| sshd.c (60663) | sshd.c (61212) |
|---|---|
| 1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Created: Fri Mar 17 17:09:28 1995 ylo 6 * This program is the ssh daemon. It listens for connections from clients, and 7 * performs authentication, executes use commands or shell, and forwards 8 * information to/from the application to the user client over an encrypted 9 * connection. This can also handle forwarding of X11, TCP/IP, and authentication 10 * agent connections. 11 * 12 * SSH2 implementation, 13 * Copyright (c) 2000 Markus Friedl. All rights reserved. 14 * | 1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Created: Fri Mar 17 17:09:28 1995 ylo 6 * This program is the ssh daemon. It listens for connections from clients, and 7 * performs authentication, executes use commands or shell, and forwards 8 * information to/from the application to the user client over an encrypted 9 * connection. This can also handle forwarding of X11, TCP/IP, and authentication 10 * agent connections. 11 * 12 * SSH2 implementation, 13 * Copyright (c) 2000 Markus Friedl. All rights reserved. 14 * |
| 15 * $FreeBSD: head/crypto/openssh/sshd.c 60663 2000-05-17 08:06:20Z kris $ | 15 * $FreeBSD: head/crypto/openssh/sshd.c 61212 2000-06-03 09:58:15Z kris $ |
| 16 */ 17 18#include "includes.h" | 16 */ 17 18#include "includes.h" |
| 19RCSID("$OpenBSD: sshd.c,v 1.115 2000/05/03 10:21:49 markus Exp $"); | 19RCSID("$OpenBSD: sshd.c,v 1.118 2000/05/25 20:45:20 markus Exp $"); |
| 20 21#include "xmalloc.h" 22#include "rsa.h" 23#include "ssh.h" 24#include "pty.h" 25#include "packet.h" 26#include "cipher.h" 27#include "mpaux.h" --- 259 unchanged lines hidden (view full) --- 287 log("RSA key generation complete."); 288 } 289 /* Reschedule the alarm. */ 290 signal(SIGALRM, key_regeneration_alarm); 291 alarm(options.key_regeneration_time); 292 errno = save_errno; 293} 294 | 20 21#include "xmalloc.h" 22#include "rsa.h" 23#include "ssh.h" 24#include "pty.h" 25#include "packet.h" 26#include "cipher.h" 27#include "mpaux.h" --- 259 unchanged lines hidden (view full) --- 287 log("RSA key generation complete."); 288 } 289 /* Reschedule the alarm. */ 290 signal(SIGALRM, key_regeneration_alarm); 291 alarm(options.key_regeneration_time); 292 errno = save_errno; 293} 294 |
| 295char * 296chop(char *s) 297{ 298 char *t = s; 299 while (*t) { 300 if(*t == '\n' || *t == '\r') { 301 *t = '\0'; 302 return s; 303 } 304 t++; 305 } 306 return s; 307 308} 309 | |
| 310void 311sshd_exchange_identification(int sock_in, int sock_out) 312{ 313 int i, mismatch; 314 int remote_major, remote_minor; 315 int major, minor; 316 char *s; 317 char buf[256]; /* Must not be larger than remote_version. */ --- 111 unchanged lines hidden (view full) --- 429 packet_set_ssh2_format(); 430} 431 432 433void 434destroy_sensitive_data(void) 435{ 436 /* Destroy the private and public keys. They will no longer be needed. */ | 295void 296sshd_exchange_identification(int sock_in, int sock_out) 297{ 298 int i, mismatch; 299 int remote_major, remote_minor; 300 int major, minor; 301 char *s; 302 char buf[256]; /* Must not be larger than remote_version. */ --- 111 unchanged lines hidden (view full) --- 414 packet_set_ssh2_format(); 415} 416 417 418void 419destroy_sensitive_data(void) 420{ 421 /* Destroy the private and public keys. They will no longer be needed. */ |
| 437 RSA_free(public_key); 438 RSA_free(sensitive_data.private_key); 439 RSA_free(sensitive_data.host_key); | 422 if (public_key) 423 RSA_free(public_key); 424 if (sensitive_data.private_key) 425 RSA_free(sensitive_data.private_key); 426 if (sensitive_data.host_key) 427 RSA_free(sensitive_data.host_key); |
| 440 if (sensitive_data.dsa_host_key != NULL) 441 key_free(sensitive_data.dsa_host_key); 442} 443 444/* 445 * Main program for the daemon. 446 */ 447int --- 786 unchanged lines hidden (view full) --- 1234void 1235do_ssh2_kex() 1236{ 1237 Buffer *server_kexinit; 1238 Buffer *client_kexinit; 1239 int payload_len, dlen; 1240 int slen; 1241 unsigned int klen, kout; | 428 if (sensitive_data.dsa_host_key != NULL) 429 key_free(sensitive_data.dsa_host_key); 430} 431 432/* 433 * Main program for the daemon. 434 */ 435int --- 786 unchanged lines hidden (view full) --- 1222void 1223do_ssh2_kex() 1224{ 1225 Buffer *server_kexinit; 1226 Buffer *client_kexinit; 1227 int payload_len, dlen; 1228 int slen; 1229 unsigned int klen, kout; |
| 1242 char *ptr; | |
| 1243 unsigned char *signature = NULL; 1244 unsigned char *server_host_key_blob = NULL; 1245 unsigned int sbloblen; 1246 DH *dh; 1247 BIGNUM *dh_client_pub = 0; 1248 BIGNUM *shared_secret = 0; 1249 int i; 1250 unsigned char *kbuf; 1251 unsigned char *hash; 1252 Kex *kex; 1253 char *cprop[PROPOSAL_MAX]; | 1230 unsigned char *signature = NULL; 1231 unsigned char *server_host_key_blob = NULL; 1232 unsigned int sbloblen; 1233 DH *dh; 1234 BIGNUM *dh_client_pub = 0; 1235 BIGNUM *shared_secret = 0; 1236 int i; 1237 unsigned char *kbuf; 1238 unsigned char *hash; 1239 Kex *kex; 1240 char *cprop[PROPOSAL_MAX]; |
| 1254 char *sprop[PROPOSAL_MAX]; | |
| 1255 1256/* KEXINIT */ 1257 1258 if (options.ciphers != NULL) { 1259 myproposal[PROPOSAL_ENC_ALGS_CTOS] = 1260 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; 1261 } | 1241 1242/* KEXINIT */ 1243 1244 if (options.ciphers != NULL) { 1245 myproposal[PROPOSAL_ENC_ALGS_CTOS] = 1246 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; 1247 } |
| 1262 1263 debug("Sending KEX init."); 1264 1265 for (i = 0; i < PROPOSAL_MAX; i++) 1266 sprop[i] = xstrdup(myproposal[i]); 1267 server_kexinit = kex_init(sprop); 1268 packet_start(SSH2_MSG_KEXINIT); 1269 packet_put_raw(buffer_ptr(server_kexinit), buffer_len(server_kexinit)); 1270 packet_send(); 1271 packet_write_wait(); 1272 1273 debug("done"); 1274 1275 packet_read_expect(&payload_len, SSH2_MSG_KEXINIT); 1276 1277 /* 1278 * save raw KEXINIT payload in buffer. this is used during 1279 * computation of the session_id and the session keys. 1280 */ | 1248 server_kexinit = kex_init(myproposal); |
| 1281 client_kexinit = xmalloc(sizeof(*client_kexinit)); 1282 buffer_init(client_kexinit); | 1249 client_kexinit = xmalloc(sizeof(*client_kexinit)); 1250 buffer_init(client_kexinit); |
| 1283 ptr = packet_get_raw(&payload_len); 1284 buffer_append(client_kexinit, ptr, payload_len); | |
| 1285 | 1251 |
| 1286 /* skip cookie */ 1287 for (i = 0; i < 16; i++) 1288 (void) packet_get_char(); 1289 /* save kex init proposal strings */ 1290 for (i = 0; i < PROPOSAL_MAX; i++) { 1291 cprop[i] = packet_get_string(NULL); 1292 debug("got kexinit string: %s", cprop[i]); 1293 } | 1252 /* algorithm negotiation */ 1253 kex_exchange_kexinit(server_kexinit, client_kexinit, cprop); 1254 kex = kex_choose_conf(cprop, myproposal, 1); 1255 for (i = 0; i < PROPOSAL_MAX; i++) 1256 xfree(cprop[i]); |
| 1294 | 1257 |
| 1295 i = (int) packet_get_char(); 1296 debug("first kex follow == %d", i); 1297 i = packet_get_int(); 1298 debug("reserved == %d", i); 1299 1300 debug("done read kexinit"); 1301 kex = kex_choose_conf(cprop, sprop, 1); 1302 | |
| 1303/* KEXDH */ 1304 1305 debug("Wait SSH2_MSG_KEXDH_INIT."); 1306 packet_read_expect(&payload_len, SSH2_MSG_KEXDH_INIT); 1307 1308 /* key, cert */ 1309 dh_client_pub = BN_new(); 1310 if (dh_client_pub == NULL) --- 113 unchanged lines hidden --- | 1258/* KEXDH */ 1259 1260 debug("Wait SSH2_MSG_KEXDH_INIT."); 1261 packet_read_expect(&payload_len, SSH2_MSG_KEXDH_INIT); 1262 1263 /* key, cert */ 1264 dh_client_pub = BN_new(); 1265 if (dh_client_pub == NULL) --- 113 unchanged lines hidden --- |