diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2021-01-27 10:05:29 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2021-01-27 10:05:29 +0000 |
| commit | 00a936b08d5cafc2771662ab9266033333ef6ad3 (patch) | |
| tree | 4a2f67cf1f7f4080479216917771e169f0c18471 /usr.bin/ssh/monitor.c | |
| parent | 5adae05e49652ef94409fd4846cc55eeefb329da (diff) | |
make ssh->kex->session_id a sshbuf instead of u_char*/size_t and
use that instead of global variables containing copies of it.
feedback/ok markus@
Diffstat (limited to 'usr.bin/ssh/monitor.c')
| -rw-r--r-- | usr.bin/ssh/monitor.c | 49 |
1 files changed, 28 insertions, 21 deletions
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 5029f4f9a06..68158d57b03 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.222 2021/01/27 09:26:54 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.223 2021/01/27 10:05:28 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -89,7 +89,6 @@ static Gssctxt *gsscontext = NULL; /* Imports */ extern ServerOptions options; extern u_int utmp_len; -extern u_char session_id[]; extern struct sshbuf *loginmsg; extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */ @@ -1182,7 +1181,9 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) break; } if (!valid_data) - fatal_f("bad signature data blob"); + fatal_f("bad %s signature data blob", + key_blobtype == MM_USERKEY ? "userkey" : + (key_blobtype == MM_HOSTKEY ? "hostkey" : "unknown")); if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) @@ -1415,26 +1416,32 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) fatal_fr(r, "packet_set_state"); sshbuf_free(child_state); child_state = NULL; - - if ((kex = ssh->kex) != NULL) { - /* XXX set callbacks */ + if ((kex = ssh->kex) == NULL) + fatal_f("internal error: ssh->kex == NULL"); + if (session_id2_len != sshbuf_len(ssh->kex->session_id)) { + fatal_f("incorrect session id length %zu (expected %u)", + sshbuf_len(ssh->kex->session_id), session_id2_len); + } + if (memcmp(sshbuf_ptr(ssh->kex->session_id), session_id2, + session_id2_len) != 0) + fatal_f("session ID mismatch"); + /* XXX set callbacks */ #ifdef WITH_OPENSSL - kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; - kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; - kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; - kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; - kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; - kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; - kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; - kex->kex[KEX_ECDH_SHA2] = kex_gen_server; + kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; + kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; + kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; + kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; + kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; + kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; + kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; + kex->kex[KEX_ECDH_SHA2] = kex_gen_server; #endif - kex->kex[KEX_C25519_SHA256] = kex_gen_server; - kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server; - kex->load_host_public_key=&get_hostkey_public_by_type; - kex->load_host_private_key=&get_hostkey_private_by_type; - kex->host_key_index=&get_hostkey_index; - kex->sign = sshd_hostkey_sign; - } + kex->kex[KEX_C25519_SHA256] = kex_gen_server; + kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server; + kex->load_host_public_key=&get_hostkey_public_by_type; + kex->load_host_private_key=&get_hostkey_private_by_type; + kex->host_key_index=&get_hostkey_index; + kex->sign = sshd_hostkey_sign; } /* This function requires careful sanity checking */ |