summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/kex.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/kex.c')
-rw-r--r--crypto/openssh/kex.c30
1 files changed, 23 insertions, 7 deletions
diff --git a/crypto/openssh/kex.c b/crypto/openssh/kex.c
index 3a30b9b..2814060 100644
--- a/crypto/openssh/kex.c
+++ b/crypto/openssh/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.86 2010/09/22 05:01:29 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.88 2013/01/08 18:49:04 markus Exp $ */
/* $FreeBSD$ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -248,8 +248,18 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
packet_get_char();
for (i = 0; i < PROPOSAL_MAX; i++)
xfree(packet_get_string(NULL));
- (void) packet_get_char();
- (void) packet_get_int();
+ /*
+ * XXX RFC4253 sec 7: "each side MAY guess" - currently no supported
+ * KEX method has the server move first, but a server might be using
+ * a custom method or one that we otherwise don't support. We should
+ * be prepared to remember first_kex_follows here so we can eat a
+ * packet later.
+ * XXX2 - RFC4253 is kind of ambiguous on what first_kex_follows means
+ * for cases where the server *doesn't* go first. I guess we should
+ * ignore it when it is set for these cases, which is what we do now.
+ */
+ (void) packet_get_char(); /* first_kex_follows */
+ (void) packet_get_int(); /* reserved */
packet_check_eom();
kex_kexinit_finish(kex);
@@ -300,6 +310,7 @@ choose_enc(Enc *enc, char *client, char *server)
enc->name = name;
enc->enabled = 0;
enc->iv = NULL;
+ enc->iv_len = cipher_ivlen(enc->cipher);
enc->key = NULL;
enc->key_len = cipher_keylen(enc->cipher);
enc->block_size = cipher_blocksize(enc->cipher);
@@ -411,7 +422,7 @@ kex_choose_conf(Kex *kex)
char **my, **peer;
char **cprop, **sprop;
int nenc, nmac, ncomp;
- u_int mode, ctos, need;
+ u_int mode, ctos, need, authlen;
int first_kex_follows, type;
#ifdef NONE_CIPHER_ENABLED
int auth_flag;
@@ -451,8 +462,11 @@ kex_choose_conf(Kex *kex)
nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC;
nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC;
ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC;
- choose_enc (&newkeys->enc, cprop[nenc], sprop[nenc]);
- choose_mac (&newkeys->mac, cprop[nmac], sprop[nmac]);
+ choose_enc(&newkeys->enc, cprop[nenc], sprop[nenc]);
+ /* ignore mac for authenticated encryption */
+ authlen = cipher_authlen(newkeys->enc.cipher);
+ if (authlen == 0)
+ choose_mac(&newkeys->mac, cprop[nmac], sprop[nmac]);
choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
#ifdef NONE_CIPHER_ENABLED
debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
@@ -468,7 +482,7 @@ kex_choose_conf(Kex *kex)
debug("kex: %s %s %s %s",
ctos ? "client->server" : "server->client",
newkeys->enc.name,
- newkeys->mac.name,
+ authlen == 0 ? newkeys->mac.name : "<implicit>",
newkeys->comp.name);
}
choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
@@ -481,6 +495,8 @@ kex_choose_conf(Kex *kex)
need = newkeys->enc.key_len;
if (need < newkeys->enc.block_size)
need = newkeys->enc.block_size;
+ if (need < newkeys->enc.iv_len)
+ need = newkeys->enc.iv_len;
if (need < newkeys->mac.key_len)
need = newkeys->mac.key_len;
}
OpenPOWER on IntegriCloud