diff options
Diffstat (limited to 'kexgexs.c')
-rw-r--r-- | kexgexs.c | 49 |
1 files changed, 13 insertions, 36 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexs.c,v 1.24 2015/01/26 06:10:03 djm Exp $ */ | 1 | /* $OpenBSD: kexgexs.c,v 1.25 2015/04/13 02:04:08 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -60,8 +60,6 @@ static int input_kex_dh_gex_init(int, u_int32_t, void *); | |||
60 | int | 60 | int |
61 | kexgex_server(struct ssh *ssh) | 61 | kexgex_server(struct ssh *ssh) |
62 | { | 62 | { |
63 | ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST_OLD, | ||
64 | &input_kex_dh_gex_request); | ||
65 | ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST, | 63 | ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST, |
66 | &input_kex_dh_gex_request); | 64 | &input_kex_dh_gex_request); |
67 | debug("expecting SSH2_MSG_KEX_DH_GEX_REQUEST"); | 65 | debug("expecting SSH2_MSG_KEX_DH_GEX_REQUEST"); |
@@ -76,36 +74,19 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt) | |||
76 | int r; | 74 | int r; |
77 | u_int min = 0, max = 0, nbits = 0; | 75 | u_int min = 0, max = 0, nbits = 0; |
78 | 76 | ||
79 | switch (type) { | 77 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); |
80 | case SSH2_MSG_KEX_DH_GEX_REQUEST: | 78 | if ((r = sshpkt_get_u32(ssh, &min)) != 0 || |
81 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); | 79 | (r = sshpkt_get_u32(ssh, &nbits)) != 0 || |
82 | if ((r = sshpkt_get_u32(ssh, &min)) != 0 || | 80 | (r = sshpkt_get_u32(ssh, &max)) != 0 || |
83 | (r = sshpkt_get_u32(ssh, &nbits)) != 0 || | 81 | (r = sshpkt_get_end(ssh)) != 0) |
84 | (r = sshpkt_get_u32(ssh, &max)) != 0 || | ||
85 | (r = sshpkt_get_end(ssh)) != 0) | ||
86 | goto out; | ||
87 | kex->nbits = nbits; | ||
88 | kex->min = min; | ||
89 | kex->max = max; | ||
90 | min = MAX(DH_GRP_MIN, min); | ||
91 | max = MIN(DH_GRP_MAX, max); | ||
92 | nbits = MAX(DH_GRP_MIN, nbits); | ||
93 | nbits = MIN(DH_GRP_MAX, nbits); | ||
94 | break; | ||
95 | case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: | ||
96 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received"); | ||
97 | if ((r = sshpkt_get_u32(ssh, &nbits)) != 0 || | ||
98 | (r = sshpkt_get_end(ssh)) != 0) | ||
99 | goto out; | ||
100 | kex->nbits = nbits; | ||
101 | /* unused for old GEX */ | ||
102 | kex->min = min = DH_GRP_MIN; | ||
103 | kex->max = max = DH_GRP_MAX; | ||
104 | break; | ||
105 | default: | ||
106 | r = SSH_ERR_INVALID_ARGUMENT; | ||
107 | goto out; | 82 | goto out; |
108 | } | 83 | kex->nbits = nbits; |
84 | kex->min = min; | ||
85 | kex->max = max; | ||
86 | min = MAX(DH_GRP_MIN, min); | ||
87 | max = MIN(DH_GRP_MAX, max); | ||
88 | nbits = MAX(DH_GRP_MIN, nbits); | ||
89 | nbits = MIN(DH_GRP_MAX, nbits); | ||
109 | 90 | ||
110 | if (kex->max < kex->min || kex->nbits < kex->min || | 91 | if (kex->max < kex->min || kex->nbits < kex->min || |
111 | kex->max < kex->nbits) { | 92 | kex->max < kex->nbits) { |
@@ -131,10 +112,6 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt) | |||
131 | if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) | 112 | if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) |
132 | goto out; | 113 | goto out; |
133 | 114 | ||
134 | /* old KEX does not use min/max in kexgex_hash() */ | ||
135 | if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) | ||
136 | kex->min = kex->max = -1; | ||
137 | |||
138 | debug("expecting SSH2_MSG_KEX_DH_GEX_INIT"); | 115 | debug("expecting SSH2_MSG_KEX_DH_GEX_INIT"); |
139 | ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init); | 116 | ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init); |
140 | r = 0; | 117 | r = 0; |