X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/3ee832e5c0dd6aa5738c9df957f879e52ff5e04e..0073b70fa18e81070f70ab64bc95d89f866b23fe:/kex.c

diff --git a/kex.c b/kex.c
index e9f944b0..d079ab0e 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.45 2002/02/14 23:41:01 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.50 2002/05/15 15:47:49 mouring Exp $");
 
 #include <openssl/crypto.h>
 
@@ -40,9 +40,15 @@ RCSID("$OpenBSD: kex.c,v 1.45 2002/02/14 23:41:01 markus Exp $");
 #include "mac.h"
 #include "match.h"
 #include "dispatch.h"
+#include "monitor.h"
 
 #define KEX_COOKIE_LEN	16
 
+/* Use privilege separation for sshd */
+int use_privsep;
+struct monitor *pmonitor;
+
+
 /* prototype */
 static void kex_kexinit_finish(Kex *);
 static void kex_choose_conf(Kex *);
@@ -51,16 +57,15 @@ static void kex_choose_conf(Kex *);
 static void
 kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
 {
-	u_int32_t rand = 0;
 	int i;
 
 	buffer_clear(b);
-	for (i = 0; i < KEX_COOKIE_LEN; i++) {
-		if (i % 4 == 0)
-			rand = arc4random();
-		buffer_put_char(b, rand & 0xff);
-		rand >>= 8;
-	}
+	/*
+	 * add a dummy cookie, the cookie will be overwritten by
+	 * kex_send_kexinit(), each time a kexinit is set
+	 */
+	for (i = 0; i < KEX_COOKIE_LEN; i++)
+		buffer_put_char(b, 0);
 	for (i = 0; i < PROPOSAL_MAX; i++)
 		buffer_put_cstring(b, proposal[i]);
 	buffer_put_char(b, 0);			/* first_kex_packet_follows */
@@ -132,6 +137,7 @@ kex_finish(Kex *kex)
 
 	debug("waiting for SSH2_MSG_NEWKEYS");
 	packet_read_expect(SSH2_MSG_NEWKEYS);
+	packet_check_eom();
 	debug("SSH2_MSG_NEWKEYS received");
 
 	kex->done = 1;
@@ -145,6 +151,10 @@ kex_finish(Kex *kex)
 void
 kex_send_kexinit(Kex *kex)
 {
+	u_int32_t rand = 0;
+	u_char *cookie;
+	int i;
+
 	if (kex == NULL) {
 		error("kex_send_kexinit: no kex, cannot rekey");
 		return;
@@ -154,6 +164,17 @@ kex_send_kexinit(Kex *kex)
 		return;
 	}
 	kex->done = 0;
+
+	/* generate a random cookie */
+	if (buffer_len(&kex->my) < KEX_COOKIE_LEN)
+		fatal("kex_send_kexinit: kex proposal too short");
+	cookie = buffer_ptr(&kex->my);
+	for (i = 0; i < KEX_COOKIE_LEN; i++) {
+		if (i % 4 == 0)
+			rand = arc4random();
+		cookie[i] = rand;
+		rand >>= 8;
+	}
 	packet_start(SSH2_MSG_KEXINIT);
 	packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));
 	packet_send();
@@ -360,7 +381,7 @@ static u_char *
 derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)
 {
 	Buffer b;
-	EVP_MD *evp_md = EVP_sha1();
+	const EVP_MD *evp_md = EVP_sha1();
 	EVP_MD_CTX md;
 	char c = id;
 	int have;