mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-25 11:22:10 +00:00
- markus@cvs.openbsd.org 2002/06/19 18:01:00
[cipher.c monitor.c monitor_wrap.c packet.c packet.h] make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
This commit is contained in:
parent
cb72e4f6d2
commit
402c6cc681
@ -30,6 +30,11 @@
|
||||
ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
|
||||
xmalloc.h]
|
||||
KNF done automatically while reading....
|
||||
- markus@cvs.openbsd.org 2002/06/19 18:01:00
|
||||
[cipher.c monitor.c monitor_wrap.c packet.c packet.h]
|
||||
make the monitor sync the transfer ssh1 session key;
|
||||
transfer keycontext only for RC4 (this is still depends on EVP
|
||||
implementation details and is broken).
|
||||
- (bal) Cygwin special handling of empty passwords wrong. Patch by
|
||||
vinschen@redhat.com
|
||||
|
||||
@ -960,4 +965,4 @@
|
||||
- (stevesk) entropy.c: typo in debug message
|
||||
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
|
||||
|
||||
$Id: ChangeLog,v 1.2225 2002/06/21 00:41:51 mouring Exp $
|
||||
$Id: ChangeLog,v 1.2226 2002/06/21 00:43:42 mouring Exp $
|
||||
|
37
cipher.c
37
cipher.c
@ -35,7 +35,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cipher.c,v 1.58 2002/06/04 23:05:49 markus Exp $");
|
||||
RCSID("$OpenBSD: cipher.c,v 1.59 2002/06/19 18:01:00 markus Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
@ -689,28 +689,14 @@ int
|
||||
cipher_get_keycontext(CipherContext *cc, u_char *dat)
|
||||
{
|
||||
Cipher *c = cc->cipher;
|
||||
int plen;
|
||||
int plen = 0;
|
||||
|
||||
if (c->number == SSH_CIPHER_3DES) {
|
||||
struct ssh1_3des_ctx *desc;
|
||||
desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
|
||||
if (desc == NULL)
|
||||
fatal("%s: no 3des context", __func__);
|
||||
plen = EVP_X_STATE_LEN(desc->k1);
|
||||
if (c->evptype == EVP_rc4) {
|
||||
plen = EVP_X_STATE_LEN(cc->evp);
|
||||
if (dat == NULL)
|
||||
return (3*plen);
|
||||
memcpy(dat, EVP_X_STATE(desc->k1), plen);
|
||||
memcpy(dat + plen, EVP_X_STATE(desc->k2), plen);
|
||||
memcpy(dat + 2*plen, EVP_X_STATE(desc->k3), plen);
|
||||
return (3*plen);
|
||||
return (plen);
|
||||
memcpy(dat, EVP_X_STATE(cc->evp), plen);
|
||||
}
|
||||
|
||||
/* Generic EVP */
|
||||
plen = EVP_X_STATE_LEN(cc->evp);
|
||||
if (dat == NULL)
|
||||
return (plen);
|
||||
|
||||
memcpy(dat, EVP_X_STATE(cc->evp), plen);
|
||||
return (plen);
|
||||
}
|
||||
|
||||
@ -720,16 +706,7 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat)
|
||||
Cipher *c = cc->cipher;
|
||||
int plen;
|
||||
|
||||
if (c->number == SSH_CIPHER_3DES) {
|
||||
struct ssh1_3des_ctx *desc;
|
||||
desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
|
||||
if (desc == NULL)
|
||||
fatal("%s: no 3des context", __func__);
|
||||
plen = EVP_X_STATE_LEN(desc->k1);
|
||||
memcpy(EVP_X_STATE(desc->k1), dat, plen);
|
||||
memcpy(EVP_X_STATE(desc->k2), dat + plen, plen);
|
||||
memcpy(EVP_X_STATE(desc->k3), dat + 2*plen, plen);
|
||||
} else {
|
||||
if (c->evptype == EVP_rc4) {
|
||||
plen = EVP_X_STATE_LEN(cc->evp);
|
||||
memcpy(EVP_X_STATE(cc->evp), dat, plen);
|
||||
}
|
||||
|
15
monitor.c
15
monitor.c
@ -25,7 +25,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: monitor.c,v 1.14 2002/06/04 23:05:49 markus Exp $");
|
||||
RCSID("$OpenBSD: monitor.c,v 1.15 2002/06/19 18:01:00 markus Exp $");
|
||||
|
||||
#include <openssl/dh.h>
|
||||
|
||||
@ -83,6 +83,8 @@ struct {
|
||||
u_int ivinlen;
|
||||
u_char *ivout;
|
||||
u_int ivoutlen;
|
||||
u_char *ssh1key;
|
||||
u_int ssh1keylen;
|
||||
int ssh1cipher;
|
||||
int ssh1protoflags;
|
||||
u_char *input;
|
||||
@ -1303,14 +1305,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
|
||||
set_newkeys(MODE_IN);
|
||||
set_newkeys(MODE_OUT);
|
||||
} else {
|
||||
u_char key[SSH_SESSION_KEY_LENGTH];
|
||||
|
||||
memset(key, 'a', sizeof(key));
|
||||
packet_set_protocol_flags(child_state.ssh1protoflags);
|
||||
packet_set_encryption_key(key, SSH_SESSION_KEY_LENGTH,
|
||||
child_state.ssh1cipher);
|
||||
packet_set_encryption_key(child_state.ssh1key,
|
||||
child_state.ssh1keylen, child_state.ssh1cipher);
|
||||
xfree(child_state.ssh1key);
|
||||
}
|
||||
|
||||
/* for rc4 and other stateful ciphers */
|
||||
packet_set_keycontext(MODE_OUT, child_state.keyout);
|
||||
xfree(child_state.keyout);
|
||||
packet_set_keycontext(MODE_IN, child_state.keyin);
|
||||
@ -1396,6 +1397,8 @@ mm_get_keystate(struct monitor *pmonitor)
|
||||
if (!compat20) {
|
||||
child_state.ssh1protoflags = buffer_get_int(&m);
|
||||
child_state.ssh1cipher = buffer_get_int(&m);
|
||||
child_state.ssh1key = buffer_get_string(&m,
|
||||
&child_state.ssh1keylen);
|
||||
child_state.ivout = buffer_get_string(&m,
|
||||
&child_state.ivoutlen);
|
||||
child_state.ivin = buffer_get_string(&m, &child_state.ivinlen);
|
||||
|
@ -25,7 +25,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: monitor_wrap.c,v 1.10 2002/06/19 00:27:55 deraadt Exp $");
|
||||
RCSID("$OpenBSD: monitor_wrap.c,v 1.11 2002/06/19 18:01:00 markus Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/dh.h>
|
||||
@ -520,13 +520,21 @@ mm_send_keystate(struct monitor *pmonitor)
|
||||
|
||||
if (!compat20) {
|
||||
u_char iv[24];
|
||||
int ivlen;
|
||||
u_char *key;
|
||||
u_int ivlen, keylen;
|
||||
|
||||
buffer_put_int(&m, packet_get_protocol_flags());
|
||||
|
||||
buffer_put_int(&m, packet_get_ssh1_cipher());
|
||||
|
||||
debug3("%s: Sending ssh1 IV", __func__);
|
||||
debug3("%s: Sending ssh1 KEY+IV", __func__);
|
||||
keylen = packet_get_encryption_key(NULL);
|
||||
key = xmalloc(keylen+1); /* add 1 if keylen == 0 */
|
||||
keylen = packet_get_encryption_key(key);
|
||||
buffer_put_string(&m, key, keylen);
|
||||
memset(key, 0, keylen);
|
||||
xfree(key);
|
||||
|
||||
ivlen = packet_get_keyiv_len(MODE_OUT);
|
||||
packet_get_keyiv(MODE_OUT, iv, ivlen);
|
||||
buffer_put_string(&m, iv, ivlen);
|
||||
|
21
packet.c
21
packet.c
@ -37,7 +37,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: packet.c,v 1.94 2002/06/04 23:02:06 markus Exp $");
|
||||
RCSID("$OpenBSD: packet.c,v 1.95 2002/06/19 18:01:00 markus Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
@ -60,6 +60,7 @@ RCSID("$OpenBSD: packet.c,v 1.94 2002/06/04 23:02:06 markus Exp $");
|
||||
#include "log.h"
|
||||
#include "canohost.h"
|
||||
#include "misc.h"
|
||||
#include "ssh.h"
|
||||
|
||||
#ifdef PACKET_DEBUG
|
||||
#define DBG(x) x
|
||||
@ -118,6 +119,10 @@ Newkeys *newkeys[MODE_MAX];
|
||||
static u_int32_t read_seqnr = 0;
|
||||
static u_int32_t send_seqnr = 0;
|
||||
|
||||
/* Session key for protocol v1 */
|
||||
static u_char ssh1_key[SSH_SESSION_KEY_LENGTH];
|
||||
static u_int ssh1_keylen;
|
||||
|
||||
/* roundup current message to extra_pad bytes */
|
||||
static u_char extra_pad = 0;
|
||||
|
||||
@ -391,6 +396,7 @@ packet_start_compression(int level)
|
||||
* key is used for both sending and reception. However, both directions are
|
||||
* encrypted independently of each other.
|
||||
*/
|
||||
|
||||
void
|
||||
packet_set_encryption_key(const u_char *key, u_int keylen,
|
||||
int number)
|
||||
@ -400,10 +406,23 @@ packet_set_encryption_key(const u_char *key, u_int keylen,
|
||||
fatal("packet_set_encryption_key: unknown cipher number %d", number);
|
||||
if (keylen < 20)
|
||||
fatal("packet_set_encryption_key: keylen too small: %d", keylen);
|
||||
if (keylen > SSH_SESSION_KEY_LENGTH)
|
||||
fatal("packet_set_encryption_key: keylen too big: %d", keylen);
|
||||
memcpy(ssh1_key, key, keylen);
|
||||
ssh1_keylen = keylen;
|
||||
cipher_init(&send_context, cipher, key, keylen, NULL, 0, CIPHER_ENCRYPT);
|
||||
cipher_init(&receive_context, cipher, key, keylen, NULL, 0, CIPHER_DECRYPT);
|
||||
}
|
||||
|
||||
u_int
|
||||
packet_get_encryption_key(u_char *key)
|
||||
{
|
||||
if (key == NULL)
|
||||
return (ssh1_keylen);
|
||||
memcpy(key, ssh1_key, ssh1_keylen);
|
||||
return (ssh1_keylen);
|
||||
}
|
||||
|
||||
/* Start constructing a packet to send. */
|
||||
void
|
||||
packet_start(u_char type)
|
||||
|
3
packet.h
3
packet.h
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: packet.h,v 1.34 2002/03/18 17:16:38 markus Exp $ */
|
||||
/* $OpenBSD: packet.h,v 1.35 2002/06/19 18:01:00 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -24,6 +24,7 @@ int packet_get_connection_in(void);
|
||||
int packet_get_connection_out(void);
|
||||
void packet_close(void);
|
||||
void packet_set_encryption_key(const u_char *, u_int, int);
|
||||
u_int packet_get_encryption_key(u_char *);
|
||||
void packet_set_protocol_flags(u_int);
|
||||
u_int packet_get_protocol_flags(void);
|
||||
void packet_start_compression(int);
|
||||
|
Loading…
Reference in New Issue
Block a user