diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2019-01-21 09:55:53 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2019-01-21 09:55:53 +0000 |
| commit | 825587c8495c6b64caa882e3a174762baf51258b (patch) | |
| tree | 8de78686f222684192526caad4f7664a960b0588 /usr.bin | |
| parent | d4b315ee3dc05ee81920959d83193416d663b65b (diff) | |
save the derived session id in kex_derive_keys() rather than making each
kex method implementation do it.
from markus@ ok djm@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/kex.c | 10 | ||||
| -rw-r--r-- | usr.bin/ssh/kexc25519c.c | 13 | ||||
| -rw-r--r-- | usr.bin/ssh/kexc25519s.c | 13 | ||||
| -rw-r--r-- | usr.bin/ssh/kexdhc.c | 13 | ||||
| -rw-r--r-- | usr.bin/ssh/kexdhs.c | 13 | ||||
| -rw-r--r-- | usr.bin/ssh/kexecdhc.c | 13 | ||||
| -rw-r--r-- | usr.bin/ssh/kexecdhs.c | 13 | ||||
| -rw-r--r-- | usr.bin/ssh/kexgexc.c | 13 | ||||
| -rw-r--r-- | usr.bin/ssh/kexgexs.c | 13 |
9 files changed, 17 insertions, 97 deletions
diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 806aa2b6d0e..387ded02147 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.143 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.144 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -996,6 +996,14 @@ kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen, u_int i, j, mode, ctos; int r; + /* save initial hash as session id */ + if (kex->session_id == NULL) { + kex->session_id_len = hashlen; + kex->session_id = malloc(kex->session_id_len); + if (kex->session_id == NULL) + return SSH_ERR_ALLOC_FAIL; + memcpy(kex->session_id, hash, kex->session_id_len); + } for (i = 0; i < NKEYS; i++) { if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen, shared_secret, &keys[i])) != 0) { diff --git a/usr.bin/ssh/kexc25519c.c b/usr.bin/ssh/kexc25519c.c index e007c6a0212..23b029fac76 100644 --- a/usr.bin/ssh/kexc25519c.c +++ b/usr.bin/ssh/kexc25519c.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519c.c,v 1.10 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexc25519c.c,v 1.11 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -142,17 +142,6 @@ input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh) kex->hostkey_alg, ssh->compat)) != 0) goto out; - /* save session id */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: diff --git a/usr.bin/ssh/kexc25519s.c b/usr.bin/ssh/kexc25519s.c index fc4f51d6503..7d537fb711d 100644 --- a/usr.bin/ssh/kexc25519s.c +++ b/usr.bin/ssh/kexc25519s.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519s.c,v 1.13 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: kexc25519s.c,v 1.14 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -119,17 +119,6 @@ input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh) hash, &hashlen)) < 0) goto out; - /* save session id := H */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - /* sign H */ if ((r = kex->sign(ssh, server_host_private, server_host_public, &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) diff --git a/usr.bin/ssh/kexdhc.c b/usr.bin/ssh/kexdhc.c index 6e2e41def25..d2989cb3fc6 100644 --- a/usr.bin/ssh/kexdhc.c +++ b/usr.bin/ssh/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.25 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.26 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -181,17 +181,6 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) kex->hostkey_alg, ssh->compat)) != 0) goto out; - /* save session id */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: diff --git a/usr.bin/ssh/kexdhs.c b/usr.bin/ssh/kexdhs.c index a5d6508b358..dd8aa19d41c 100644 --- a/usr.bin/ssh/kexdhs.c +++ b/usr.bin/ssh/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.31 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.32 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -166,17 +166,6 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) hash, &hashlen)) != 0) goto out; - /* save session id := H */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - /* sign H */ if ((r = kex->sign(ssh, server_host_private, server_host_public, &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) diff --git a/usr.bin/ssh/kexecdhc.c b/usr.bin/ssh/kexecdhc.c index fac70b458a8..af1d4b23160 100644 --- a/usr.bin/ssh/kexecdhc.c +++ b/usr.bin/ssh/kexecdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhc.c,v 1.14 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexecdhc.c,v 1.15 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -186,17 +186,6 @@ input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh) hashlen, kex->hostkey_alg, ssh->compat)) != 0) goto out; - /* save session id */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: diff --git a/usr.bin/ssh/kexecdhs.c b/usr.bin/ssh/kexecdhs.c index 46883229d49..70528bda60d 100644 --- a/usr.bin/ssh/kexecdhs.c +++ b/usr.bin/ssh/kexecdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhs.c,v 1.19 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: kexecdhs.c,v 1.20 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -152,17 +152,6 @@ input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh) hash, &hashlen)) != 0) goto out; - /* save session id := H */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - /* sign H */ if ((r = kex->sign(ssh, server_host_private, server_host_public, &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) diff --git a/usr.bin/ssh/kexgexc.c b/usr.bin/ssh/kexgexc.c index ea0eac944b1..6a24cf184a1 100644 --- a/usr.bin/ssh/kexgexc.c +++ b/usr.bin/ssh/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.30 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.31 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -222,17 +222,6 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) hashlen, kex->hostkey_alg, ssh->compat)) != 0) goto out; - /* save session id */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: diff --git a/usr.bin/ssh/kexgexs.c b/usr.bin/ssh/kexgexs.c index b98b8ccf8d1..8c217e4aeb0 100644 --- a/usr.bin/ssh/kexgexs.c +++ b/usr.bin/ssh/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.38 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.39 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -200,17 +200,6 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) hash, &hashlen)) != 0) goto out; - /* save session id := H */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - /* sign H */ if ((r = kex->sign(ssh, server_host_private, server_host_public, &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) |