diff options
Diffstat (limited to 'sshconnect2.c')
| -rw-r--r-- | sshconnect2.c | 49 |
1 files changed, 23 insertions, 26 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index adb4e4cbd..19caebabc 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect2.c,v 1.290 2018/11/28 06:00:38 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.291 2018/12/27 03:25:25 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
| @@ -155,11 +155,10 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) | |||
| 155 | } | 155 | } |
| 156 | 156 | ||
| 157 | void | 157 | void |
| 158 | ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | 158 | ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) |
| 159 | { | 159 | { |
| 160 | char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; | 160 | char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; |
| 161 | char *s, *all_key; | 161 | char *s, *all_key; |
| 162 | struct kex *kex; | ||
| 163 | int r; | 162 | int r; |
| 164 | 163 | ||
| 165 | xxx_host = host; | 164 | xxx_host = host; |
| @@ -199,36 +198,33 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
| 199 | options.rekey_interval); | 198 | options.rekey_interval); |
| 200 | 199 | ||
| 201 | /* start key exchange */ | 200 | /* start key exchange */ |
| 202 | if ((r = kex_setup(active_state, myproposal)) != 0) | 201 | if ((r = kex_setup(ssh, myproposal)) != 0) |
| 203 | fatal("kex_setup: %s", ssh_err(r)); | 202 | fatal("kex_setup: %s", ssh_err(r)); |
| 204 | kex = active_state->kex; | ||
| 205 | #ifdef WITH_OPENSSL | 203 | #ifdef WITH_OPENSSL |
| 206 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; | 204 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; |
| 207 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; | 205 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; |
| 208 | kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; | 206 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; |
| 209 | kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; | 207 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; |
| 210 | kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; | 208 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; |
| 211 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | 209 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
| 212 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; | 210 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
| 213 | # ifdef OPENSSL_HAS_ECC | 211 | # ifdef OPENSSL_HAS_ECC |
| 214 | kex->kex[KEX_ECDH_SHA2] = kexecdh_client; | 212 | ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client; |
| 215 | # endif | 213 | # endif |
| 216 | #endif | 214 | #endif |
| 217 | kex->kex[KEX_C25519_SHA256] = kexc25519_client; | 215 | ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client; |
| 218 | kex->client_version_string=client_version_string; | 216 | ssh->kex->verify_host_key=&verify_host_key_callback; |
| 219 | kex->server_version_string=server_version_string; | ||
| 220 | kex->verify_host_key=&verify_host_key_callback; | ||
| 221 | 217 | ||
| 222 | ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done); | 218 | ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done); |
| 223 | 219 | ||
| 224 | /* remove ext-info from the KEX proposals for rekeying */ | 220 | /* remove ext-info from the KEX proposals for rekeying */ |
| 225 | myproposal[PROPOSAL_KEX_ALGS] = | 221 | myproposal[PROPOSAL_KEX_ALGS] = |
| 226 | compat_kex_proposal(options.kex_algorithms); | 222 | compat_kex_proposal(options.kex_algorithms); |
| 227 | if ((r = kex_prop2buf(kex->my, myproposal)) != 0) | 223 | if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) |
| 228 | fatal("kex_prop2buf: %s", ssh_err(r)); | 224 | fatal("kex_prop2buf: %s", ssh_err(r)); |
| 229 | 225 | ||
| 230 | session_id2 = kex->session_id; | 226 | session_id2 = ssh->kex->session_id; |
| 231 | session_id2_len = kex->session_id_len; | 227 | session_id2_len = ssh->kex->session_id_len; |
| 232 | 228 | ||
| 233 | #ifdef DEBUG_KEXDH | 229 | #ifdef DEBUG_KEXDH |
| 234 | /* send 1st encrypted/maced/compressed message */ | 230 | /* send 1st encrypted/maced/compressed message */ |
| @@ -365,10 +361,9 @@ Authmethod authmethods[] = { | |||
| 365 | }; | 361 | }; |
| 366 | 362 | ||
| 367 | void | 363 | void |
| 368 | ssh_userauth2(const char *local_user, const char *server_user, char *host, | 364 | ssh_userauth2(struct ssh *ssh, const char *local_user, |
| 369 | Sensitive *sensitive) | 365 | const char *server_user, char *host, Sensitive *sensitive) |
| 370 | { | 366 | { |
| 371 | struct ssh *ssh = active_state; | ||
| 372 | Authctxt authctxt; | 367 | Authctxt authctxt; |
| 373 | int r; | 368 | int r; |
| 374 | 369 | ||
| @@ -392,8 +387,10 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, | |||
| 392 | authctxt.info_req_seen = 0; | 387 | authctxt.info_req_seen = 0; |
| 393 | authctxt.agent_fd = -1; | 388 | authctxt.agent_fd = -1; |
| 394 | pubkey_prepare(&authctxt); | 389 | pubkey_prepare(&authctxt); |
| 395 | if (authctxt.method == NULL) | 390 | if (authctxt.method == NULL) { |
| 396 | fatal("ssh_userauth2: internal error: cannot send userauth none request"); | 391 | fatal("%s: internal error: cannot send userauth none request", |
| 392 | __func__); | ||
| 393 | } | ||
| 397 | 394 | ||
| 398 | if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 || | 395 | if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 || |
| 399 | (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 || | 396 | (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 || |