diff options
Diffstat (limited to 'sshconnect1.c')
-rw-r--r-- | sshconnect1.c | 85 |
1 files changed, 40 insertions, 45 deletions
diff --git a/sshconnect1.c b/sshconnect1.c index 2829ca5a7..166e392e7 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect1.c,v 1.42 2001/12/19 07:18:56 deraadt Exp $"); | 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.43 2001/12/27 18:22:16 markus Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | #include <openssl/evp.h> | 19 | #include <openssl/evp.h> |
@@ -76,8 +76,8 @@ try_agent_authentication(void) | |||
76 | if (!auth) | 76 | if (!auth) |
77 | return 0; | 77 | return 0; |
78 | 78 | ||
79 | challenge = BN_new(); | 79 | if ((challenge = BN_new()) == NULL) |
80 | 80 | fatal("try_agent_authentication: BN_new failed"); | |
81 | /* Loop through identities served by the agent. */ | 81 | /* Loop through identities served by the agent. */ |
82 | for (key = ssh_get_first_identity(auth, &comment, 1); | 82 | for (key = ssh_get_first_identity(auth, &comment, 1); |
83 | key != NULL; | 83 | key != NULL; |
@@ -241,7 +241,8 @@ try_rsa_authentication(int idx) | |||
241 | packet_disconnect("Protocol error during RSA authentication: %d", type); | 241 | packet_disconnect("Protocol error during RSA authentication: %d", type); |
242 | 242 | ||
243 | /* Get the challenge from the packet. */ | 243 | /* Get the challenge from the packet. */ |
244 | challenge = BN_new(); | 244 | if ((challenge = BN_new()) == NULL) |
245 | fatal("try_rsa_authentication: BN_new failed"); | ||
245 | packet_get_bignum(challenge, &clen); | 246 | packet_get_bignum(challenge, &clen); |
246 | 247 | ||
247 | packet_integrity_check(plen, clen, type); | 248 | packet_integrity_check(plen, clen, type); |
@@ -355,7 +356,8 @@ try_rhosts_rsa_authentication(const char *local_user, Key * host_key) | |||
355 | packet_disconnect("Protocol error during RSA authentication: %d", type); | 356 | packet_disconnect("Protocol error during RSA authentication: %d", type); |
356 | 357 | ||
357 | /* Get the challenge from the packet. */ | 358 | /* Get the challenge from the packet. */ |
358 | challenge = BN_new(); | 359 | if ((challenge = BN_new()) == NULL) |
360 | fatal("try_rhosts_rsa_authentication: BN_new failed"); | ||
359 | packet_get_bignum(challenge, &clen); | 361 | packet_get_bignum(challenge, &clen); |
360 | 362 | ||
361 | packet_integrity_check(plen, clen, type); | 363 | packet_integrity_check(plen, clen, type); |
@@ -912,9 +914,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr) | |||
912 | { | 914 | { |
913 | int i; | 915 | int i; |
914 | BIGNUM *key; | 916 | BIGNUM *key; |
915 | RSA *host_key; | 917 | Key *host_key, *server_key; |
916 | RSA *public_key; | ||
917 | Key k; | ||
918 | int bits, rbits; | 918 | int bits, rbits; |
919 | int ssh_cipher_default = SSH_CIPHER_3DES; | 919 | int ssh_cipher_default = SSH_CIPHER_3DES; |
920 | u_char session_key[SSH_SESSION_KEY_LENGTH]; | 920 | u_char session_key[SSH_SESSION_KEY_LENGTH]; |
@@ -934,32 +934,28 @@ ssh_kex(char *host, struct sockaddr *hostaddr) | |||
934 | cookie[i] = packet_get_char(); | 934 | cookie[i] = packet_get_char(); |
935 | 935 | ||
936 | /* Get the public key. */ | 936 | /* Get the public key. */ |
937 | public_key = RSA_new(); | 937 | server_key = key_new(KEY_RSA1); |
938 | bits = packet_get_int();/* bits */ | 938 | bits = packet_get_int(); |
939 | public_key->e = BN_new(); | 939 | packet_get_bignum(server_key->rsa->e, &clen); |
940 | packet_get_bignum(public_key->e, &clen); | ||
941 | sum_len += clen; | 940 | sum_len += clen; |
942 | public_key->n = BN_new(); | 941 | packet_get_bignum(server_key->rsa->n, &clen); |
943 | packet_get_bignum(public_key->n, &clen); | ||
944 | sum_len += clen; | 942 | sum_len += clen; |
945 | 943 | ||
946 | rbits = BN_num_bits(public_key->n); | 944 | rbits = BN_num_bits(server_key->rsa->n); |
947 | if (bits != rbits) { | 945 | if (bits != rbits) { |
948 | log("Warning: Server lies about size of server public key: " | 946 | log("Warning: Server lies about size of server public key: " |
949 | "actual size is %d bits vs. announced %d.", rbits, bits); | 947 | "actual size is %d bits vs. announced %d.", rbits, bits); |
950 | log("Warning: This may be due to an old implementation of ssh."); | 948 | log("Warning: This may be due to an old implementation of ssh."); |
951 | } | 949 | } |
952 | /* Get the host key. */ | 950 | /* Get the host key. */ |
953 | host_key = RSA_new(); | 951 | host_key = key_new(KEY_RSA1); |
954 | bits = packet_get_int();/* bits */ | 952 | bits = packet_get_int(); |
955 | host_key->e = BN_new(); | 953 | packet_get_bignum(host_key->rsa->e, &clen); |
956 | packet_get_bignum(host_key->e, &clen); | ||
957 | sum_len += clen; | 954 | sum_len += clen; |
958 | host_key->n = BN_new(); | 955 | packet_get_bignum(host_key->rsa->n, &clen); |
959 | packet_get_bignum(host_key->n, &clen); | ||
960 | sum_len += clen; | 956 | sum_len += clen; |
961 | 957 | ||
962 | rbits = BN_num_bits(host_key->n); | 958 | rbits = BN_num_bits(host_key->rsa->n); |
963 | if (bits != rbits) { | 959 | if (bits != rbits) { |
964 | log("Warning: Server lies about size of server host key: " | 960 | log("Warning: Server lies about size of server host key: " |
965 | "actual size is %d bits vs. announced %d.", rbits, bits); | 961 | "actual size is %d bits vs. announced %d.", rbits, bits); |
@@ -974,19 +970,17 @@ ssh_kex(char *host, struct sockaddr *hostaddr) | |||
974 | supported_authentications = packet_get_int(); | 970 | supported_authentications = packet_get_int(); |
975 | 971 | ||
976 | debug("Received server public key (%d bits) and host key (%d bits).", | 972 | debug("Received server public key (%d bits) and host key (%d bits).", |
977 | BN_num_bits(public_key->n), BN_num_bits(host_key->n)); | 973 | BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); |
978 | 974 | ||
979 | packet_integrity_check(payload_len, | 975 | packet_integrity_check(payload_len, |
980 | 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4, | 976 | 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4, |
981 | SSH_SMSG_PUBLIC_KEY); | 977 | SSH_SMSG_PUBLIC_KEY); |
982 | k.type = KEY_RSA1; | 978 | if (verify_host_key(host, hostaddr, host_key) == -1) |
983 | k.rsa = host_key; | ||
984 | if (verify_host_key(host, hostaddr, &k) == -1) | ||
985 | fatal("Host key verification failed."); | 979 | fatal("Host key verification failed."); |
986 | 980 | ||
987 | client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; | 981 | client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; |
988 | 982 | ||
989 | compute_session_id(session_id, cookie, host_key->n, public_key->n); | 983 | compute_session_id(session_id, cookie, host_key->rsa->n, server_key->rsa->n); |
990 | 984 | ||
991 | /* Generate a session key. */ | 985 | /* Generate a session key. */ |
992 | arc4random_stir(); | 986 | arc4random_stir(); |
@@ -1008,7 +1002,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr) | |||
1008 | * is the highest byte of the integer. The session key is xored with | 1002 | * is the highest byte of the integer. The session key is xored with |
1009 | * the first 16 bytes of the session id. | 1003 | * the first 16 bytes of the session id. |
1010 | */ | 1004 | */ |
1011 | key = BN_new(); | 1005 | if ((key = BN_new()) == NULL) |
1006 | fatal("respond_to_rsa_challenge: BN_new failed"); | ||
1012 | BN_set_word(key, 0); | 1007 | BN_set_word(key, 0); |
1013 | for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { | 1008 | for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { |
1014 | BN_lshift(key, key, 8); | 1009 | BN_lshift(key, key, 8); |
@@ -1022,35 +1017,35 @@ ssh_kex(char *host, struct sockaddr *hostaddr) | |||
1022 | * Encrypt the integer using the public key and host key of the | 1017 | * Encrypt the integer using the public key and host key of the |
1023 | * server (key with smaller modulus first). | 1018 | * server (key with smaller modulus first). |
1024 | */ | 1019 | */ |
1025 | if (BN_cmp(public_key->n, host_key->n) < 0) { | 1020 | if (BN_cmp(server_key->rsa->n, host_key->rsa->n) < 0) { |
1026 | /* Public key has smaller modulus. */ | 1021 | /* Public key has smaller modulus. */ |
1027 | if (BN_num_bits(host_key->n) < | 1022 | if (BN_num_bits(host_key->rsa->n) < |
1028 | BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) { | 1023 | BN_num_bits(server_key->rsa->n) + SSH_KEY_BITS_RESERVED) { |
1029 | fatal("respond_to_rsa_challenge: host_key %d < public_key %d + " | 1024 | fatal("respond_to_rsa_challenge: host_key %d < server_key %d + " |
1030 | "SSH_KEY_BITS_RESERVED %d", | 1025 | "SSH_KEY_BITS_RESERVED %d", |
1031 | BN_num_bits(host_key->n), | 1026 | BN_num_bits(host_key->rsa->n), |
1032 | BN_num_bits(public_key->n), | 1027 | BN_num_bits(server_key->rsa->n), |
1033 | SSH_KEY_BITS_RESERVED); | 1028 | SSH_KEY_BITS_RESERVED); |
1034 | } | 1029 | } |
1035 | rsa_public_encrypt(key, key, public_key); | 1030 | rsa_public_encrypt(key, key, server_key->rsa); |
1036 | rsa_public_encrypt(key, key, host_key); | 1031 | rsa_public_encrypt(key, key, host_key->rsa); |
1037 | } else { | 1032 | } else { |
1038 | /* Host key has smaller modulus (or they are equal). */ | 1033 | /* Host key has smaller modulus (or they are equal). */ |
1039 | if (BN_num_bits(public_key->n) < | 1034 | if (BN_num_bits(server_key->rsa->n) < |
1040 | BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) { | 1035 | BN_num_bits(host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { |
1041 | fatal("respond_to_rsa_challenge: public_key %d < host_key %d + " | 1036 | fatal("respond_to_rsa_challenge: server_key %d < host_key %d + " |
1042 | "SSH_KEY_BITS_RESERVED %d", | 1037 | "SSH_KEY_BITS_RESERVED %d", |
1043 | BN_num_bits(public_key->n), | 1038 | BN_num_bits(server_key->rsa->n), |
1044 | BN_num_bits(host_key->n), | 1039 | BN_num_bits(host_key->rsa->n), |
1045 | SSH_KEY_BITS_RESERVED); | 1040 | SSH_KEY_BITS_RESERVED); |
1046 | } | 1041 | } |
1047 | rsa_public_encrypt(key, key, host_key); | 1042 | rsa_public_encrypt(key, key, host_key->rsa); |
1048 | rsa_public_encrypt(key, key, public_key); | 1043 | rsa_public_encrypt(key, key, server_key->rsa); |
1049 | } | 1044 | } |
1050 | 1045 | ||
1051 | /* Destroy the public keys since we no longer need them. */ | 1046 | /* Destroy the public keys since we no longer need them. */ |
1052 | RSA_free(public_key); | 1047 | key_free(server_key); |
1053 | RSA_free(host_key); | 1048 | key_free(host_key); |
1054 | 1049 | ||
1055 | if (options.cipher == SSH_CIPHER_NOT_SET) { | 1050 | if (options.cipher == SSH_CIPHER_NOT_SET) { |
1056 | if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default)) | 1051 | if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default)) |