upstream: remove ext-info-* in the kex.c code, not in callers;
with/ok markus@ OpenBSD-Commit-ID: c06fe2d3a0605c517ff7d65e38ec7b2d1b0b2799
This commit is contained in:
djm@openbsd.org
Damien Miller
parent
86f9e96d9b
commit
a72833d007
31
kex.c
31
kex.c
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: kex.c,v 1.184 2023/12/18 14:45:49 djm Exp $ */
|
/* $OpenBSD: kex.c,v 1.185 2024/01/08 00:34:33 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
|
@ -772,10 +772,11 @@ static int
|
||||||
kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh)
|
kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
{
|
{
|
||||||
struct kex *kex = ssh->kex;
|
struct kex *kex = ssh->kex;
|
||||||
int r;
|
int r, initial = (kex->flags & KEX_INITIAL) != 0;
|
||||||
|
char *cp, **prop;
|
||||||
|
|
||||||
debug("SSH2_MSG_NEWKEYS received");
|
debug("SSH2_MSG_NEWKEYS received");
|
||||||
if (kex->ext_info_c && (kex->flags & KEX_INITIAL) != 0)
|
if (kex->ext_info_c && initial)
|
||||||
ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_input_ext_info);
|
ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_input_ext_info);
|
||||||
ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error);
|
ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error);
|
||||||
ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
|
ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
|
||||||
|
|
@ -783,10 +784,32 @@ kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
return r;
|
return r;
|
||||||
if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
|
if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
|
||||||
return r;
|
return r;
|
||||||
|
if (initial) {
|
||||||
|
/* Remove initial KEX signalling from proposal for rekeying */
|
||||||
|
if ((r = kex_buf2prop(kex->my, NULL, &prop)) != 0)
|
||||||
|
return r;
|
||||||
|
if ((cp = match_filter_denylist(prop[PROPOSAL_KEX_ALGS],
|
||||||
|
kex->server ?
|
||||||
|
"ext-info-s,kex-strict-s-v00@openssh.com" :
|
||||||
|
"ext-info-c,kex-strict-c-v00@openssh.com")) == NULL) {
|
||||||
|
error_f("match_filter_denylist failed");
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
free(prop[PROPOSAL_KEX_ALGS]);
|
||||||
|
prop[PROPOSAL_KEX_ALGS] = cp;
|
||||||
|
if ((r = kex_prop2buf(ssh->kex->my, prop)) != 0) {
|
||||||
|
error_f("kex_prop2buf failed");
|
||||||
|
fail:
|
||||||
|
kex_proposal_free_entries(prop);
|
||||||
|
free(prop);
|
||||||
|
return SSH_ERR_INTERNAL_ERROR;
|
||||||
|
}
|
||||||
|
kex_proposal_free_entries(prop);
|
||||||
|
free(prop);
|
||||||
|
}
|
||||||
kex->done = 1;
|
kex->done = 1;
|
||||||
kex->flags &= ~KEX_INITIAL;
|
kex->flags &= ~KEX_INITIAL;
|
||||||
sshbuf_reset(kex->peer);
|
sshbuf_reset(kex->peer);
|
||||||
/* sshbuf_reset(kex->my); */
|
|
||||||
kex->flags &= ~KEX_INIT_SENT;
|
kex->flags &= ~KEX_INIT_SENT;
|
||||||
free(kex->name);
|
free(kex->name);
|
||||||
kex->name = NULL;
|
kex->name = NULL;
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshconnect2.c,v 1.371 2023/12/18 14:45:49 djm Exp $ */
|
/* $OpenBSD: sshconnect2.c,v 1.372 2024/01/08 00:34:34 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
||||||
|
|
@ -221,7 +221,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
|
||||||
const struct ssh_conn_info *cinfo)
|
const struct ssh_conn_info *cinfo)
|
||||||
{
|
{
|
||||||
char *myproposal[PROPOSAL_MAX];
|
char *myproposal[PROPOSAL_MAX];
|
||||||
char *s, *all_key, *hkalgs = NULL;
|
char *all_key, *hkalgs = NULL;
|
||||||
int r, use_known_hosts_order = 0;
|
int r, use_known_hosts_order = 0;
|
||||||
|
|
||||||
xxx_host = host;
|
xxx_host = host;
|
||||||
|
|
@ -249,14 +249,12 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
|
||||||
fatal_fr(r, "kex_assemble_namelist");
|
fatal_fr(r, "kex_assemble_namelist");
|
||||||
free(all_key);
|
free(all_key);
|
||||||
|
|
||||||
if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
|
|
||||||
fatal_f("kex_names_cat");
|
|
||||||
|
|
||||||
if (use_known_hosts_order)
|
if (use_known_hosts_order)
|
||||||
hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo);
|
hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo);
|
||||||
|
|
||||||
kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers,
|
kex_proposal_populate_entries(ssh, myproposal,
|
||||||
options.macs, compression_alg_list(options.compression),
|
options.kex_algorithms, options.ciphers, options.macs,
|
||||||
|
compression_alg_list(options.compression),
|
||||||
hkalgs ? hkalgs : options.hostkeyalgorithms);
|
hkalgs ? hkalgs : options.hostkeyalgorithms);
|
||||||
|
|
||||||
free(hkalgs);
|
free(hkalgs);
|
||||||
|
|
@ -281,13 +279,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
|
||||||
ssh->kex->verify_host_key=&verify_host_key_callback;
|
ssh->kex->verify_host_key=&verify_host_key_callback;
|
||||||
|
|
||||||
ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);
|
ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);
|
||||||
|
kex_proposal_free_entries(myproposal);
|
||||||
/* remove ext-info from the KEX proposals for rekeying */
|
|
||||||
free(myproposal[PROPOSAL_KEX_ALGS]);
|
|
||||||
myproposal[PROPOSAL_KEX_ALGS] =
|
|
||||||
compat_kex_proposal(ssh, options.kex_algorithms);
|
|
||||||
if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
|
|
||||||
fatal_r(r, "kex_prop2buf");
|
|
||||||
|
|
||||||
#ifdef DEBUG_KEXDH
|
#ifdef DEBUG_KEXDH
|
||||||
/* send 1st encrypted/maced/compressed message */
|
/* send 1st encrypted/maced/compressed message */
|
||||||
|
|
@ -297,7 +289,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
|
||||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||||
fatal_fr(r, "send packet");
|
fatal_fr(r, "send packet");
|
||||||
#endif
|
#endif
|
||||||
kex_proposal_free_entries(myproposal);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
4
sshd.c
4
sshd.c
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshd.c,v 1.601 2023/12/18 14:45:49 djm Exp $ */
|
/* $OpenBSD: sshd.c,v 1.602 2024/01/08 00:34:34 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
|
@ -2428,6 +2428,7 @@ do_ssh2_kex(struct ssh *ssh)
|
||||||
kex->sign = sshd_hostkey_sign;
|
kex->sign = sshd_hostkey_sign;
|
||||||
|
|
||||||
ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done);
|
ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done);
|
||||||
|
kex_proposal_free_entries(myproposal);
|
||||||
|
|
||||||
#ifdef DEBUG_KEXDH
|
#ifdef DEBUG_KEXDH
|
||||||
/* send 1st encrypted/maced/compressed message */
|
/* send 1st encrypted/maced/compressed message */
|
||||||
|
|
@ -2437,7 +2438,6 @@ do_ssh2_kex(struct ssh *ssh)
|
||||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||||
fatal_fr(r, "send test");
|
fatal_fr(r, "send test");
|
||||||
#endif
|
#endif
|
||||||
kex_proposal_free_entries(myproposal);
|
|
||||||
debug("KEX done");
|
debug("KEX done");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue