- markus@cvs.openbsd.org 2001/04/04 09:48:35
[kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c] don't sent multiple kexinit-requests. send newkeys, block while waiting for newkeys. fix comments.
This commit is contained in:
parent
22b19b43e4
commit
238abf6a14
10
ChangeLog
10
ChangeLog
|
@ -1,3 +1,11 @@
|
||||||
|
20010405
|
||||||
|
- OpenBSD CVS Sync
|
||||||
|
- markus@cvs.openbsd.org 2001/04/04 09:48:35
|
||||||
|
[kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
|
||||||
|
don't sent multiple kexinit-requests.
|
||||||
|
send newkeys, block while waiting for newkeys.
|
||||||
|
fix comments.
|
||||||
|
|
||||||
20010404
|
20010404
|
||||||
- OpenBSD CVS Sync
|
- OpenBSD CVS Sync
|
||||||
- deraadt@cvs.openbsd.org 2001/04/02 17:32:23
|
- deraadt@cvs.openbsd.org 2001/04/02 17:32:23
|
||||||
|
@ -4836,4 +4844,4 @@
|
||||||
- Wrote replacements for strlcpy and mkdtemp
|
- Wrote replacements for strlcpy and mkdtemp
|
||||||
- Released 1.0pre1
|
- Released 1.0pre1
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.1054 2001/04/04 17:39:19 mouring Exp $
|
$Id: ChangeLog,v 1.1055 2001/04/04 17:52:53 mouring Exp $
|
||||||
|
|
22
kex.c
22
kex.c
|
@ -23,7 +23,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: kex.c,v 1.27 2001/04/03 23:32:11 markus Exp $");
|
RCSID("$OpenBSD: kex.c,v 1.28 2001/04/04 09:48:34 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/crypto.h>
|
#include <openssl/crypto.h>
|
||||||
|
|
||||||
|
@ -112,20 +112,17 @@ kex_protocol_error(int type, int plen, void *ctxt)
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
kex_send_newkeys(void)
|
kex_finish(Kex *kex)
|
||||||
{
|
{
|
||||||
|
int i, plen;
|
||||||
|
|
||||||
packet_start(SSH2_MSG_NEWKEYS);
|
packet_start(SSH2_MSG_NEWKEYS);
|
||||||
packet_send();
|
packet_send();
|
||||||
/* packet_write_wait(); */
|
/* packet_write_wait(); */
|
||||||
debug("SSH2_MSG_NEWKEYS sent");
|
debug("SSH2_MSG_NEWKEYS sent");
|
||||||
}
|
|
||||||
|
|
||||||
void
|
|
||||||
kex_input_newkeys(int type, int plen, void *ctxt)
|
|
||||||
{
|
|
||||||
Kex *kex = ctxt;
|
|
||||||
int i;
|
|
||||||
|
|
||||||
|
debug("waiting for SSH2_MSG_NEWKEYS");
|
||||||
|
packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
|
||||||
debug("SSH2_MSG_NEWKEYS received");
|
debug("SSH2_MSG_NEWKEYS received");
|
||||||
kex->newkeys = 1;
|
kex->newkeys = 1;
|
||||||
for (i = 30; i <= 49; i++)
|
for (i = 30; i <= 49; i++)
|
||||||
|
@ -138,6 +135,10 @@ kex_input_newkeys(int type, int plen, void *ctxt)
|
||||||
void
|
void
|
||||||
kex_send_kexinit(Kex *kex)
|
kex_send_kexinit(Kex *kex)
|
||||||
{
|
{
|
||||||
|
if (kex->flags & KEX_INIT_SENT) {
|
||||||
|
debug("KEX_INIT_SENT");
|
||||||
|
return;
|
||||||
|
}
|
||||||
packet_start(SSH2_MSG_KEXINIT);
|
packet_start(SSH2_MSG_KEXINIT);
|
||||||
packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));
|
packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));
|
||||||
packet_send();
|
packet_send();
|
||||||
|
@ -161,7 +162,7 @@ kex_input_kexinit(int type, int plen, void *ctxt)
|
||||||
}
|
}
|
||||||
|
|
||||||
Kex *
|
Kex *
|
||||||
kex_start(char *proposal[PROPOSAL_MAX])
|
kex_setup(char *proposal[PROPOSAL_MAX])
|
||||||
{
|
{
|
||||||
Kex *kex;
|
Kex *kex;
|
||||||
int i;
|
int i;
|
||||||
|
@ -179,7 +180,6 @@ kex_start(char *proposal[PROPOSAL_MAX])
|
||||||
dispatch_set(i, kex_protocol_error);
|
dispatch_set(i, kex_protocol_error);
|
||||||
|
|
||||||
dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
|
dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
|
||||||
dispatch_set(SSH2_MSG_NEWKEYS, &kex_input_newkeys);
|
|
||||||
return kex;
|
return kex;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
7
kex.h
7
kex.h
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: kex.h,v 1.19 2001/04/03 23:32:12 markus Exp $ */
|
/* $OpenBSD: kex.h,v 1.20 2001/04/04 09:48:34 markus Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
|
@ -111,8 +111,9 @@ struct Kex {
|
||||||
Key *(*load_host_key)(int type);
|
Key *(*load_host_key)(int type);
|
||||||
};
|
};
|
||||||
|
|
||||||
Kex *kex_start(char *proposal[PROPOSAL_MAX]);
|
Kex *kex_setup(char *proposal[PROPOSAL_MAX]);
|
||||||
void kex_send_newkeys(void);
|
void kex_finish(Kex *kex);
|
||||||
|
|
||||||
void kex_send_kexinit(Kex *kex);
|
void kex_send_kexinit(Kex *kex);
|
||||||
void kex_protocol_error(int type, int plen, void *ctxt);
|
void kex_protocol_error(int type, int plen, void *ctxt);
|
||||||
void kex_derive_keys(Kex *k, u_char *hash, BIGNUM *shared_secret);
|
void kex_derive_keys(Kex *k, u_char *hash, BIGNUM *shared_secret);
|
||||||
|
|
14
kexdh.c
14
kexdh.c
|
@ -23,7 +23,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: kexdh.c,v 1.2 2001/04/03 23:32:12 markus Exp $");
|
RCSID("$OpenBSD: kexdh.c,v 1.3 2001/04/04 09:48:34 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/crypto.h>
|
#include <openssl/crypto.h>
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
|
@ -170,8 +170,8 @@ kexdh_client(Kex *kex)
|
||||||
shared_secret
|
shared_secret
|
||||||
);
|
);
|
||||||
xfree(server_host_key_blob);
|
xfree(server_host_key_blob);
|
||||||
DH_free(dh);
|
|
||||||
BN_free(dh_server_pub);
|
BN_free(dh_server_pub);
|
||||||
|
DH_free(dh);
|
||||||
|
|
||||||
if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
|
if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
|
||||||
fatal("key_verify failed for server_host_key");
|
fatal("key_verify failed for server_host_key");
|
||||||
|
@ -187,7 +187,7 @@ kexdh_client(Kex *kex)
|
||||||
|
|
||||||
kex_derive_keys(kex, hash, shared_secret);
|
kex_derive_keys(kex, hash, shared_secret);
|
||||||
BN_clear_free(shared_secret);
|
BN_clear_free(shared_secret);
|
||||||
kex_send_newkeys();
|
kex_finish(kex);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* server */
|
/* server */
|
||||||
|
@ -283,15 +283,15 @@ kexdh_server(Kex *kex)
|
||||||
packet_put_bignum2(dh->pub_key); /* f */
|
packet_put_bignum2(dh->pub_key); /* f */
|
||||||
packet_put_string((char *)signature, slen);
|
packet_put_string((char *)signature, slen);
|
||||||
packet_send();
|
packet_send();
|
||||||
|
|
||||||
xfree(signature);
|
xfree(signature);
|
||||||
xfree(server_host_key_blob);
|
xfree(server_host_key_blob);
|
||||||
|
/* have keys, free DH */
|
||||||
|
DH_free(dh);
|
||||||
|
|
||||||
kex_derive_keys(kex, hash, shared_secret);
|
kex_derive_keys(kex, hash, shared_secret);
|
||||||
BN_clear_free(shared_secret);
|
BN_clear_free(shared_secret);
|
||||||
kex_send_newkeys();
|
kex_finish(kex);
|
||||||
|
|
||||||
/* have keys, free DH */
|
|
||||||
DH_free(dh);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
|
17
kexgex.c
17
kexgex.c
|
@ -24,7 +24,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: kexgex.c,v 1.2 2001/04/03 23:32:12 markus Exp $");
|
RCSID("$OpenBSD: kexgex.c,v 1.3 2001/04/04 09:48:34 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
|
|
||||||
|
@ -228,6 +228,8 @@ kexgex_client(Kex *kex)
|
||||||
dh_server_pub,
|
dh_server_pub,
|
||||||
shared_secret
|
shared_secret
|
||||||
);
|
);
|
||||||
|
/* have keys, free DH */
|
||||||
|
DH_free(dh);
|
||||||
xfree(server_host_key_blob);
|
xfree(server_host_key_blob);
|
||||||
BN_free(dh_server_pub);
|
BN_free(dh_server_pub);
|
||||||
|
|
||||||
|
@ -242,14 +244,10 @@ kexgex_client(Kex *kex)
|
||||||
kex->session_id = xmalloc(kex->session_id_len);
|
kex->session_id = xmalloc(kex->session_id_len);
|
||||||
memcpy(kex->session_id, hash, kex->session_id_len);
|
memcpy(kex->session_id, hash, kex->session_id_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
kex_derive_keys(kex, hash, shared_secret);
|
kex_derive_keys(kex, hash, shared_secret);
|
||||||
BN_clear_free(shared_secret);
|
BN_clear_free(shared_secret);
|
||||||
|
|
||||||
kex_send_newkeys();
|
kex_finish(kex);
|
||||||
|
|
||||||
/* have keys, free DH */
|
|
||||||
DH_free(dh);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* server */
|
/* server */
|
||||||
|
@ -391,14 +389,13 @@ kexgex_server(Kex *kex)
|
||||||
packet_send();
|
packet_send();
|
||||||
xfree(signature);
|
xfree(signature);
|
||||||
xfree(server_host_key_blob);
|
xfree(server_host_key_blob);
|
||||||
|
/* have keys, free DH */
|
||||||
|
DH_free(dh);
|
||||||
|
|
||||||
kex_derive_keys(kex, hash, shared_secret);
|
kex_derive_keys(kex, hash, shared_secret);
|
||||||
BN_clear_free(shared_secret);
|
BN_clear_free(shared_secret);
|
||||||
|
|
||||||
kex_send_newkeys();
|
kex_finish(kex);
|
||||||
|
|
||||||
/* have keys, free DH */
|
|
||||||
DH_free(dh);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
|
5
packet.c
5
packet.c
|
@ -37,7 +37,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: packet.c,v 1.57 2001/04/03 23:32:12 markus Exp $");
|
RCSID("$OpenBSD: packet.c,v 1.58 2001/04/04 09:48:34 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
|
@ -525,7 +525,8 @@ set_newkeys(int mode)
|
||||||
if (newkeys[mode] != NULL) {
|
if (newkeys[mode] != NULL) {
|
||||||
debug("newkeys: rekeying");
|
debug("newkeys: rekeying");
|
||||||
memset(cc, 0, sizeof(*cc));
|
memset(cc, 0, sizeof(*cc));
|
||||||
// free old keys, reset compression cipher-contexts;
|
/* todo: free old keys, reset compression/cipher-ctxt; */
|
||||||
|
xfree(newkeys[mode]);
|
||||||
}
|
}
|
||||||
newkeys[mode] = kex_get_newkeys(mode);
|
newkeys[mode] = kex_get_newkeys(mode);
|
||||||
if (newkeys[mode] == NULL)
|
if (newkeys[mode] == NULL)
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: sshconnect2.c,v 1.63 2001/04/04 00:06:54 markus Exp $");
|
RCSID("$OpenBSD: sshconnect2.c,v 1.64 2001/04/04 09:48:35 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include <openssl/md5.h>
|
#include <openssl/md5.h>
|
||||||
|
@ -111,7 +111,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
|
||||||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
||||||
}
|
}
|
||||||
|
|
||||||
kex = kex_start(myproposal);
|
kex = kex_setup(myproposal);
|
||||||
kex->client_version_string=client_version_string;
|
kex->client_version_string=client_version_string;
|
||||||
kex->server_version_string=server_version_string;
|
kex->server_version_string=server_version_string;
|
||||||
kex->check_host_key=&check_host_key_callback;
|
kex->check_host_key=&check_host_key_callback;
|
||||||
|
@ -254,7 +254,7 @@ ssh_userauth2(const char *server_user, char *host)
|
||||||
/* initial userauth request */
|
/* initial userauth request */
|
||||||
userauth_none(&authctxt);
|
userauth_none(&authctxt);
|
||||||
|
|
||||||
//dispatch_init(&input_userauth_error);
|
/* dispatch_init(&input_userauth_error); */
|
||||||
for (i = 50; i <= 254; i++) {
|
for (i = 50; i <= 254; i++) {
|
||||||
dispatch_set(i, &input_userauth_error);
|
dispatch_set(i, &input_userauth_error);
|
||||||
}
|
}
|
||||||
|
|
4
sshd.c
4
sshd.c
|
@ -40,7 +40,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: sshd.c,v 1.187 2001/04/03 23:32:12 markus Exp $");
|
RCSID("$OpenBSD: sshd.c,v 1.188 2001/04/04 09:48:35 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/dh.h>
|
#include <openssl/dh.h>
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
|
@ -1425,7 +1425,7 @@ do_ssh2_kex(void)
|
||||||
}
|
}
|
||||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
|
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
|
||||||
|
|
||||||
kex = kex_start(myproposal);
|
kex = kex_setup(myproposal);
|
||||||
kex->server = 1;
|
kex->server = 1;
|
||||||
kex->client_version_string=client_version_string;
|
kex->client_version_string=client_version_string;
|
||||||
kex->server_version_string=server_version_string;
|
kex->server_version_string=server_version_string;
|
||||||
|
|
Loading…
Reference in New Issue