- deraadt@cvs.openbsd.org 2001/02/04 16:56:23

[openssh.git] / sshd.c

diff --git a/sshd.c b/sshd.c
index 853553592fcfe1c7b2276d0b3448340cc5f9d670..e329112992a418caf50f3e90beb6ec2fa97ab49c 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.157 2001/01/22 23:06:40 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.163 2001/02/04 23:56:23 deraadt Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -429,7 +429,7 @@ destroy_sensitive_data(void)
                key_free(sensitive_data.server_key);
                sensitive_data.server_key = NULL;
        }
-        for(i = 0; i < options.num_host_key_files; i++) {
+       for(i = 0; i < options.num_host_key_files; i++) {
                if (sensitive_data.host_keys[i]) {
                        key_free(sensitive_data.host_keys[i]);
                        sensitive_data.host_keys[i] = NULL;
@@ -551,7 +551,6 @@ main(int ac, char **av)
        int opt, sock_in = 0, sock_out = 0, newsock, j, i, fdsetsz, on = 1;
        pid_t pid;
        socklen_t fromlen;
-       int silent = 0;
        fd_set *fdset;
        struct sockaddr_storage from;
        const char *remote_ip;
@@ -605,7 +604,7 @@ main(int ac, char **av)
                        inetd_flag = 1;
                        break;
                case 'Q':
-                       silent = 1;
+                       /* ignored */
                        break;
                case 'q':
                        options.log_level = SYSLOG_LEVEL_QUIET;
@@ -672,7 +671,7 @@ main(int ac, char **av)
        log_init(__progname,
            options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level,
            options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility,
-           !silent && !inetd_flag);
+           !inetd_flag);
 
        /* Read server configuration options from the configuration file. */
        read_server_config(&options, config_file_name);
@@ -724,9 +723,7 @@ main(int ac, char **av)
                log("Disabling protocol version 2. Could not load host key");
                options.protocol &= ~SSH_PROTO_2;
        }
-       if (! options.protocol & (SSH_PROTO_1|SSH_PROTO_2)) {
-               if (silent == 0)
-                       fprintf(stderr, "sshd: no hostkeys available -- exiting.\n");
+       if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
                log("sshd: no hostkeys available -- exiting.\n");
                exit(1);
        }
@@ -986,7 +983,7 @@ main(int ac, char **av)
                                                startups++;
                                                break;
                                        }
-                               
+
                                /*
                                 * Got connection.  Fork a child to handle it, unless
                                 * we are in debugging mode.
@@ -1189,6 +1186,7 @@ do_ssh1_kex(void)
 {
        int i, len;
        int plen, slen;
+       int rsafail = 0;
        BIGNUM *session_key_int;
        u_char session_key[SSH_SESSION_KEY_LENGTH];
        u_char cookie[8];
@@ -1299,7 +1297,7 @@ do_ssh1_kex(void)
         * with larger modulus first).
         */
        if (BN_cmp(sensitive_data.server_key->rsa->n, sensitive_data.ssh1_host_key->rsa->n) > 0) {
-               /* Private key has bigger modulus. */
+               /* Server key has bigger modulus. */
                if (BN_num_bits(sensitive_data.server_key->rsa->n) <
                    BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
                        fatal("do_connection: %s: server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d",
@@ -1308,10 +1306,12 @@ do_ssh1_kex(void)
                            BN_num_bits(sensitive_data.ssh1_host_key->rsa->n),
                            SSH_KEY_BITS_RESERVED);
                }
-               rsa_private_decrypt(session_key_int, session_key_int,
-                   sensitive_data.server_key->rsa);
-               rsa_private_decrypt(session_key_int, session_key_int,
-                   sensitive_data.ssh1_host_key->rsa);
+               if (rsa_private_decrypt(session_key_int, session_key_int,
+                   sensitive_data.server_key->rsa) <= 0)
+                       rsafail++;
+               if (rsa_private_decrypt(session_key_int, session_key_int,
+                   sensitive_data.ssh1_host_key->rsa) <= 0)
+                       rsafail++;
        } else {
                /* Host key has bigger modulus (or they are equal). */
                if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) <
@@ -1322,10 +1322,12 @@ do_ssh1_kex(void)
                            BN_num_bits(sensitive_data.server_key->rsa->n),
                            SSH_KEY_BITS_RESERVED);
                }
-               rsa_private_decrypt(session_key_int, session_key_int,
-                   sensitive_data.ssh1_host_key->rsa);
-               rsa_private_decrypt(session_key_int, session_key_int,
-                   sensitive_data.server_key->rsa);
+               if (rsa_private_decrypt(session_key_int, session_key_int,
+                   sensitive_data.ssh1_host_key->rsa) < 0)
+                       rsafail++;
+               if (rsa_private_decrypt(session_key_int, session_key_int,
+                   sensitive_data.server_key->rsa) < 0)
+                       rsafail++;
        }
 
        compute_session_id(session_id, cookie,
@@ -1340,15 +1342,29 @@ do_ssh1_kex(void)
         * least significant 256 bits of the integer; the first byte of the
         * key is in the highest bits.
         */
-       BN_mask_bits(session_key_int, sizeof(session_key) * 8);
-       len = BN_num_bytes(session_key_int);
-       if (len < 0 || len > sizeof(session_key))
-               fatal("do_connection: bad len from %s: session_key_int %d > sizeof(session_key) %d",
-                   get_remote_ipaddr(),
-                   len, sizeof(session_key));
-       memset(session_key, 0, sizeof(session_key));
-       BN_bn2bin(session_key_int, session_key + sizeof(session_key) - len);
-
+       if (!rsafail) {
+               BN_mask_bits(session_key_int, sizeof(session_key) * 8);
+               len = BN_num_bytes(session_key_int);
+               if (len < 0 || len > sizeof(session_key)) {
+                       error("do_connection: bad session key len from %s: "
+                           "session_key_int %d > sizeof(session_key) %d",
+                           get_remote_ipaddr(), len, (int)sizeof(session_key));
+                       rsafail++;
+               } else {
+                       memset(session_key, 0, sizeof(session_key));
+                       BN_bn2bin(session_key_int,
+                           session_key + sizeof(session_key) - len);
+               }
+       }
+       if (rsafail) {
+               log("do_connection: generating a fake encryption key");
+               for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
+                       if (i % 4 == 0)
+                               rand = arc4random();
+                       session_key[i] = rand & 0xff;
+                       rand >>= 8;
+               }
+       }
        /* Destroy the decrypted integer.  It is no longer needed. */
        BN_clear_free(session_key_int);
 
@@ -1491,7 +1507,7 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
        fprintf(stderr, "\npub= ");
        BN_print_fp(stderr, dh->pub_key);
        fprintf(stderr, "\n");
-        DHparams_print_fp(stderr, dh);
+       DHparams_print_fp(stderr, dh);
 #endif
        if (!dh_pub_is_valid(dh, dh_client_pub))
                packet_disconnect("bad client public DH value");
@@ -1634,7 +1650,7 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
        fprintf(stderr, "\npub= ");
        BN_print_fp(stderr, dh->pub_key);
        fprintf(stderr, "\n");
-        DHparams_print_fp(stderr, dh);
+       DHparams_print_fp(stderr, dh);
 #endif
        if (!dh_pub_is_valid(dh, dh_client_pub))
                packet_disconnect("bad client public DH value");