|
Lines 14-19
Link Here
|
| 14 |
#define TRUE 1 |
14 |
#define TRUE 1 |
| 15 |
#endif |
15 |
#endif |
| 16 |
|
16 |
|
|
|
17 |
#ifndef MIN |
| 18 |
# define MIN(a,b) (((a)<(b))?(a):(b)) |
| 19 |
#endif |
| 20 |
|
| 17 |
#define SSH1_MSG_DISCONNECT 1 /* 0x1 */ |
21 |
#define SSH1_MSG_DISCONNECT 1 /* 0x1 */ |
| 18 |
#define SSH1_SMSG_PUBLIC_KEY 2 /* 0x2 */ |
22 |
#define SSH1_SMSG_PUBLIC_KEY 2 /* 0x2 */ |
| 19 |
#define SSH1_CMSG_SESSION_KEY 3 /* 0x3 */ |
23 |
#define SSH1_CMSG_SESSION_KEY 3 /* 0x3 */ |
|
Lines 680-685
Link Here
|
| 680 |
/* the above field _must_ be first in the structure */ |
684 |
/* the above field _must_ be first in the structure */ |
| 681 |
|
685 |
|
| 682 |
SHA_State exhash, exhashbase; |
686 |
SHA_State exhash, exhashbase; |
|
|
687 |
SHA512_State exhash512, exhashbase512; |
| 683 |
|
688 |
|
| 684 |
Socket s; |
689 |
Socket s; |
| 685 |
|
690 |
|
|
Lines 704-710
Link Here
|
| 704 |
void *cs_comp_ctx, *sc_comp_ctx; |
709 |
void *cs_comp_ctx, *sc_comp_ctx; |
| 705 |
const struct ssh_kex *kex; |
710 |
const struct ssh_kex *kex; |
| 706 |
const struct ssh_signkey *hostkey; |
711 |
const struct ssh_signkey *hostkey; |
| 707 |
unsigned char v2_session_id[20]; |
712 |
unsigned char v2_session_id[64]; |
|
|
713 |
int v2_session_id_len; |
| 714 |
|
| 708 |
void *kex_ctx; |
715 |
void *kex_ctx; |
| 709 |
|
716 |
|
| 710 |
char *savedhost; |
717 |
char *savedhost; |
|
Lines 1558-1564
Link Here
|
| 1558 |
|
1565 |
|
| 1559 |
/* |
1566 |
/* |
| 1560 |
* Utility routines for putting an SSH-protocol `string' and |
1567 |
* Utility routines for putting an SSH-protocol `string' and |
| 1561 |
* `uint32' into a SHA state. |
1568 |
* `uint32' into a SHA/SHA512 state. |
| 1562 |
*/ |
1569 |
*/ |
| 1563 |
static void sha_string(SHA_State * s, void *str, int len) |
1570 |
static void sha_string(SHA_State * s, void *str, int len) |
| 1564 |
{ |
1571 |
{ |
|
Lines 1575-1580
Link Here
|
| 1575 |
SHA_Bytes(s, intblk, 4); |
1582 |
SHA_Bytes(s, intblk, 4); |
| 1576 |
} |
1583 |
} |
| 1577 |
|
1584 |
|
|
|
1585 |
static void sha512_string(SHA512_State * s, void *str, int len) |
| 1586 |
{ |
| 1587 |
unsigned char lenblk[4]; |
| 1588 |
PUT_32BIT(lenblk, len); |
| 1589 |
SHA512_Bytes(s, lenblk, 4); |
| 1590 |
SHA512_Bytes(s, str, len); |
| 1591 |
} |
| 1592 |
|
| 1593 |
static void sha512_uint32(SHA512_State * s, unsigned i) |
| 1594 |
{ |
| 1595 |
unsigned char intblk[4]; |
| 1596 |
PUT_32BIT(intblk, i); |
| 1597 |
SHA512_Bytes(s, intblk, 4); |
| 1598 |
} |
| 1599 |
|
| 1578 |
/* |
1600 |
/* |
| 1579 |
* Packet construction functions. Mostly shared between SSH-1 and SSH-2. |
1601 |
* Packet construction functions. Mostly shared between SSH-1 and SSH-2. |
| 1580 |
*/ |
1602 |
*/ |
|
Lines 1979-1984
Link Here
|
| 1979 |
sfree(p); |
2001 |
sfree(p); |
| 1980 |
} |
2002 |
} |
| 1981 |
|
2003 |
|
|
|
2004 |
static void sha512_mpint(SHA512_State * s, Bignum b) |
| 2005 |
{ |
| 2006 |
unsigned char lenbuf[4]; |
| 2007 |
int len; |
| 2008 |
len = (bignum_bitcount(b) + 8) / 8; |
| 2009 |
PUT_32BIT(lenbuf, len); |
| 2010 |
SHA512_Bytes(s, lenbuf, 4); |
| 2011 |
while (len-- > 0) { |
| 2012 |
lenbuf[0] = bignum_byte(b, len); |
| 2013 |
SHA512_Bytes(s, lenbuf, 1); |
| 2014 |
} |
| 2015 |
memset(lenbuf, 0, sizeof(lenbuf)); |
| 2016 |
} |
| 2017 |
|
| 1982 |
/* |
2018 |
/* |
| 1983 |
* Packet decode functions for both SSH-1 and SSH-2. |
2019 |
* Packet decode functions for both SSH-1 and SSH-2. |
| 1984 |
*/ |
2020 |
*/ |
|
Lines 2391-2396
Link Here
|
| 2391 |
strcspn(verstring, "\015\012")); |
2427 |
strcspn(verstring, "\015\012")); |
| 2392 |
sha_string(&ssh->exhashbase, s->vstring, |
2428 |
sha_string(&ssh->exhashbase, s->vstring, |
| 2393 |
strcspn(s->vstring, "\015\012")); |
2429 |
strcspn(s->vstring, "\015\012")); |
|
|
2430 |
SHA512_Init(&ssh->exhashbase512); |
| 2431 |
sha512_string(&ssh->exhashbase512, verstring, |
| 2432 |
strcspn(verstring, "\015\012")); |
| 2433 |
sha512_string(&ssh->exhashbase512, s->vstring, |
| 2434 |
strcspn(s->vstring, "\015\012")); |
| 2394 |
|
2435 |
|
| 2395 |
/* |
2436 |
/* |
| 2396 |
* Initialise SSH-2 protocol. |
2437 |
* Initialise SSH-2 protocol. |
|
Lines 4918-4943
Link Here
|
| 4918 |
/* |
4959 |
/* |
| 4919 |
* SSH-2 key creation method. |
4960 |
* SSH-2 key creation method. |
| 4920 |
*/ |
4961 |
*/ |
| 4921 |
static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H, |
4962 |
static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H, int H_len, |
| 4922 |
unsigned char *sessid, char chr, |
4963 |
unsigned char *sessid, int sessid_len, char chr, |
| 4923 |
unsigned char *keyspace) |
4964 |
unsigned char *keyspace, int keyspace_len) |
| 4924 |
{ |
4965 |
{ |
| 4925 |
SHA_State s; |
4966 |
SHA_State s; |
| 4926 |
/* First 20 bytes. */ |
4967 |
SHA512_State s512; |
| 4927 |
SHA_Init(&s); |
4968 |
int i; |
| 4928 |
if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY)) |
4969 |
unsigned char outbuf[64]; |
| 4929 |
sha_mpint(&s, K); |
4970 |
|
| 4930 |
SHA_Bytes(&s, H, 20); |
4971 |
if (ssh->kex == &ssh_diffiehellman_gex_sha512) { |
| 4931 |
SHA_Bytes(&s, &chr, 1); |
4972 |
/* First 64 bytes. */ |
| 4932 |
SHA_Bytes(&s, sessid, 20); |
4973 |
SHA512_Init(&s512); |
| 4933 |
SHA_Final(&s, keyspace); |
4974 |
if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY)) |
| 4934 |
/* Next 20 bytes. */ |
4975 |
sha512_mpint(&s512, K); |
| 4935 |
SHA_Init(&s); |
4976 |
SHA512_Bytes(&s512, H, H_len); |
| 4936 |
if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY)) |
4977 |
SHA512_Bytes(&s512, &chr, 1); |
| 4937 |
sha_mpint(&s, K); |
4978 |
SHA512_Bytes(&s512, sessid, sessid_len); |
| 4938 |
SHA_Bytes(&s, H, 20); |
4979 |
SHA512_Final(&s512, keyspace); |
| 4939 |
SHA_Bytes(&s, keyspace, 20); |
4980 |
/* Expand to fill keyspace */ |
| 4940 |
SHA_Final(&s, keyspace + 20); |
4981 |
for (i = 64; i < keyspace_len; i += 64) { |
|
|
4982 |
SHA512_Init(&s512); |
| 4983 |
if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY)) |
| 4984 |
sha512_mpint(&s512, K); |
| 4985 |
SHA512_Bytes(&s512, H, H_len); |
| 4986 |
SHA512_Bytes(&s512, keyspace, i); |
| 4987 |
SHA512_Final(&s512, outbuf); |
| 4988 |
memcpy(keyspace + i, outbuf, MIN(keyspace_len - i, 64)); |
| 4989 |
memset(outbuf, 0, sizeof(outbuf)); |
| 4990 |
} |
| 4991 |
} else { |
| 4992 |
/* First 20 bytes. */ |
| 4993 |
SHA_Init(&s); |
| 4994 |
if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY)) |
| 4995 |
sha_mpint(&s, K); |
| 4996 |
SHA_Bytes(&s, H, H_len); |
| 4997 |
SHA_Bytes(&s, &chr, 1); |
| 4998 |
SHA_Bytes(&s, sessid, sessid_len); |
| 4999 |
SHA_Final(&s, keyspace); |
| 5000 |
/* Expand to fill keyspace */ |
| 5001 |
for (i = 20; i < keyspace_len; i += 20) { |
| 5002 |
SHA_Init(&s); |
| 5003 |
if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY)) |
| 5004 |
sha_mpint(&s, K); |
| 5005 |
SHA_Bytes(&s, H, sessid_len); |
| 5006 |
SHA_Bytes(&s, keyspace, i); |
| 5007 |
SHA_Final(&s, outbuf); |
| 5008 |
memcpy(keyspace + i, outbuf, MIN(keyspace_len - i, 20)); |
| 5009 |
memset(outbuf, 0, sizeof(outbuf)); |
| 5010 |
} |
| 5011 |
} |
| 4941 |
} |
5012 |
} |
| 4942 |
|
5013 |
|
| 4943 |
/* |
5014 |
/* |
|
Lines 4962-4968
Link Here
|
| 4962 |
char *hostkeydata, *sigdata, *keystr, *fingerprint; |
5033 |
char *hostkeydata, *sigdata, *keystr, *fingerprint; |
| 4963 |
int hostkeylen, siglen; |
5034 |
int hostkeylen, siglen; |
| 4964 |
void *hkey; /* actual host key */ |
5035 |
void *hkey; /* actual host key */ |
| 4965 |
unsigned char exchange_hash[20]; |
5036 |
unsigned char exchange_hash[64]; |
|
|
5037 |
int exchange_hash_len; |
| 4966 |
int n_preferred_kex; |
5038 |
int n_preferred_kex; |
| 4967 |
const struct ssh_kex *preferred_kex[KEX_MAX]; |
5039 |
const struct ssh_kex *preferred_kex[KEX_MAX]; |
| 4968 |
int n_preferred_ciphers; |
5040 |
int n_preferred_ciphers; |
|
Lines 5003-5008
Link Here
|
| 5003 |
s->n_preferred_kex = 0; |
5075 |
s->n_preferred_kex = 0; |
| 5004 |
for (i = 0; i < KEX_MAX; i++) { |
5076 |
for (i = 0; i < KEX_MAX; i++) { |
| 5005 |
switch (ssh->cfg.ssh_kexlist[i]) { |
5077 |
switch (ssh->cfg.ssh_kexlist[i]) { |
|
|
5078 |
case KEX_DHGEX_SHA512: |
| 5079 |
s->preferred_kex[s->n_preferred_kex++] = |
| 5080 |
&ssh_diffiehellman_gex_sha512; |
| 5081 |
break; |
| 5006 |
case KEX_DHGEX: |
5082 |
case KEX_DHGEX: |
| 5007 |
s->preferred_kex[s->n_preferred_kex++] = |
5083 |
s->preferred_kex[s->n_preferred_kex++] = |
| 5008 |
&ssh_diffiehellman_gex; |
5084 |
&ssh_diffiehellman_gex; |
|
Lines 5174-5188
Link Here
|
| 5174 |
} |
5250 |
} |
| 5175 |
|
5251 |
|
| 5176 |
ssh->exhash = ssh->exhashbase; |
5252 |
ssh->exhash = ssh->exhashbase; |
|
|
5253 |
ssh->exhash512 = ssh->exhashbase512; |
| 5177 |
sha_string(&ssh->exhash, s->pktout->data + 5, s->pktout->length - 5); |
5254 |
sha_string(&ssh->exhash, s->pktout->data + 5, s->pktout->length - 5); |
|
|
5255 |
sha512_string(&ssh->exhash512, s->pktout->data + 5, s->pktout->length - 5); |
| 5178 |
|
5256 |
|
| 5179 |
ssh2_pkt_send_noqueue(ssh, s->pktout); |
5257 |
ssh2_pkt_send_noqueue(ssh, s->pktout); |
| 5180 |
|
5258 |
|
| 5181 |
if (!pktin) |
5259 |
if (!pktin) |
| 5182 |
crWaitUntil(pktin); |
5260 |
crWaitUntil(pktin); |
| 5183 |
if (pktin->length > 5) |
5261 |
if (pktin->length > 5) { |
| 5184 |
sha_string(&ssh->exhash, pktin->data + 5, pktin->length - 5); |
5262 |
sha_string(&ssh->exhash, pktin->data + 5, pktin->length - 5); |
| 5185 |
|
5263 |
sha512_string(&ssh->exhash512, pktin->data + 5, pktin->length - 5); |
|
|
5264 |
} |
| 5186 |
/* |
5265 |
/* |
| 5187 |
* Now examine the other side's KEXINIT to see what we're up |
5266 |
* Now examine the other side's KEXINIT to see what we're up |
| 5188 |
* to. |
5267 |
* to. |
|
Lines 5411-5420
Link Here
|
| 5411 |
scbits = s->sccipher_tobe->keylen; |
5490 |
scbits = s->sccipher_tobe->keylen; |
| 5412 |
s->nbits = (csbits > scbits ? csbits : scbits); |
5491 |
s->nbits = (csbits > scbits ? csbits : scbits); |
| 5413 |
} |
5492 |
} |
| 5414 |
/* The keys only have 160-bit entropy, since they're based on |
|
|
| 5415 |
* a SHA-1 hash. So cap the key size at 160 bits. */ |
| 5416 |
if (s->nbits > 160) |
| 5417 |
s->nbits = 160; |
| 5418 |
|
5493 |
|
| 5419 |
/* |
5494 |
/* |
| 5420 |
* If we're doing Diffie-Hellman group exchange, start by |
5495 |
* If we're doing Diffie-Hellman group exchange, start by |
|
Lines 5486-5514
Link Here
|
| 5486 |
* involve user interaction. */ |
5561 |
* involve user interaction. */ |
| 5487 |
set_busy_status(ssh->frontend, BUSY_NOT); |
5562 |
set_busy_status(ssh->frontend, BUSY_NOT); |
| 5488 |
|
5563 |
|
| 5489 |
sha_string(&ssh->exhash, s->hostkeydata, s->hostkeylen); |
5564 |
|
| 5490 |
if (ssh->kex == &ssh_diffiehellman_gex) { |
5565 |
if (ssh->kex == &ssh_diffiehellman_gex_sha512) { |
| 5491 |
sha_uint32(&ssh->exhash, s->pbits); |
5566 |
sha512_string(&ssh->exhash512, s->hostkeydata, s->hostkeylen); |
| 5492 |
sha_mpint(&ssh->exhash, s->p); |
5567 |
sha512_uint32(&ssh->exhash512, s->pbits); |
| 5493 |
sha_mpint(&ssh->exhash, s->g); |
5568 |
sha512_mpint(&ssh->exhash512, s->p); |
|
|
5569 |
sha512_mpint(&ssh->exhash512, s->g); |
| 5570 |
sha512_mpint(&ssh->exhash512, s->e); |
| 5571 |
sha512_mpint(&ssh->exhash512, s->f); |
| 5572 |
sha512_mpint(&ssh->exhash512, s->K); |
| 5573 |
SHA512_Final(&ssh->exhash512, s->exchange_hash); |
| 5574 |
s->exchange_hash_len = 64; |
| 5575 |
} else { |
| 5576 |
sha_string(&ssh->exhash, s->hostkeydata, s->hostkeylen); |
| 5577 |
if (ssh->kex == &ssh_diffiehellman_gex) { |
| 5578 |
sha_uint32(&ssh->exhash, s->pbits); |
| 5579 |
sha_mpint(&ssh->exhash, s->p); |
| 5580 |
sha_mpint(&ssh->exhash, s->g); |
| 5581 |
} |
| 5582 |
sha_mpint(&ssh->exhash, s->e); |
| 5583 |
sha_mpint(&ssh->exhash, s->f); |
| 5584 |
sha_mpint(&ssh->exhash, s->K); |
| 5585 |
SHA_Final(&ssh->exhash, s->exchange_hash); |
| 5586 |
s->exchange_hash_len = 20; |
| 5494 |
} |
5587 |
} |
| 5495 |
sha_mpint(&ssh->exhash, s->e); |
|
|
| 5496 |
sha_mpint(&ssh->exhash, s->f); |
| 5497 |
sha_mpint(&ssh->exhash, s->K); |
| 5498 |
SHA_Final(&ssh->exhash, s->exchange_hash); |
| 5499 |
|
5588 |
|
| 5500 |
dh_cleanup(ssh->kex_ctx); |
5589 |
dh_cleanup(ssh->kex_ctx); |
| 5501 |
ssh->kex_ctx = NULL; |
5590 |
ssh->kex_ctx = NULL; |
| 5502 |
|
5591 |
|
| 5503 |
#if 0 |
5592 |
#if 0 |
| 5504 |
debug(("Exchange hash is:\n")); |
5593 |
debug(("Exchange hash is:\n")); |
| 5505 |
dmemdump(s->exchange_hash, 20); |
5594 |
dmemdump(s->exchange_hash, s->exchange_hash_len); |
| 5506 |
#endif |
5595 |
#endif |
| 5507 |
|
5596 |
|
| 5508 |
s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen); |
5597 |
s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen); |
| 5509 |
if (!s->hkey || |
5598 |
if (!s->hkey || |
| 5510 |
!ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen, |
5599 |
!ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen, |
| 5511 |
(char *)s->exchange_hash, 20)) { |
5600 |
(char *)s->exchange_hash, |
|
|
5601 |
s->exchange_hash_len)) { |
| 5512 |
bombout(("Server's host key did not match the signature supplied")); |
5602 |
bombout(("Server's host key did not match the signature supplied")); |
| 5513 |
crStop(0); |
5603 |
crStop(0); |
| 5514 |
} |
5604 |
} |
|
Lines 5557-5563
Link Here
|
| 5557 |
*/ |
5647 |
*/ |
| 5558 |
if (!s->got_session_id) { |
5648 |
if (!s->got_session_id) { |
| 5559 |
memcpy(ssh->v2_session_id, s->exchange_hash, |
5649 |
memcpy(ssh->v2_session_id, s->exchange_hash, |
| 5560 |
sizeof(s->exchange_hash)); |
5650 |
s->exchange_hash_len); |
|
|
5651 |
ssh->v2_session_id_len = s->exchange_hash_len; |
| 5561 |
s->got_session_id = TRUE; |
5652 |
s->got_session_id = TRUE; |
| 5562 |
} |
5653 |
} |
| 5563 |
|
5654 |
|
|
Lines 5592-5603
Link Here
|
| 5592 |
* hash from the _first_ key exchange. |
5683 |
* hash from the _first_ key exchange. |
| 5593 |
*/ |
5684 |
*/ |
| 5594 |
{ |
5685 |
{ |
| 5595 |
unsigned char keyspace[40]; |
5686 |
unsigned char keyspace[128]; |
| 5596 |
ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'C',keyspace); |
5687 |
ssh2_mkkey(ssh,s->K,s->exchange_hash,s->exchange_hash_len, |
|
|
5688 |
ssh->v2_session_id,ssh->v2_session_id_len,'C', |
| 5689 |
keyspace,sizeof(keyspace)); |
| 5597 |
ssh->cscipher->setkey(ssh->cs_cipher_ctx, keyspace); |
5690 |
ssh->cscipher->setkey(ssh->cs_cipher_ctx, keyspace); |
| 5598 |
ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'A',keyspace); |
5691 |
ssh2_mkkey(ssh,s->K,s->exchange_hash,s->exchange_hash_len, |
|
|
5692 |
ssh->v2_session_id,ssh->v2_session_id_len,'A', |
| 5693 |
keyspace,sizeof(keyspace)); |
| 5599 |
ssh->cscipher->setiv(ssh->cs_cipher_ctx, keyspace); |
5694 |
ssh->cscipher->setiv(ssh->cs_cipher_ctx, keyspace); |
| 5600 |
ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'E',keyspace); |
5695 |
ssh2_mkkey(ssh,s->K,s->exchange_hash,s->exchange_hash_len, |
|
|
5696 |
ssh->v2_session_id,ssh->v2_session_id_len,'E', |
| 5697 |
keyspace,sizeof(keyspace)); |
| 5601 |
ssh->csmac->setkey(ssh->cs_mac_ctx, keyspace); |
5698 |
ssh->csmac->setkey(ssh->cs_mac_ctx, keyspace); |
| 5602 |
} |
5699 |
} |
| 5603 |
|
5700 |
|
|
Lines 5650-5661
Link Here
|
| 5650 |
* hash from the _first_ key exchange. |
5747 |
* hash from the _first_ key exchange. |
| 5651 |
*/ |
5748 |
*/ |
| 5652 |
{ |
5749 |
{ |
| 5653 |
unsigned char keyspace[40]; |
5750 |
unsigned char keyspace[128]; |
| 5654 |
ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'D',keyspace); |
5751 |
ssh2_mkkey(ssh,s->K,s->exchange_hash,s->exchange_hash_len, |
|
|
5752 |
ssh->v2_session_id,ssh->v2_session_id_len,'D', |
| 5753 |
keyspace,sizeof(keyspace)); |
| 5655 |
ssh->sccipher->setkey(ssh->sc_cipher_ctx, keyspace); |
5754 |
ssh->sccipher->setkey(ssh->sc_cipher_ctx, keyspace); |
| 5656 |
ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'B',keyspace); |
5755 |
ssh2_mkkey(ssh,s->K,s->exchange_hash,s->exchange_hash_len, |
|
|
5756 |
ssh->v2_session_id,ssh->v2_session_id_len,'B', |
| 5757 |
keyspace,sizeof(keyspace)); |
| 5657 |
ssh->sccipher->setiv(ssh->sc_cipher_ctx, keyspace); |
5758 |
ssh->sccipher->setiv(ssh->sc_cipher_ctx, keyspace); |
| 5658 |
ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'F',keyspace); |
5759 |
ssh2_mkkey(ssh,s->K,s->exchange_hash,s->exchange_hash_len, |
|
|
5760 |
ssh->v2_session_id,ssh->v2_session_id_len,'F', |
| 5761 |
keyspace,sizeof(keyspace)); |
| 5659 |
ssh->scmac->setkey(ssh->sc_mac_ctx, keyspace); |
5762 |
ssh->scmac->setkey(ssh->sc_mac_ctx, keyspace); |
| 5660 |
} |
5763 |
} |
| 5661 |
logeventf(ssh, "Initialised %.200s server->client encryption", |
5764 |
logeventf(ssh, "Initialised %.200s server->client encryption", |
|
Lines 5671-5677
Link Here
|
| 5671 |
*/ |
5774 |
*/ |
| 5672 |
freebn(s->f); |
5775 |
freebn(s->f); |
| 5673 |
freebn(s->K); |
5776 |
freebn(s->K); |
| 5674 |
if (ssh->kex == &ssh_diffiehellman_gex) { |
5777 |
if (ssh->kex == &ssh_diffiehellman_gex || |
|
|
5778 |
ssh->kex == &ssh_diffiehellman_gex_sha512) { |
| 5675 |
freebn(s->g); |
5779 |
freebn(s->g); |
| 5676 |
freebn(s->p); |
5780 |
freebn(s->p); |
| 5677 |
} |
5781 |
} |
|
Lines 6833-6839
Link Here
|
| 6833 |
ssh2_pkt_addstring_start(s->pktout); |
6937 |
ssh2_pkt_addstring_start(s->pktout); |
| 6834 |
ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen); |
6938 |
ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen); |
| 6835 |
|
6939 |
|
| 6836 |
s->siglen = s->pktout->length - 5 + 4 + 20; |
6940 |
s->siglen = s->pktout->length - 5 + 4 + |
|
|
6941 |
ssh->v2_session_id_len; |
| 6837 |
if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID) |
6942 |
if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID) |
| 6838 |
s->siglen -= 4; |
6943 |
s->siglen -= 4; |
| 6839 |
s->len = 1; /* message type */ |
6944 |
s->len = 1; /* message type */ |
|
Lines 6852-6862
Link Here
|
| 6852 |
s->q += 4; |
6957 |
s->q += 4; |
| 6853 |
/* Now the data to be signed... */ |
6958 |
/* Now the data to be signed... */ |
| 6854 |
if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) { |
6959 |
if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) { |
| 6855 |
PUT_32BIT(s->q, 20); |
6960 |
PUT_32BIT(s->q, ssh->v2_session_id_len); |
| 6856 |
s->q += 4; |
6961 |
s->q += 4; |
| 6857 |
} |
6962 |
} |
| 6858 |
memcpy(s->q, ssh->v2_session_id, 20); |
6963 |
memcpy(s->q, ssh->v2_session_id, |
| 6859 |
s->q += 20; |
6964 |
ssh->v2_session_id_len); |
|
|
6965 |
s->q += ssh->v2_session_id_len; |
| 6860 |
memcpy(s->q, s->pktout->data + 5, |
6966 |
memcpy(s->q, s->pktout->data + 5, |
| 6861 |
s->pktout->length - 5); |
6967 |
s->pktout->length - 5); |
| 6862 |
s->q += s->pktout->length - 5; |
6968 |
s->q += s->pktout->length - 5; |
|
Lines 7160-7175
Link Here
|
| 7160 |
* followed by everything so far placed in the |
7266 |
* followed by everything so far placed in the |
| 7161 |
* outgoing packet. |
7267 |
* outgoing packet. |
| 7162 |
*/ |
7268 |
*/ |
| 7163 |
sigdata_len = s->pktout->length - 5 + 4 + 20; |
7269 |
sigdata_len = s->pktout->length - 5 + 4 + |
|
|
7270 |
ssh->v2_session_id_len; |
| 7164 |
if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID) |
7271 |
if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID) |
| 7165 |
sigdata_len -= 4; |
7272 |
sigdata_len -= 4; |
| 7166 |
sigdata = snewn(sigdata_len, unsigned char); |
7273 |
sigdata = snewn(sigdata_len, unsigned char); |
| 7167 |
p = 0; |
7274 |
p = 0; |
| 7168 |
if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) { |
7275 |
if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) { |
| 7169 |
PUT_32BIT(sigdata+p, 20); |
7276 |
PUT_32BIT(sigdata+p, ssh->v2_session_id_len); |
| 7170 |
p += 4; |
7277 |
p += 4; |
| 7171 |
} |
7278 |
} |
| 7172 |
memcpy(sigdata+p, ssh->v2_session_id, 20); p += 20; |
7279 |
memcpy(sigdata+p, ssh->v2_session_id, |
|
|
7280 |
ssh->v2_session_id_len); |
| 7281 |
p += ssh->v2_session_id_len; |
| 7173 |
memcpy(sigdata+p, s->pktout->data + 5, |
7282 |
memcpy(sigdata+p, s->pktout->data + 5, |
| 7174 |
s->pktout->length - 5); |
7283 |
s->pktout->length - 5); |
| 7175 |
p += s->pktout->length - 5; |
7284 |
p += s->pktout->length - 5; |