Bugzilla – Attachment 1280 Details for
Bug 1314
Support for rsa1024-sha1 KEX method
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Support for rsa1024-sha1 KEX method
kexrsa2.diff (text/plain), 41.85 KB, created by
Damien Miller
on 2007-05-17 15:22:25 AEST
(
hide
)
Description:
Support for rsa1024-sha1 KEX method
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2007-05-17 15:22:25 AEST
Size:
41.85 KB
patch
obsolete
>Index: auth.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/auth.h,v >retrieving revision 1.58 >diff -u -p -r1.58 auth.h >--- auth.h 18 Aug 2006 09:15:20 -0000 1.58 >+++ auth.h 17 May 2007 05:11:00 -0000 >@@ -162,6 +162,7 @@ Key *get_hostkey_by_index(int); > Key *get_hostkey_by_type(int); > int get_hostkey_index(Key *); > int ssh1_session_key(BIGNUM *); >+Key *get_ssh2_rsakex_key(void); > > /* debug messages during authentication */ > void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); >Index: kex.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/kex.c,v >retrieving revision 1.77 >diff -u -p -r1.77 kex.c >--- kex.c 21 Jan 2007 01:41:54 -0000 1.77 >+++ kex.c 17 May 2007 05:11:00 -0000 >@@ -54,6 +54,32 @@ extern const EVP_MD *evp_ssh_sha256(void > static void kex_kexinit_finish(Kex *); > static void kex_choose_conf(Kex *); > >+/* Validate KEX method name list */ >+int >+kexmeth_names_valid(const char *names) >+{ >+ char *s, *cp, *p; >+ >+ if (names == NULL || strcmp(names, "") == 0) >+ return 0; >+ s = cp = xstrdup(names); >+ for ((p = strsep(&cp, ",")); p && *p != '\0'; >+ (p = strsep(&cp, ","))) { >+ if (strcmp(p, KEX_DHGEX_SHA256) != 0 && >+ strcmp(p, KEX_DHGEX_SHA1) != 0 && >+ strcmp(p, KEX_DH14) != 0 && >+ strcmp(p, KEX_DH1) != 0 && >+ strcmp(p, KEX_RSA) != 0) { >+ xfree(s); >+ return 0; >+ } >+ } >+ debug3("kex names ok: [%s]", names); >+ xfree(s); >+ return 1; >+} >+ >+ > /* put algorithm proposal into buffer */ > static void > kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) >@@ -312,6 +342,9 @@ choose_kex(Kex *k, char *client, char *s > } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { > k->kex_type = KEX_DH_GEX_SHA256; > k->evp_md = evp_ssh_sha256(); >+ } else if (strcmp(k->name, KEX_RSA) == 0) { >+ k->kex_type = KEX_RSA_SHA1; >+ k->evp_md = EVP_sha1(); > } else > fatal("bad kex alg %s", k->name); > } >Index: kex.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/kex.h,v >retrieving revision 1.44 >diff -u -p -r1.44 kex.h >--- kex.h 3 Aug 2006 03:34:42 -0000 1.44 >+++ kex.h 17 May 2007 05:11:00 -0000 >@@ -32,6 +32,7 @@ > #define KEX_DH14 "diffie-hellman-group14-sha1" > #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" > #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" >+#define KEX_RSA "rsa1024-sha1" > > #define COMP_NONE 0 > #define COMP_ZLIB 1 >@@ -62,6 +63,7 @@ enum kex_exchange { > KEX_DH_GRP14_SHA1, > KEX_DH_GEX_SHA1, > KEX_DH_GEX_SHA256, >+ KEX_RSA_SHA1, > KEX_MAX > }; > >@@ -122,6 +124,8 @@ struct Kex { > void (*kex[KEX_MAX])(Kex *); > }; > >+int kexmeth_names_valid(const char *); >+ > Kex *kex_setup(char *[PROPOSAL_MAX]); > void kex_finish(Kex *); > >@@ -135,14 +139,20 @@ void kexdh_client(Kex *); > void kexdh_server(Kex *); > void kexgex_client(Kex *); > void kexgex_server(Kex *); >+void kexrsa_client(Kex *); >+void kexrsa_server(Kex *); >+int kexrsa_decrypt(u_char **, u_int *, u_char *, u_int); > > void >-kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, >+kex_dh_hash(char *, char *, char *, u_int, char *, u_int, u_char *, u_int, > BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); > void >-kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *, >- int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, >+kexgex_hash(const EVP_MD *, char *, char *, char *, u_int, char *, >+ u_int, u_char *, u_int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, > BIGNUM *, BIGNUM *, u_char **, u_int *); >+void >+kexrsa_hash(char *, char *, char *, u_int, char *, u_int, u_char *, u_int, >+ u_char *, u_int, u_char *, u_int, BIGNUM *, u_char **, u_int *); > > void > derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); >Index: kexdh.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/kexdh.c,v >retrieving revision 1.23 >diff -u -p -r1.23 kexdh.c >--- kexdh.c 3 Aug 2006 03:34:42 -0000 1.23 >+++ kexdh.c 17 May 2007 05:11:00 -0000 >@@ -39,9 +39,9 @@ void > kex_dh_hash( > char *client_version_string, > char *server_version_string, >- char *ckexinit, int ckexinitlen, >- char *skexinit, int skexinitlen, >- u_char *serverhostkeyblob, int sbloblen, >+ char *ckexinit, u_int ckexinitlen, >+ char *skexinit, u_int skexinitlen, >+ u_char *serverhostkeyblob, u_int sbloblen, > BIGNUM *client_dh_pub, > BIGNUM *server_dh_pub, > BIGNUM *shared_secret, >Index: kexgex.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/kexgex.c,v >retrieving revision 1.27 >diff -u -p -r1.27 kexgex.c >--- kexgex.c 3 Aug 2006 03:34:42 -0000 1.27 >+++ kexgex.c 17 May 2007 05:11:00 -0000 >@@ -40,9 +40,9 @@ kexgex_hash( > const EVP_MD *evp_md, > char *client_version_string, > char *server_version_string, >- char *ckexinit, int ckexinitlen, >- char *skexinit, int skexinitlen, >- u_char *serverhostkeyblob, int sbloblen, >+ char *ckexinit, u_int ckexinitlen, >+ char *skexinit, u_int skexinitlen, >+ u_char *serverhostkeyblob, u_int sbloblen, > int min, int wantbits, int max, BIGNUM *prime, BIGNUM *gen, > BIGNUM *client_dh_pub, > BIGNUM *server_dh_pub, >Index: kexrsa.c >=================================================================== >RCS file: kexrsa.c >diff -N kexrsa.c >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ kexrsa.c 17 May 2007 05:11:00 -0000 >@@ -0,0 +1,84 @@ >+/* >+ * Copyright (c) 2001 Markus Friedl. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR >+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES >+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. >+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT >+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, >+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY >+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF >+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#include <sys/types.h> >+ >+#include <openssl/evp.h> >+#include <signal.h> >+ >+#include "buffer.h" >+#include "key.h" >+#include "cipher.h" >+#include "kex.h" >+#include "ssh2.h" >+ >+void >+kexrsa_hash( >+ char *client_version_string, >+ char *server_version_string, >+ char *ckexinit, u_int ckexinitlen, >+ char *skexinit, u_int skexinitlen, >+ u_char *serverhostkeyblob, u_int sbloblen, >+ u_char *servertranskeyblob, u_int tbloblen, >+ u_char *encsecret, u_int encseclen, >+ BIGNUM *shared_secret, >+ u_char **hash, u_int *hashlen) >+{ >+ Buffer b; >+ static u_char digest[EVP_MAX_MD_SIZE]; >+ const EVP_MD *evp_md = EVP_sha1(); >+ EVP_MD_CTX md; >+ >+ buffer_init(&b); >+ buffer_put_cstring(&b, client_version_string); >+ buffer_put_cstring(&b, server_version_string); >+ >+ /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ >+ buffer_put_int(&b, ckexinitlen+1); >+ buffer_put_char(&b, SSH2_MSG_KEXINIT); >+ buffer_append(&b, ckexinit, ckexinitlen); >+ buffer_put_int(&b, skexinitlen+1); >+ buffer_put_char(&b, SSH2_MSG_KEXINIT); >+ buffer_append(&b, skexinit, skexinitlen); >+ >+ buffer_put_string(&b, serverhostkeyblob, sbloblen); >+ buffer_put_string(&b, servertranskeyblob, tbloblen); >+ buffer_put_string(&b, encsecret, encseclen); >+ buffer_put_bignum2(&b, shared_secret); >+ >+#ifdef DEBUG_KEX >+ buffer_dump(&b); >+#endif >+ EVP_DigestInit(&md, evp_md); >+ EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); >+ EVP_DigestFinal(&md, digest, NULL); >+ >+ buffer_free(&b); >+ >+#ifdef DEBUG_KEX >+ dump_digest("hash", digest, EVP_MD_size(evp_md)); >+#endif >+ *hash = digest; >+ *hashlen = EVP_MD_size(evp_md); >+} >Index: kexrsac.c >=================================================================== >RCS file: kexrsac.c >diff -N kexrsac.c >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ kexrsac.c 17 May 2007 05:11:00 -0000 >@@ -0,0 +1,146 @@ >+/* >+ * Copyright (c) 2001 Markus Friedl. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR >+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES >+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. >+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT >+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, >+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY >+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF >+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#include <sys/types.h> >+ >+#include <stdio.h> >+#include <string.h> >+#include <signal.h> >+ >+#include <openssl/evp.h> >+#include <openssl/err.h> >+ >+#include "xmalloc.h" >+#include "buffer.h" >+#include "key.h" >+#include "cipher.h" >+#include "kex.h" >+#include "log.h" >+#include "packet.h" >+#include "dh.h" >+#include "ssh2.h" >+#include "compat.h" >+ >+void >+kexrsa_client(Kex *kex) >+{ >+ BIGNUM *shared_secret = NULL; >+ Key *server_host_key, *server_transient_key; >+ u_char *server_transient_key_blob = NULL; >+ u_char *server_host_key_blob = NULL, *signature = NULL; >+ u_char *seccbuf, *hash; >+ u_int slen, sbloblen, tbloblen, hashlen, secclen; >+ int rc, secret_bits; >+ Buffer secbuffer; >+ >+ debug("expecting SSH2_MSG_KEXRSA_PUBKEY"); >+ packet_read_expect(SSH2_MSG_KEXRSA_PUBKEY); >+ >+ /* server public host key and certificates (K_S) */ >+ server_host_key_blob = packet_get_string(&sbloblen); >+ server_host_key = key_from_blob(server_host_key_blob, sbloblen); >+ if (server_host_key == NULL) >+ fatal("cannot decode server_host_key_blob"); >+ if (server_host_key->type != kex->hostkey_type) >+ fatal("type mismatch for decoded server_host_key_blob"); >+ if (kex->verify_host_key == NULL) >+ fatal("cannot verify server_host_key"); >+ if (kex->verify_host_key(server_host_key) == -1) >+ fatal("server_host_key verification failed"); >+ >+ /* K_T, transient RSA key */ >+ server_transient_key_blob = packet_get_string(&tbloblen); >+ server_transient_key = key_from_blob(server_transient_key_blob, >+ tbloblen); >+ >+ if (server_transient_key->type != KEY_RSA) >+ fatal("kexrsa_client: non-RSA transient key"); >+ if (key_size(server_transient_key) < 1024) >+ fatal("kexrsa_client: transient key too small"); >+ >+ packet_check_eom(); >+ >+ secret_bits = key_size(server_transient_key) - 49 - >+ EVP_MD_size(kex->evp_md) * 8 * 2; >+ if ((shared_secret = BN_new()) == NULL) >+ fatal("kexrsa_client: BN_new failed"); >+ if (!BN_rand(shared_secret, secret_bits, -1, 0)) >+ fatal("kexrsa_client: BN_rand failed"); >+ >+ seccbuf = xmalloc(RSA_size(server_transient_key->rsa)); >+ buffer_init(&secbuffer); >+ buffer_put_bignum2(&secbuffer, shared_secret); >+ if ((rc = RSA_public_encrypt(buffer_len(&secbuffer), >+ buffer_ptr(&secbuffer), seccbuf, server_transient_key->rsa, >+ RSA_PKCS1_OAEP_PADDING)) < 0) { >+ fatal("kexrsa_client: encryption failed: %s", >+ ERR_error_string(ERR_get_error(), NULL)); >+ } >+ secclen = rc; >+ buffer_free(&secbuffer); >+ key_free(server_transient_key); >+ packet_start(SSH2_MSG_KEXRSA_SECRET); >+ packet_put_string(seccbuf, secclen); >+ packet_send(); >+ debug("sending SSH2_MSG_KEXRSA_SECRET"); >+ >+ debug("expecting SSH2_MSG_KEXRSA_DONE"); >+ packet_read_expect(SSH2_MSG_KEXRSA_DONE); >+ >+ /* signed H */ >+ signature = packet_get_string(&slen); >+ packet_check_eom(); >+ >+ /* calc and verify H */ >+ kexrsa_hash( >+ kex->client_version_string, >+ kex->server_version_string, >+ buffer_ptr(&kex->my), buffer_len(&kex->my), >+ buffer_ptr(&kex->peer), buffer_len(&kex->peer), >+ server_host_key_blob, sbloblen, >+ server_transient_key_blob, tbloblen, >+ seccbuf, secclen, >+ shared_secret, >+ &hash, &hashlen >+ ); >+ xfree(server_host_key_blob); >+ xfree(server_transient_key_blob); >+ xfree(seccbuf); >+ >+ if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) >+ fatal("key_verify failed for server_host_key"); >+ key_free(server_host_key); >+ xfree(signature); >+ >+ /* save session id */ >+ if (kex->session_id == NULL) { >+ kex->session_id_len = 20; >+ kex->session_id = xmalloc(kex->session_id_len); >+ memcpy(kex->session_id, hash, kex->session_id_len); >+ } >+ >+ kex_derive_keys(kex, hash, hashlen, shared_secret); >+ BN_clear_free(shared_secret); >+ kex_finish(kex); >+} >Index: kexrsas.c >=================================================================== >RCS file: kexrsas.c >diff -N kexrsas.c >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ kexrsas.c 17 May 2007 05:11:00 -0000 >@@ -0,0 +1,147 @@ >+/* >+ * Copyright (c) 2001 Markus Friedl. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR >+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES >+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. >+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT >+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, >+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY >+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF >+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#include <sys/param.h> >+ >+#include <stdio.h> >+#include <string.h> >+#include <signal.h> >+ >+#include "xmalloc.h" >+#include "buffer.h" >+#include "key.h" >+#include "cipher.h" >+#include "kex.h" >+#include "log.h" >+#include "packet.h" >+#include "dh.h" >+#include "ssh2.h" >+#include "compat.h" >+#ifdef GSSAPI >+#include "ssh-gss.h" >+#endif >+#include "misc.h" >+#include "hostfile.h" >+#include "auth.h" >+#include "monitor_wrap.h" >+ >+#define KEXRSA_KEYLEN 1024 >+ >+void >+kexrsa_server(Kex *kex) >+{ >+ BIGNUM *shared_secret = NULL; >+ Key *server_host_key, *server_transient_key; >+ u_char *secc, *secp, *hash, *signature = NULL; >+ u_char *server_host_key_blob = NULL; >+ u_char *server_transient_key_blob = NULL; >+ u_int sbloblen, tbloblen, secclen, slen, hashlen, secplen; >+ >+ /* generate transient RSA key pair */ >+ server_transient_key = get_ssh2_rsakex_key(); >+ key_to_blob(server_transient_key, &server_transient_key_blob, >+ &tbloblen); >+ >+ if (kex->load_host_key == NULL) >+ fatal("Cannot load hostkey"); >+ server_host_key = kex->load_host_key(kex->hostkey_type); >+ if (server_host_key == NULL) >+ fatal("Unsupported hostkey type %d", kex->hostkey_type); >+ >+ key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); >+ >+ packet_start(SSH2_MSG_KEXRSA_PUBKEY); >+ packet_put_string(server_host_key_blob, sbloblen); >+ packet_put_string(server_transient_key_blob, tbloblen); >+ packet_send(); >+ >+ debug("expecting SSH2_MSG_KEXRSA_SECRET"); >+ packet_read_expect(SSH2_MSG_KEXRSA_SECRET); >+ debug("got it"); >+ >+ secc = packet_get_string(&secclen); >+ if (PRIVSEP(kexrsa_decrypt(&secp, &secplen, secc, secclen))) >+ fatal("kexrsa: decryption error"); >+ if (secplen < 4 || get_u32(secp) > secplen - 4) >+ fatal("kexrsa_server: bad shared secret"); >+ if ((shared_secret = BN_new()) == NULL) >+ fatal("kexrsa_server: BN_new failed"); >+ BN_bin2bn(secp + 4, get_u32(secp), shared_secret); >+ bzero(secp, secplen); >+ xfree(secp); >+ >+ /* calc H */ >+ kexrsa_hash( >+ kex->client_version_string, >+ kex->server_version_string, >+ buffer_ptr(&kex->peer), buffer_len(&kex->peer), >+ buffer_ptr(&kex->my), buffer_len(&kex->my), >+ server_host_key_blob, sbloblen, >+ server_transient_key_blob, tbloblen, >+ secc, secclen, >+ shared_secret, >+ &hash, &hashlen >+ ); >+ xfree(server_host_key_blob); >+ xfree(server_transient_key_blob); >+ xfree(secc); >+ >+ /* save session id := H */ >+ if (kex->session_id == NULL) { >+ kex->session_id_len = hashlen; >+ kex->session_id = xmalloc(kex->session_id_len); >+ memcpy(kex->session_id, hash, kex->session_id_len); >+ } >+ >+ /* sign H */ >+ PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen)); >+ >+ /* destroy_sensitive_data(); */ >+ >+ /* send server hostkey and singed H */ >+ packet_start(SSH2_MSG_KEXRSA_DONE); >+ packet_put_string(signature, slen); >+ packet_send(); >+ >+ xfree(signature); >+ >+ kex_derive_keys(kex, hash, hashlen, shared_secret); >+ BN_clear_free(shared_secret); >+ kex_finish(kex); >+} >+ >+int >+kexrsa_decrypt(u_char **secpp, u_int *secplenp, u_char *secc, u_int secclen) >+{ >+ Key *server_transient_key; >+ int rc; >+ >+ server_transient_key = get_ssh2_rsakex_key(); >+ *secpp = xmalloc(KEXRSA_KEYLEN / 8); >+ if ((rc = RSA_private_decrypt(secclen, secc, *secpp, >+ server_transient_key->rsa, RSA_PKCS1_OAEP_PADDING)) < 0) >+ return 1; >+ *secplenp = rc; >+ return 0; >+} >Index: monitor.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/monitor.c,v >retrieving revision 1.90 >diff -u -p -r1.90 monitor.c >--- monitor.c 19 Feb 2007 10:45:58 -0000 1.90 >+++ monitor.c 17 May 2007 05:11:01 -0000 >@@ -118,6 +118,7 @@ struct { > > int mm_answer_moduli(int, Buffer *); > int mm_answer_sign(int, Buffer *); >+int mm_answer_kexrsa_decrypt(int, Buffer *); > int mm_answer_pwnamallow(int, Buffer *); > int mm_answer_auth2_read_banner(int, Buffer *); > int mm_answer_authserv(int, Buffer *); >@@ -176,6 +177,7 @@ struct mon_table { > struct mon_table mon_dispatch_proto20[] = { > {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, > {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, >+ {MONITOR_REQ_KEXRSA_DECRYPT, MON_ONCE, mm_answer_kexrsa_decrypt}, > {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, > {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, > {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, >@@ -202,6 +204,7 @@ struct mon_table mon_dispatch_proto20[] > struct mon_table mon_dispatch_postauth20[] = { > {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, > {MONITOR_REQ_SIGN, 0, mm_answer_sign}, >+ {MONITOR_REQ_KEXRSA_DECRYPT, 0, mm_answer_kexrsa_decrypt}, > {MONITOR_REQ_PTY, 0, mm_answer_pty}, > {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, > {MONITOR_REQ_TERM, 0, mm_answer_term}, >@@ -283,6 +286,7 @@ monitor_child_preauth(Authctxt *_authctx > /* Permit requests for moduli and signatures */ > monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); > monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); >+ monitor_permit(mon_dispatch, MONITOR_REQ_KEXRSA_DECRYPT, 1); > } else { > mon_dispatch = mon_dispatch_proto15; > >@@ -346,6 +350,7 @@ monitor_child_postauth(struct monitor *p > /* Permit requests for moduli and signatures */ > monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); > monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); >+ monitor_permit(mon_dispatch, MONITOR_REQ_KEXRSA_DECRYPT, 1); > monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); > } else { > mon_dispatch = mon_dispatch_postauth15; >@@ -528,6 +533,32 @@ mm_answer_sign(int sock, Buffer *m) > return (0); > } > >+int >+mm_answer_kexrsa_decrypt(int sock, Buffer *m) >+{ >+ u_char *secc; >+ u_char *secp; >+ u_int secplen, secclen; >+ int rsafail; >+ >+ debug3("%s", __func__); >+ >+ secc = buffer_get_string(m, &secclen); >+ rsafail = kexrsa_decrypt(&secp, &secplen, secc, secclen); >+ >+ buffer_clear(m); >+ buffer_put_int(m, rsafail); >+ if (!rsafail) >+ buffer_put_string(m, secp, secplen); >+ >+ xfree(secc); >+ xfree(secp); >+ >+ mm_request_send(sock, MONITOR_ANS_KEXRSA_DECRYPT, m); >+ >+ return (0); >+} >+ > /* Retrieves the password entry and also checks if the user is permitted */ > > int >@@ -1412,6 +1443,7 @@ mm_get_kex(Buffer *m) > kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; > kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; > kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; >+ kex->kex[KEX_RSA_SHA1] = kexrsa_server; > kex->server = 1; > kex->hostkey_type = buffer_get_int(m); > kex->kex_type = buffer_get_int(m); >Index: monitor.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/monitor.h,v >retrieving revision 1.14 >diff -u -p -r1.14 monitor.h >--- monitor.h 25 Mar 2006 22:22:43 -0000 1.14 >+++ monitor.h 17 May 2007 05:11:01 -0000 >@@ -32,6 +32,7 @@ enum monitor_reqtype { > MONITOR_REQ_MODULI, MONITOR_ANS_MODULI, > MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV, > MONITOR_REQ_SIGN, MONITOR_ANS_SIGN, >+ MONITOR_REQ_KEXRSA_DECRYPT, MONITOR_ANS_KEXRSA_DECRYPT, > MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM, > MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER, > MONITOR_REQ_AUTHPASSWORD, MONITOR_ANS_AUTHPASSWORD, >Index: monitor_wrap.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/monitor_wrap.c,v >retrieving revision 1.55 >diff -u -p -r1.55 monitor_wrap.c >--- monitor_wrap.c 19 Feb 2007 10:45:58 -0000 1.55 >+++ monitor_wrap.c 17 May 2007 05:11:01 -0000 >@@ -735,6 +735,26 @@ mm_ssh1_session_key(BIGNUM *num) > return (rsafail); > } > >+int >+mm_kexrsa_decrypt(u_char **secpp, u_int *secplenp, >+ u_char *secc, u_int secclen) >+{ >+ int rsafail; >+ Buffer m; >+ >+ buffer_init(&m); >+ buffer_put_string(&m, secc, secclen); >+ >+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEXRSA_DECRYPT, &m); >+ mm_request_receive_expect(pmonitor->m_recvfd, >+ MONITOR_ANS_KEXRSA_DECRYPT, &m); >+ rsafail = buffer_get_int(&m); >+ if (!rsafail)*secpp = buffer_get_string(&m, secplenp); >+ buffer_free(&m); >+ >+ return (rsafail); >+} >+ > static void > mm_chall_setup(char **name, char **infotxt, u_int *numprompts, > char ***prompts, u_int **echo_on) >Index: monitor_wrap.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/monitor_wrap.h,v >retrieving revision 1.20 >diff -u -p -r1.20 monitor_wrap.h >--- monitor_wrap.h 3 Aug 2006 03:34:42 -0000 1.20 >+++ monitor_wrap.h 17 May 2007 05:11:01 -0000 >@@ -40,6 +40,7 @@ struct Authctxt; > int mm_is_monitor(void); > DH *mm_choose_dh(int, int, int); > int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); >+int mm_kexrsa_decrypt(u_char **, u_int *, u_char *, u_int); > void mm_inform_authserv(char *, char *); > struct passwd *mm_getpwnamallow(const char *); > char *mm_auth2_read_banner(void); >Index: readconf.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/readconf.c,v >retrieving revision 1.162 >diff -u -p -r1.162 readconf.c >--- readconf.c 20 Mar 2007 03:56:12 -0000 1.162 >+++ readconf.c 17 May 2007 05:11:01 -0000 >@@ -127,6 +127,7 @@ typedef enum { > oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, > oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, > oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, >+ oKexMethods, > oDeprecated, oUnsupported > } OpCodes; > >@@ -223,6 +224,7 @@ static struct { > { "tunneldevice", oTunnelDevice }, > { "localcommand", oLocalCommand }, > { "permitlocalcommand", oPermitLocalCommand }, >+ { "kexmethods", oKexMethods }, > { NULL, oBadOption } > }; > >@@ -662,6 +664,17 @@ parse_int: > options->macs = xstrdup(arg); > break; > >+ case oKexMethods: >+ arg = strdelim(&s); >+ if (!arg || *arg == '\0') >+ fatal("%.200s line %d: Missing argument.", filename, linenum); >+ if (!kexmeth_names_valid(arg)) >+ fatal("%.200s line %d: Bad SSH2 KexMethods spec '%s'.", >+ filename, linenum, arg ? arg : "<NONE>"); >+ if (*activep && options->kexmethods == NULL) >+ options->kexmethods = xstrdup(arg); >+ break; >+ > case oHostKeyAlgorithms: > arg = strdelim(&s); > if (!arg || *arg == '\0') >@@ -1025,6 +1038,7 @@ initialize_options(Options * options) > options->cipher = -1; > options->ciphers = NULL; > options->macs = NULL; >+ options->kexmethods = NULL; > options->hostkeyalgorithms = NULL; > options->protocol = SSH_PROTO_UNKNOWN; > options->num_identity_files = 0; >@@ -1129,6 +1143,7 @@ fill_default_options(Options * options) > options->cipher = SSH_CIPHER_NOT_SET; > /* options->ciphers, default set in myproposals.h */ > /* options->macs, default set in myproposals.h */ >+ /* options->kexmethods, default set in myproposals.h */ > /* options->hostkeyalgorithms, default set in myproposals.h */ > if (options->protocol == SSH_PROTO_UNKNOWN) > options->protocol = SSH_PROTO_1|SSH_PROTO_2; >Index: readconf.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/readconf.h,v >retrieving revision 1.71 >diff -u -p -r1.71 readconf.h >--- readconf.h 3 Aug 2006 03:34:42 -0000 1.71 >+++ readconf.h 17 May 2007 05:11:01 -0000 >@@ -70,6 +70,7 @@ typedef struct { > char *ciphers; /* SSH2 ciphers in order of preference. */ > char *macs; /* SSH2 macs in order of preference. */ > char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ >+ char *kexmethods; /* SSH2 kex methods in order of preference. */ > int protocol; /* Protocol in order of preference. */ > char *hostname; /* Real host to connect. */ > char *host_key_alias; /* hostname alias for .ssh/known_hosts */ >Index: servconf.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/servconf.c,v >retrieving revision 1.172 >diff -u -p -r1.172 servconf.c >--- servconf.c 23 Apr 2007 10:15:39 -0000 1.172 >+++ servconf.c 17 May 2007 05:11:01 -0000 >@@ -98,6 +98,7 @@ initialize_server_options(ServerOptions > options->num_deny_groups = 0; > options->ciphers = NULL; > options->macs = NULL; >+ options->kexmethods = NULL; > options->protocol = SSH_PROTO_UNKNOWN; > options->gateway_ports = -1; > options->num_subsystems = 0; >@@ -266,7 +267,7 @@ typedef enum { > sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, > sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, > sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, >- sMatch, sPermitOpen, sForceCommand, >+ sMatch, sPermitOpen, sForceCommand, sKexMethods, > sUsePrivilegeSeparation, > sDeprecated, sUnsupported > } ServerOpCodes; >@@ -347,6 +348,7 @@ static struct { > { "denygroups", sDenyGroups, SSHCFG_GLOBAL }, > { "ciphers", sCiphers, SSHCFG_GLOBAL }, > { "macs", sMacs, SSHCFG_GLOBAL }, >+ { "kexmethods", sKexMethods, SSHCFG_GLOBAL }, > { "protocol", sProtocol, SSHCFG_GLOBAL }, > { "gatewayports", sGatewayPorts, SSHCFG_ALL }, > { "subsystem", sSubsystem, SSHCFG_GLOBAL }, >@@ -1021,6 +1023,17 @@ parse_flag: > filename, linenum, arg ? arg : "<NONE>"); > if (options->macs == NULL) > options->macs = xstrdup(arg); >+ break; >+ >+ case sKexMethods: >+ arg = strdelim(&cp); >+ if (!arg || *arg == '\0') >+ fatal("%s line %d: Missing argument.", filename, linenum); >+ if (!kexmeth_names_valid(arg)) >+ fatal("%s line %d: Bad SSH2 KexMethods spec '%s'.", >+ filename, linenum, arg ? arg : "<NONE>"); >+ if (options->kexmethods == NULL) >+ options->kexmethods = xstrdup(arg); > break; > > case sProtocol: >Index: servconf.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/servconf.h,v >retrieving revision 1.80 >diff -u -p -r1.80 servconf.h >--- servconf.h 19 Feb 2007 10:45:58 -0000 1.80 >+++ servconf.h 17 May 2007 05:11:01 -0000 >@@ -65,6 +65,7 @@ typedef struct { > int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ > char *ciphers; /* Supported SSH2 ciphers. */ > char *macs; /* Supported SSH2 macs. */ >+ char *kexmethods; /* SSH2 kex methods in order of preference. */ > int protocol; /* Supported protocol versions. */ > int gateway_ports; /* If true, allow remote connects to forwarded ports. */ > SyslogFacility log_facility; /* Facility for system logging. */ >Index: ssh-keyscan.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh-keyscan.c,v >retrieving revision 1.74 >diff -u -p -r1.74 ssh-keyscan.c >--- ssh-keyscan.c 6 Oct 2006 02:29:19 -0000 1.74 >+++ ssh-keyscan.c 17 May 2007 05:11:02 -0000 >@@ -352,6 +352,7 @@ keygrab_ssh2(con *c) > c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; > c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; > c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; >+ c->c_kex->kex[KEX_RSA_SHA1] = kexrsa_client; > c->c_kex->verify_host_key = hostjump; > > if (!(j = setjmp(kexjmp))) { >Index: ssh.1 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh.1,v >retrieving revision 1.266 >diff -u -p -r1.266 ssh.1 >--- ssh.1 11 Dec 2006 21:25:46 -0000 1.266 >+++ ssh.1 17 May 2007 05:11:02 -0000 >@@ -466,6 +466,7 @@ For full details of the options listed b > .It IdentityFile > .It IdentitiesOnly > .It KbdInteractiveDevices >+.It KexMethods > .It LocalCommand > .It LocalForward > .It LogLevel >Index: ssh2.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh2.h,v >retrieving revision 1.10 >diff -u -p -r1.10 ssh2.h >--- ssh2.h 25 Mar 2006 22:22:43 -0000 1.10 >+++ ssh2.h 17 May 2007 05:11:02 -0000 >@@ -98,6 +98,11 @@ > #define SSH2_MSG_KEX_DH_GEX_REPLY 33 > #define SSH2_MSG_KEX_DH_GEX_REQUEST 34 > >+/* rsa key exchange */ >+#define SSH2_MSG_KEXRSA_PUBKEY 30 >+#define SSH2_MSG_KEXRSA_SECRET 31 >+#define SSH2_MSG_KEXRSA_DONE 32 >+ > /* user authentication: generic */ > > #define SSH2_MSG_USERAUTH_REQUEST 50 >Index: ssh_config.5 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v >retrieving revision 1.98 >diff -u -p -r1.98 ssh_config.5 >--- ssh_config.5 10 Jan 2007 13:23:22 -0000 1.98 >+++ ssh_config.5 17 May 2007 05:11:02 -0000 >@@ -587,6 +587,23 @@ it may be zero or more of: > .Dq pam , > and > .Dq skey . >+.It Cm KexMethods >+Specifies the available KEX (Key Exchange) algorithms. >+Multiple algorithms must be comma-separated. >+Available methods are >+.Dq diffie-hellman-group-exchange-sha256 , >+.Dq diffie-hellman-group-exchange-sha1 , >+.Dq diffie-hellman-group14-sha1 , >+.Dq diffie-hellman-group1-sha1 , >+and >+.Dq rsa1024-sha1 . >+The default is: >+.Bd -literal -offset 3n >+diffie-hellman-group-exchange-sha256, >+diffie-hellman-group-exchange-sha1, >+diffie-hellman-group14-sha1, >+diffie-hellman-group1-sha1 >+.Ed > .It Cm LocalCommand > Specifies a command to execute on the local machine after successfully > connecting to the server. >Index: sshconnect2.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshconnect2.c,v >retrieving revision 1.162 >diff -u -p -r1.162 sshconnect2.c >--- sshconnect2.c 30 Aug 2006 00:06:51 -0000 1.162 >+++ sshconnect2.c 17 May 2007 05:11:02 -0000 >@@ -123,6 +123,8 @@ ssh_kex2(char *host, struct sockaddr *ho > if (options.hostkeyalgorithms != NULL) > myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = > options.hostkeyalgorithms; >+ if (options.kexmethods != NULL) >+ myproposal[PROPOSAL_KEX_ALGS] = options.kexmethods; > > if (options.rekey_limit) > packet_set_rekey_limit(options.rekey_limit); >@@ -133,6 +135,7 @@ ssh_kex2(char *host, struct sockaddr *ho > kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; > kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; > kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; >+ kex->kex[KEX_RSA_SHA1] = kexrsa_client; > kex->client_version_string=client_version_string; > kex->server_version_string=server_version_string; > kex->verify_host_key=&verify_host_key_callback; >Index: sshd.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd.c,v >retrieving revision 1.350 >diff -u -p -r1.350 sshd.c >--- sshd.c 9 Mar 2007 05:20:06 -0000 1.350 >+++ sshd.c 17 May 2007 05:11:02 -0000 >@@ -64,6 +64,7 @@ > > #include <openssl/dh.h> > #include <openssl/bn.h> >+#include <openssl/err.h> > #include <openssl/md5.h> > #include <openssl/rand.h> > >@@ -186,6 +187,7 @@ Kex *xxx_kex; > */ > struct { > Key *server_key; /* ephemeral server key */ >+ Key *ssh2_rsakex_key; /* ssh2 RSA KEX key */ > Key *ssh1_host_key; /* ssh1 host key */ > Key **host_keys; /* all private host keys */ > int have_ssh1_key; >@@ -352,21 +354,33 @@ generate_ephemeral_server_key(void) > u_int32_t rnd = 0; > int i; > >- verbose("Generating %s%d bit RSA key.", >- sensitive_data.server_key ? "new " : "", options.server_key_bits); >- if (sensitive_data.server_key != NULL) >- key_free(sensitive_data.server_key); >- sensitive_data.server_key = key_generate(KEY_RSA1, >- options.server_key_bits); >- verbose("RSA key generation complete."); >- >- for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { >- if (i % 4 == 0) >- rnd = arc4random(); >- sensitive_data.ssh1_cookie[i] = rnd & 0xff; >- rnd >>= 8; >+ if (options.protocol & SSH_PROTO_1) { >+ verbose("Generating %s%d bit RSA key.", >+ sensitive_data.server_key ? "new " : "", >+ options.server_key_bits); >+ if (sensitive_data.server_key != NULL) >+ key_free(sensitive_data.server_key); >+ sensitive_data.server_key = key_generate(KEY_RSA1, >+ options.server_key_bits); >+ verbose("RSA key generation complete."); >+ >+ for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { >+ if (i % 4 == 0) >+ rnd = arc4random(); >+ sensitive_data.ssh1_cookie[i] = rnd & 0xff; >+ rnd >>= 8; >+ } >+ arc4random_stir(); >+ } >+ >+ if (options.protocol & SSH_PROTO_2) { >+ verbose("Generating %s1024 bit RSA key for SSH-2.", >+ sensitive_data.ssh2_rsakex_key ? "new " : ""); >+ if (sensitive_data.ssh2_rsakex_key != NULL) >+ key_free(sensitive_data.ssh2_rsakex_key); >+ sensitive_data.ssh2_rsakex_key = key_generate(KEY_RSA, 1024); >+ verbose("RSA key generation complete."); > } >- arc4random_stir(); > } > > /*ARGSUSED*/ >@@ -525,6 +539,10 @@ destroy_sensitive_data(void) > key_free(sensitive_data.server_key); > sensitive_data.server_key = NULL; > } >+ if (sensitive_data.ssh2_rsakex_key) { >+ key_free(sensitive_data.ssh2_rsakex_key); >+ sensitive_data.ssh2_rsakex_key = NULL; >+ } > for (i = 0; i < options.num_host_key_files; i++) { > if (sensitive_data.host_keys[i]) { > key_free(sensitive_data.host_keys[i]); >@@ -548,6 +566,12 @@ demote_sensitive_data(void) > sensitive_data.server_key = tmp; > } > >+ if (sensitive_data.ssh2_rsakex_key) { >+ tmp = key_demote(sensitive_data.ssh2_rsakex_key); >+ key_free(sensitive_data.ssh2_rsakex_key); >+ sensitive_data.ssh2_rsakex_key = tmp; >+ } >+ > for (i = 0; i < options.num_host_key_files; i++) { > if (sensitive_data.host_keys[i]) { > tmp = key_demote(sensitive_data.host_keys[i]); >@@ -756,6 +780,13 @@ get_hostkey_index(Key *key) > return (-1); > } > >+Key * >+get_ssh2_rsakex_key(void) >+{ >+ >+ return (sensitive_data.ssh2_rsakex_key); >+} >+ > /* > * returns 1 if connection should be dropped, 0 otherwise. > * dropping starts at connection #max_startups_begin with a probability >@@ -814,6 +845,13 @@ send_rexec_state(int fd, Buffer *conf) > * bignum iqmp " > * bignum p " > * bignum q " >+ * u_int ephemeral_ssh2_key_follows >+ * bignum e (only if ephemeral_ssh2_key_follows == 1) >+ * bignum n " >+ * bignum d " >+ * bignum iqmp " >+ * bignum p " >+ * bignum q " > */ > buffer_init(&m); > buffer_put_cstring(&m, buffer_ptr(conf)); >@@ -830,6 +868,18 @@ send_rexec_state(int fd, Buffer *conf) > } else > buffer_put_int(&m, 0); > >+ if (sensitive_data.ssh2_rsakex_key != NULL && >+ sensitive_data.ssh2_rsakex_key->type == KEY_RSA) { >+ buffer_put_int(&m, 1); >+ buffer_put_bignum(&m, sensitive_data.ssh2_rsakex_key->rsa->e); >+ buffer_put_bignum(&m, sensitive_data.ssh2_rsakex_key->rsa->n); >+ buffer_put_bignum(&m, sensitive_data.ssh2_rsakex_key->rsa->d); >+ buffer_put_bignum(&m, sensitive_data.ssh2_rsakex_key->rsa->iqmp); >+ buffer_put_bignum(&m, sensitive_data.ssh2_rsakex_key->rsa->p); >+ buffer_put_bignum(&m, sensitive_data.ssh2_rsakex_key->rsa->q); >+ } else >+ buffer_put_int(&m, 0); >+ > if (ssh_msg_send(fd, 0, &m) == -1) > fatal("%s: ssh_msg_send failed", __func__); > >@@ -872,6 +922,19 @@ recv_rexec_state(int fd, Buffer *conf) > rsa_generate_additional_parameters( > sensitive_data.server_key->rsa); > } >+ if (buffer_get_int(&m)) { >+ if (sensitive_data.ssh2_rsakex_key != NULL) >+ key_free(sensitive_data.ssh2_rsakex_key); >+ sensitive_data.ssh2_rsakex_key = key_new_private(KEY_RSA); >+ buffer_get_bignum(&m, sensitive_data.ssh2_rsakex_key->rsa->e); >+ buffer_get_bignum(&m, sensitive_data.ssh2_rsakex_key->rsa->n); >+ buffer_get_bignum(&m, sensitive_data.ssh2_rsakex_key->rsa->d); >+ buffer_get_bignum(&m, sensitive_data.ssh2_rsakex_key->rsa->iqmp); >+ buffer_get_bignum(&m, sensitive_data.ssh2_rsakex_key->rsa->p); >+ buffer_get_bignum(&m, sensitive_data.ssh2_rsakex_key->rsa->q); >+ rsa_generate_additional_parameters( >+ sensitive_data.ssh2_rsakex_key->rsa); >+ } > buffer_free(&m); > > debug3("%s: done", __func__); >@@ -1169,8 +1232,7 @@ server_accept_loop(int *sock_in, int *so > * Mark that the key has been used (it > * was "given" to the child). > */ >- if ((options.protocol & SSH_PROTO_1) && >- key_used == 0) { >+ if (key_used == 0) { > /* Schedule server key regeneration alarm. */ > signal(SIGALRM, key_regeneration_alarm); > alarm(options.key_regeneration_time); >@@ -1329,6 +1391,7 @@ main(int ac, char **av) > closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); > > SSLeay_add_all_algorithms(); >+ ERR_load_crypto_strings(); > > /* > * Force logging to stderr until we have loaded the private host >@@ -1342,6 +1405,7 @@ main(int ac, char **av) > log_stderr || !inetd_flag); > > sensitive_data.server_key = NULL; >+ sensitive_data.ssh2_rsakex_key = NULL; > sensitive_data.ssh1_host_key = NULL; > sensitive_data.have_ssh1_key = 0; > sensitive_data.have_ssh2_key = 0; >@@ -1509,14 +1573,15 @@ main(int ac, char **av) > if (inetd_flag) { > server_accept_inetd(&sock_in, &sock_out); > >- if ((options.protocol & SSH_PROTO_1) && >- sensitive_data.server_key == NULL) >- generate_ephemeral_server_key(); >+ if (((options.protocol & SSH_PROTO_1) && >+ sensitive_data.server_key == NULL) || >+ ((options.protocol & SSH_PROTO_2) && >+ sensitive_data.ssh2_rsakex_key == NULL)) >+ generate_ephemeral_server_key(); > } else { > server_listen(); > >- if (options.protocol & SSH_PROTO_1) >- generate_ephemeral_server_key(); >+ generate_ephemeral_server_key(); > > signal(SIGHUP, sighup_handler); > signal(SIGCHLD, main_sigchld_handler); >@@ -1995,6 +2060,8 @@ do_ssh2_kex(void) > myproposal[PROPOSAL_COMP_ALGS_CTOS] = > myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com"; > } >+ if (options.kexmethods != NULL) >+ myproposal[PROPOSAL_KEX_ALGS] = options.kexmethods; > > myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); > >@@ -2004,6 +2071,7 @@ do_ssh2_kex(void) > kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; > kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; > kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; >+ kex->kex[KEX_RSA_SHA1] = kexrsa_server; > kex->server = 1; > kex->client_version_string=client_version_string; > kex->server_version_string=server_version_string; >Index: sshd_config.5 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v >retrieving revision 1.74 >diff -u -p -r1.74 sshd_config.5 >--- sshd_config.5 1 Mar 2007 16:19:33 -0000 1.74 >+++ sshd_config.5 17 May 2007 05:11:02 -0000 >@@ -422,6 +422,23 @@ Specifies whether to automatically destr > file on logout. > The default is > .Dq yes . >+.It Cm KexMethods >+Specifies the available KEX (Key Exchange) algorithms. >+Multiple algorithms must be comma-separated. >+Available methods are >+.Dq diffie-hellman-group-exchange-sha256 , >+.Dq diffie-hellman-group-exchange-sha1 , >+.Dq diffie-hellman-group14-sha1 , >+.Dq diffie-hellman-group1-sha1 , >+and >+.Dq rsa1024-sha1 . >+The default is: >+.Bd -literal -offset 3n >+diffie-hellman-group-exchange-sha256, >+diffie-hellman-group-exchange-sha1, >+diffie-hellman-group14-sha1, >+diffie-hellman-group1-sha1 >+.Ed > .It Cm KeyRegenerationInterval > In protocol version 1, the ephemeral server key is automatically regenerated > after this many seconds (if it has been used). >Index: lib/Makefile >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/lib/Makefile,v >retrieving revision 1.54 >diff -u -p -r1.54 Makefile >--- lib/Makefile 28 May 2006 16:45:09 -0000 1.54 >+++ lib/Makefile 17 May 2007 05:11:02 -0000 >@@ -10,8 +10,8 @@ SRCS= authfd.c authfile.c bufaux.c bufbn > hostfile.c log.c match.c nchan.c packet.c readpass.c \ > rsa.c ttymodes.c xmalloc.c atomicio.c \ > key.c dispatch.c kex.c mac.c uidswap.c uuencode.c misc.c \ >- ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \ >- kexdhc.c kexgexc.c scard.c msg.c progressmeter.c dns.c \ >+ ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c kexrsa.c \ >+ kexdhc.c kexgexc.c kexrsac.c scard.c msg.c progressmeter.c dns.c \ > monitor_fdpass.c md-sha256.c > > DEBUGLIBS= no >Index: sshd/Makefile >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd/Makefile,v >retrieving revision 1.64 >diff -u -p -r1.64 Makefile >--- sshd/Makefile 23 Aug 2004 14:26:39 -0000 1.64 >+++ sshd/Makefile 17 May 2007 05:11:02 -0000 >@@ -16,7 +16,7 @@ SRCS= sshd.c auth-rhosts.c auth-passwd.c > auth-skey.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \ > auth2-none.c auth2-passwd.c auth2-pubkey.c \ > monitor_mm.c monitor.c monitor_wrap.c \ >- kexdhs.c kexgexs.c >+ kexdhs.c kexgexs.c kexrsas.c > > .include <bsd.own.mk> # for KERBEROS and AFS >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1280">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1314
: 1280