Bugzilla – Attachment 1019 Details for
Bug 1023
Add support for dhgex-sha256
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch against CVS 20051105
kexsha256.diff (text/plain), 7.85 KB, created by
Damien Miller
on 2005-11-05 14:42:40 AEDT
(
hide
)
Description:
Patch against CVS 20051105
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2005-11-05 14:42:40 AEDT
Size:
7.85 KB
patch
obsolete
>Index: kex.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/kex.c,v >retrieving revision 1.65 >diff -u -p -r1.65 kex.c >--- kex.c 4 Nov 2005 05:15:59 -0000 1.65 >+++ kex.c 5 Nov 2005 03:37:15 -0000 >@@ -44,6 +44,8 @@ RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04 > > #define KEX_COOKIE_LEN 16 > >+extern const EVP_MD *evp_ssh_sha256(void); >+ > /* prototype */ > static void kex_kexinit_finish(Kex *); > static void kex_choose_conf(Kex *); >@@ -301,6 +303,9 @@ choose_kex(Kex *k, char *client, char *s > } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) { > k->kex_type = KEX_DH_GEX_SHA1; > k->evp_md = EVP_sha1(); >+ } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { >+ k->kex_type = KEX_DH_GEX_SHA256; >+ k->evp_md = evp_ssh_sha256(); > } else > fatal("bad kex alg %s", k->name); > } >Index: kex.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/kex.h,v >retrieving revision 1.38 >diff -u -p -r1.38 kex.h >--- kex.h 4 Nov 2005 05:15:59 -0000 1.38 >+++ kex.h 5 Nov 2005 03:37:15 -0000 >@@ -34,6 +34,7 @@ > #define KEX_DH1 "diffie-hellman-group1-sha1" > #define KEX_DH14 "diffie-hellman-group14-sha1" > #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" >+#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" > > #define COMP_NONE 0 > #define COMP_ZLIB 1 >@@ -63,6 +64,7 @@ enum kex_exchange { > KEX_DH_GRP1_SHA1, > KEX_DH_GRP14_SHA1, > KEX_DH_GEX_SHA1, >+ KEX_DH_GEX_SHA256, > KEX_MAX > }; > >Index: md-sha256.c >=================================================================== >RCS file: md-sha256.c >diff -N md-sha256.c >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ md-sha256.c 5 Nov 2005 03:37:15 -0000 >@@ -0,0 +1,71 @@ >+/* >+ * Copyright (c) 2005 Damien Miller <djm@openbsd.org> >+ * >+ * Permission to use, copy, modify, and distribute this software for any >+ * purpose with or without fee is hereby granted, provided that the above >+ * copyright notice and this permission notice appear in all copies. >+ * >+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES >+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF >+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR >+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES >+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN >+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF >+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. >+ */ >+ >+/* EVP wrapper for SHA256 */ >+ >+#include "includes.h" >+#include <openssl/evp.h> >+#include <sha2.h> >+ >+RCSID("$OpenBSD$"); >+ >+const EVP_MD *evp_ssh_sha256(void); >+ >+static int >+ssh_sha256_init(EVP_MD_CTX *ctxt) >+{ >+ SHA256_Init(ctxt->md_data); >+ return (1); >+} >+ >+static int >+ssh_sha256_update(EVP_MD_CTX *ctxt, const void *data, unsigned long len) >+{ >+ SHA256_Update(ctxt->md_data, data, len); >+ return (1); >+} >+ >+static int >+ssh_sha256_final(EVP_MD_CTX *ctxt, unsigned char *digest) >+{ >+ SHA256_Final(digest, ctxt->md_data); >+ return (1); >+} >+ >+static int >+ssh_sha256_cleanup(EVP_MD_CTX *ctxt) >+{ >+ memset(ctxt->md_data, 0, sizeof(SHA256_CTX)); >+ return (1); >+} >+ >+const EVP_MD * >+evp_ssh_sha256(void) >+{ >+ static EVP_MD ssh_sha256; >+ >+ memset(&ssh_sha256, 0, sizeof(ssh_sha256)); >+ ssh_sha256.type = NID_undef; >+ ssh_sha256.md_size = SHA256_DIGEST_LENGTH; >+ ssh_sha256.init = ssh_sha256_init; >+ ssh_sha256.update = ssh_sha256_update; >+ ssh_sha256.final = ssh_sha256_final; >+ ssh_sha256.cleanup = ssh_sha256_cleanup; >+ ssh_sha256.block_size = SHA256_BLOCK_LENGTH; >+ ssh_sha256.ctx_size = sizeof(SHA256_CTX); >+ >+ return (&ssh_sha256); >+} >Index: monitor.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/monitor.c,v >retrieving revision 1.64 >diff -u -p -r1.64 monitor.c >--- monitor.c 13 Oct 2005 22:24:31 -0000 1.64 >+++ monitor.c 5 Nov 2005 03:37:15 -0000 >@@ -473,7 +473,11 @@ mm_answer_sign(int sock, Buffer *m) > keyid = buffer_get_int(m); > p = buffer_get_string(m, &datlen); > >- if (datlen != 20) >+ /* >+ * Supported KEX types will only return SHA1 (20 byte) or >+ * SHA256 (32 byte) hashes >+ */ >+ if (datlen != 20 && datlen != 32) > fatal("%s: data length incorrect: %u", __func__, datlen); > > /* save session id, it will be passed on the first call */ >@@ -1375,6 +1379,7 @@ mm_get_kex(Buffer *m) > kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; > kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; > kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; >+ kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; > kex->server = 1; > kex->hostkey_type = buffer_get_int(m); > kex->kex_type = buffer_get_int(m); >Index: myproposal.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/myproposal.h,v >retrieving revision 1.18 >diff -u -p -r1.18 myproposal.h >--- myproposal.h 25 Jul 2005 11:59:39 -0000 1.18 >+++ myproposal.h 5 Nov 2005 03:37:15 -0000 >@@ -23,9 +23,11 @@ > * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF > * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > */ >-#define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1," \ >- "diffie-hellman-group14-sha1," \ >- "diffie-hellman-group1-sha1" >+#define KEX_DEFAULT_KEX \ >+ "diffie-hellman-group-exchange-sha256," \ >+ "diffie-hellman-group-exchange-sha1," \ >+ "diffie-hellman-group14-sha1," \ >+ "diffie-hellman-group1-sha1" > #define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" > #define KEX_DEFAULT_ENCRYPT \ > "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ >Index: ssh-keyscan.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh-keyscan.c,v >retrieving revision 1.57 >diff -u -p -r1.57 ssh-keyscan.c >--- ssh-keyscan.c 30 Oct 2005 04:01:03 -0000 1.57 >+++ ssh-keyscan.c 5 Nov 2005 03:37:15 -0000 >@@ -341,6 +341,7 @@ keygrab_ssh2(con *c) > c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; > c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; > c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; >+ c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; > c->c_kex->verify_host_key = hostjump; > > if (!(j = setjmp(kexjmp))) { >Index: sshconnect2.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshconnect2.c,v >retrieving revision 1.143 >diff -u -p -r1.143 sshconnect2.c >--- sshconnect2.c 14 Oct 2005 02:17:59 -0000 1.143 >+++ sshconnect2.c 5 Nov 2005 03:37:15 -0000 >@@ -120,6 +120,7 @@ ssh_kex2(char *host, struct sockaddr *ho > kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; > kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; > kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; >+ kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; > kex->client_version_string=client_version_string; > kex->server_version_string=server_version_string; > kex->verify_host_key=&verify_host_key_callback; >Index: sshd.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd.c,v >retrieving revision 1.317 >diff -u -p -r1.317 sshd.c >--- sshd.c 30 Oct 2005 08:52:18 -0000 1.317 >+++ sshd.c 5 Nov 2005 03:37:16 -0000 >@@ -1929,6 +1929,7 @@ do_ssh2_kex(void) > kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; > kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; > kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; >+ kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; > kex->server = 1; > kex->client_version_string=client_version_string; > kex->server_version_string=server_version_string; >Index: lib/Makefile >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/lib/Makefile,v >retrieving revision 1.51 >diff -u -p -r1.51 Makefile >--- lib/Makefile 9 Apr 2005 04:32:54 -0000 1.51 >+++ lib/Makefile 5 Nov 2005 03:37:16 -0000 >@@ -11,7 +11,7 @@ SRCS= authfd.c authfile.c bufaux.c buffe > key.c dispatch.c kex.c mac.c uidswap.c uuencode.c misc.c \ > ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \ > kexdhc.c kexgexc.c scard.c msg.c progressmeter.c dns.c \ >- monitor_fdpass.c >+ monitor_fdpass.c md-sha256.c > > DEBUGLIBS= no > NOPROFILE= yes
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1019">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1023
:
886
|
906
|
907
|
939
|
940
|
942
| 1019