src - OpenBSD base system

diff options


context:
space:
mode:

author	Markus Friedl <markus@cvs.openbsd.org>	2001-04-04 09:48:36 +0000
committer	Markus Friedl <markus@cvs.openbsd.org>	2001-04-04 09:48:36 +0000
commit	d00d7919a437b24a46745a77814668a129d6e8e0 (patch)
tree	f2227319c44734ba1f004d01bae22dca0c9ba145
parent	1221231bf93b54ae324444e29253917845b0945f (diff)

don't sent multiple kexinit-requests.

send newkeys, block while waiting for newkeys. fix comments.

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

usr.bin/ssh/sshconnect2.c

-rw-r--r--

usr.bin/ssh/sshd.c

7 files changed, 37 insertions, 38 deletions

diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c
index 3b42d324017..1314270d496 100644
--- a/usr.bin/ssh/kex.c
+++ b/usr.bin/ssh/kex.c

@@ -23,7 +23,7 @@

#include "includes.h"

-RCSID("$OpenBSD: kex.c,v 1.27 2001/04/03 23:32:11 markus Exp $");

+RCSID("$OpenBSD: kex.c,v 1.28 2001/04/04 09:48:34 markus Exp $");

#include <openssl/crypto.h>

@@ -112,20 +112,17 @@ kex_protocol_error(int type, int plen, void *ctxt)

}

void

-kex_send_newkeys(void)

+kex_finish(Kex *kex)

{

+ int i, plen;

packet_start(SSH2_MSG_NEWKEYS);

packet_send();

/* packet_write_wait(); */

debug("SSH2_MSG_NEWKEYS sent");

-void

-kex_input_newkeys(int type, int plen, void *ctxt)

- Kex *kex = ctxt;

- int i;

+ debug("waiting for SSH2_MSG_NEWKEYS");

+ packet_read_expect(&plen, SSH2_MSG_NEWKEYS);

debug("SSH2_MSG_NEWKEYS received");

kex->newkeys = 1;

for (i = 30; i <= 49; i++)

@@ -138,6 +135,10 @@ kex_input_newkeys(int type, int plen, void *ctxt)

void

kex_send_kexinit(Kex *kex)

{

+ if (kex->flags & KEX_INIT_SENT) {

+ debug("KEX_INIT_SENT");

+ return;

+ }

packet_start(SSH2_MSG_KEXINIT);

packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));

packet_send();

@@ -161,7 +162,7 @@ kex_input_kexinit(int type, int plen, void *ctxt)

}

Kex *

-kex_start(char *proposal[PROPOSAL_MAX])

+kex_setup(char *proposal[PROPOSAL_MAX])

{

Kex *kex;

int i;

@@ -179,7 +180,6 @@ kex_start(char *proposal[PROPOSAL_MAX])

dispatch_set(i, kex_protocol_error);

dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);

- dispatch_set(SSH2_MSG_NEWKEYS, &kex_input_newkeys);

return kex;

}

diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h
index 83f54fd968a..c37d3aa5fdb 100644
--- a/usr.bin/ssh/kex.h
+++ b/usr.bin/ssh/kex.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: kex.h,v 1.19 2001/04/03 23:32:12 markus Exp $ */

+/* $OpenBSD: kex.h,v 1.20 2001/04/04 09:48:34 markus Exp $ */

@@ -111,8 +111,9 @@ struct Kex {

Key *(*load_host_key)(int type);

};

-Kex *kex_start(char *proposal[PROPOSAL_MAX]);

-void kex_send_newkeys(void);

+Kex *kex_setup(char *proposal[PROPOSAL_MAX]);

+void kex_finish(Kex *kex);

void kex_send_kexinit(Kex *kex);

void kex_protocol_error(int type, int plen, void *ctxt);

void kex_derive_keys(Kex *k, u_char *hash, BIGNUM *shared_secret);

diff --git a/usr.bin/ssh/kexdh.c b/usr.bin/ssh/kexdh.c
index 8449ec06ae8..7b6a22040a3 100644
--- a/usr.bin/ssh/kexdh.c
+++ b/usr.bin/ssh/kexdh.c

@@ -23,7 +23,7 @@

#include "includes.h"

-RCSID("$OpenBSD: kexdh.c,v 1.2 2001/04/03 23:32:12 markus Exp $");

+RCSID("$OpenBSD: kexdh.c,v 1.3 2001/04/04 09:48:34 markus Exp $");

#include <openssl/crypto.h>

#include <openssl/bn.h>

@@ -170,8 +170,8 @@ kexdh_client(Kex *kex)

shared_secret

);

xfree(server_host_key_blob);

- DH_free(dh);

BN_free(dh_server_pub);

+ DH_free(dh);

if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)

fatal("key_verify failed for server_host_key");

@@ -187,7 +187,7 @@ kexdh_client(Kex *kex)

kex_derive_keys(kex, hash, shared_secret);

BN_clear_free(shared_secret);

- kex_send_newkeys();

+ kex_finish(kex);

}

/* server */

@@ -283,15 +283,15 @@ kexdh_server(Kex *kex)

packet_put_bignum2(dh->pub_key); /* f */

packet_put_string((char *)signature, slen);

packet_send();

xfree(signature);

xfree(server_host_key_blob);

+ /* have keys, free DH */

+ DH_free(dh);

kex_derive_keys(kex, hash, shared_secret);

BN_clear_free(shared_secret);

- kex_send_newkeys();

- /* have keys, free DH */

- DH_free(dh);

+ kex_finish(kex);

}

void

diff --git a/usr.bin/ssh/kexgex.c b/usr.bin/ssh/kexgex.c
index 6e8be78b552..df7e668b4ab 100644
--- a/usr.bin/ssh/kexgex.c
+++ b/usr.bin/ssh/kexgex.c

@@ -24,7 +24,7 @@

#include "includes.h"

-RCSID("$OpenBSD: kexgex.c,v 1.2 2001/04/03 23:32:12 markus Exp $");

+RCSID("$OpenBSD: kexgex.c,v 1.3 2001/04/04 09:48:34 markus Exp $");

#include <openssl/bn.h>

@@ -228,6 +228,8 @@ kexgex_client(Kex *kex)

dh_server_pub,

shared_secret

);

+ /* have keys, free DH */

+ DH_free(dh);

xfree(server_host_key_blob);

BN_free(dh_server_pub);

@@ -242,14 +244,10 @@ kexgex_client(Kex *kex)

kex->session_id = xmalloc(kex->session_id_len);

memcpy(kex->session_id, hash, kex->session_id_len);

}

kex_derive_keys(kex, hash, shared_secret);

BN_clear_free(shared_secret);

- kex_send_newkeys();

- /* have keys, free DH */

- DH_free(dh);

+ kex_finish(kex);

}

/* server */

@@ -391,14 +389,13 @@ kexgex_server(Kex *kex)

packet_send();

xfree(signature);

xfree(server_host_key_blob);

+ /* have keys, free DH */

+ DH_free(dh);

kex_derive_keys(kex, hash, shared_secret);

BN_clear_free(shared_secret);

- kex_send_newkeys();

- /* have keys, free DH */

- DH_free(dh);

+ kex_finish(kex);

}

void

diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c
index 5bf1d8fb146..4c5271c6a2c 100644
--- a/usr.bin/ssh/packet.c
+++ b/usr.bin/ssh/packet.c

@@ -37,7 +37,7 @@

#include "includes.h"

-RCSID("$OpenBSD: packet.c,v 1.57 2001/04/03 23:32:12 markus Exp $");

+RCSID("$OpenBSD: packet.c,v 1.58 2001/04/04 09:48:34 markus Exp $");

#include "xmalloc.h"

#include "buffer.h"

@@ -525,7 +525,8 @@ set_newkeys(int mode)

if (newkeys[mode] != NULL) {

debug("newkeys: rekeying");

memset(cc, 0, sizeof(*cc));

- // free old keys, reset compression cipher-contexts;

+ /* todo: free old keys, reset compression/cipher-ctxt; */

+ xfree(newkeys[mode]);

}

newkeys[mode] = kex_get_newkeys(mode);

if (newkeys[mode] == NULL)

diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 1c52231b953..895156704a7 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c

@@ -23,7 +23,7 @@

#include "includes.h"

-RCSID("$OpenBSD: sshconnect2.c,v 1.63 2001/04/04 00:06:54 markus Exp $");

+RCSID("$OpenBSD: sshconnect2.c,v 1.64 2001/04/04 09:48:35 markus Exp $");

#include <openssl/bn.h>

#include <openssl/md5.h>

@@ -111,7 +111,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)

myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;

}

- kex = kex_start(myproposal);

+ kex = kex_setup(myproposal);

kex->client_version_string=client_version_string;

kex->server_version_string=server_version_string;

kex->check_host_key=&check_host_key_callback;

@@ -254,7 +254,7 @@ ssh_userauth2(const char *server_user, char *host)

/* initial userauth request */

userauth_none(&authctxt);

- //dispatch_init(&input_userauth_error);

+ /* dispatch_init(&input_userauth_error); */

for (i = 50; i <= 254; i++) {

dispatch_set(i, &input_userauth_error);

}

diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 9aa662eef74..ed3b92ed85d 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c

@@ -40,7 +40,7 @@

#include "includes.h"

-RCSID("$OpenBSD: sshd.c,v 1.187 2001/04/03 23:32:12 markus Exp $");

+RCSID("$OpenBSD: sshd.c,v 1.188 2001/04/04 09:48:35 markus Exp $");

#include <openssl/dh.h>

#include <openssl/bn.h>

@@ -1399,7 +1399,7 @@ do_ssh2_kex(void)

}

myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();

- kex = kex_start(myproposal);

+ kex = kex_setup(myproposal);

kex->server = 1;

kex->client_version_string=client_version_string;

kex->server_version_string=server_version_string;