From 5ae3f6d314465026d028af82609c1d49ad197655 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 21 Jan 2019 09:55:52 +0000 Subject: [PATCH] upstream: save the derived session id in kex_derive_keys() rather than making each kex method implementation do it. from markus@ ok djm@ OpenBSD-Commit-ID: d61ade9c8d1e13f665f8663c552abff8c8a30673 --- kex.c | 10 +++++++++- kexc25519c.c | 13 +------------ kexc25519s.c | 13 +------------ kexdhc.c | 13 +------------ kexdhs.c | 13 +------------ kexecdhc.c | 13 +------------ kexecdhs.c | 13 +------------ kexgexc.c | 13 +------------ kexgexs.c | 13 +------------ 9 files changed, 17 insertions(+), 97 deletions(-) diff --git a/kex.c b/kex.c index 30e1c261d..0d5618ecc 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.143 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.144 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -1009,6 +1009,14 @@ kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen, u_int i, j, mode, ctos; int r; + /* save initial hash as session id */ + if (kex->session_id == NULL) { + kex->session_id_len = hashlen; + kex->session_id = malloc(kex->session_id_len); + if (kex->session_id == NULL) + return SSH_ERR_ALLOC_FAIL; + memcpy(kex->session_id, hash, kex->session_id_len); + } for (i = 0; i < NKEYS; i++) { if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen, shared_secret, &keys[i])) != 0) { diff --git a/kexc25519c.c b/kexc25519c.c index 75e7d8c57..59b4e4cc0 100644 --- a/kexc25519c.c +++ b/kexc25519c.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519c.c,v 1.10 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexc25519c.c,v 1.11 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -144,17 +144,6 @@ input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh) kex->hostkey_alg, ssh->compat)) != 0) goto out; - /* save session id */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: diff --git a/kexc25519s.c b/kexc25519s.c index 9ff74d912..65df18c4b 100644 --- a/kexc25519s.c +++ b/kexc25519s.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519s.c,v 1.13 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: kexc25519s.c,v 1.14 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -121,17 +121,6 @@ input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh) hash, &hashlen)) < 0) goto out; - /* save session id := H */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - /* sign H */ if ((r = kex->sign(ssh, server_host_private, server_host_public, &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) diff --git a/kexdhc.c b/kexdhc.c index 236075eec..a37452abd 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.25 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.26 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -188,17 +188,6 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) kex->hostkey_alg, ssh->compat)) != 0) goto out; - /* save session id */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: diff --git a/kexdhs.c b/kexdhs.c index 4e4872580..b7b64a82a 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.31 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.32 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -173,17 +173,6 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) hash, &hashlen)) != 0) goto out; - /* save session id := H */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - /* sign H */ if ((r = kex->sign(ssh, server_host_private, server_host_public, &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) diff --git a/kexecdhc.c b/kexecdhc.c index af556dc58..2cff34347 100644 --- a/kexecdhc.c +++ b/kexecdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhc.c,v 1.14 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexecdhc.c,v 1.15 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -190,17 +190,6 @@ input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh) hashlen, kex->hostkey_alg, ssh->compat)) != 0) goto out; - /* save session id */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: diff --git a/kexecdhs.c b/kexecdhs.c index 45ac3f794..4ba2072df 100644 --- a/kexecdhs.c +++ b/kexecdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhs.c,v 1.19 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: kexecdhs.c,v 1.20 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -156,17 +156,6 @@ input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh) hash, &hashlen)) != 0) goto out; - /* save session id := H */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - /* sign H */ if ((r = kex->sign(ssh, server_host_private, server_host_public, &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) diff --git a/kexgexc.c b/kexgexc.c index dec01fd4f..0425309d4 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.30 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.31 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -229,17 +229,6 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) hashlen, kex->hostkey_alg, ssh->compat)) != 0) goto out; - /* save session id */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); out: diff --git a/kexgexs.c b/kexgexs.c index 2a8997302..4ffbb1918 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.38 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.39 2019/01/21 09:55:52 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -207,17 +207,6 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) hash, &hashlen)) != 0) goto out; - /* save session id := H */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(kex->session_id, hash, kex->session_id_len); - } - /* sign H */ if ((r = kex->sign(ssh, server_host_private, server_host_public, &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0)