- markus@cvs.openbsd.org 2001/04/04 09:48:35

author mouring <mouring>

Wed, 4 Apr 2001 17:52:53 +0000 (17:52 +0000)

committer mouring <mouring>

Wed, 4 Apr 2001 17:52:53 +0000 (17:52 +0000)
author mouring <mouring>
Wed, 4 Apr 2001 17:52:53 +0000 (17:52 +0000)
committer mouring <mouring>
Wed, 4 Apr 2001 17:52:53 +0000 (17:52 +0000)
diff --git a/ChangeLog b/ChangeLog

index c587bf6b083ba87dc1f5fedd6d93dc5b011008a8..51505e8f4f0a468eb8791217b119881b88bf2d6e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+20010405
+ - OpenBSD CVS Sync                                              
+   - markus@cvs.openbsd.org 2001/04/04 09:48:35                  
+     [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
+     don't sent multiple kexinit-requests.                       
+     send newkeys, block while waiting for newkeys.              
+     fix comments.                                               
+
  20010404
   - OpenBSD CVS Sync
     - deraadt@cvs.openbsd.org 2001/04/02 17:32:23
diff --git a/kex.c b/kex.c

index 3b42d3240170661c3e50f887fe43589f9a07a495..1314270d4965d94790172c4989c8caeebc7c4432 100644 (file)
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
   */
  
  #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.27 2001/04/03 23:32:11 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.28 2001/04/04 09:48:34 markus Exp $");
  
  #include <openssl/crypto.h>
  
@@ -112,20 +112,17 @@ kex_protocol_error(int type, int plen, void *ctxt)
  }
  
  void
-kex_send_newkeys(void)
+kex_finish(Kex *kex)
  {
+       int i, plen;
+
         packet_start(SSH2_MSG_NEWKEYS);
         packet_send();
         /* packet_write_wait(); */
         debug("SSH2_MSG_NEWKEYS sent");
-}
-
-void
-kex_input_newkeys(int type, int plen, void *ctxt)
-{
-       Kex *kex = ctxt;
-       int i;
  
+        debug("waiting for SSH2_MSG_NEWKEYS");
+        packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
         debug("SSH2_MSG_NEWKEYS received");
         kex->newkeys = 1;
         for (i = 30; i <= 49; i++)
@@ -138,6 +135,10 @@ kex_input_newkeys(int type, int plen, void *ctxt)
  void
  kex_send_kexinit(Kex *kex)
  {
+       if (kex->flags & KEX_INIT_SENT) {
+               debug("KEX_INIT_SENT");
+               return;
+       }
         packet_start(SSH2_MSG_KEXINIT);
         packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));
         packet_send();
@@ -161,7 +162,7 @@ kex_input_kexinit(int type, int plen, void *ctxt)
  }
  
  Kex *
-kex_start(char *proposal[PROPOSAL_MAX])
+kex_setup(char *proposal[PROPOSAL_MAX])
  {
         Kex *kex;
         int i;
@@ -179,7 +180,6 @@ kex_start(char *proposal[PROPOSAL_MAX])
                 dispatch_set(i, kex_protocol_error);
  
         dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
-       dispatch_set(SSH2_MSG_NEWKEYS, &kex_input_newkeys);
         return kex;
  }
  
diff --git a/kex.h b/kex.h

index 83f54fd968a1f650eab0d1eb77da535d2431fb9b..c37d3aa5fdb2c271b10b18b82557befbb3beb8e5 100644 (file)
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kex.h,v 1.19 2001/04/03 23:32:12 markus Exp $ */
+/*     $OpenBSD: kex.h,v 1.20 2001/04/04 09:48:34 markus Exp $ */
  
  /*
   * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -111,8 +111,9 @@ struct Kex {
         Key     *(*load_host_key)(int type);
  };
  
-Kex    *kex_start(char *proposal[PROPOSAL_MAX]);
-void   kex_send_newkeys(void);
+Kex    *kex_setup(char *proposal[PROPOSAL_MAX]);
+void   kex_finish(Kex *kex);
+
  void   kex_send_kexinit(Kex *kex);
  void   kex_protocol_error(int type, int plen, void *ctxt);
  void   kex_derive_keys(Kex *k, u_char *hash, BIGNUM *shared_secret);
diff --git a/kexdh.c b/kexdh.c

index 8449ec06ae8c0bc7418b7351173a6131c463dc52..7b6a22040a3e33016817ecec1e0d76dcc0c7aee0 100644 (file)
--- a/kexdh.c
+++ b/kexdh.c
@@ -23,7 +23,7 @@
   */
  
  #include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.2 2001/04/03 23:32:12 markus Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.3 2001/04/04 09:48:34 markus Exp $");
  
  #include <openssl/crypto.h>
  #include <openssl/bn.h>
@@ -170,8 +170,8 @@ kexdh_client(Kex *kex)
             shared_secret
         );
         xfree(server_host_key_blob);
-       DH_free(dh);
         BN_free(dh_server_pub);
+       DH_free(dh);
  
         if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
                 fatal("key_verify failed for server_host_key");
@@ -187,7 +187,7 @@ kexdh_client(Kex *kex)
  
         kex_derive_keys(kex, hash, shared_secret);
         BN_clear_free(shared_secret);
-       kex_send_newkeys();
+       kex_finish(kex);
  }
  
  /* server */
@@ -283,15 +283,15 @@ kexdh_server(Kex *kex)
         packet_put_bignum2(dh->pub_key);        /* f */
         packet_put_string((char *)signature, slen);
         packet_send();
+
         xfree(signature);
         xfree(server_host_key_blob);
+       /* have keys, free DH */
+       DH_free(dh);
  
         kex_derive_keys(kex, hash, shared_secret);
         BN_clear_free(shared_secret);
-       kex_send_newkeys();
-
-       /* have keys, free DH */
-       DH_free(dh);
+       kex_finish(kex);
  }
  
  void
diff --git a/kexgex.c b/kexgex.c

index 6e8be78b5527a894e89baca4345be4407768cb8b..df7e668b4ab4c8cc122a086ade82da8dd24d16ce 100644 (file)
--- a/kexgex.c
+++ b/kexgex.c
@@ -24,7 +24,7 @@
   */
  
  #include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.2 2001/04/03 23:32:12 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.3 2001/04/04 09:48:34 markus Exp $");
  
  #include <openssl/bn.h>
  
@@ -228,6 +228,8 @@ kexgex_client(Kex *kex)
             dh_server_pub,
             shared_secret
         );
+       /* have keys, free DH */
+       DH_free(dh);
         xfree(server_host_key_blob);
         BN_free(dh_server_pub);
  
@@ -242,14 +244,10 @@ kexgex_client(Kex *kex)
                 kex->session_id = xmalloc(kex->session_id_len);
                 memcpy(kex->session_id, hash, kex->session_id_len);
         }
-
         kex_derive_keys(kex, hash, shared_secret);
         BN_clear_free(shared_secret);
  
-       kex_send_newkeys();
-
-       /* have keys, free DH */
-       DH_free(dh);
+       kex_finish(kex);
  }
  
  /* server */
@@ -391,14 +389,13 @@ kexgex_server(Kex *kex)
         packet_send();
         xfree(signature);
         xfree(server_host_key_blob);
+       /* have keys, free DH */
+       DH_free(dh);
  
         kex_derive_keys(kex, hash, shared_secret);
         BN_clear_free(shared_secret);
  
-       kex_send_newkeys();
-
-       /* have keys, free DH */
-       DH_free(dh);
+       kex_finish(kex);
  }
  
  void
diff --git a/packet.c b/packet.c

index a4a0b05957d1cc4854f1a3a83cb6b0aaa47f98b0..cf081a0f81e660ab6e17a6834adc05b2fb78fc82 100644 (file)
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
   */
  
  #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.57 2001/04/03 23:32:12 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.58 2001/04/04 09:48:34 markus Exp $");
  
  #include "xmalloc.h"
  #include "buffer.h"
@@ -525,7 +525,8 @@ set_newkeys(int mode)
         if (newkeys[mode] != NULL) {
                 debug("newkeys: rekeying");
                 memset(cc, 0, sizeof(*cc));
-               // free old keys, reset compression cipher-contexts;
+               /* todo: free old keys, reset compression/cipher-ctxt; */
+               xfree(newkeys[mode]);
         }
         newkeys[mode] = kex_get_newkeys(mode);
         if (newkeys[mode] == NULL)
diff --git a/sshconnect2.c b/sshconnect2.c

index 1c52231b953cfe249675d4e62803f94cb0834ded..895156704a740dc83b60d885bac6fe225b3f73b4 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
   */
  
  #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.63 2001/04/04 00:06:54 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.64 2001/04/04 09:48:35 markus Exp $");
  
  #include <openssl/bn.h>
  #include <openssl/md5.h>
@@ -111,7 +111,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
                 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
         }
  
-       kex = kex_start(myproposal);
+       kex = kex_setup(myproposal);
         kex->client_version_string=client_version_string;
         kex->server_version_string=server_version_string;
         kex->check_host_key=&check_host_key_callback;
@@ -254,7 +254,7 @@ ssh_userauth2(const char *server_user, char *host)
         /* initial userauth request */
         userauth_none(&authctxt);
  
-       //dispatch_init(&input_userauth_error);
+       /* dispatch_init(&input_userauth_error); */
          for (i = 50; i <= 254; i++) {
                  dispatch_set(i, &input_userauth_error);
          }
diff --git a/sshd.c b/sshd.c

index bdcae2cd4f63964bdfea98e3f78b79cf3ec554be..0bb4269d5a8a0cfacf2791109836ee3f762a727d 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
   */
  
  #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.187 2001/04/03 23:32:12 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.188 2001/04/04 09:48:35 markus Exp $");
  
  #include <openssl/dh.h>
  #include <openssl/bn.h>
@@ -1425,7 +1425,7 @@ do_ssh2_kex(void)
         }
         myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
  
-       kex = kex_start(myproposal);
+       kex = kex_setup(myproposal);
         kex->server = 1;
         kex->client_version_string=client_version_string;
         kex->server_version_string=server_version_string;
author	mouring <mouring>
	Wed, 4 Apr 2001 17:52:53 +0000 (17:52 +0000)
committer	mouring <mouring>
	Wed, 4 Apr 2001 17:52:53 +0000 (17:52 +0000)
ChangeLog		patch \| blob \| blame \| history
kex.c		patch \| blob \| blame \| history
kex.h		patch \| blob \| blame \| history
kexdh.c		patch \| blob \| blame \| history
kexgex.c		patch \| blob \| blame \| history
packet.c		patch \| blob \| blame \| history
sshconnect2.c		patch \| blob \| blame \| history
sshd.c		patch \| blob \| blame \| history