From 01de39e58533fcb8253b0e709e8f43c22e5ebe6d Mon Sep 17 00:00:00 2001 From: Sara Golemon Date: Mon, 11 Jul 2005 15:56:09 +0000 Subject: [PATCH] Fix generation of 'e' portion of Diffie-Hellman keyset. --- README | 3 +++ src/kex.c | 20 ++++++++++---------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/README b/README index 755adf9..d46e2fa 100644 --- a/README +++ b/README @@ -4,6 +4,9 @@ libssh2 - SSH2 library Version 0.12 ------------ + Fix generation of 'e' portion of Diffie-Hellman keyset. + Use appropriate order for BN_rand() rather than fixed group1-specific value. + Re-fixed libssh2_sftp_rename_ex() Transport had right packet_len, but sftp layer still had extra 4 bytes. diff --git a/src/kex.c b/src/kex.c index 2edff14..7ad5be8 100644 --- a/src/kex.c +++ b/src/kex.c @@ -68,7 +68,7 @@ /* {{{ libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange * Diffie Hellman Key Exchange, Group Agnostic */ -static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session, BIGNUM *g, BIGNUM *p, +static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session, BIGNUM *g, BIGNUM *p, int group_order, unsigned char packet_type_init, unsigned char packet_type_reply, unsigned char *midhash, unsigned long midhash_len) { @@ -85,7 +85,7 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S SHA_CTX exchange_hash; /* Generate x and e */ - BN_rand(x, 128, 0, -1); + BN_rand(x, group_order, 0, -1); BN_mod_exp(e, g, x, p, ctx); /* Send KEX init */ @@ -518,7 +518,7 @@ static int libssh2_kex_method_diffie_hellman_group1_sha1_key_exchange(LIBSSH2_SE #ifdef LIBSSH2_DEBUG_KEX _libssh2_debug(session, LIBSSH2_DBG_KEX, "Initiating Diffie-Hellman Group1 Key Exchange"); #endif - ret = libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, g, p, SSH_MSG_KEXDH_INIT, SSH_MSG_KEXDH_REPLY, NULL, 0); + ret = libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, g, p, 128, SSH_MSG_KEXDH_INIT, SSH_MSG_KEXDH_REPLY, NULL, 0); BN_clear_free(p); BN_clear_free(g); @@ -577,7 +577,7 @@ static int libssh2_kex_method_diffie_hellman_group14_sha1_key_exchange(LIBSSH2_S #ifdef LIBSSH2_DEBUG_KEX _libssh2_debug(session, LIBSSH2_DBG_KEX, "Initiating Diffie-Hellman Group14 Key Exchange"); #endif - ret = libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, g, p, SSH_MSG_KEXDH_INIT, SSH_MSG_KEXDH_REPLY, NULL, 0); + ret = libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, g, p, 256, SSH_MSG_KEXDH_INIT, SSH_MSG_KEXDH_REPLY, NULL, 0); BN_clear_free(p); BN_clear_free(g); @@ -593,7 +593,7 @@ static int libssh2_kex_method_diffie_hellman_group14_sha1_key_exchange(LIBSSH2_S static int libssh2_kex_method_diffie_hellman_group_exchange_sha1_key_exchange(LIBSSH2_SESSION *session) { unsigned char request[13], *s, *data; - unsigned long data_len, len, request_len; + unsigned long data_len, p_len, g_len, request_len; BIGNUM *p = BN_new(); BIGNUM *g = BN_new(); int ret; @@ -630,13 +630,13 @@ static int libssh2_kex_method_diffie_hellman_group_exchange_sha1_key_exchange(LI } s = data + 1; - len = libssh2_ntohu32(s); s += 4; - BN_bin2bn(s, len, p); s += len; + p_len = libssh2_ntohu32(s); s += 4; + BN_bin2bn(s, p_len, p); s += p_len; - len = libssh2_ntohu32(s); s += 4; - BN_bin2bn(s, len, g); s += len; + g_len = libssh2_ntohu32(s); s += 4; + BN_bin2bn(s, g_len, g); s += g_len; - ret = libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, g, p, SSH_MSG_KEX_DH_GEX_INIT, SSH_MSG_KEX_DH_GEX_REPLY, data + 1, data_len - 1); + ret = libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, g, p, p_len, SSH_MSG_KEX_DH_GEX_INIT, SSH_MSG_KEX_DH_GEX_REPLY, data + 1, data_len - 1); LIBSSH2_FREE(session, data);