diff options
| author | Niels Provos <provos@cvs.openbsd.org> | 2001-03-28 21:59:42 +0000 |
|---|---|---|
| committer | Niels Provos <provos@cvs.openbsd.org> | 2001-03-28 21:59:42 +0000 |
| commit | 9ed02e94ed4701608bc1f29aaa8f709e0e82d84f (patch) | |
| tree | 92f0ed2e159fd573e9c05148b04d19b398e8c8b1 /usr.bin | |
| parent | 859638397ed7775f5d12e72f35fdd084919c015e (diff) | |
forgot to include min and max params in hash, okay markus@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/kex.c | 12 | ||||
| -rw-r--r-- | usr.bin/ssh/kex.h | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 11 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 11 |
4 files changed, 30 insertions, 9 deletions
diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 78e108e90c1..38c813d8bcb 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.23 2001/03/10 17:51:04 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.24 2001/03/28 21:59:40 provos Exp $"); #include <openssl/crypto.h> #include <openssl/bio.h> @@ -290,7 +290,7 @@ kex_hash_gex( char *ckexinit, int ckexinitlen, char *skexinit, int skexinitlen, char *serverhostkeyblob, int sbloblen, - int minbits, BIGNUM *prime, BIGNUM *gen, + int min, int wantbits, int max, BIGNUM *prime, BIGNUM *gen, BIGNUM *client_dh_pub, BIGNUM *server_dh_pub, BIGNUM *shared_secret) @@ -313,7 +313,13 @@ kex_hash_gex( buffer_append(&b, skexinit, skexinitlen); buffer_put_string(&b, serverhostkeyblob, sbloblen); - buffer_put_int(&b, minbits); + if (min == -1 || max == -1) + buffer_put_int(&b, wantbits); + else { + buffer_put_int(&b, min); + buffer_put_int(&b, wantbits); + buffer_put_int(&b, max); + } buffer_put_bignum2(&b, prime); buffer_put_bignum2(&b, gen); buffer_put_bignum2(&b, client_dh_pub); diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h index 5004699d9c3..41337680a9c 100644 --- a/usr.bin/ssh/kex.h +++ b/usr.bin/ssh/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.15 2001/03/05 17:17:20 markus Exp $ */ +/* $OpenBSD: kex.h,v 1.16 2001/03/28 21:59:40 provos Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -127,7 +127,8 @@ kex_hash_gex( char *ckexinit, int ckexinitlen, char *skexinit, int skexinitlen, char *serverhostkeyblob, int sbloblen, - int minbits, BIGNUM *prime, BIGNUM *gen, + int min, int wantbits, int max, + BIGNUM *prime, BIGNUM *gen, BIGNUM *client_dh_pub, BIGNUM *server_dh_pub, BIGNUM *shared_secret); diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index da8c8229ca0..7a8c77b670f 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.57 2001/03/27 17:46:49 provos Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.58 2001/03/28 21:59:40 provos Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -440,6 +440,12 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, memset(kbuf, 0, klen); xfree(kbuf); + if (datafellows & SSH_OLD_DHGEX) { + /* These values are not included in the hash */ + min = -1; + max = -1; + } + /* calc and verify H */ hash = kex_hash_gex( client_version_string, @@ -447,7 +453,8 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, buffer_ptr(client_kexinit), buffer_len(client_kexinit), buffer_ptr(server_kexinit), buffer_len(server_kexinit), server_host_key_blob, sbloblen, - nbits, dh->p, dh->g, + min, nbits, max, + dh->p, dh->g, dh->pub_key, dh_server_pub, shared_secret diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index c332711ae7a..60389d5120f 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.182 2001/03/28 20:50:45 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.183 2001/03/28 21:59:41 provos Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -1694,6 +1694,12 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) /* XXX precompute? */ key_to_blob(hostkey, &server_host_key_blob, &sbloblen); + if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) { + /* These values are not included in the hash */ + min = -1; + max = -1; + } + /* calc H */ /* XXX depends on 'kex' */ hash = kex_hash_gex( client_version_string, @@ -1701,7 +1707,8 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) buffer_ptr(client_kexinit), buffer_len(client_kexinit), buffer_ptr(server_kexinit), buffer_len(server_kexinit), (char *)server_host_key_blob, sbloblen, - nbits, dh->p, dh->g, + min, nbits, max, + dh->p, dh->g, dh_client_pub, dh->pub_key, shared_secret |