- (djm) OpenBSD CVS Sync

   - provos@cvs.openbsd.org 2001/03/28 21:59:41
     [kex.c kex.h sshconnect2.c sshd.c]
     forgot to include min and max params in hash, okay markus@

diff --git a/ChangeLog b/ChangeLog
index 30b5cc400fe4ae462a0299ca7c7caa94034052d6..761aee6e38796331ce163e774f28858c77d89871 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 20010330
  - (djm) Another openbsd-compat/glob.c sync
+ - (djm) OpenBSD CVS Sync
+   - provos@cvs.openbsd.org 2001/03/28 21:59:41
+     [kex.c kex.h sshconnect2.c sshd.c]
+     forgot to include min and max params in hash, okay markus@
 
 20010329
  - OpenBSD CVS Sync

diff --git a/kex.c b/kex.c
index 78e108e90c157e5b14dce622b099631be0c82f9e..38c813d8bcb22cf972e1512d03e1efb8bd213633 100644 (file)
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.23 2001/03/10 17:51:04 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.24 2001/03/28 21:59:40 provos Exp $");
 
 #include <openssl/crypto.h>
 #include <openssl/bio.h>
@@ -290,7 +290,7 @@ kex_hash_gex(
     char *ckexinit, int ckexinitlen,
     char *skexinit, int skexinitlen,
     char *serverhostkeyblob, int sbloblen,
-    int minbits, BIGNUM *prime, BIGNUM *gen,
+    int min, int wantbits, int max, BIGNUM *prime, BIGNUM *gen,
     BIGNUM *client_dh_pub,
     BIGNUM *server_dh_pub,
     BIGNUM *shared_secret)
@@ -313,7 +313,13 @@ kex_hash_gex(
        buffer_append(&b, skexinit, skexinitlen);
 
        buffer_put_string(&b, serverhostkeyblob, sbloblen);
-       buffer_put_int(&b, minbits);
+       if (min == -1 || max == -1) 
+               buffer_put_int(&b, wantbits);
+       else {
+               buffer_put_int(&b, min);
+               buffer_put_int(&b, wantbits);
+               buffer_put_int(&b, max);
+       }
        buffer_put_bignum2(&b, prime);
        buffer_put_bignum2(&b, gen);
        buffer_put_bignum2(&b, client_dh_pub);

diff --git a/kex.h b/kex.h
index 5004699d9c36a9767d6033df6ff5f02399e06242..41337680a9cbff88b7049699ce6be52ac948bd1e 100644 (file)
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kex.h,v 1.15 2001/03/05 17:17:20 markus Exp $ */
+/*     $OpenBSD: kex.h,v 1.16 2001/03/28 21:59:40 provos Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -127,7 +127,8 @@ kex_hash_gex(
     char *ckexinit, int ckexinitlen,
     char *skexinit, int skexinitlen,
     char *serverhostkeyblob, int sbloblen,
-    int minbits, BIGNUM *prime, BIGNUM *gen,
+    int min, int wantbits, int max,
+    BIGNUM *prime, BIGNUM *gen,
     BIGNUM *client_dh_pub,
     BIGNUM *server_dh_pub,
     BIGNUM *shared_secret);

diff --git a/sshconnect2.c b/sshconnect2.c
index da8c8229ca0ef6f01fb90bbd65429c62684ef0dd..7a8c77b670f14e20813f5fad6cd99fea511606fa 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.57 2001/03/27 17:46:49 provos Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.58 2001/03/28 21:59:40 provos Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -440,6 +440,12 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr,
        memset(kbuf, 0, klen);
        xfree(kbuf);
 
+       if (datafellows & SSH_OLD_DHGEX) {
+               /* These values are not included in the hash */
+               min = -1;
+               max = -1;
+       }
+
        /* calc and verify H */
        hash = kex_hash_gex(
            client_version_string,
@@ -447,7 +453,8 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr,
            buffer_ptr(client_kexinit), buffer_len(client_kexinit),
            buffer_ptr(server_kexinit), buffer_len(server_kexinit),
            server_host_key_blob, sbloblen,
-           nbits, dh->p, dh->g,
+           min, nbits, max,
+           dh->p, dh->g,
            dh->pub_key,
            dh_server_pub,
            shared_secret

diff --git a/sshd.c b/sshd.c
index 27da6e48dbb74641434b4912e30253bf1146ebae..d9d3780fb3b8b212488e0096c14472a1979f1290 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.182 2001/03/28 20:50:45 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.183 2001/03/28 21:59:41 provos Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1720,6 +1720,12 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
        /* XXX precompute? */
        key_to_blob(hostkey, &server_host_key_blob, &sbloblen);
 
+       if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) {
+               /* These values are not included in the hash */
+               min = -1;
+               max = -1;
+       }
+
        /* calc H */                    /* XXX depends on 'kex' */
        hash = kex_hash_gex(
            client_version_string,
@@ -1727,7 +1733,8 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
            buffer_ptr(client_kexinit), buffer_len(client_kexinit),
            buffer_ptr(server_kexinit), buffer_len(server_kexinit),
            (char *)server_host_key_blob, sbloblen,
-           nbits, dh->p, dh->g,
+           min, nbits, max,
+           dh->p, dh->g,
            dh_client_pub,
            dh->pub_key,
            shared_secret