summaryrefslogtreecommitdiff
path: root/kex.c
diff options
context:
space:
mode:
Diffstat (limited to 'kex.c')
-rw-r--r--kex.c43
1 files changed, 25 insertions, 18 deletions
diff --git a/kex.c b/kex.c
index 7ab72ba19..d87086844 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.118 2016/05/02 10:26:04 djm Exp $ */ 1/* $OpenBSD: kex.c,v 1.127 2016/10/10 19:28:48 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -25,7 +25,6 @@
25 25
26#include "includes.h" 26#include "includes.h"
27 27
28#include <sys/param.h> /* MAX roundup */
29 28
30#include <signal.h> 29#include <signal.h>
31#include <stdarg.h> 30#include <stdarg.h>
@@ -114,6 +113,7 @@ static const struct kexalg kexalgs[] = {
114#endif /* WITH_OPENSSL */ 113#endif /* WITH_OPENSSL */
115#if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL) 114#if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
116 { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, 115 { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
116 { KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
117#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ 117#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
118 { NULL, -1, -1, -1}, 118 { NULL, -1, -1, -1},
119}; 119};
@@ -357,14 +357,21 @@ static int
357kex_send_ext_info(struct ssh *ssh) 357kex_send_ext_info(struct ssh *ssh)
358{ 358{
359 int r; 359 int r;
360 char *algs;
360 361
362 if ((algs = sshkey_alg_list(0, 1, ',')) == NULL)
363 return SSH_ERR_ALLOC_FAIL;
361 if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || 364 if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 ||
362 (r = sshpkt_put_u32(ssh, 1)) != 0 || 365 (r = sshpkt_put_u32(ssh, 1)) != 0 ||
363 (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 || 366 (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 ||
364 (r = sshpkt_put_cstring(ssh, "rsa-sha2-256,rsa-sha2-512")) != 0 || 367 (r = sshpkt_put_cstring(ssh, algs)) != 0 ||
365 (r = sshpkt_send(ssh)) != 0) 368 (r = sshpkt_send(ssh)) != 0)
366 return r; 369 goto out;
367 return 0; 370 /* success */
371 r = 0;
372 out:
373 free(algs);
374 return r;
368} 375}
369 376
370int 377int
@@ -435,6 +442,8 @@ kex_input_newkeys(int type, u_int32_t seq, void *ctxt)
435 ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error); 442 ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error);
436 if ((r = sshpkt_get_end(ssh)) != 0) 443 if ((r = sshpkt_get_end(ssh)) != 0)
437 return r; 444 return r;
445 if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
446 return r;
438 kex->done = 1; 447 kex->done = 1;
439 sshbuf_reset(kex->peer); 448 sshbuf_reset(kex->peer);
440 /* sshbuf_reset(kex->my); */ 449 /* sshbuf_reset(kex->my); */
@@ -795,10 +804,8 @@ kex_choose_conf(struct ssh *ssh)
795 char *ext; 804 char *ext;
796 805
797 ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL); 806 ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL);
798 if (ext) { 807 kex->ext_info_c = (ext != NULL);
799 kex->ext_info_c = 1; 808 free(ext);
800 free(ext);
801 }
802 } 809 }
803 810
804 /* Algorithm Negotiation */ 811 /* Algorithm Negotiation */
@@ -855,14 +862,14 @@ kex_choose_conf(struct ssh *ssh)
855 need = dh_need = 0; 862 need = dh_need = 0;
856 for (mode = 0; mode < MODE_MAX; mode++) { 863 for (mode = 0; mode < MODE_MAX; mode++) {
857 newkeys = kex->newkeys[mode]; 864 newkeys = kex->newkeys[mode];
858 need = MAX(need, newkeys->enc.key_len); 865 need = MAXIMUM(need, newkeys->enc.key_len);
859 need = MAX(need, newkeys->enc.block_size); 866 need = MAXIMUM(need, newkeys->enc.block_size);
860 need = MAX(need, newkeys->enc.iv_len); 867 need = MAXIMUM(need, newkeys->enc.iv_len);
861 need = MAX(need, newkeys->mac.key_len); 868 need = MAXIMUM(need, newkeys->mac.key_len);
862 dh_need = MAX(dh_need, cipher_seclen(newkeys->enc.cipher)); 869 dh_need = MAXIMUM(dh_need, cipher_seclen(newkeys->enc.cipher));
863 dh_need = MAX(dh_need, newkeys->enc.block_size); 870 dh_need = MAXIMUM(dh_need, newkeys->enc.block_size);
864 dh_need = MAX(dh_need, newkeys->enc.iv_len); 871 dh_need = MAXIMUM(dh_need, newkeys->enc.iv_len);
865 dh_need = MAX(dh_need, newkeys->mac.key_len); 872 dh_need = MAXIMUM(dh_need, newkeys->mac.key_len);
866 } 873 }
867 /* XXX need runden? */ 874 /* XXX need runden? */
868 kex->we_need = need; 875 kex->we_need = need;
@@ -893,7 +900,7 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
893 900
894 if ((mdsz = ssh_digest_bytes(kex->hash_alg)) == 0) 901 if ((mdsz = ssh_digest_bytes(kex->hash_alg)) == 0)
895 return SSH_ERR_INVALID_ARGUMENT; 902 return SSH_ERR_INVALID_ARGUMENT;
896 if ((digest = calloc(1, roundup(need, mdsz))) == NULL) { 903 if ((digest = calloc(1, ROUNDUP(need, mdsz))) == NULL) {
897 r = SSH_ERR_ALLOC_FAIL; 904 r = SSH_ERR_ALLOC_FAIL;
898 goto out; 905 goto out;
899 } 906 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 08:32:47 +0000