From 238abf6a14d6ed038918fa35f618089230e68fd6 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Wed, 4 Apr 2001 17:52:53 +0000 Subject: [PATCH] - markus@cvs.openbsd.org 2001/04/04 09:48:35 [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c] don't sent multiple kexinit-requests. send newkeys, block while waiting for newkeys. fix comments. --- ChangeLog | 10 +++++++++- kex.c | 22 +++++++++++----------- kex.h | 7 ++++--- kexdh.c | 14 +++++++------- kexgex.c | 17 +++++++---------- packet.c | 5 +++-- sshconnect2.c | 6 +++--- sshd.c | 4 ++-- 8 files changed, 46 insertions(+), 39 deletions(-) diff --git a/ChangeLog b/ChangeLog index bc6879865..4ca9cf0b0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20010405 + - OpenBSD CVS Sync + - markus@cvs.openbsd.org 2001/04/04 09:48:35 + [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c] + don't sent multiple kexinit-requests. + send newkeys, block while waiting for newkeys. + fix comments. + 20010404 - OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2001/04/02 17:32:23 @@ -4836,4 +4844,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1054 2001/04/04 17:39:19 mouring Exp $ +$Id: ChangeLog,v 1.1055 2001/04/04 17:52:53 mouring Exp $ diff --git a/kex.c b/kex.c index 3b42d3240..1314270d4 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.27 2001/04/03 23:32:11 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.28 2001/04/04 09:48:34 markus Exp $"); #include @@ -112,20 +112,17 @@ kex_protocol_error(int type, int plen, void *ctxt) } void -kex_send_newkeys(void) +kex_finish(Kex *kex) { + int i, plen; + packet_start(SSH2_MSG_NEWKEYS); packet_send(); /* packet_write_wait(); */ debug("SSH2_MSG_NEWKEYS sent"); -} - -void -kex_input_newkeys(int type, int plen, void *ctxt) -{ - Kex *kex = ctxt; - int i; + debug("waiting for SSH2_MSG_NEWKEYS"); + packet_read_expect(&plen, SSH2_MSG_NEWKEYS); debug("SSH2_MSG_NEWKEYS received"); kex->newkeys = 1; for (i = 30; i <= 49; i++) @@ -138,6 +135,10 @@ kex_input_newkeys(int type, int plen, void *ctxt) void kex_send_kexinit(Kex *kex) { + if (kex->flags & KEX_INIT_SENT) { + debug("KEX_INIT_SENT"); + return; + } packet_start(SSH2_MSG_KEXINIT); packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my)); packet_send(); @@ -161,7 +162,7 @@ kex_input_kexinit(int type, int plen, void *ctxt) } Kex * -kex_start(char *proposal[PROPOSAL_MAX]) +kex_setup(char *proposal[PROPOSAL_MAX]) { Kex *kex; int i; @@ -179,7 +180,6 @@ kex_start(char *proposal[PROPOSAL_MAX]) dispatch_set(i, kex_protocol_error); dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit); - dispatch_set(SSH2_MSG_NEWKEYS, &kex_input_newkeys); return kex; } diff --git a/kex.h b/kex.h index 83f54fd96..c37d3aa5f 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.19 2001/04/03 23:32:12 markus Exp $ */ +/* $OpenBSD: kex.h,v 1.20 2001/04/04 09:48:34 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -111,8 +111,9 @@ struct Kex { Key *(*load_host_key)(int type); }; -Kex *kex_start(char *proposal[PROPOSAL_MAX]); -void kex_send_newkeys(void); +Kex *kex_setup(char *proposal[PROPOSAL_MAX]); +void kex_finish(Kex *kex); + void kex_send_kexinit(Kex *kex); void kex_protocol_error(int type, int plen, void *ctxt); void kex_derive_keys(Kex *k, u_char *hash, BIGNUM *shared_secret); diff --git a/kexdh.c b/kexdh.c index 8449ec06a..7b6a22040 100644 --- a/kexdh.c +++ b/kexdh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdh.c,v 1.2 2001/04/03 23:32:12 markus Exp $"); +RCSID("$OpenBSD: kexdh.c,v 1.3 2001/04/04 09:48:34 markus Exp $"); #include #include @@ -170,8 +170,8 @@ kexdh_client(Kex *kex) shared_secret ); xfree(server_host_key_blob); - DH_free(dh); BN_free(dh_server_pub); + DH_free(dh); if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1) fatal("key_verify failed for server_host_key"); @@ -187,7 +187,7 @@ kexdh_client(Kex *kex) kex_derive_keys(kex, hash, shared_secret); BN_clear_free(shared_secret); - kex_send_newkeys(); + kex_finish(kex); } /* server */ @@ -283,15 +283,15 @@ kexdh_server(Kex *kex) packet_put_bignum2(dh->pub_key); /* f */ packet_put_string((char *)signature, slen); packet_send(); + xfree(signature); xfree(server_host_key_blob); + /* have keys, free DH */ + DH_free(dh); kex_derive_keys(kex, hash, shared_secret); BN_clear_free(shared_secret); - kex_send_newkeys(); - - /* have keys, free DH */ - DH_free(dh); + kex_finish(kex); } void diff --git a/kexgex.c b/kexgex.c index 6e8be78b5..df7e668b4 100644 --- a/kexgex.c +++ b/kexgex.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgex.c,v 1.2 2001/04/03 23:32:12 markus Exp $"); +RCSID("$OpenBSD: kexgex.c,v 1.3 2001/04/04 09:48:34 markus Exp $"); #include @@ -228,6 +228,8 @@ kexgex_client(Kex *kex) dh_server_pub, shared_secret ); + /* have keys, free DH */ + DH_free(dh); xfree(server_host_key_blob); BN_free(dh_server_pub); @@ -242,14 +244,10 @@ kexgex_client(Kex *kex) kex->session_id = xmalloc(kex->session_id_len); memcpy(kex->session_id, hash, kex->session_id_len); } - kex_derive_keys(kex, hash, shared_secret); BN_clear_free(shared_secret); - kex_send_newkeys(); - - /* have keys, free DH */ - DH_free(dh); + kex_finish(kex); } /* server */ @@ -391,14 +389,13 @@ kexgex_server(Kex *kex) packet_send(); xfree(signature); xfree(server_host_key_blob); + /* have keys, free DH */ + DH_free(dh); kex_derive_keys(kex, hash, shared_secret); BN_clear_free(shared_secret); - kex_send_newkeys(); - - /* have keys, free DH */ - DH_free(dh); + kex_finish(kex); } void diff --git a/packet.c b/packet.c index a4a0b0595..cf081a0f8 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.57 2001/04/03 23:32:12 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.58 2001/04/04 09:48:34 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -525,7 +525,8 @@ set_newkeys(int mode) if (newkeys[mode] != NULL) { debug("newkeys: rekeying"); memset(cc, 0, sizeof(*cc)); - // free old keys, reset compression cipher-contexts; + /* todo: free old keys, reset compression/cipher-ctxt; */ + xfree(newkeys[mode]); } newkeys[mode] = kex_get_newkeys(mode); if (newkeys[mode] == NULL) diff --git a/sshconnect2.c b/sshconnect2.c index 1c52231b9..895156704 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.63 2001/04/04 00:06:54 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.64 2001/04/04 09:48:35 markus Exp $"); #include #include @@ -111,7 +111,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; } - kex = kex_start(myproposal); + kex = kex_setup(myproposal); kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; kex->check_host_key=&check_host_key_callback; @@ -254,7 +254,7 @@ ssh_userauth2(const char *server_user, char *host) /* initial userauth request */ userauth_none(&authctxt); - //dispatch_init(&input_userauth_error); + /* dispatch_init(&input_userauth_error); */ for (i = 50; i <= 254; i++) { dispatch_set(i, &input_userauth_error); } diff --git a/sshd.c b/sshd.c index bdcae2cd4..0bb4269d5 100644 --- a/sshd.c +++ b/sshd.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.187 2001/04/03 23:32:12 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.188 2001/04/04 09:48:35 markus Exp $"); #include #include @@ -1425,7 +1425,7 @@ do_ssh2_kex(void) } myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); - kex = kex_start(myproposal); + kex = kex_setup(myproposal); kex->server = 1; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string;