tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-29 00:34:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2003/02/02 10:56:08

Browse Source 
[kex.c]
     add support for key exchange guesses; based on work by
     avraham.fraenkel@commatch.com; fixes bug #148; ok deraadt@
This commit is contained in:
Damien Miller 2003-02-24 11:53:32 +11:00
parent eeeeb3517e
commit babb47a059
2 changed files with 42 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -24,6 +24,10 @@
[scp.c] [scp.c]
call okname() only when using system(3) for remote-remote copy; call okname() only when using system(3) for remote-remote copy;
fixes bugs #483, #472; ok deraadt@, mouring@ fixes bugs #483, #472; ok deraadt@, mouring@
- markus@cvs.openbsd.org 2003/02/02 10:56:08
[kex.c]
add support for key exchange guesses; based on work by
avraham.fraenkel@commatch.com; fixes bug #148; ok deraadt@
20030211 20030211
- (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com
@ -1124,4 +1128,4 @@
save auth method before monitor_reset_key_state(); bugzilla bug #284; save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@ ok provos@
$Id: ChangeLog,v 1.2599 2003/02/24 00:52:58 djm Exp $ $Id: ChangeLog,v 1.2600 2003/02/24 00:53:32 djm Exp $

41
kex.c
View File

@ -23,7 +23,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: kex.c,v 1.52 2002/11/21 22:45:31 markus Exp $"); RCSID("$OpenBSD: kex.c,v 1.53 2003/02/02 10:56:08 markus Exp $");
#include <openssl/crypto.h> #include <openssl/crypto.h>
@ -74,7 +74,7 @@ kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
/* parse buffer and return algorithm proposal */ /* parse buffer and return algorithm proposal */
static char ** static char **
kex_buf2prop(Buffer *raw) kex_buf2prop(Buffer *raw, int *first_kex_follows)
{ {
Buffer b; Buffer b;
int i; int i;
@ -94,6 +94,8 @@ kex_buf2prop(Buffer *raw)
} }
/* first kex follows / reserved */ /* first kex follows / reserved */
i = buffer_get_char(&b); i = buffer_get_char(&b);
if (first_kex_follows != NULL)
*first_kex_follows = i;
debug2("kex_parse_kexinit: first_kex_follows %d ", i); debug2("kex_parse_kexinit: first_kex_follows %d ", i);
i = buffer_get_int(&b); i = buffer_get_int(&b);
debug2("kex_parse_kexinit: reserved %d ", i); debug2("kex_parse_kexinit: reserved %d ", i);
@ -317,6 +319,30 @@ choose_hostkeyalg(Kex *k, char *client, char *server)
xfree(hostkeyalg); xfree(hostkeyalg);
} }
static int
proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
{
static int check[] = {
PROPOSAL_KEX_ALGS, PROPOSAL_SERVER_HOST_KEY_ALGS, -1
};
int *idx;
char *p;
for (idx = &check[0]; *idx != -1; idx++) {
if ((p = strchr(my[*idx], ',')) != NULL)
*p = '\0';
if ((p = strchr(peer[*idx], ',')) != NULL)
*p = '\0';
if (strcmp(my[*idx], peer[*idx]) != 0) {
debug2("proposal mismatch: my %s peer %s",
my[*idx], peer[*idx]);
return (0);
}
}
debug2("proposals match");
return (1);
}
static void static void
kex_choose_conf(Kex *kex) kex_choose_conf(Kex *kex)
{ {
@ -327,9 +353,10 @@ kex_choose_conf(Kex *kex)
int mode; int mode;
int ctos; /* direction: if true client-to-server */ int ctos; /* direction: if true client-to-server */
int need; int need;
int first_kex_follows, type;
my = kex_buf2prop(&kex->my); my = kex_buf2prop(&kex->my, NULL);
peer = kex_buf2prop(&kex->peer); peer = kex_buf2prop(&kex->peer, &first_kex_follows);
if (kex->server) { if (kex->server) {
cprop=peer; cprop=peer;
@ -373,6 +400,12 @@ kex_choose_conf(Kex *kex)
/* XXX need runden? */ /* XXX need runden? */
kex->we_need = need; kex->we_need = need;
/* ignore the next message if the proposals do not match */
if (first_kex_follows && !proposals_match(my, peer)) {
type = packet_read();
debug2("skipping next packet (type %u)", type);
}
kex_prop_free(my); kex_prop_free(my);
kex_prop_free(peer); kex_prop_free(peer);
} }