diff options
Diffstat (limited to 'kex.c')
-rw-r--r-- | kex.c | 45 |
1 files changed, 40 insertions, 5 deletions
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: kex.c,v 1.56 2003/11/21 11:57:03 djm Exp $"); | 26 | RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 17:36:31 avsm Exp $"); |
27 | 27 | ||
28 | #include <openssl/crypto.h> | 28 | #include <openssl/crypto.h> |
29 | 29 | ||
@@ -148,7 +148,7 @@ kex_finish(Kex *kex) | |||
148 | void | 148 | void |
149 | kex_send_kexinit(Kex *kex) | 149 | kex_send_kexinit(Kex *kex) |
150 | { | 150 | { |
151 | u_int32_t rand = 0; | 151 | u_int32_t rnd = 0; |
152 | u_char *cookie; | 152 | u_char *cookie; |
153 | int i; | 153 | int i; |
154 | 154 | ||
@@ -168,9 +168,9 @@ kex_send_kexinit(Kex *kex) | |||
168 | cookie = buffer_ptr(&kex->my); | 168 | cookie = buffer_ptr(&kex->my); |
169 | for (i = 0; i < KEX_COOKIE_LEN; i++) { | 169 | for (i = 0; i < KEX_COOKIE_LEN; i++) { |
170 | if (i % 4 == 0) | 170 | if (i % 4 == 0) |
171 | rand = arc4random(); | 171 | rnd = arc4random(); |
172 | cookie[i] = rand; | 172 | cookie[i] = rnd; |
173 | rand >>= 8; | 173 | rnd >>= 8; |
174 | } | 174 | } |
175 | packet_start(SSH2_MSG_KEXINIT); | 175 | packet_start(SSH2_MSG_KEXINIT); |
176 | packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my)); | 176 | packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my)); |
@@ -293,6 +293,8 @@ choose_kex(Kex *k, char *client, char *server) | |||
293 | fatal("no kex alg"); | 293 | fatal("no kex alg"); |
294 | if (strcmp(k->name, KEX_DH1) == 0) { | 294 | if (strcmp(k->name, KEX_DH1) == 0) { |
295 | k->kex_type = KEX_DH_GRP1_SHA1; | 295 | k->kex_type = KEX_DH_GRP1_SHA1; |
296 | } else if (strcmp(k->name, KEX_DH14) == 0) { | ||
297 | k->kex_type = KEX_DH_GRP14_SHA1; | ||
296 | } else if (strcmp(k->name, KEX_DHGEX) == 0) { | 298 | } else if (strcmp(k->name, KEX_DHGEX) == 0) { |
297 | k->kex_type = KEX_DH_GEX_SHA1; | 299 | k->kex_type = KEX_DH_GEX_SHA1; |
298 | } else | 300 | } else |
@@ -479,6 +481,39 @@ kex_get_newkeys(int mode) | |||
479 | return ret; | 481 | return ret; |
480 | } | 482 | } |
481 | 483 | ||
484 | void | ||
485 | derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, | ||
486 | u_int8_t cookie[8], u_int8_t id[16]) | ||
487 | { | ||
488 | const EVP_MD *evp_md = EVP_md5(); | ||
489 | EVP_MD_CTX md; | ||
490 | u_int8_t nbuf[2048], obuf[EVP_MAX_MD_SIZE]; | ||
491 | int len; | ||
492 | |||
493 | EVP_DigestInit(&md, evp_md); | ||
494 | |||
495 | len = BN_num_bytes(host_modulus); | ||
496 | if (len < (512 / 8) || len > sizeof(nbuf)) | ||
497 | fatal("%s: bad host modulus (len %d)", __func__, len); | ||
498 | BN_bn2bin(host_modulus, nbuf); | ||
499 | EVP_DigestUpdate(&md, nbuf, len); | ||
500 | |||
501 | len = BN_num_bytes(server_modulus); | ||
502 | if (len < (512 / 8) || len > sizeof(nbuf)) | ||
503 | fatal("%s: bad server modulus (len %d)", __func__, len); | ||
504 | BN_bn2bin(server_modulus, nbuf); | ||
505 | EVP_DigestUpdate(&md, nbuf, len); | ||
506 | |||
507 | EVP_DigestUpdate(&md, cookie, 8); | ||
508 | |||
509 | EVP_DigestFinal(&md, obuf, NULL); | ||
510 | memcpy(id, obuf, 16); | ||
511 | |||
512 | memset(nbuf, 0, sizeof(nbuf)); | ||
513 | memset(obuf, 0, sizeof(obuf)); | ||
514 | memset(&md, 0, sizeof(md)); | ||
515 | } | ||
516 | |||
482 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) | 517 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) |
483 | void | 518 | void |
484 | dump_digest(char *msg, u_char *digest, int len) | 519 | dump_digest(char *msg, u_char *digest, int len) |