| @@ -183,8 +183,7 @@ void | |||
| 183 | kex_input_kexinit(int type, u_int32_t seq, void *ctxt) | 183 | kex_input_kexinit(int type, u_int32_t seq, void *ctxt) |
| 184 | { | 184 | { |
| 185 | char *ptr; | 185 | char *ptr; |
| 186 | int dlen; | 186 | u_int i, dlen; |
| 187 | int i; | ||
| 188 | Kex *kex = (Kex *)ctxt; | 187 | Kex *kex = (Kex *)ctxt; |
| 189 | 188 | ||
| 190 | debug("SSH2_MSG_KEXINIT received"); | 189 | debug("SSH2_MSG_KEXINIT received"); |
| @@ -276,10 +275,12 @@ choose_comp(Comp *comp, char *client, char *server) | |||
| 276 | char *name = match_list(client, server, NULL); | 275 | char *name = match_list(client, server, NULL); |
| 277 | if (name == NULL) | 276 | if (name == NULL) |
| 278 | fatal("no matching comp found: client %s server %s", client, server); | 277 | fatal("no matching comp found: client %s server %s", client, server); |
| 279 | if (strcmp(name, "zlib") == 0) { | 278 | if (strcmp(name, "zlib@openssh.com") == 0) { |
| 280 | comp->type = 1; | 279 | comp->type = COMP_DELAYED; |
| 280 | } else if (strcmp(name, "zlib") == 0) { | ||
| 281 | comp->type = COMP_ZLIB; | ||
| 281 | } else if (strcmp(name, "none") == 0) { | 282 | } else if (strcmp(name, "none") == 0) { |
| 282 | comp->type = 0; | 283 | comp->type = COMP_NONE; |
| 283 | } else { | 284 | } else { |
| 284 | fatal("unsupported comp %s", name); | 285 | fatal("unsupported comp %s", name); |
| 285 | } | 286 | } |
| @@ -343,9 +344,7 @@ kex_choose_conf(Kex *kex) | |||
| 343 | char **my, **peer; | 344 | char **my, **peer; |
| 344 | char **cprop, **sprop; | 345 | char **cprop, **sprop; |
| 345 | int nenc, nmac, ncomp; | 346 | int nenc, nmac, ncomp; |
| 346 | int mode; | 347 | u_int mode, ctos, need; |
| 347 | int ctos; /* direction: if true client-to-server */ | ||
| 348 | int need; | ||
| 349 | int first_kex_follows, type; | 348 | int first_kex_follows, type; |
| 350 | 349 | ||
| 351 | my = kex_buf2prop(&kex->my, NULL); | 350 | my = kex_buf2prop(&kex->my, NULL); |
| @@ -395,7 +394,7 @@ kex_choose_conf(Kex *kex) | |||
| 395 | 394 | ||
| 396 | /* ignore the next message if the proposals do not match */ | 395 | /* ignore the next message if the proposals do not match */ |
| 397 | if (first_kex_follows && !proposals_match(my, peer) && | 396 | if (first_kex_follows && !proposals_match(my, peer) && |
| 398 | !(datafellows & SSH_BUG_FIRSTKEX)) { | 397 | !(datafellows & SSH_BUG_FIRSTKEX)) { |
| 399 | type = packet_read(); | 398 | type = packet_read(); |
| 400 | debug2("skipping next packet (type %u)", type); | 399 | debug2("skipping next packet (type %u)", type); |
| 401 | } | 400 | } |
| @@ -405,15 +404,19 @@ kex_choose_conf(Kex *kex) | |||
| 405 | } | 404 | } |
| 406 | 405 | ||
| 407 | static u_char * | 406 | static u_char * |
| 408 | derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret) | 407 | derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret) |
| 409 | { | 408 | { |
| 410 | Buffer b; | 409 | Buffer b; |
| 411 | const EVP_MD *evp_md = EVP_sha1(); | 410 | const EVP_MD *evp_md = EVP_sha1(); |
| 412 | EVP_MD_CTX md; | 411 | EVP_MD_CTX md; |
| 413 | char c = id; | 412 | char c = id; |
| 414 | int have; | 413 | u_int have; |
| 415 | int mdsz = EVP_MD_size(evp_md); | 414 | int mdsz = EVP_MD_size(evp_md); |
| 416 | u_char *digest = xmalloc(roundup(need, mdsz)); | 415 | u_char *digest; |
| 416 | |||
| 417 | if (mdsz < 0) | ||
| 418 | fatal("derive_key: mdsz < 0"); | ||
| 419 | digest = xmalloc(roundup(need, mdsz)); | ||
| 417 | 420 | ||
| 418 | buffer_init(&b); | 421 | buffer_init(&b); |
| 419 | buffer_put_bignum2(&b, shared_secret); | 422 | buffer_put_bignum2(&b, shared_secret); |
| @@ -455,7 +458,7 @@ void | |||
| 455 | kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret) | 458 | kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret) |
| 456 | { | 459 | { |
| 457 | u_char *keys[NKEYS]; | 460 | u_char *keys[NKEYS]; |
| 458 | int i, mode, ctos; | 461 | u_int i, mode, ctos; |
| 459 | 462 | ||
| 460 | for (i = 0; i < NKEYS; i++) | 463 | for (i = 0; i < NKEYS; i++) |
| 461 | keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); | 464 | keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); |
| @@ -493,13 +496,13 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, | |||
| 493 | EVP_DigestInit(&md, evp_md); | 496 | EVP_DigestInit(&md, evp_md); |
| 494 | 497 | ||
| 495 | len = BN_num_bytes(host_modulus); | 498 | len = BN_num_bytes(host_modulus); |
| 496 | if (len < (512 / 8) || len > sizeof(nbuf)) | 499 | if (len < (512 / 8) || (u_int)len > sizeof(nbuf)) |
| 497 | fatal("%s: bad host modulus (len %d)", __func__, len); | 500 | fatal("%s: bad host modulus (len %d)", __func__, len); |
| 498 | BN_bn2bin(host_modulus, nbuf); | 501 | BN_bn2bin(host_modulus, nbuf); |
| 499 | EVP_DigestUpdate(&md, nbuf, len); | 502 | EVP_DigestUpdate(&md, nbuf, len); |
| 500 | 503 | ||
| 501 | len = BN_num_bytes(server_modulus); | 504 | len = BN_num_bytes(server_modulus); |
| 502 | if (len < (512 / 8) || len > sizeof(nbuf)) | 505 | if (len < (512 / 8) || (u_int)len > sizeof(nbuf)) |
| 503 | fatal("%s: bad server modulus (len %d)", __func__, len); | 506 | fatal("%s: bad server modulus (len %d)", __func__, len); |
| 504 | BN_bn2bin(server_modulus, nbuf); | 507 | BN_bn2bin(server_modulus, nbuf); |
| 505 | EVP_DigestUpdate(&md, nbuf, len); | 508 | EVP_DigestUpdate(&md, nbuf, len); |
| @@ -518,7 +521,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, | |||
| 518 | void | 521 | void |
| 519 | dump_digest(char *msg, u_char *digest, int len) | 522 | dump_digest(char *msg, u_char *digest, int len) |
| 520 | { | 523 | { |
| 521 | int i; | 524 | u_int i; |
| 522 | 525 | ||
| 523 | fprintf(stderr, "%s\n", msg); | 526 | fprintf(stderr, "%s\n", msg); |
| 524 | for (i = 0; i< len; i++) { | 527 | for (i = 0; i< len; i++) { |