| kexgexs.c (294332) | kexgexs.c (294336) |
|---|---|
| 1/* $OpenBSD: kexgexs.c,v 1.24 2015/01/26 06:10:03 djm Exp $ */ | 1/* $OpenBSD: kexgexs.c,v 1.25 2015/04/13 02:04:08 djm Exp $ */ |
| 2/* 3 * Copyright (c) 2000 Niels Provos. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright --- 45 unchanged lines hidden (view full) --- 55#include "sshbuf.h" 56 57static int input_kex_dh_gex_request(int, u_int32_t, void *); 58static int input_kex_dh_gex_init(int, u_int32_t, void *); 59 60int 61kexgex_server(struct ssh *ssh) 62{ | 2/* 3 * Copyright (c) 2000 Niels Provos. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright --- 45 unchanged lines hidden (view full) --- 55#include "sshbuf.h" 56 57static int input_kex_dh_gex_request(int, u_int32_t, void *); 58static int input_kex_dh_gex_init(int, u_int32_t, void *); 59 60int 61kexgex_server(struct ssh *ssh) 62{ |
| 63 ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST_OLD, 64 &input_kex_dh_gex_request); | |
| 65 ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST, 66 &input_kex_dh_gex_request); 67 debug("expecting SSH2_MSG_KEX_DH_GEX_REQUEST"); 68 return 0; 69} 70 71static int 72input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt) 73{ 74 struct ssh *ssh = ctxt; 75 struct kex *kex = ssh->kex; 76 int r; 77 u_int min = 0, max = 0, nbits = 0; 78 | 63 ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST, 64 &input_kex_dh_gex_request); 65 debug("expecting SSH2_MSG_KEX_DH_GEX_REQUEST"); 66 return 0; 67} 68 69static int 70input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt) 71{ 72 struct ssh *ssh = ctxt; 73 struct kex *kex = ssh->kex; 74 int r; 75 u_int min = 0, max = 0, nbits = 0; 76 |
| 79 switch (type) { 80 case SSH2_MSG_KEX_DH_GEX_REQUEST: 81 debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); 82 if ((r = sshpkt_get_u32(ssh, &min)) != 0 || 83 (r = sshpkt_get_u32(ssh, &nbits)) != 0 || 84 (r = sshpkt_get_u32(ssh, &max)) != 0 || 85 (r = sshpkt_get_end(ssh)) != 0) 86 goto out; 87 kex->nbits = nbits; 88 kex->min = min; 89 kex->max = max; 90 min = MAX(DH_GRP_MIN, min); 91 max = MIN(DH_GRP_MAX, max); 92 nbits = MAX(DH_GRP_MIN, nbits); 93 nbits = MIN(DH_GRP_MAX, nbits); 94 break; 95 case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: 96 debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received"); 97 if ((r = sshpkt_get_u32(ssh, &nbits)) != 0 || 98 (r = sshpkt_get_end(ssh)) != 0) 99 goto out; 100 kex->nbits = nbits; 101 /* unused for old GEX */ 102 kex->min = min = DH_GRP_MIN; 103 kex->max = max = DH_GRP_MAX; 104 break; 105 default: 106 r = SSH_ERR_INVALID_ARGUMENT; | 77 debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); 78 if ((r = sshpkt_get_u32(ssh, &min)) != 0 || 79 (r = sshpkt_get_u32(ssh, &nbits)) != 0 || 80 (r = sshpkt_get_u32(ssh, &max)) != 0 || 81 (r = sshpkt_get_end(ssh)) != 0) |
| 107 goto out; | 82 goto out; |
| 108 } | 83 kex->nbits = nbits; 84 kex->min = min; 85 kex->max = max; 86 min = MAX(DH_GRP_MIN, min); 87 max = MIN(DH_GRP_MAX, max); 88 nbits = MAX(DH_GRP_MIN, nbits); 89 nbits = MIN(DH_GRP_MAX, nbits); |
| 109 110 if (kex->max < kex->min || kex->nbits < kex->min || 111 kex->max < kex->nbits) { 112 r = SSH_ERR_DH_GEX_OUT_OF_RANGE; 113 goto out; 114 } 115 116 /* Contact privileged parent */ --- 9 unchanged lines hidden (view full) --- 126 (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 || 127 (r = sshpkt_send(ssh)) != 0) 128 goto out; 129 130 /* Compute our exchange value in parallel with the client */ 131 if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) 132 goto out; 133 | 90 91 if (kex->max < kex->min || kex->nbits < kex->min || 92 kex->max < kex->nbits) { 93 r = SSH_ERR_DH_GEX_OUT_OF_RANGE; 94 goto out; 95 } 96 97 /* Contact privileged parent */ --- 9 unchanged lines hidden (view full) --- 107 (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 || 108 (r = sshpkt_send(ssh)) != 0) 109 goto out; 110 111 /* Compute our exchange value in parallel with the client */ 112 if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) 113 goto out; 114 |
| 134 /* old KEX does not use min/max in kexgex_hash() */ 135 if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) 136 kex->min = kex->max = -1; 137 | |
| 138 debug("expecting SSH2_MSG_KEX_DH_GEX_INIT"); 139 ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init); 140 r = 0; 141 out: 142 return r; 143} 144 145static int --- 132 unchanged lines hidden --- | 115 debug("expecting SSH2_MSG_KEX_DH_GEX_INIT"); 116 ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init); 117 r = 0; 118 out: 119 return r; 120} 121 122static int --- 132 unchanged lines hidden --- |