diff options
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 35 |
1 files changed, 29 insertions, 6 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index f636fb3d9..da8c8229c 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.56 2001/03/26 08:07:09 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.57 2001/03/27 17:46:49 provos Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/md5.h> | 29 | #include <openssl/md5.h> |
@@ -46,6 +46,7 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.56 2001/03/26 08:07:09 markus Exp $"); | |||
46 | #include "sshconnect.h" | 46 | #include "sshconnect.h" |
47 | #include "authfile.h" | 47 | #include "authfile.h" |
48 | #include "cli.h" | 48 | #include "cli.h" |
49 | #include "dh.h" | ||
49 | #include "dispatch.h" | 50 | #include "dispatch.h" |
50 | #include "authfd.h" | 51 | #include "authfd.h" |
51 | #include "log.h" | 52 | #include "log.h" |
@@ -309,7 +310,7 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
309 | int plen, dlen; | 310 | int plen, dlen; |
310 | u_int klen, kout; | 311 | u_int klen, kout; |
311 | char *signature = NULL; | 312 | char *signature = NULL; |
312 | u_int slen, nbits; | 313 | u_int slen, nbits, min, max; |
313 | char *server_host_key_blob = NULL; | 314 | char *server_host_key_blob = NULL; |
314 | Key *server_host_key; | 315 | Key *server_host_key; |
315 | u_int sbloblen; | 316 | u_int sbloblen; |
@@ -322,14 +323,31 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
322 | 323 | ||
323 | nbits = dh_estimate(kex->we_need * 8); | 324 | nbits = dh_estimate(kex->we_need * 8); |
324 | 325 | ||
325 | debug("Sending SSH2_MSG_KEX_DH_GEX_REQUEST."); | 326 | if (datafellows & SSH_OLD_DHGEX) { |
326 | packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST); | 327 | debug("Sending SSH2_MSG_KEX_DH_GEX_REQUEST_OLD."); |
327 | packet_put_int(nbits); | 328 | |
329 | /* Old GEX request */ | ||
330 | packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD); | ||
331 | packet_put_int(nbits); | ||
332 | min = DH_GRP_MIN; | ||
333 | max = DH_GRP_MAX; | ||
334 | } else { | ||
335 | debug("Sending SSH2_MSG_KEX_DH_GEX_REQUEST."); | ||
336 | |||
337 | /* New GEX request */ | ||
338 | min = DH_GRP_MIN; | ||
339 | max = MIN(DH_GRP_MAX, nbits * 1.25); | ||
340 | |||
341 | packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST); | ||
342 | packet_put_int(min); | ||
343 | packet_put_int(nbits); | ||
344 | packet_put_int(max); | ||
345 | } | ||
328 | packet_send(); | 346 | packet_send(); |
329 | packet_write_wait(); | 347 | packet_write_wait(); |
330 | 348 | ||
331 | #ifdef DEBUG_KEXDH | 349 | #ifdef DEBUG_KEXDH |
332 | fprintf(stderr, "\nnbits = %d", nbits); | 350 | fprintf(stderr, "\nmin = %d, nbits = %d, max = %d", min, nbits, max); |
333 | #endif | 351 | #endif |
334 | 352 | ||
335 | debug("Wait SSH2_MSG_KEX_DH_GEX_GROUP."); | 353 | debug("Wait SSH2_MSG_KEX_DH_GEX_GROUP."); |
@@ -344,6 +362,11 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
344 | if ((g = BN_new()) == NULL) | 362 | if ((g = BN_new()) == NULL) |
345 | fatal("BN_new"); | 363 | fatal("BN_new"); |
346 | packet_get_bignum2(g, &dlen); | 364 | packet_get_bignum2(g, &dlen); |
365 | |||
366 | if (BN_num_bits(p) < min || BN_num_bits(p) > max) | ||
367 | fatal("DH_GEX group out of range: %d !< %d !< %d", | ||
368 | min, BN_num_bits(p), max); | ||
369 | |||
347 | dh = dh_new_group(g, p); | 370 | dh = dh_new_group(g, p); |
348 | 371 | ||
349 | dh_gen_key(dh, kex->we_need * 8); | 372 | dh_gen_key(dh, kex->we_need * 8); |