Mercurial > dropbear
comparison svr-kex.c @ 1681:435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
- other fixes for rsa pubkey auth
- only include ext-info handling when rsa pubkey auth is compiled
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 24 May 2020 14:16:58 +0800 |
| parents | 4b4cfc92c5b7 |
| children | 284c3837891c |
comparison
equal
deleted
inserted
replaced
| 1680:5e763ad6e2e0 | 1681:435cfb9ec96e |
|---|---|
| 36 #include "runopts.h" | 36 #include "runopts.h" |
| 37 #include "ecc.h" | 37 #include "ecc.h" |
| 38 #include "gensignkey.h" | 38 #include "gensignkey.h" |
| 39 | 39 |
| 40 static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs); | 40 static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs); |
| 41 #if DROPBEAR_EXT_INFO | |
| 42 static void send_msg_ext_info(void); | |
| 43 #endif | |
| 41 | 44 |
| 42 /* Handle a diffie-hellman key exchange initialisation. This involves | 45 /* Handle a diffie-hellman key exchange initialisation. This involves |
| 43 * calculating a session key reply value, and corresponding hash. These | 46 * calculating a session key reply value, and corresponding hash. These |
| 44 * are carried out by send_msg_kexdh_reply(). recv_msg_kexdh_init() calls | 47 * are carried out by send_msg_kexdh_reply(). recv_msg_kexdh_init() calls |
| 45 * that function, then brings the new keys into use */ | 48 * that function, then brings the new keys into use */ |
| 46 void recv_msg_kexdh_init() { | 49 void recv_msg_kexdh_init() { |
| 47 | |
| 48 DEF_MP_INT(dh_e); | 50 DEF_MP_INT(dh_e); |
| 49 buffer *ecdh_qs = NULL; | 51 buffer *ecdh_qs = NULL; |
| 50 | 52 |
| 51 TRACE(("enter recv_msg_kexdh_init")) | 53 TRACE(("enter recv_msg_kexdh_init")) |
| 52 if (!ses.kexstate.recvkexinit) { | 54 if (!ses.kexstate.recvkexinit) { |
| 85 ecdh_qs = NULL; | 87 ecdh_qs = NULL; |
| 86 } | 88 } |
| 87 | 89 |
| 88 send_msg_newkeys(); | 90 send_msg_newkeys(); |
| 89 | 91 |
| 90 if (ses.allow_ext_info) { | 92 #if DROPBEAR_EXT_INFO |
| 93 /* Only send it following the first newkeys */ | |
| 94 if (!ses.kexstate.donesecondkex && ses.allow_ext_info) { | |
| 91 send_msg_ext_info(); | 95 send_msg_ext_info(); |
| 92 } | 96 } |
| 97 #endif | |
| 93 | 98 |
| 94 ses.requirenext = SSH_MSG_NEWKEYS; | 99 ses.requirenext = SSH_MSG_NEWKEYS; |
| 95 TRACE(("leave recv_msg_kexdh_init")) | 100 TRACE(("leave recv_msg_kexdh_init")) |
| 96 } | 101 } |
| 97 | 102 |
| 245 encrypt_packet(); | 250 encrypt_packet(); |
| 246 | 251 |
| 247 TRACE(("leave send_msg_kexdh_reply")) | 252 TRACE(("leave send_msg_kexdh_reply")) |
| 248 } | 253 } |
| 249 | 254 |
| 255 #if DROPBEAR_EXT_INFO | |
| 250 /* Only used for server-sig-algs on the server side */ | 256 /* Only used for server-sig-algs on the server side */ |
| 251 void send_msg_ext_info(void) { | 257 static void send_msg_ext_info(void) { |
| 252 TRACE(("enter send_msg_ext_info")) | 258 TRACE(("enter send_msg_ext_info")) |
| 253 | 259 |
| 254 buf_putbyte(ses.writepayload, SSH_MSG_EXT_INFO); | 260 buf_putbyte(ses.writepayload, SSH_MSG_EXT_INFO); |
| 255 /* nr-extensions */ | 261 /* nr-extensions */ |
| 256 buf_putint(ses.writepayload, 1); | 262 buf_putint(ses.writepayload, 1); |
| 259 buf_put_algolist_all(ses.writepayload, sigalgs, 1); | 265 buf_put_algolist_all(ses.writepayload, sigalgs, 1); |
| 260 | 266 |
| 261 encrypt_packet(); | 267 encrypt_packet(); |
| 262 | 268 |
| 263 TRACE(("leave send_msg_ext_info")) | 269 TRACE(("leave send_msg_ext_info")) |
| 264 | 270 } |
| 265 } | 271 #endif |