diff options
| author |   djm <djm@openbsd.org> | 2004-05-09 01:19:27 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2004-05-09 01:19:27 +0000 |
| commit | 89b54d615a4525f6a61daa718a59e61752738bb7 (patch) | |
| tree | 9d3a801530511279075f5cb669821b4a573d93e2 | |
| parent | Don't dereference scrub pointer when it's NULL, fix PR 3775, from (diff) | |
| download | wireguard-openbsd-89b54d615a4525f6a61daa718a59e61752738bb7.tar.xz wireguard-openbsd-89b54d615a4525f6a61daa718a59e61752738bb7.zip | |
kill some more tiny files; ok deraadt@
| -rw-r--r-- | usr.bin/ssh/OVERVIEW | 1 | ||||
| -rw-r--r-- | usr.bin/ssh/auth-rsa.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/auth1.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/kex.c | 35 | ||||
| -rw-r--r-- | usr.bin/ssh/monitor.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/mpaux.c | 46 | ||||
| -rw-r--r-- | usr.bin/ssh/mpaux.h | 22 | ||||
| -rw-r--r-- | usr.bin/ssh/session.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect1.c | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 10 |
10 files changed, 46 insertions, 86 deletions
diff --git a/usr.bin/ssh/OVERVIEW b/usr.bin/ssh/OVERVIEW index df46ec28a37..d1a768c109f 100644 --- a/usr.bin/ssh/OVERVIEW +++ b/usr.bin/ssh/OVERVIEW @@ -40,7 +40,6 @@ these programs. Multiple Precision Integer Library - Uses the SSLeay BIGNUM sublibrary. - - Some auxiliary functions for mp-int manipulation are in mpaux.c. Random Numbers diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c index 2f0746b3056..8a02b8a8f36 100644 --- a/usr.bin/ssh/auth-rsa.c +++ b/usr.bin/ssh/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.59 2004/05/09 01:19:27 djm Exp $"); #include <openssl/rsa.h> #include <openssl/md5.h> @@ -23,7 +23,6 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $"); #include "packet.h" #include "xmalloc.h" #include "ssh1.h" -#include "mpaux.h" #include "uidswap.h" #include "match.h" #include "auth-options.h" diff --git a/usr.bin/ssh/auth1.c b/usr.bin/ssh/auth1.c index 0d84e6c9abc..a02acc9b8ca 100644 --- a/usr.bin/ssh/auth1.c +++ b/usr.bin/ssh/auth1.c @@ -10,14 +10,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.55 2003/11/08 16:02:40 jakob Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.56 2004/05/09 01:19:27 djm Exp $"); #include "xmalloc.h" #include "rsa.h" #include "ssh1.h" #include "packet.h" #include "buffer.h" -#include "mpaux.h" #include "log.h" #include "servconf.h" #include "compat.h" diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 5a952c9c22d..30dd58a78e3 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.56 2003/11/21 11:57:03 djm Exp $"); +RCSID("$OpenBSD: kex.c,v 1.57 2004/05/09 01:19:27 djm Exp $"); #include <openssl/crypto.h> @@ -479,6 +479,39 @@ kex_get_newkeys(int mode) return ret; } +void +derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, + u_int8_t cookie[8], u_int8_t id[16]) +{ + const EVP_MD *evp_md = EVP_md5(); + EVP_MD_CTX md; + u_int8_t nbuf[2048], obuf[EVP_MAX_MD_SIZE]; + int len; + + EVP_DigestInit(&md, evp_md); + + len = BN_num_bytes(host_modulus); + if (len < (512 / 8) || len > sizeof(nbuf)) + fatal("%s: bad host modulus (len %d)", __func__, len); + BN_bn2bin(host_modulus, nbuf); + EVP_DigestUpdate(&md, nbuf, len); + + len = BN_num_bytes(server_modulus); + if (len < (512 / 8) || len > sizeof(nbuf)) + fatal("%s: bad server modulus (len %d)", __func__, len); + BN_bn2bin(server_modulus, nbuf); + EVP_DigestUpdate(&md, nbuf, len); + + EVP_DigestUpdate(&md, cookie, 8); + + EVP_DigestFinal(&md, id, NULL); + memcpy(id, obuf, 16); + + memset(nbuf, 0, sizeof(nbuf)); + memset(obuf, 0, sizeof(obuf)); + memset(&md, 0, sizeof(md)); +} + #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) void dump_digest(char *msg, u_char *digest, int len) diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 7ccab0b79bb..9809e322699 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.56 2004/05/09 01:19:27 djm Exp $"); #include <openssl/dh.h> @@ -57,7 +57,6 @@ RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $"); #include "bufaux.h" #include "compat.h" #include "ssh2.h" -#include "mpaux.h" #ifdef GSSAPI #include "ssh-gss.h" diff --git a/usr.bin/ssh/mpaux.c b/usr.bin/ssh/mpaux.c deleted file mode 100644 index 0c486275ffb..00000000000 --- a/usr.bin/ssh/mpaux.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - * All rights reserved - * This file contains various auxiliary functions related to multiple - * precision integers. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#include "includes.h" -RCSID("$OpenBSD: mpaux.c,v 1.16 2001/02/08 19:30:52 itojun Exp $"); - -#include <openssl/bn.h> -#include "getput.h" -#include "xmalloc.h" - -#include <openssl/md5.h> - -#include "mpaux.h" - -void -compute_session_id(u_char session_id[16], - u_char cookie[8], - BIGNUM* host_key_n, - BIGNUM* session_key_n) -{ - u_int host_key_bytes = BN_num_bytes(host_key_n); - u_int session_key_bytes = BN_num_bytes(session_key_n); - u_int bytes = host_key_bytes + session_key_bytes; - u_char *buf = xmalloc(bytes); - MD5_CTX md; - - BN_bn2bin(host_key_n, buf); - BN_bn2bin(session_key_n, buf + host_key_bytes); - MD5_Init(&md); - MD5_Update(&md, buf, bytes); - MD5_Update(&md, cookie, 8); - MD5_Final(session_id, &md); - memset(buf, 0, bytes); - xfree(buf); -} diff --git a/usr.bin/ssh/mpaux.h b/usr.bin/ssh/mpaux.h deleted file mode 100644 index 2a312f5cb21..00000000000 --- a/usr.bin/ssh/mpaux.h +++ /dev/null @@ -1,22 +0,0 @@ -/* $OpenBSD: mpaux.h,v 1.12 2002/03/04 17:27:39 stevesk Exp $ */ - -/* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - * All rights reserved - * This file contains various auxiliary functions related to multiple - * precision integers. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#ifndef MPAUX_H -#define MPAUX_H - -void compute_session_id(u_char[16], u_char[8], BIGNUM *, BIGNUM *); - -#endif /* MPAUX_H */ diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index bbe37812bb1..5217e17b707 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.173 2004/04/27 09:46:37 djm Exp $"); +RCSID("$OpenBSD: session.c,v 1.174 2004/05/09 01:19:28 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -43,7 +43,6 @@ RCSID("$OpenBSD: session.c,v 1.173 2004/04/27 09:46:37 djm Exp $"); #include "packet.h" #include "buffer.h" #include "match.h" -#include "mpaux.h" #include "uidswap.h" #include "compat.h" #include "channels.h" diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c index c579b01cc39..ae33ab39d6a 100644 --- a/usr.bin/ssh/sshconnect1.c +++ b/usr.bin/ssh/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.57 2004/05/08 00:21:31 djm Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.58 2004/05/09 01:19:28 djm Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -24,7 +24,7 @@ RCSID("$OpenBSD: sshconnect1.c,v 1.57 2004/05/08 00:21:31 djm Exp $"); #include "rsa.h" #include "buffer.h" #include "packet.h" -#include "mpaux.h" +#include "kex.h" #include "uidswap.h" #include "log.h" #include "readconf.h" @@ -528,7 +528,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr) client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; - compute_session_id(session_id, cookie, host_key->rsa->n, server_key->rsa->n); + derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id); /* Generate a session key. */ arc4random_stir(); diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 61b9ac8bc83..b822f55c5bc 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.290 2004/03/11 10:21:17 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.291 2004/05/09 01:19:28 djm Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -56,7 +56,6 @@ RCSID("$OpenBSD: sshd.c,v 1.290 2004/03/11 10:21:17 markus Exp $"); #include "rsa.h" #include "sshpty.h" #include "packet.h" -#include "mpaux.h" #include "log.h" #include "servconf.h" #include "uidswap.h" @@ -1603,9 +1602,10 @@ do_ssh1_kex(void) BN_bn2bin(session_key_int, session_key + sizeof(session_key) - len); - compute_session_id(session_id, cookie, - sensitive_data.ssh1_host_key->rsa->n, - sensitive_data.server_key->rsa->n); + derive_ssh1_session_id( + sensitive_data.ssh1_host_key->rsa->n, + sensitive_data.server_key->rsa->n, + cookie, session_id); /* * Xor the first 16 bytes of the session key with the * session id. |