diff options
Diffstat (limited to 'kexgssc.c')
| -rw-r--r-- | kexgssc.c | 27 |
1 files changed, 14 insertions, 13 deletions
| @@ -46,23 +46,20 @@ kexgss_client(Kex *kex) { | |||
| 46 | gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr; | 46 | gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr; |
| 47 | Gssctxt *ctxt; | 47 | Gssctxt *ctxt; |
| 48 | OM_uint32 maj_status, min_status, ret_flags; | 48 | OM_uint32 maj_status, min_status, ret_flags; |
| 49 | unsigned int klen, kout; | 49 | u_int klen, kout, slen = 0, hashlen, strlen; |
| 50 | DH *dh; | 50 | DH *dh; |
| 51 | BIGNUM *dh_server_pub = NULL; | 51 | BIGNUM *dh_server_pub = NULL; |
| 52 | BIGNUM *shared_secret = NULL; | 52 | BIGNUM *shared_secret = NULL; |
| 53 | BIGNUM *p = NULL; | 53 | BIGNUM *p = NULL; |
| 54 | BIGNUM *g = NULL; | 54 | BIGNUM *g = NULL; |
| 55 | unsigned char *kbuf; | 55 | u_char *kbuf, *hash; |
| 56 | unsigned char *hash; | 56 | u_char *serverhostkey = NULL; |
| 57 | unsigned char *serverhostkey = NULL; | ||
| 58 | char *msg; | 57 | char *msg; |
| 59 | char *lang; | 58 | char *lang; |
| 60 | int type = 0; | 59 | int type = 0; |
| 61 | int first = 1; | 60 | int first = 1; |
| 62 | int slen = 0; | ||
| 63 | int gex = 0; | 61 | int gex = 0; |
| 64 | int nbits, min, max; | 62 | int nbits, min, max; |
| 65 | u_int strlen; | ||
| 66 | 63 | ||
| 67 | /* Initialise our GSSAPI world */ | 64 | /* Initialise our GSSAPI world */ |
| 68 | ssh_gssapi_build_ctx(&ctxt); | 65 | ssh_gssapi_build_ctx(&ctxt); |
| @@ -244,7 +241,9 @@ kexgss_client(Kex *kex) { | |||
| 244 | xfree(kbuf); | 241 | xfree(kbuf); |
| 245 | 242 | ||
| 246 | if (gex) { | 243 | if (gex) { |
| 247 | hash = kexgex_hash( kex->client_version_string, | 244 | kexgex_hash( |
| 245 | kex->evp_md, | ||
| 246 | kex->client_version_string, | ||
| 248 | kex->server_version_string, | 247 | kex->server_version_string, |
| 249 | buffer_ptr(&kex->my), buffer_len(&kex->my), | 248 | buffer_ptr(&kex->my), buffer_len(&kex->my), |
| 250 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | 249 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), |
| @@ -253,23 +252,25 @@ kexgss_client(Kex *kex) { | |||
| 253 | dh->p, dh->g, | 252 | dh->p, dh->g, |
| 254 | dh->pub_key, | 253 | dh->pub_key, |
| 255 | dh_server_pub, | 254 | dh_server_pub, |
| 256 | shared_secret | 255 | shared_secret, |
| 256 | &hash, &hashlen | ||
| 257 | ); | 257 | ); |
| 258 | } else { | 258 | } else { |
| 259 | /* The GSS hash is identical to the DH one */ | 259 | /* The GSS hash is identical to the DH one */ |
| 260 | hash = kex_dh_hash( kex->client_version_string, | 260 | kex_dh_hash( kex->client_version_string, |
| 261 | kex->server_version_string, | 261 | kex->server_version_string, |
| 262 | buffer_ptr(&kex->my), buffer_len(&kex->my), | 262 | buffer_ptr(&kex->my), buffer_len(&kex->my), |
| 263 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | 263 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), |
| 264 | serverhostkey, slen, /* server host key */ | 264 | serverhostkey, slen, /* server host key */ |
| 265 | dh->pub_key, /* e */ | 265 | dh->pub_key, /* e */ |
| 266 | dh_server_pub, /* f */ | 266 | dh_server_pub, /* f */ |
| 267 | shared_secret /* K */ | 267 | shared_secret, /* K */ |
| 268 | &hash, &hashlen | ||
| 268 | ); | 269 | ); |
| 269 | } | 270 | } |
| 270 | 271 | ||
| 271 | gssbuf.value = hash; | 272 | gssbuf.value = hash; |
| 272 | gssbuf.length = 20; | 273 | gssbuf.length = hashlen; |
| 273 | 274 | ||
| 274 | /* Verify that the hash matches the MIC we just got. */ | 275 | /* Verify that the hash matches the MIC we just got. */ |
| 275 | if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok))) | 276 | if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok))) |
| @@ -284,7 +285,7 @@ kexgss_client(Kex *kex) { | |||
| 284 | 285 | ||
| 285 | /* save session id */ | 286 | /* save session id */ |
| 286 | if (kex->session_id == NULL) { | 287 | if (kex->session_id == NULL) { |
| 287 | kex->session_id_len = 20; | 288 | kex->session_id_len = hashlen; |
| 288 | kex->session_id = xmalloc(kex->session_id_len); | 289 | kex->session_id = xmalloc(kex->session_id_len); |
| 289 | memcpy(kex->session_id, hash, kex->session_id_len); | 290 | memcpy(kex->session_id, hash, kex->session_id_len); |
| 290 | } | 291 | } |
| @@ -294,7 +295,7 @@ kexgss_client(Kex *kex) { | |||
| 294 | else | 295 | else |
| 295 | ssh_gssapi_delete_ctx(&ctxt); | 296 | ssh_gssapi_delete_ctx(&ctxt); |
| 296 | 297 | ||
| 297 | kex_derive_keys(kex, hash, shared_secret); | 298 | kex_derive_keys(kex, hash, hashlen, shared_secret); |
| 298 | BN_clear_free(shared_secret); | 299 | BN_clear_free(shared_secret); |
| 299 | kex_finish(kex); | 300 | kex_finish(kex); |
| 300 | } | 301 | } |