tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

update packet.c & isolate, introduce struct ssh a) switch
 packet.c to buffer api and isolate per-connection info into struct ssh b)
 (de)serialization of the state is moved from monitor to packet.c c) the old
 packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and
 integrated into packet.c with and ok djm@
This commit is contained in:
markus@openbsd.org 2015-01-19 19:52:16 +00:00 committed by Damien Miller
parent 4e62cc68ce
commit 091c302829
28 changed files with 2541 additions and 1891 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile.in
View File

@ -78,8 +78,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
authfd.o authfile.o bufaux.o bufbn.o buffer.o \
canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \
cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o md-sha256.o moduli.o nchan.o packet.o \
compat.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \
readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \

16
clientloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.262 2015/01/14 20:05:27 djm Exp $ */
/* $OpenBSD: clientloop.c,v 1.263 2015/01/19 19:52:16 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -192,9 +192,6 @@ TAILQ_HEAD(global_confirms, global_confirm);
static struct global_confirms global_confirms =
TAILQ_HEAD_INITIALIZER(global_confirms);
/*XXX*/
extern Kex *xxx_kex;
void ssh_process_session2_setup(int, int, int, Buffer *);
/* Restores stdin to blocking mode. */
@ -1416,7 +1413,7 @@ static void
client_process_buffered_input_packets(void)
{
dispatch_run(DISPATCH_NONBLOCK, &quit_pending,
compat20 ? xxx_kex : NULL);
compat20 ? active_state->kex : NULL);
}
/* scan buf[] for '~' before sending data to the peer */
@ -1555,7 +1552,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
if (compat20 && session_closed && !channel_still_open())
break;
rekeying = (xxx_kex != NULL && !xxx_kex->done);
rekeying = (active_state->kex != NULL && !active_state->kex->done);
if (rekeying) {
debug("rekeying in progress");
@ -1599,8 +1596,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
channel_after_select(readset, writeset);
if (need_rekeying || packet_need_rekeying()) {
debug("need rekeying");
xxx_kex->done = 0;
kex_send_kexinit(xxx_kex);
active_state->kex->done = 0;
kex_send_kexinit(active_state->kex);
need_rekeying = 0;
}
}
@ -1729,8 +1726,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
/* Report bytes transferred, and transfer rates. */
total_time = get_current_time() - start_time;
packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
packet_get_bytes(&ibytes, &obytes);
verbose("Transferred: sent %llu, received %llu bytes, in %.1f seconds",
(unsigned long long)obytes, (unsigned long long)ibytes, total_time);
if (total_time > 0)

167
compress.c
View File

@ -1,167 +0,0 @@
/* $OpenBSD: compress.c,v 1.26 2010/09/08 04:13:31 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
* Interface to packet compression for ssh.
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
#include "includes.h"
#include <sys/types.h>
#include <stdarg.h>
#include "log.h"
#include "buffer.h"
#include "compress.h"
#include <zlib.h>
z_stream incoming_stream;
z_stream outgoing_stream;
static int compress_init_send_called = 0;
static int compress_init_recv_called = 0;
static int inflate_failed = 0;
static int deflate_failed = 0;
/*
* Initializes compression; level is compression level from 1 to 9
* (as in gzip).
*/
void
buffer_compress_init_send(int level)
{
if (compress_init_send_called == 1)
deflateEnd(&outgoing_stream);
compress_init_send_called = 1;
debug("Enabling compression at level %d.", level);
if (level < 1 || level > 9)
fatal("Bad compression level %d.", level);
deflateInit(&outgoing_stream, level);
}
void
buffer_compress_init_recv(void)
{
if (compress_init_recv_called == 1)
inflateEnd(&incoming_stream);
compress_init_recv_called = 1;
inflateInit(&incoming_stream);
}
/* Frees any data structures allocated for compression. */
void
buffer_compress_uninit(void)
{
debug("compress outgoing: raw data %llu, compressed %llu, factor %.2f",
(unsigned long long)outgoing_stream.total_in,
(unsigned long long)outgoing_stream.total_out,
outgoing_stream.total_in == 0 ? 0.0 :
(double) outgoing_stream.total_out / outgoing_stream.total_in);
debug("compress incoming: raw data %llu, compressed %llu, factor %.2f",
(unsigned long long)incoming_stream.total_out,
(unsigned long long)incoming_stream.total_in,
incoming_stream.total_out == 0 ? 0.0 :
(double) incoming_stream.total_in / incoming_stream.total_out);
if (compress_init_recv_called == 1 && inflate_failed == 0)
inflateEnd(&incoming_stream);
if (compress_init_send_called == 1 && deflate_failed == 0)
deflateEnd(&outgoing_stream);
}
/*
* Compresses the contents of input_buffer into output_buffer. All packets
* compressed using this function will form a single compressed data stream;
* however, data will be flushed at the end of every call so that each
* output_buffer can be decompressed independently (but in the appropriate
* order since they together form a single compression stream) by the
* receiver. This appends the compressed data to the output buffer.
*/
void
buffer_compress(Buffer * input_buffer, Buffer * output_buffer)
{
u_char buf[4096];
int status;
/* This case is not handled below. */
if (buffer_len(input_buffer) == 0)
return;
/* Input is the contents of the input buffer. */
outgoing_stream.next_in = buffer_ptr(input_buffer);
outgoing_stream.avail_in = buffer_len(input_buffer);
/* Loop compressing until deflate() returns with avail_out != 0. */
do {
/* Set up fixed-size output buffer. */
outgoing_stream.next_out = buf;
outgoing_stream.avail_out = sizeof(buf);
/* Compress as much data into the buffer as possible. */
status = deflate(&outgoing_stream, Z_PARTIAL_FLUSH);
switch (status) {
case Z_OK:
/* Append compressed data to output_buffer. */
buffer_append(output_buffer, buf,
sizeof(buf) - outgoing_stream.avail_out);
break;
default:
deflate_failed = 1;
fatal("buffer_compress: deflate returned %d", status);
/* NOTREACHED */
}
} while (outgoing_stream.avail_out == 0);
}
/*
* Uncompresses the contents of input_buffer into output_buffer. All packets
* uncompressed using this function will form a single compressed data
* stream; however, data will be flushed at the end of every call so that
* each output_buffer. This must be called for the same size units that the
* buffer_compress was called, and in the same order that buffers compressed
* with that. This appends the uncompressed data to the output buffer.
*/
void
buffer_uncompress(Buffer * input_buffer, Buffer * output_buffer)
{
u_char buf[4096];
int status;
incoming_stream.next_in = buffer_ptr(input_buffer);
incoming_stream.avail_in = buffer_len(input_buffer);
for (;;) {
/* Set up fixed-size output buffer. */
incoming_stream.next_out = buf;
incoming_stream.avail_out = sizeof(buf);
status = inflate(&incoming_stream, Z_PARTIAL_FLUSH);
switch (status) {
case Z_OK:
buffer_append(output_buffer, buf,
sizeof(buf) - incoming_stream.avail_out);
break;
case Z_BUF_ERROR:
/*
* Comments in zlib.h say that we should keep calling
* inflate() until we get an error. This appears to
* be the error that we get.
*/
return;
default:
inflate_failed = 1;
fatal("buffer_uncompress: inflate returned %d", status);
/* NOTREACHED */
}
}
}

25
compress.h
View File

@ -1,25 +0,0 @@
/* $OpenBSD: compress.h,v 1.12 2006/03/25 22:22:43 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
* Interface to packet compression for ssh.
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
#ifndef COMPRESS_H
#define COMPRESS_H
void buffer_compress_init_send(int);
void buffer_compress_init_recv(void);
void buffer_compress_uninit(void);
void buffer_compress(Buffer *, Buffer *);
void buffer_uncompress(Buffer *, Buffer *);
#endif /* COMPRESS_H */

82
deattack.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: deattack.c,v 1.30 2006/09/16 19:53:37 djm Exp $ */
/* $OpenBSD: deattack.c,v 1.31 2015/01/19 19:52:16 markus Exp $ */
/*
* Cryptographic attack detector for ssh - source code
*
@ -20,16 +20,14 @@
#include "includes.h"
#include <sys/types.h>
#include <sys/param.h>
#include <string.h>
#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>
#include "xmalloc.h"
#include "deattack.h"
#include "log.h"
#include "crc32.h"
#include "sshbuf.h"
#include "misc.h"
/*
@ -66,7 +64,7 @@
/* Hash function (Input keys are cipher results) */
#define HASH(x) get_u32(x)
#define HASH(x) PEEK_U32(x)
#define CMP(a, b) (memcmp(a, b, SSH_BLOCKSIZE))
@ -79,10 +77,10 @@ crc_update(u_int32_t *a, u_int32_t b)
/* detect if a block is used in a particular pattern */
static int
check_crc(u_char *S, u_char *buf, u_int32_t len)
check_crc(const u_char *S, const u_char *buf, u_int32_t len)
{
u_int32_t crc;
u_char *c;
const u_char *c;
crc = 0;
for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
@ -94,36 +92,44 @@ check_crc(u_char *S, u_char *buf, u_int32_t len)
crc_update(&crc, 0);
}
}
return (crc == 0);
return crc == 0;
}
void
deattack_init(struct deattack_ctx *dctx)
{
bzero(dctx, sizeof(*dctx));
dctx->n = HASH_MINSIZE / HASH_ENTRYSIZE;
}
/* Detect a crc32 compensation attack on a packet */
int
detect_attack(u_char *buf, u_int32_t len)
detect_attack(struct deattack_ctx *dctx, const u_char *buf, u_int32_t len)
{
static u_int16_t *h = (u_int16_t *) NULL;
static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
u_int32_t i, j;
u_int32_t l, same;
u_char *c;
u_char *d;
u_int32_t i, j, l, same;
u_int16_t *tmp;
const u_char *c, *d;
if (len > (SSH_MAXBLOCKS * SSH_BLOCKSIZE) ||
len % SSH_BLOCKSIZE != 0) {
fatal("detect_attack: bad length %d", len);
}
for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2)
len % SSH_BLOCKSIZE != 0)
return DEATTACK_ERROR;
for (l = dctx->n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2)
;
if (h == NULL) {
debug("Installing crc compensation attack detector.");
h = (u_int16_t *) xcalloc(l, HASH_ENTRYSIZE);
n = l;
if (dctx->h == NULL) {
if ((dctx->h = calloc(l, HASH_ENTRYSIZE)) == NULL)
return DEATTACK_ERROR;
dctx->n = l;
} else {
if (l > n) {
h = (u_int16_t *)xrealloc(h, l, HASH_ENTRYSIZE);
n = l;
if (l > dctx->n) {
if ((tmp = reallocarray(dctx->h, l, HASH_ENTRYSIZE))
== NULL) {
free(dctx->h);
dctx->h = NULL;
return DEATTACK_ERROR;
}
dctx->h = tmp;
dctx->n = l;
}
}
@ -132,29 +138,29 @@ detect_attack(u_char *buf, u_int32_t len)
for (d = buf; d < c; d += SSH_BLOCKSIZE) {
if (!CMP(c, d)) {
if ((check_crc(c, buf, len)))
return (DEATTACK_DETECTED);
return DEATTACK_DETECTED;
else
break;
}
}
}
return (DEATTACK_OK);
return DEATTACK_OK;
}
memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
memset(dctx->h, HASH_UNUSEDCHAR, dctx->n * HASH_ENTRYSIZE);
for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
i = (i + 1) & (n - 1)) {
if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
for (i = HASH(c) & (dctx->n - 1); dctx->h[i] != HASH_UNUSED;
i = (i + 1) & (dctx->n - 1)) {
if (!CMP(c, buf + dctx->h[i] * SSH_BLOCKSIZE)) {
if (++same > MAX_IDENTICAL)
return (DEATTACK_DOS_DETECTED);
return DEATTACK_DOS_DETECTED;
if (check_crc(c, buf, len))
return (DEATTACK_DETECTED);
return DEATTACK_DETECTED;
else
break;
}
}
h[i] = j;
dctx->h[i] = j;
}
return (DEATTACK_OK);
return DEATTACK_OK;
}

11
deattack.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: deattack.h,v 1.10 2006/09/16 19:53:37 djm Exp $ */
/* $OpenBSD: deattack.h,v 1.11 2015/01/19 19:52:16 markus Exp $ */
/*
* Cryptographic attack detector for ssh - Header file
@ -26,6 +26,13 @@
#define DEATTACK_OK 0
#define DEATTACK_DETECTED 1
#define DEATTACK_DOS_DETECTED 2
#define DEATTACK_ERROR 3
int detect_attack(u_char *, u_int32_t);
struct deattack_ctx {
u_int16_t *h;
u_int32_t n;
};
void deattack_init(struct deattack_ctx *);
int detect_attack(struct deattack_ctx *, const u_char *, u_int32_t);
#endif

87
kex.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.c,v 1.99 2014/04/29 18:01:49 markus Exp $ */
/* $OpenBSD: kex.c,v 1.100 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@ -239,8 +239,8 @@ kex_finish(Kex *kex)
debug("SSH2_MSG_NEWKEYS received");
kex->done = 1;
buffer_clear(&kex->peer);
/* buffer_clear(&kex->my); */
buffer_clear(kex->peer);
/* buffer_clear(kex->my); */
kex->flags &= ~KEX_INIT_SENT;
free(kex->name);
kex->name = NULL;
@ -264,9 +264,9 @@ kex_send_kexinit(Kex *kex)
kex->done = 0;
/* generate a random cookie */
if (buffer_len(&kex->my) < KEX_COOKIE_LEN)
if (buffer_len(kex->my) < KEX_COOKIE_LEN)
fatal("kex_send_kexinit: kex proposal too short");
cookie = buffer_ptr(&kex->my);
cookie = buffer_ptr(kex->my);
for (i = 0; i < KEX_COOKIE_LEN; i++) {
if (i % 4 == 0)
rnd = arc4random();
@ -274,7 +274,7 @@ kex_send_kexinit(Kex *kex)
rnd >>= 8;
}
packet_start(SSH2_MSG_KEXINIT);
packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));
packet_put_raw(buffer_ptr(kex->my), buffer_len(kex->my));
packet_send();
debug("SSH2_MSG_KEXINIT sent");
kex->flags |= KEX_INIT_SENT;
@ -284,8 +284,9 @@ kex_send_kexinit(Kex *kex)
void
kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
{
char *ptr;
u_int i, dlen;
const char *ptr;
u_int i;
size_t dlen;
Kex *kex = (Kex *)ctxt;
debug("SSH2_MSG_KEXINIT received");
@ -293,7 +294,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
fatal("kex_input_kexinit: no kex, cannot rekey");
ptr = packet_get_raw(&dlen);
buffer_append(&kex->peer, ptr, dlen);
buffer_append(kex->peer, ptr, dlen);
/* discard packet */
for (i = 0; i < KEX_COOKIE_LEN; i++)
@ -317,15 +318,49 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
kex_kexinit_finish(kex);
}
void
kex_free_newkeys(struct newkeys *newkeys)
{
if (newkeys == NULL)
return;
if (newkeys->enc.key) {
explicit_bzero(newkeys->enc.key, newkeys->enc.key_len);
free(newkeys->enc.key);
newkeys->enc.key = NULL;
}
if (newkeys->enc.iv) {
explicit_bzero(newkeys->enc.iv, newkeys->enc.block_size);
free(newkeys->enc.iv);
newkeys->enc.iv = NULL;
}
free(newkeys->enc.name);
explicit_bzero(&newkeys->enc, sizeof(newkeys->enc));
free(newkeys->comp.name);
explicit_bzero(&newkeys->comp, sizeof(newkeys->comp));
mac_clear(&newkeys->mac);
if (newkeys->mac.key) {
explicit_bzero(newkeys->mac.key, newkeys->mac.key_len);
free(newkeys->mac.key);
newkeys->mac.key = NULL;
}
free(newkeys->mac.name);
explicit_bzero(&newkeys->mac, sizeof(newkeys->mac));
explicit_bzero(newkeys, sizeof(*newkeys));
free(newkeys);
}
Kex *
kex_setup(char *proposal[PROPOSAL_MAX])
{
Kex *kex;
struct kex *kex;
kex = xcalloc(1, sizeof(*kex));
buffer_init(&kex->peer);
buffer_init(&kex->my);
kex_prop2buf(&kex->my, proposal);
if ((kex = calloc(1, sizeof(*kex))) == NULL)
fatal("%s: calloc", __func__);
if ((kex->peer = sshbuf_new()) == NULL ||
(kex->my = sshbuf_new()) == NULL) {
fatal("%s: sshbuf_new", __func__);
}
kex_prop2buf(kex->my, proposal);
kex->done = 0;
kex_send_kexinit(kex); /* we start */
@ -464,8 +499,8 @@ kex_choose_conf(Kex *kex)
u_int mode, ctos, need, dh_need, authlen;
int first_kex_follows, type;
my = kex_buf2prop(&kex->my, NULL);
peer = kex_buf2prop(&kex->peer, &first_kex_follows);
my = kex_buf2prop(kex->my, NULL);
peer = kex_buf2prop(kex->peer, &first_kex_follows);
if (kex->server) {
cprop=peer;
@ -591,8 +626,6 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen,
return digest;
}
Newkeys *current_keys[MODE_MAX];
#define NKEYS 6
void
kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen,
@ -608,13 +641,11 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen,
debug2("kex_derive_keys");
for (mode = 0; mode < MODE_MAX; mode++) {
current_keys[mode] = kex->newkeys[mode];
kex->newkeys[mode] = NULL;
ctos = (!kex->server && mode == MODE_OUT) ||
(kex->server && mode == MODE_IN);
current_keys[mode]->enc.iv = keys[ctos ? 0 : 1];
current_keys[mode]->enc.key = keys[ctos ? 2 : 3];
current_keys[mode]->mac.key = keys[ctos ? 4 : 5];
kex->newkeys[mode]->enc.iv = keys[ctos ? 0 : 1];
kex->newkeys[mode]->enc.key = keys[ctos ? 2 : 3];
kex->newkeys[mode]->mac.key = keys[ctos ? 4 : 5];
}
}
@ -632,16 +663,6 @@ kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret)
}
#endif
Newkeys *
kex_get_newkeys(int mode)
{
Newkeys *ret;
ret = current_keys[mode];
current_keys[mode] = NULL;
return ret;
}
#ifdef WITH_SSH1
void
derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,

39
kex.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.h,v 1.66 2015/01/15 09:40:00 djm Exp $ */
/* $OpenBSD: kex.h,v 1.67 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -82,15 +82,15 @@ enum kex_exchange {
#define KEX_INIT_SENT 0x0001
typedef struct Kex Kex;
typedef struct Comp Comp;
typedef struct kex Kex;
typedef struct sshcomp Comp;
typedef struct sshmac Mac;
typedef struct Enc Enc;
typedef struct Newkeys Newkeys;
typedef struct sshenc Enc;
typedef struct newkeys Newkeys;
struct Enc {
struct sshenc {
char *name;
const Cipher *cipher;
const struct sshcipher *cipher;
int enabled;
u_int key_len;
u_int iv_len;
@ -98,20 +98,20 @@ struct Enc {
u_char *key;
u_char *iv;
};
struct Comp {
int type;
struct sshcomp {
u_int type;
int enabled;
char *name;
};
struct Newkeys {
Enc enc;
Mac mac;
Comp comp;
struct newkeys {
struct sshenc enc;
struct sshmac mac;
struct sshcomp comp;
};
struct Kex {
struct kex {
u_char *session_id;
u_int session_id_len;
Newkeys *newkeys[MODE_MAX];
size_t session_id_len;
struct newkeys *newkeys[MODE_MAX];
u_int we_need;
u_int dh_need;
int server;
@ -119,8 +119,8 @@ struct Kex {
int hostkey_type;
int kex_type;
int roaming;
Buffer my;
Buffer peer;
struct sshbuf *my;
struct sshbuf *peer;
sig_atomic_t done;
int flags;
int hash_alg;
@ -140,14 +140,13 @@ char *kex_alg_list(char);
Kex *kex_setup(char *[PROPOSAL_MAX]);
void kex_finish(Kex *);
void kex_free_newkeys(struct newkeys *);
void kex_send_kexinit(Kex *);
void kex_input_kexinit(int, u_int32_t, void *);
void kex_derive_keys(Kex *, u_char *, u_int, const u_char *, u_int);
void kex_derive_keys_bn(Kex *, u_char *, u_int, const BIGNUM *);
Newkeys *kex_get_newkeys(int);
void kexdh_client(Kex *);
void kexdh_server(Kex *);
void kexgex_client(Kex *);

6
kexc25519c.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexc25519c.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */
/* $OpenBSD: kexc25519c.c,v 1.5 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@ -101,8 +101,8 @@ kexc25519_client(Kex *kex)
kex->hash_alg,
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(kex->my), buffer_len(kex->my),
buffer_ptr(kex->peer), buffer_len(kex->peer),
server_host_key_blob, sbloblen,
client_pubkey,
server_pubkey,

6
kexc25519s.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexc25519s.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */
/* $OpenBSD: kexc25519s.c,v 1.5 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@ -85,8 +85,8 @@ kexc25519_server(Kex *kex)
kex->hash_alg,
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(kex->peer), buffer_len(kex->peer),
buffer_ptr(kex->my), buffer_len(kex->my),
server_host_key_blob, sbloblen,
client_pubkey,
server_pubkey,

6
kexdhc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexdhc.c,v 1.15 2014/02/02 03:44:31 djm Exp $ */
/* $OpenBSD: kexdhc.c,v 1.16 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -133,8 +133,8 @@ kexdh_client(Kex *kex)
kex_dh_hash(
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(kex->my), buffer_len(kex->my),
buffer_ptr(kex->peer), buffer_len(kex->peer),
server_host_key_blob, sbloblen,
dh->pub_key,
dh_server_pub,

6
kexdhs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexdhs.c,v 1.18 2014/02/02 03:44:31 djm Exp $ */
/* $OpenBSD: kexdhs.c,v 1.19 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -121,8 +121,8 @@ kexdh_server(Kex *kex)
kex_dh_hash(
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(kex->peer), buffer_len(kex->peer),
buffer_ptr(kex->my), buffer_len(kex->my),
server_host_key_blob, sbloblen,
dh_client_pub,
dh->pub_key,

6
kexecdhc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexecdhc.c,v 1.7 2014/02/02 03:44:31 djm Exp $ */
/* $OpenBSD: kexecdhc.c,v 1.8 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@ -128,8 +128,8 @@ kexecdh_client(Kex *kex)
group,
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(kex->my), buffer_len(kex->my),
buffer_ptr(kex->peer), buffer_len(kex->peer),
server_host_key_blob, sbloblen,
EC_KEY_get0_public_key(client_key),
server_public,

6
kexecdhs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexecdhs.c,v 1.10 2014/02/02 03:44:31 djm Exp $ */
/* $OpenBSD: kexecdhs.c,v 1.11 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@ -113,8 +113,8 @@ kexecdh_server(Kex *kex)
group,
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(kex->peer), buffer_len(kex->peer),
buffer_ptr(kex->my), buffer_len(kex->my),
server_host_key_blob, sbloblen,
client_public,
EC_KEY_get0_public_key(server_key),

6
kexgexc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexgexc.c,v 1.17 2014/02/02 03:44:31 djm Exp $ */
/* $OpenBSD: kexgexc.c,v 1.18 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -175,8 +175,8 @@ kexgex_client(Kex *kex)
kex->hash_alg,
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(kex->my), buffer_len(kex->my),
buffer_ptr(kex->peer), buffer_len(kex->peer),
server_host_key_blob, sbloblen,
min, nbits, max,
dh->p, dh->g,

6
kexgexs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexgexs.c,v 1.19 2014/02/02 03:44:31 djm Exp $ */
/* $OpenBSD: kexgexs.c,v 1.20 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -165,8 +165,8 @@ kexgex_server(Kex *kex)
kex->hash_alg,
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(kex->peer), buffer_len(kex->peer),
buffer_ptr(kex->my), buffer_len(kex->my),
server_host_key_blob, sbloblen,
omin, onbits, omax,
dh->p, dh->g,

289
monitor.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.138 2015/01/14 20:05:27 djm Exp $ */
/* $OpenBSD: monitor.c,v 1.139 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -110,38 +110,13 @@ static Gssctxt *gsscontext = NULL;
/* Imports */
extern ServerOptions options;
extern u_int utmp_len;
extern Newkeys *current_keys[];
extern z_stream incoming_stream;
extern z_stream outgoing_stream;
extern u_char session_id[];
extern Buffer auth_debug;
extern int auth_debug_init;
extern Buffer loginmsg;
/* State exported from the child */
struct {
z_stream incoming;
z_stream outgoing;
u_char *keyin;
u_int keyinlen;
u_char *keyout;
u_int keyoutlen;
u_char *ivin;
u_int ivinlen;
u_char *ivout;
u_int ivoutlen;
u_char *ssh1key;
u_int ssh1keylen;
int ssh1cipher;
int ssh1protoflags;
u_char *input;
u_int ilen;
u_char *output;
u_int olen;
u_int64_t sent_bytes;
u_int64_t recv_bytes;
} child_state;
static struct sshbuf *child_state;
/* Functions on the monitor that answer unprivileged requests */
@ -506,6 +481,27 @@ monitor_sync(struct monitor *pmonitor)
}
}
/* Allocation functions for zlib */
static void *
mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
{
size_t len = (size_t) size * ncount;
void *address;
if (len == 0 || ncount > SIZE_T_MAX / size)
fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
address = mm_malloc(mm, len);
return (address);
}
static void
mm_zfree(struct mm_master *mm, void *address)
{
mm_free(mm, address);
}
static int
monitor_read_log(struct monitor *pmonitor)
{
@ -1807,105 +1803,41 @@ mm_answer_audit_command(int socket, Buffer *m)
void
monitor_apply_keystate(struct monitor *pmonitor)
{
if (compat20) {
set_newkeys(MODE_IN);
set_newkeys(MODE_OUT);
} else {
packet_set_protocol_flags(child_state.ssh1protoflags);
packet_set_encryption_key(child_state.ssh1key,
child_state.ssh1keylen, child_state.ssh1cipher);
free(child_state.ssh1key);
struct ssh *ssh = active_state; /* XXX */
struct kex *kex;
int r;
debug3("%s: packet_set_state", __func__);
if ((r = ssh_packet_set_state(ssh, child_state)) != 0)
fatal("%s: packet_set_state: %s", __func__, ssh_err(r));
sshbuf_free(child_state);
child_state = NULL;
if ((kex = ssh->kex) != 0) {
/* XXX set callbacks */
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
kex->kex[KEX_C25519_SHA256] = kexc25519_server;
kex->load_host_public_key=&get_hostkey_public_by_type;
kex->load_host_private_key=&get_hostkey_private_by_type;
kex->host_key_index=&get_hostkey_index;
kex->sign = sshd_hostkey_sign;
}
/* for rc4 and other stateful ciphers */
packet_set_keycontext(MODE_OUT, child_state.keyout);
free(child_state.keyout);
packet_set_keycontext(MODE_IN, child_state.keyin);
free(child_state.keyin);
if (!compat20) {
packet_set_iv(MODE_OUT, child_state.ivout);
free(child_state.ivout);
packet_set_iv(MODE_IN, child_state.ivin);
free(child_state.ivin);
}
memcpy(&incoming_stream, &child_state.incoming,
sizeof(incoming_stream));
memcpy(&outgoing_stream, &child_state.outgoing,
sizeof(outgoing_stream));
/* Update with new address */
if (options.compression)
mm_init_compression(pmonitor->m_zlib);
packet_set_postauth();
if (options.compression) {
ssh_packet_set_compress_hooks(ssh, pmonitor->m_zlib,
(ssh_packet_comp_alloc_func *)mm_zalloc,
(ssh_packet_comp_free_func *)mm_zfree);
}
if (options.rekey_limit || options.rekey_interval)
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
ssh_packet_set_rekey_limits(ssh,
(u_int32_t)options.rekey_limit,
(time_t)options.rekey_interval);
/* Network I/O buffers */
/* XXX inefficient for large buffers, need: buffer_init_from_string */
buffer_clear(packet_get_input());
buffer_append(packet_get_input(), child_state.input, child_state.ilen);
explicit_bzero(child_state.input, child_state.ilen);
free(child_state.input);
buffer_clear(packet_get_output());
buffer_append(packet_get_output(), child_state.output,
child_state.olen);
explicit_bzero(child_state.output, child_state.olen);
free(child_state.output);
/* Roaming */
if (compat20)
roam_set_bytes(child_state.sent_bytes, child_state.recv_bytes);
}
static Kex *
mm_get_kex(Buffer *m)
{
Kex *kex;
void *blob;
u_int bloblen;
kex = xcalloc(1, sizeof(*kex));
kex->session_id = buffer_get_string(m, &kex->session_id_len);
if (session_id2 == NULL ||
kex->session_id_len != session_id2_len ||
timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0)
fatal("mm_get_get: internal error: bad session id");
kex->we_need = buffer_get_int(m);
#ifdef WITH_OPENSSL
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
#endif
kex->kex[KEX_C25519_SHA256] = kexc25519_server;
kex->server = 1;
kex->hostkey_type = buffer_get_int(m);
kex->kex_type = buffer_get_int(m);
blob = buffer_get_string(m, &bloblen);
buffer_init(&kex->my);
buffer_append(&kex->my, blob, bloblen);
free(blob);
blob = buffer_get_string(m, &bloblen);
buffer_init(&kex->peer);
buffer_append(&kex->peer, blob, bloblen);
free(blob);
kex->done = 1;
kex->flags = buffer_get_int(m);
kex->client_version_string = buffer_get_string(m, NULL);
kex->server_version_string = buffer_get_string(m, NULL);
kex->load_host_public_key=&get_hostkey_public_by_type;
kex->load_host_private_key=&get_hostkey_private_by_type;
kex->host_key_index=&get_hostkey_index;
kex->sign = sshd_hostkey_sign;
return (kex);
}
/* This function requries careful sanity checking */
@ -1913,118 +1845,16 @@ mm_get_kex(Buffer *m)
void
mm_get_keystate(struct monitor *pmonitor)
{
Buffer m;
u_char *blob, *p;
u_int bloblen, plen;
u_int32_t seqnr, packets;
u_int64_t blocks, bytes;
debug3("%s: Waiting for new keys", __func__);
buffer_init(&m);
mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m);
if (!compat20) {
child_state.ssh1protoflags = buffer_get_int(&m);
child_state.ssh1cipher = buffer_get_int(&m);
child_state.ssh1key = buffer_get_string(&m,
&child_state.ssh1keylen);
child_state.ivout = buffer_get_string(&m,
&child_state.ivoutlen);
child_state.ivin = buffer_get_string(&m, &child_state.ivinlen);
goto skip;
} else {
/* Get the Kex for rekeying */
*pmonitor->m_pkex = mm_get_kex(&m);
}
blob = buffer_get_string(&m, &bloblen);
current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
free(blob);
debug3("%s: Waiting for second key", __func__);
blob = buffer_get_string(&m, &bloblen);
current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen);
free(blob);
/* Now get sequence numbers for the packets */
seqnr = buffer_get_int(&m);
blocks = buffer_get_int64(&m);
packets = buffer_get_int(&m);
bytes = buffer_get_int64(&m);
packet_set_state(MODE_OUT, seqnr, blocks, packets, bytes);
seqnr = buffer_get_int(&m);
blocks = buffer_get_int64(&m);
packets = buffer_get_int(&m);
bytes = buffer_get_int64(&m);
packet_set_state(MODE_IN, seqnr, blocks, packets, bytes);
skip:
/* Get the key context */
child_state.keyout = buffer_get_string(&m, &child_state.keyoutlen);
child_state.keyin = buffer_get_string(&m, &child_state.keyinlen);
debug3("%s: Getting compression state", __func__);
/* Get compression state */
p = buffer_get_string(&m, &plen);
if (plen != sizeof(child_state.outgoing))
fatal("%s: bad request size", __func__);
memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing));
free(p);
p = buffer_get_string(&m, &plen);
if (plen != sizeof(child_state.incoming))
fatal("%s: bad request size", __func__);
memcpy(&child_state.incoming, p, sizeof(child_state.incoming));
free(p);
/* Network I/O buffers */
debug3("%s: Getting Network I/O buffers", __func__);
child_state.input = buffer_get_string(&m, &child_state.ilen);
child_state.output = buffer_get_string(&m, &child_state.olen);
/* Roaming */
if (compat20) {
child_state.sent_bytes = buffer_get_int64(&m);
child_state.recv_bytes = buffer_get_int64(&m);
}
buffer_free(&m);
if ((child_state = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT,
child_state);
debug3("%s: GOT new keys", __func__);
}
/* Allocation functions for zlib */
void *
mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
{
size_t len = (size_t) size * ncount;
void *address;
if (len == 0 || ncount > SIZE_T_MAX / size)
fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
address = mm_malloc(mm, len);
return (address);
}
void
mm_zfree(struct mm_master *mm, void *address)
{
mm_free(mm, address);
}
void
mm_init_compression(struct mm_master *mm)
{
outgoing_stream.zalloc = (alloc_func)mm_zalloc;
outgoing_stream.zfree = (free_func)mm_zfree;
outgoing_stream.opaque = mm;
incoming_stream.zalloc = (alloc_func)mm_zalloc;
incoming_stream.zfree = (free_func)mm_zfree;
incoming_stream.opaque = mm;
}
/* XXX */
#define FD_CLOSEONEXEC(x) do { \
@ -2060,6 +1890,7 @@ monitor_openfds(struct monitor *mon, int do_logfds)
struct monitor *
monitor_init(void)
{
struct ssh *ssh = active_state; /* XXX */
struct monitor *mon;
mon = xcalloc(1, sizeof(*mon));
@ -2072,7 +1903,9 @@ monitor_init(void)
mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE);
/* Compression needs to share state across borders */
mm_init_compression(mon->m_zlib);
ssh_packet_set_compress_hooks(ssh, mon->m_zlib,
(ssh_packet_comp_alloc_func *)mm_zalloc,
(ssh_packet_comp_free_func *)mm_zfree);
}
return mon;

4
monitor.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.h,v 1.18 2014/01/29 06:18:35 djm Exp $ */
/* $OpenBSD: monitor.h,v 1.19 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@ -75,7 +75,7 @@ struct monitor {
int m_log_sendfd;
struct mm_master *m_zback;
struct mm_master *m_zlib;
struct Kex **m_pkex;
struct kex **m_pkex;
pid_t m_pid;
};

242
monitor_wrap.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.c,v 1.81 2015/01/13 19:31:40 markus Exp $ */
/* $OpenBSD: monitor_wrap.c,v 1.82 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -82,6 +82,8 @@
#include "servconf.h"
#include "roaming.h"
#include "ssherr.h"
/* Imports */
extern int compat20;
extern z_stream incoming_stream;
@ -470,239 +472,21 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
return (verified);
}
/* Export key state after authentication */
Newkeys *
mm_newkeys_from_blob(u_char *blob, int blen)
{
Buffer b;
u_int len;
Newkeys *newkey = NULL;
Enc *enc;
Mac *mac;
Comp *comp;
debug3("%s: %p(%d)", __func__, blob, blen);
#ifdef DEBUG_PK
dump_base64(stderr, blob, blen);
#endif
buffer_init(&b);
buffer_append(&b, blob, blen);
newkey = xcalloc(1, sizeof(*newkey));
enc = &newkey->enc;
mac = &newkey->mac;
comp = &newkey->comp;
/* Enc structure */
enc->name = buffer_get_string(&b, NULL);
buffer_get(&b, &enc->cipher, sizeof(enc->cipher));
enc->enabled = buffer_get_int(&b);
enc->block_size = buffer_get_int(&b);
enc->key = buffer_get_string(&b, &enc->key_len);
enc->iv = buffer_get_string(&b, &enc->iv_len);
if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher)
fatal("%s: bad cipher name %s or pointer %p", __func__,
enc->name, enc->cipher);
/* Mac structure */
if (cipher_authlen(enc->cipher) == 0) {
mac->name = buffer_get_string(&b, NULL);
if (mac->name == NULL || mac_setup(mac, mac->name) != 0)
fatal("%s: can not setup mac %s", __func__, mac->name);
mac->enabled = buffer_get_int(&b);
mac->key = buffer_get_string(&b, &len);
if (len > mac->key_len)
fatal("%s: bad mac key length: %u > %d", __func__, len,
mac->key_len);
mac->key_len = len;
}
/* Comp structure */
comp->type = buffer_get_int(&b);
comp->enabled = buffer_get_int(&b);
comp->name = buffer_get_string(&b, NULL);
len = buffer_len(&b);
if (len != 0)
error("newkeys_from_blob: remaining bytes in blob %u", len);
buffer_free(&b);
return (newkey);
}
int
mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp)
{
Buffer b;
int len;
Enc *enc;
Mac *mac;
Comp *comp;
Newkeys *newkey = (Newkeys *)packet_get_newkeys(mode);
debug3("%s: converting %p", __func__, newkey);
if (newkey == NULL) {
error("%s: newkey == NULL", __func__);
return 0;
}
enc = &newkey->enc;
mac = &newkey->mac;
comp = &newkey->comp;
buffer_init(&b);
/* Enc structure */
buffer_put_cstring(&b, enc->name);
/* The cipher struct is constant and shared, you export pointer */
buffer_append(&b, &enc->cipher, sizeof(enc->cipher));
buffer_put_int(&b, enc->enabled);
buffer_put_int(&b, enc->block_size);
buffer_put_string(&b, enc->key, enc->key_len);
packet_get_keyiv(mode, enc->iv, enc->iv_len);
buffer_put_string(&b, enc->iv, enc->iv_len);
/* Mac structure */
if (cipher_authlen(enc->cipher) == 0) {
buffer_put_cstring(&b, mac->name);
buffer_put_int(&b, mac->enabled);
buffer_put_string(&b, mac->key, mac->key_len);
}
/* Comp structure */
buffer_put_int(&b, comp->type);
buffer_put_int(&b, comp->enabled);
buffer_put_cstring(&b, comp->name);
len = buffer_len(&b);
if (lenp != NULL)
*lenp = len;
if (blobp != NULL) {
*blobp = xmalloc(len);
memcpy(*blobp, buffer_ptr(&b), len);
}
explicit_bzero(buffer_ptr(&b), len);
buffer_free(&b);
return len;
}
static void
mm_send_kex(Buffer *m, Kex *kex)
{
buffer_put_string(m, kex->session_id, kex->session_id_len);
buffer_put_int(m, kex->we_need);
buffer_put_int(m, kex->hostkey_type);
buffer_put_int(m, kex->kex_type);
buffer_put_string(m, buffer_ptr(&kex->my), buffer_len(&kex->my));
buffer_put_string(m, buffer_ptr(&kex->peer), buffer_len(&kex->peer));
buffer_put_int(m, kex->flags);
buffer_put_cstring(m, kex->client_version_string);
buffer_put_cstring(m, kex->server_version_string);
}
void
mm_send_keystate(struct monitor *monitor)
{
Buffer m, *input, *output;
u_char *blob, *p;
u_int bloblen, plen;
u_int32_t seqnr, packets;
u_int64_t blocks, bytes;
struct ssh *ssh = active_state; /* XXX */
struct sshbuf *m;
int r;
buffer_init(&m);
if (!compat20) {
u_char iv[24];
u_char *key;
u_int ivlen, keylen;
buffer_put_int(&m, packet_get_protocol_flags());
buffer_put_int(&m, packet_get_ssh1_cipher());
debug3("%s: Sending ssh1 KEY+IV", __func__);
keylen = packet_get_encryption_key(NULL);
key = xmalloc(keylen+1); /* add 1 if keylen == 0 */
keylen = packet_get_encryption_key(key);
buffer_put_string(&m, key, keylen);
explicit_bzero(key, keylen);
free(key);
ivlen = packet_get_keyiv_len(MODE_OUT);
packet_get_keyiv(MODE_OUT, iv, ivlen);
buffer_put_string(&m, iv, ivlen);
ivlen = packet_get_keyiv_len(MODE_IN);
packet_get_keyiv(MODE_IN, iv, ivlen);
buffer_put_string(&m, iv, ivlen);
goto skip;
} else {
/* Kex for rekeying */
mm_send_kex(&m, *monitor->m_pkex);
}
debug3("%s: Sending new keys: %p %p",
__func__, packet_get_newkeys(MODE_OUT),
packet_get_newkeys(MODE_IN));
/* Keys from Kex */
if (!mm_newkeys_to_blob(MODE_OUT, &blob, &bloblen))
fatal("%s: conversion of newkeys failed", __func__);
buffer_put_string(&m, blob, bloblen);
free(blob);
if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
fatal("%s: conversion of newkeys failed", __func__);
buffer_put_string(&m, blob, bloblen);
free(blob);
packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);
buffer_put_int(&m, seqnr);
buffer_put_int64(&m, blocks);
buffer_put_int(&m, packets);
buffer_put_int64(&m, bytes);
packet_get_state(MODE_IN, &seqnr, &blocks, &packets, &bytes);
buffer_put_int(&m, seqnr);
buffer_put_int64(&m, blocks);
buffer_put_int(&m, packets);
buffer_put_int64(&m, bytes);
debug3("%s: New keys have been sent", __func__);
skip:
/* More key context */
plen = packet_get_keycontext(MODE_OUT, NULL);
p = xmalloc(plen+1);
packet_get_keycontext(MODE_OUT, p);
buffer_put_string(&m, p, plen);
free(p);
plen = packet_get_keycontext(MODE_IN, NULL);
p = xmalloc(plen+1);
packet_get_keycontext(MODE_IN, p);
buffer_put_string(&m, p, plen);
free(p);
/* Compression state */
debug3("%s: Sending compression state", __func__);
buffer_put_string(&m, &outgoing_stream, sizeof(outgoing_stream));
buffer_put_string(&m, &incoming_stream, sizeof(incoming_stream));
/* Network I/O buffers */
input = (Buffer *)packet_get_input();
output = (Buffer *)packet_get_output();
buffer_put_string(&m, buffer_ptr(input), buffer_len(input));
buffer_put_string(&m, buffer_ptr(output), buffer_len(output));
/* Roaming */
if (compat20) {
buffer_put_int64(&m, get_sent_bytes());
buffer_put_int64(&m, get_recv_bytes());
}
mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = ssh_packet_get_state(ssh, m)) != 0)
fatal("%s: get_state failed: %s",
__func__, ssh_err(r));
mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, m);
debug3("%s: Finished sending state", __func__);
buffer_free(&m);
sshbuf_free(m);
}
int

7
monitor_wrap.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.h,v 1.24 2014/01/29 06:18:35 djm Exp $ */
/* $OpenBSD: monitor_wrap.h,v 1.25 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@ -87,7 +87,7 @@ void mm_ssh1_session_id(u_char *);
int mm_ssh1_session_key(BIGNUM *);
/* Key export functions */
struct Newkeys *mm_newkeys_from_blob(u_char *, int);
struct newkeys *mm_newkeys_from_blob(u_char *, int);
int mm_newkeys_to_blob(int, u_char **, u_int *);
void monitor_apply_keystate(struct monitor *);
@ -103,9 +103,6 @@ int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **);
int mm_skey_respond(void *, u_int, char **);
/* zlib allocation hooks */
void *mm_zalloc(struct mm_master *, u_int, u_int);
void mm_zfree(struct mm_master *, void *);
void mm_init_compression(struct mm_master *);
#endif /* _MM_WRAP_H_ */

279
opacket.c Normal file
View File

@ -0,0 +1,279 @@
/* Written by Markus Friedl. Placed in the public domain. */
#include "includes.h"
#include "ssherr.h"
#include "packet.h"
#include "log.h"
struct ssh *active_state, *backup_state;
/* Map old to new API */
void
ssh_packet_start(struct ssh *ssh, u_char type)
{
int r;
if ((r = sshpkt_start(ssh, type)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
void
ssh_packet_put_char(struct ssh *ssh, int value)
{
u_char ch = value;
int r;
if ((r = sshpkt_put_u8(ssh, ch)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
void
ssh_packet_put_int(struct ssh *ssh, u_int value)
{
int r;
if ((r = sshpkt_put_u32(ssh, value)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
void
ssh_packet_put_int64(struct ssh *ssh, u_int64_t value)
{
int r;
if ((r = sshpkt_put_u64(ssh, value)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
void
ssh_packet_put_string(struct ssh *ssh, const void *buf, u_int len)
{
int r;
if ((r = sshpkt_put_string(ssh, buf, len)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
void
ssh_packet_put_cstring(struct ssh *ssh, const char *str)
{
int r;
if ((r = sshpkt_put_cstring(ssh, str)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
void
ssh_packet_put_raw(struct ssh *ssh, const void *buf, u_int len)
{
int r;
if ((r = sshpkt_put(ssh, buf, len)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
#ifdef WITH_OPENSSL
void
ssh_packet_put_bignum(struct ssh *ssh, BIGNUM * value)
{
int r;
if ((r = sshpkt_put_bignum1(ssh, value)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
void
ssh_packet_put_bignum2(struct ssh *ssh, BIGNUM * value)
{
int r;
if ((r = sshpkt_put_bignum2(ssh, value)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
void
ssh_packet_put_ecpoint(struct ssh *ssh, const EC_GROUP *curve,
const EC_POINT *point)
{
int r;
if ((r = sshpkt_put_ec(ssh, point, curve)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
#endif /* WITH_OPENSSL */
void
ssh_packet_send(struct ssh *ssh)
{
int r;
if ((r = sshpkt_send(ssh)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
u_int
ssh_packet_get_char(struct ssh *ssh)
{
u_char ch;
int r;
if ((r = sshpkt_get_u8(ssh, &ch)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
return ch;
}
u_int
ssh_packet_get_int(struct ssh *ssh)
{
u_int val;
int r;
if ((r = sshpkt_get_u32(ssh, &val)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
return val;
}
u_int64_t
ssh_packet_get_int64(struct ssh *ssh)
{
u_int64_t val;
int r;
if ((r = sshpkt_get_u64(ssh, &val)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
return val;
}
#ifdef WITH_OPENSSL
void
ssh_packet_get_bignum(struct ssh *ssh, BIGNUM * value)
{
int r;
if ((r = sshpkt_get_bignum1(ssh, value)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
void
ssh_packet_get_bignum2(struct ssh *ssh, BIGNUM * value)
{
int r;
if ((r = sshpkt_get_bignum2(ssh, value)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
void
ssh_packet_get_ecpoint(struct ssh *ssh, const EC_GROUP *curve, EC_POINT *point)
{
int r;
if ((r = sshpkt_get_ec(ssh, point, curve)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
#endif /* WITH_OPENSSL */
void *
ssh_packet_get_string(struct ssh *ssh, u_int *length_ptr)
{
int r;
size_t len;
u_char *val;
if ((r = sshpkt_get_string(ssh, &val, &len)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
if (length_ptr != NULL)
*length_ptr = (u_int)len;
return val;
}
const void *
ssh_packet_get_string_ptr(struct ssh *ssh, u_int *length_ptr)
{
int r;
size_t len;
const u_char *val;
if ((r = sshpkt_get_string_direct(ssh, &val, &len)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
if (length_ptr != NULL)
*length_ptr = (u_int)len;
return val;
}
char *
ssh_packet_get_cstring(struct ssh *ssh, u_int *length_ptr)
{
int r;
size_t len;
char *val;
if ((r = sshpkt_get_cstring(ssh, &val, &len)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
if (length_ptr != NULL)
*length_ptr = (u_int)len;
return val;
}
/* Old API, that had to be reimplemented */
void
packet_set_connection(int fd_in, int fd_out)
{
active_state = ssh_packet_set_connection(active_state, fd_in, fd_out);
}
void
packet_backup_state(void)
{
ssh_packet_backup_state(active_state, backup_state);
}
void
packet_restore_state(void)
{
ssh_packet_restore_state(active_state, backup_state);
}
u_int
packet_get_char(void)
{
return (ssh_packet_get_char(active_state));
}
u_int
packet_get_int(void)
{
return (ssh_packet_get_int(active_state));
}
int
packet_read_seqnr(u_int32_t *seqnr)
{
u_char type;
int r;
if ((r = ssh_packet_read_seqnr(active_state, &type, seqnr)))
fatal("%s: %s", __func__, ssh_err(r));
return type;
}
int
packet_read_poll_seqnr(u_int32_t *seqnr)
{
u_char type;
int r;
if ((r = ssh_packet_read_poll_seqnr(active_state, &type, seqnr)))
fatal("%s: %s", __func__, ssh_err(r));
return type;
}
void
packet_close(void)
{
ssh_packet_close(active_state);
active_state = NULL;
}

173
opacket.h Normal file
View File

@ -0,0 +1,173 @@
#ifndef _OPACKET_H
/* Written by Markus Friedl. Placed in the public domain. */
/* Map old to new API */
void ssh_packet_start(struct ssh *, u_char);
void ssh_packet_put_char(struct ssh *, int ch);
void ssh_packet_put_int(struct ssh *, u_int value);
void ssh_packet_put_int64(struct ssh *, u_int64_t value);
void ssh_packet_put_bignum(struct ssh *, BIGNUM * value);
void ssh_packet_put_bignum2(struct ssh *, BIGNUM * value);
void ssh_packet_put_ecpoint(struct ssh *, const EC_GROUP *, const EC_POINT *);
void ssh_packet_put_string(struct ssh *, const void *buf, u_int len);
void ssh_packet_put_cstring(struct ssh *, const char *str);
void ssh_packet_put_raw(struct ssh *, const void *buf, u_int len);
void ssh_packet_send(struct ssh *);
u_int ssh_packet_get_char(struct ssh *);
u_int ssh_packet_get_int(struct ssh *);
u_int64_t ssh_packet_get_int64(struct ssh *);
void ssh_packet_get_bignum(struct ssh *, BIGNUM * value);
void ssh_packet_get_bignum2(struct ssh *, BIGNUM * value);
void ssh_packet_get_ecpoint(struct ssh *, const EC_GROUP *, EC_POINT *);
void *ssh_packet_get_string(struct ssh *, u_int *length_ptr);
char *ssh_packet_get_cstring(struct ssh *, u_int *length_ptr);
/* don't allow remaining bytes after the end of the message */
#define ssh_packet_check_eom(ssh) \
do { \
int _len = ssh_packet_remaining(ssh); \
if (_len > 0) { \
logit("Packet integrity error (%d bytes remaining) at %s:%d", \
_len ,__FILE__, __LINE__); \
ssh_packet_disconnect(ssh, \
"Packet integrity error."); \
} \
} while (0)
/* old API */
void packet_close(void);
u_int packet_get_char(void);
u_int packet_get_int(void);
void packet_backup_state(void);
void packet_restore_state(void);
void packet_set_connection(int, int);
int packet_read_seqnr(u_int32_t *);
int packet_read_poll_seqnr(u_int32_t *);
#define packet_set_timeout(timeout, count) \
ssh_packet_set_timeout(active_state, (timeout), (count))
#define packet_connection_is_on_socket() \
ssh_packet_connection_is_on_socket(active_state)
#define packet_set_nonblocking() \
ssh_packet_set_nonblocking(active_state)
#define packet_get_connection_in() \
ssh_packet_get_connection_in(active_state)
#define packet_get_connection_out() \
ssh_packet_get_connection_out(active_state)
#define packet_set_protocol_flags(protocol_flags) \
ssh_packet_set_protocol_flags(active_state, (protocol_flags))
#define packet_get_protocol_flags() \
ssh_packet_get_protocol_flags(active_state)
#define packet_start_compression(level) \
ssh_packet_start_compression(active_state, (level))
#define packet_set_encryption_key(key, keylen, number) \
ssh_packet_set_encryption_key(active_state, (key), (keylen), (number))
#define packet_start(type) \
ssh_packet_start(active_state, (type))
#define packet_put_char(value) \
ssh_packet_put_char(active_state, (value))
#define packet_put_int(value) \
ssh_packet_put_int(active_state, (value))
#define packet_put_int64(value) \
ssh_packet_put_int64(active_state, (value))
#define packet_put_string( buf, len) \
ssh_packet_put_string(active_state, (buf), (len))
#define packet_put_cstring(str) \
ssh_packet_put_cstring(active_state, (str))
#define packet_put_raw(buf, len) \
ssh_packet_put_raw(active_state, (buf), (len))
#define packet_put_bignum(value) \
ssh_packet_put_bignum(active_state, (value))
#define packet_put_bignum2(value) \
ssh_packet_put_bignum2(active_state, (value))
#define packet_send() \
ssh_packet_send(active_state)
#define packet_read() \
ssh_packet_read(active_state)
#define packet_read_expect(expected_type) \
ssh_packet_read_expect(active_state, (expected_type))
#define packet_process_incoming(buf, len) \
ssh_packet_process_incoming(active_state, (buf), (len))
#define packet_get_int64() \
ssh_packet_get_int64(active_state)
#define packet_get_bignum(value) \
ssh_packet_get_bignum(active_state, (value))
#define packet_get_bignum2(value) \
ssh_packet_get_bignum2(active_state, (value))
#define packet_remaining() \
ssh_packet_remaining(active_state)
#define packet_get_string(length_ptr) \
ssh_packet_get_string(active_state, (length_ptr))
#define packet_get_string_ptr(length_ptr) \
ssh_packet_get_string_ptr(active_state, (length_ptr))
#define packet_get_cstring(length_ptr) \
ssh_packet_get_cstring(active_state, (length_ptr))
#define packet_send_debug(fmt, args...) \
ssh_packet_send_debug(active_state, (fmt), ##args)
#define packet_disconnect(fmt, args...) \
ssh_packet_disconnect(active_state, (fmt), ##args)
#define packet_write_poll() \
ssh_packet_write_poll(active_state)
#define packet_write_wait() \
ssh_packet_write_wait(active_state)
#define packet_have_data_to_write() \
ssh_packet_have_data_to_write(active_state)
#define packet_not_very_much_data_to_write() \
ssh_packet_not_very_much_data_to_write(active_state)
#define packet_set_interactive(interactive, qos_interactive, qos_bulk) \
ssh_packet_set_interactive(active_state, (interactive), (qos_interactive), (qos_bulk))
#define packet_is_interactive() \
ssh_packet_is_interactive(active_state)
#define packet_set_maxsize(s) \
ssh_packet_set_maxsize(active_state, (s))
#define packet_inc_alive_timeouts() \
ssh_packet_inc_alive_timeouts(active_state)
#define packet_set_alive_timeouts(ka) \
ssh_packet_set_alive_timeouts(active_state, (ka))
#define packet_get_maxsize() \
ssh_packet_get_maxsize(active_state)
#define packet_add_padding(pad) \
sshpkt_add_padding(active_state, (pad))
#define packet_send_ignore(nbytes) \
ssh_packet_send_ignore(active_state, (nbytes))
#define packet_need_rekeying() \
ssh_packet_need_rekeying(active_state)
#define packet_set_rekey_limit(bytes) \
ssh_packet_set_rekey_limit(active_state, (bytes))
#define packet_set_server() \
ssh_packet_set_server(active_state)
#define packet_set_authenticated() \
ssh_packet_set_authenticated(active_state)
#define packet_get_input() \
ssh_packet_get_input(active_state)
#define packet_get_output() \
ssh_packet_get_output(active_state)
#define packet_set_compress_hooks(ctx, allocfunc, freefunc) \
ssh_packet_set_compress_hooks(active_state, ctx, \
allocfunc, freefunc);
#define packet_check_eom() \
ssh_packet_check_eom(active_state)
#define set_newkeys(mode) \
ssh_set_newkeys(active_state, (mode))
#define packet_get_state(m) \
ssh_packet_get_state(active_state, m)
#define packet_set_state(m) \
ssh_packet_set_state(active_state, m)
#if 0
#define get_remote_ipaddr() \
ssh_remote_ipaddr(active_state)
#endif
#define packet_get_raw(lenp) \
sshpkt_ptr(active_state, lenp)
#define packet_get_ecpoint(c,p) \
ssh_packet_get_ecpoint(active_state, c, p)
#define packet_put_ecpoint(c,p) \
ssh_packet_put_ecpoint(active_state, c, p)
#define packet_get_rekey_timeout() \
ssh_packet_get_rekey_timeout(active_state)
#define packet_set_rekey_limits(x,y) \
ssh_packet_set_rekey_limits(active_state, x, y)
#define packet_get_bytes(x,y) \
ssh_packet_get_bytes(active_state, x, y)
#endif /* _OPACKET_H */

2697
packet.c
View File

File diff suppressed because it is too large Load Diff

218
packet.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: packet.h,v 1.61 2014/05/03 17:20:34 markus Exp $ */
/* $OpenBSD: packet.h,v 1.62 2015/01/19 19:52:16 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -18,111 +18,147 @@
#include <termios.h>
#include <openssl/bn.h>
#ifdef OPENSSL_HAS_ECC
#include <openssl/ec.h>
#ifdef WITH_OPENSSL
# include <openssl/bn.h>
# ifdef OPENSSL_HAS_ECC
# include <openssl/ec.h>
# endif
#endif
#include <sys/signal.h>
#include <sys/queue.h>
void packet_set_connection(int, int);
void packet_set_timeout(int, int);
void packet_set_nonblocking(void);
int packet_get_connection_in(void);
int packet_get_connection_out(void);
void packet_close(void);
void packet_set_encryption_key(const u_char *, u_int, int);
u_int packet_get_encryption_key(u_char *);
void packet_set_protocol_flags(u_int);
u_int packet_get_protocol_flags(void);
void packet_start_compression(int);
void packet_set_interactive(int, int, int);
int packet_is_interactive(void);
void packet_set_server(void);
void packet_set_authenticated(void);
struct kex;
struct sshkey;
struct sshbuf;
struct session_state; /* private session data */
void packet_start(u_char);
void packet_put_char(int ch);
void packet_put_int(u_int value);
void packet_put_int64(u_int64_t value);
void packet_put_bignum(BIGNUM * value);
void packet_put_bignum2(BIGNUM * value);
#ifdef OPENSSL_HAS_ECC
void packet_put_ecpoint(const EC_GROUP *, const EC_POINT *);
#endif
void packet_put_string(const void *buf, u_int len);
void packet_put_cstring(const char *str);
void packet_put_raw(const void *buf, u_int len);
void packet_send(void);
struct ssh {
/* Session state */
struct session_state *state;
int packet_read(void);
void packet_read_expect(int type);
void packet_process_incoming(const char *buf, u_int len);
int packet_read_seqnr(u_int32_t *seqnr_p);
int packet_read_poll_seqnr(u_int32_t *seqnr_p);
/* Key exchange */
struct kex *kex;
u_int packet_get_char(void);
u_int packet_get_int(void);
u_int64_t packet_get_int64(void);
void packet_get_bignum(BIGNUM * value);
void packet_get_bignum2(BIGNUM * value);
#ifdef OPENSSL_HAS_ECC
void packet_get_ecpoint(const EC_GROUP *, EC_POINT *);
#endif
void *packet_get_raw(u_int *length_ptr);
void *packet_get_string(u_int *length_ptr);
char *packet_get_cstring(u_int *length_ptr);
const void *packet_get_string_ptr(u_int *length_ptr);
void packet_disconnect(const char *fmt,...) __attribute__((noreturn)) __attribute__((format(printf, 1, 2)));
void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
/* cached remote ip address and port*/
char *remote_ipaddr;
int remote_port;
void set_newkeys(int mode);
int packet_get_keyiv_len(int);
void packet_get_keyiv(int, u_char *, u_int);
int packet_get_keycontext(int, u_char *);
void packet_set_keycontext(int, u_char *);
void packet_get_state(int, u_int32_t *, u_int64_t *, u_int32_t *, u_int64_t *);
void packet_set_state(int, u_int32_t, u_int64_t, u_int32_t, u_int64_t);
int packet_get_ssh1_cipher(void);
void packet_set_iv(int, u_char *);
void *packet_get_newkeys(int);
/* datafellows */
int compat;
};
void packet_write_poll(void);
void packet_write_wait(void);
int packet_have_data_to_write(void);
int packet_not_very_much_data_to_write(void);
struct ssh *ssh_alloc_session_state(void);
struct ssh *ssh_packet_set_connection(struct ssh *, int, int);
void ssh_packet_set_timeout(struct ssh *, int, int);
int ssh_packet_stop_discard(struct ssh *);
int ssh_packet_connection_af(struct ssh *);
void ssh_packet_set_nonblocking(struct ssh *);
int ssh_packet_get_connection_in(struct ssh *);
int ssh_packet_get_connection_out(struct ssh *);
void ssh_packet_close(struct ssh *);
void ssh_packet_set_encryption_key(struct ssh *, const u_char *, u_int, int);
void ssh_packet_set_protocol_flags(struct ssh *, u_int);
u_int ssh_packet_get_protocol_flags(struct ssh *);
int ssh_packet_start_compression(struct ssh *, int);
void ssh_packet_set_tos(struct ssh *, int);
void ssh_packet_set_interactive(struct ssh *, int, int, int);
int ssh_packet_is_interactive(struct ssh *);
void ssh_packet_set_server(struct ssh *);
void ssh_packet_set_authenticated(struct ssh *);
int packet_connection_is_on_socket(void);
int packet_remaining(void);
void packet_send_ignore(int);
void packet_add_padding(u_char);
int ssh_packet_send1(struct ssh *);
int ssh_packet_send2_wrapped(struct ssh *);
int ssh_packet_send2(struct ssh *);
int ssh_packet_read(struct ssh *);
void ssh_packet_read_expect(struct ssh *, int type);
int ssh_packet_read_poll(struct ssh *);
int ssh_packet_read_poll1(struct ssh *, u_char *);
int ssh_packet_read_poll2(struct ssh *, u_char *, u_int32_t *seqnr_p);
void ssh_packet_process_incoming(struct ssh *, const char *buf, u_int len);
int ssh_packet_read_seqnr(struct ssh *, u_char *, u_int32_t *seqnr_p);
int ssh_packet_read_poll_seqnr(struct ssh *, u_char *, u_int32_t *seqnr_p);
const void *ssh_packet_get_string_ptr(struct ssh *, u_int *length_ptr);
void ssh_packet_disconnect(struct ssh *, const char *fmt, ...)
__attribute__((format(printf, 2, 3)))
__attribute__((noreturn));
void ssh_packet_send_debug(struct ssh *, const char *fmt, ...) __attribute__((format(printf, 2, 3)));
int ssh_set_newkeys(struct ssh *, int mode);
void ssh_packet_get_bytes(struct ssh *, u_int64_t *, u_int64_t *);
typedef void *(ssh_packet_comp_alloc_func)(void *, u_int, u_int);
typedef void (ssh_packet_comp_free_func)(void *, void *);
void ssh_packet_set_compress_hooks(struct ssh *, void *,
ssh_packet_comp_alloc_func *, ssh_packet_comp_free_func *);
void ssh_packet_write_poll(struct ssh *);
void ssh_packet_write_wait(struct ssh *);
int ssh_packet_have_data_to_write(struct ssh *);
int ssh_packet_not_very_much_data_to_write(struct ssh *);
int ssh_packet_connection_is_on_socket(struct ssh *);
int ssh_packet_remaining(struct ssh *);
void ssh_packet_send_ignore(struct ssh *, int);
void tty_make_modes(int, struct termios *);
void tty_parse_modes(int, int *);
void packet_set_alive_timeouts(int);
int packet_inc_alive_timeouts(void);
int packet_set_maxsize(u_int);
u_int packet_get_maxsize(void);
void ssh_packet_set_alive_timeouts(struct ssh *, int);
int ssh_packet_inc_alive_timeouts(struct ssh *);
int ssh_packet_set_maxsize(struct ssh *, u_int);
u_int ssh_packet_get_maxsize(struct ssh *);
/* don't allow remaining bytes after the end of the message */
#define packet_check_eom() \
do { \
int _len = packet_remaining(); \
if (_len > 0) { \
logit("Packet integrity error (%d bytes remaining) at %s:%d", \
_len ,__FILE__, __LINE__); \
packet_disconnect("Packet integrity error."); \
} \
} while (0)
int ssh_packet_get_state(struct ssh *, struct sshbuf *);
int ssh_packet_set_state(struct ssh *, struct sshbuf *);
int packet_need_rekeying(void);
void packet_set_rekey_limits(u_int32_t, time_t);
time_t packet_get_rekey_timeout(void);
const char *ssh_remote_ipaddr(struct ssh *);
void packet_backup_state(void);
void packet_restore_state(void);
void packet_set_postauth(void);
int ssh_packet_need_rekeying(struct ssh *);
void ssh_packet_set_rekey_limits(struct ssh *, u_int32_t, time_t);
time_t ssh_packet_get_rekey_timeout(struct ssh *);
void *packet_get_input(void);
void *packet_get_output(void);
/* XXX FIXME */
void ssh_packet_backup_state(struct ssh *, struct ssh *);
void ssh_packet_restore_state(struct ssh *, struct ssh *);
void *ssh_packet_get_input(struct ssh *);
void *ssh_packet_get_output(struct ssh *);
/* new API */
int sshpkt_start(struct ssh *ssh, u_char type);
int sshpkt_send(struct ssh *ssh);
int sshpkt_disconnect(struct ssh *, const char *fmt, ...) __attribute__((format(printf, 2, 3)));
int sshpkt_add_padding(struct ssh *, u_char);
int sshpkt_put(struct ssh *ssh, const void *v, size_t len);
int sshpkt_putb(struct ssh *ssh, const struct sshbuf *b);
int sshpkt_put_u8(struct ssh *ssh, u_char val);
int sshpkt_put_u32(struct ssh *ssh, u_int32_t val);
int sshpkt_put_u64(struct ssh *ssh, u_int64_t val);
int sshpkt_put_string(struct ssh *ssh, const void *v, size_t len);
int sshpkt_put_cstring(struct ssh *ssh, const void *v);
int sshpkt_put_stringb(struct ssh *ssh, const struct sshbuf *v);
int sshpkt_put_ec(struct ssh *ssh, const EC_POINT *v, const EC_GROUP *g);
int sshpkt_put_bignum1(struct ssh *ssh, const BIGNUM *v);
int sshpkt_put_bignum2(struct ssh *ssh, const BIGNUM *v);
int sshpkt_get(struct ssh *ssh, void *valp, size_t len);
int sshpkt_get_u8(struct ssh *ssh, u_char *valp);
int sshpkt_get_u32(struct ssh *ssh, u_int32_t *valp);
int sshpkt_get_u64(struct ssh *ssh, u_int64_t *valp);
int sshpkt_get_string(struct ssh *ssh, u_char **valp, size_t *lenp);
int sshpkt_get_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp);
int sshpkt_get_cstring(struct ssh *ssh, char **valp, size_t *lenp);
int sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g);
int sshpkt_get_bignum1(struct ssh *ssh, BIGNUM *v);
int sshpkt_get_bignum2(struct ssh *ssh, BIGNUM *v);
int sshpkt_get_end(struct ssh *ssh);
const u_char *sshpkt_ptr(struct ssh *, size_t *lenp);
/* OLD API */
extern struct ssh *active_state;
#include "opacket.h"
#endif /* PACKET_H */

13
roaming_dummy.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: roaming_dummy.c,v 1.3 2009/06/21 09:04:03 dtucker Exp $ */
/* $OpenBSD: roaming_dummy.c,v 1.4 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright (c) 2004-2009 AppGate Network Security AB
*
@ -35,6 +35,17 @@ get_recv_bytes(void)
return 0;
}
u_int64_t
get_sent_bytes(void)
{
return 0;
}
void
roam_set_bytes(u_int64_t sent, u_int64_t recvd)
{
}
ssize_t
roaming_write(int fd, const void *buf, size_t count, int *cont)
{

11
serverloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: serverloop.c,v 1.172 2014/07/15 15:54:14 millert Exp $ */
/* $OpenBSD: serverloop.c,v 1.173 2015/01/19 19:52:16 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -83,7 +83,6 @@
extern ServerOptions options;
/* XXX */
extern Kex *xxx_kex;
extern Authctxt *the_authctxt;
extern int use_privsep;
@ -545,7 +544,7 @@ drain_output(void)
static void
process_buffered_input_packets(void)
{
dispatch_run(DISPATCH_NONBLOCK, NULL, compat20 ? xxx_kex : NULL);
dispatch_run(DISPATCH_NONBLOCK, NULL, compat20 ? active_state->kex : NULL);
}
/*
@ -851,7 +850,7 @@ server_loop2(Authctxt *authctxt)
for (;;) {
process_buffered_input_packets();
rekeying = (xxx_kex != NULL && !xxx_kex->done);
rekeying = (active_state->kex != NULL && !active_state->kex->done);
if (!rekeying && packet_not_very_much_data_to_write())
channel_output_poll();
@ -874,8 +873,8 @@ server_loop2(Authctxt *authctxt)
channel_after_select(readset, writeset);
if (packet_need_rekeying()) {
debug("need rekeying");
xxx_kex->done = 0;
kex_send_kexinit(xxx_kex);
active_state->kex->done = 0;
kex_send_kexinit(active_state->kex);
}
}
process_input(readset);

7
sshconnect2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.216 2015/01/18 13:33:34 djm Exp $ */
/* $OpenBSD: sshconnect2.c,v 1.217 2015/01/19 19:52:16 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@ -91,8 +91,6 @@ u_int session_id2_len = 0;
char *xxx_host;
struct sockaddr *xxx_hostaddr;
Kex *xxx_kex = NULL;
static int
verify_host_key_callback(Key *hostkey)
{
@ -207,6 +205,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
/* start key exchange */
kex = kex_setup(myproposal);
active_state->kex = kex;
#ifdef WITH_OPENSSL
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
@ -219,8 +218,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
kex->server_version_string=server_version_string;
kex->verify_host_key=&verify_host_key_callback;
xxx_kex = kex;
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
if (options.use_roaming && !kex->roaming) {

13
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.433 2015/01/17 18:53:34 djm Exp $ */
/* $OpenBSD: sshd.c,v 1.434 2015/01/19 19:52:16 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -188,9 +188,6 @@ int num_listen_socks = 0;
char *client_version_string = NULL;
char *server_version_string = NULL;
/* for rekeying XXX fixme */
Kex *xxx_kex;
/* Daemon's agent connection */
int auth_sock = -1;
int have_agent = 0;
@ -663,7 +660,7 @@ privsep_preauth(Authctxt *authctxt)
/* Set up unprivileged child process to deal with network data */
pmonitor = monitor_init();
/* Store a pointer to the kex for later rekeying */
pmonitor->m_pkex = &xxx_kex;
pmonitor->m_pkex = &active_state->kex;
if (use_privsep == PRIVSEP_ON)
box = ssh_sandbox_init(pmonitor);
@ -2192,8 +2189,7 @@ main(int ac, char **av)
do_authenticated(authctxt);
/* The connection has been terminated. */
packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
packet_get_bytes(&ibytes, &obytes);
verbose("Transferred: sent %llu, received %llu bytes",
(unsigned long long)obytes, (unsigned long long)ibytes);
@ -2505,6 +2501,7 @@ do_ssh2_kex(void)
/* start key exchange */
kex = kex_setup(myproposal);
active_state->kex = kex;
#ifdef WITH_OPENSSL
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
@ -2521,8 +2518,6 @@ do_ssh2_kex(void)
kex->host_key_index=&get_hostkey_index;
kex->sign = sshd_hostkey_sign;
xxx_kex = kex;
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
session_id2 = kex->session_id;