summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-04-04 17:52:53 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-04-04 17:52:53 +0000
commit238abf6a14d6ed038918fa35f618089230e68fd6 (patch)
tree7a856c03b822853fc08ef711e6a0bf05c738e6a0
parent22b19b43e420c9fc711a38631187820573d0f047 (diff)
- markus@cvs.openbsd.org 2001/04/04 09:48:35
[kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c] don't sent multiple kexinit-requests. send newkeys, block while waiting for newkeys. fix comments.
-rw-r--r--ChangeLog10
-rw-r--r--kex.c22
-rw-r--r--kex.h7
-rw-r--r--kexdh.c14
-rw-r--r--kexgex.c17
-rw-r--r--packet.c5
-rw-r--r--sshconnect2.c6
-rw-r--r--sshd.c4
8 files changed, 46 insertions, 39 deletions
diff --git a/ChangeLog b/ChangeLog
index bc687986..4ca9cf0b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+20010405
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/04/04 09:48:35
+ [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
+ don't sent multiple kexinit-requests.
+ send newkeys, block while waiting for newkeys.
+ fix comments.
+
20010404
- OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/04/02 17:32:23
@@ -4836,4 +4844,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1054 2001/04/04 17:39:19 mouring Exp $
+$Id: ChangeLog,v 1.1055 2001/04/04 17:52:53 mouring Exp $
diff --git a/kex.c b/kex.c
index 3b42d324..1314270d 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.27 2001/04/03 23:32:11 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.28 2001/04/04 09:48:34 markus Exp $");
#include <openssl/crypto.h>
@@ -112,20 +112,17 @@ kex_protocol_error(int type, int plen, void *ctxt)
}
void
-kex_send_newkeys(void)
+kex_finish(Kex *kex)
{
+ int i, plen;
+
packet_start(SSH2_MSG_NEWKEYS);
packet_send();
/* packet_write_wait(); */
debug("SSH2_MSG_NEWKEYS sent");
-}
-
-void
-kex_input_newkeys(int type, int plen, void *ctxt)
-{
- Kex *kex = ctxt;
- int i;
+ debug("waiting for SSH2_MSG_NEWKEYS");
+ packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
debug("SSH2_MSG_NEWKEYS received");
kex->newkeys = 1;
for (i = 30; i <= 49; i++)
@@ -138,6 +135,10 @@ kex_input_newkeys(int type, int plen, void *ctxt)
void
kex_send_kexinit(Kex *kex)
{
+ if (kex->flags & KEX_INIT_SENT) {
+ debug("KEX_INIT_SENT");
+ return;
+ }
packet_start(SSH2_MSG_KEXINIT);
packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));
packet_send();
@@ -161,7 +162,7 @@ kex_input_kexinit(int type, int plen, void *ctxt)
}
Kex *
-kex_start(char *proposal[PROPOSAL_MAX])
+kex_setup(char *proposal[PROPOSAL_MAX])
{
Kex *kex;
int i;
@@ -179,7 +180,6 @@ kex_start(char *proposal[PROPOSAL_MAX])
dispatch_set(i, kex_protocol_error);
dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
- dispatch_set(SSH2_MSG_NEWKEYS, &kex_input_newkeys);
return kex;
}
diff --git a/kex.h b/kex.h
index 83f54fd9..c37d3aa5 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.19 2001/04/03 23:32:12 markus Exp $ */
+/* $OpenBSD: kex.h,v 1.20 2001/04/04 09:48:34 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -111,8 +111,9 @@ struct Kex {
Key *(*load_host_key)(int type);
};
-Kex *kex_start(char *proposal[PROPOSAL_MAX]);
-void kex_send_newkeys(void);
+Kex *kex_setup(char *proposal[PROPOSAL_MAX]);
+void kex_finish(Kex *kex);
+
void kex_send_kexinit(Kex *kex);
void kex_protocol_error(int type, int plen, void *ctxt);
void kex_derive_keys(Kex *k, u_char *hash, BIGNUM *shared_secret);
diff --git a/kexdh.c b/kexdh.c
index 8449ec06..7b6a2204 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.2 2001/04/03 23:32:12 markus Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.3 2001/04/04 09:48:34 markus Exp $");
#include <openssl/crypto.h>
#include <openssl/bn.h>
@@ -170,8 +170,8 @@ kexdh_client(Kex *kex)
shared_secret
);
xfree(server_host_key_blob);
- DH_free(dh);
BN_free(dh_server_pub);
+ DH_free(dh);
if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
fatal("key_verify failed for server_host_key");
@@ -187,7 +187,7 @@ kexdh_client(Kex *kex)
kex_derive_keys(kex, hash, shared_secret);
BN_clear_free(shared_secret);
- kex_send_newkeys();
+ kex_finish(kex);
}
/* server */
@@ -283,15 +283,15 @@ kexdh_server(Kex *kex)
packet_put_bignum2(dh->pub_key); /* f */
packet_put_string((char *)signature, slen);
packet_send();
+
xfree(signature);
xfree(server_host_key_blob);
+ /* have keys, free DH */
+ DH_free(dh);
kex_derive_keys(kex, hash, shared_secret);
BN_clear_free(shared_secret);
- kex_send_newkeys();
-
- /* have keys, free DH */
- DH_free(dh);
+ kex_finish(kex);
}
void
diff --git a/kexgex.c b/kexgex.c
index 6e8be78b..df7e668b 100644
--- a/kexgex.c
+++ b/kexgex.c
@@ -24,7 +24,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.2 2001/04/03 23:32:12 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.3 2001/04/04 09:48:34 markus Exp $");
#include <openssl/bn.h>
@@ -228,6 +228,8 @@ kexgex_client(Kex *kex)
dh_server_pub,
shared_secret
);
+ /* have keys, free DH */
+ DH_free(dh);
xfree(server_host_key_blob);
BN_free(dh_server_pub);
@@ -242,14 +244,10 @@ kexgex_client(Kex *kex)
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
-
kex_derive_keys(kex, hash, shared_secret);
BN_clear_free(shared_secret);
- kex_send_newkeys();
-
- /* have keys, free DH */
- DH_free(dh);
+ kex_finish(kex);
}
/* server */
@@ -391,14 +389,13 @@ kexgex_server(Kex *kex)
packet_send();
xfree(signature);
xfree(server_host_key_blob);
+ /* have keys, free DH */
+ DH_free(dh);
kex_derive_keys(kex, hash, shared_secret);
BN_clear_free(shared_secret);
- kex_send_newkeys();
-
- /* have keys, free DH */
- DH_free(dh);
+ kex_finish(kex);
}
void
diff --git a/packet.c b/packet.c
index a4a0b059..cf081a0f 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.57 2001/04/03 23:32:12 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.58 2001/04/04 09:48:34 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
@@ -525,7 +525,8 @@ set_newkeys(int mode)
if (newkeys[mode] != NULL) {
debug("newkeys: rekeying");
memset(cc, 0, sizeof(*cc));
- // free old keys, reset compression cipher-contexts;
+ /* todo: free old keys, reset compression/cipher-ctxt; */
+ xfree(newkeys[mode]);
}
newkeys[mode] = kex_get_newkeys(mode);
if (newkeys[mode] == NULL)
diff --git a/sshconnect2.c b/sshconnect2.c
index 1c52231b..89515670 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.63 2001/04/04 00:06:54 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.64 2001/04/04 09:48:35 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -111,7 +111,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
- kex = kex_start(myproposal);
+ kex = kex_setup(myproposal);
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
kex->check_host_key=&check_host_key_callback;
@@ -254,7 +254,7 @@ ssh_userauth2(const char *server_user, char *host)
/* initial userauth request */
userauth_none(&authctxt);
- //dispatch_init(&input_userauth_error);
+ /* dispatch_init(&input_userauth_error); */
for (i = 50; i <= 254; i++) {
dispatch_set(i, &input_userauth_error);
}
diff --git a/sshd.c b/sshd.c
index bdcae2cd..0bb4269d 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.187 2001/04/03 23:32:12 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.188 2001/04/04 09:48:35 markus Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -1425,7 +1425,7 @@ do_ssh2_kex(void)
}
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
- kex = kex_start(myproposal);
+ kex = kex_setup(myproposal);
kex->server = 1;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;