Mercurial > dropbear
comparison common-kex.c @ 989:73ea0dce9a57 pam
Merge up to date
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 23 Jan 2015 21:38:47 +0800 |
| parents | ed85797bbc85 |
| children | 47643024fc90 |
comparison
equal
deleted
inserted
replaced
| 925:bae0b34bc059 | 989:73ea0dce9a57 |
|---|---|
| 268 ses.kexstate.datatrans = 0; | 268 ses.kexstate.datatrans = 0; |
| 269 ses.kexstate.datarecv = 0; | 269 ses.kexstate.datarecv = 0; |
| 270 | 270 |
| 271 ses.kexstate.our_first_follows_matches = 0; | 271 ses.kexstate.our_first_follows_matches = 0; |
| 272 | 272 |
| 273 ses.kexstate.lastkextime = time(NULL); | 273 ses.kexstate.lastkextime = monotonic_now(); |
| 274 | 274 |
| 275 } | 275 } |
| 276 | 276 |
| 277 /* Helper function for gen_new_keys, creates a hash. It makes a copy of the | 277 /* Helper function for gen_new_keys, creates a hash. It makes a copy of the |
| 278 * already initialised hash_state hs, which should already have processed | 278 * already initialised hash_state hs, which should already have processed |
| 301 memcpy(&hs2, hs, sizeof(hash_state)); | 301 memcpy(&hs2, hs, sizeof(hash_state)); |
| 302 hash_desc->process(&hs2, out, offset); | 302 hash_desc->process(&hs2, out, offset); |
| 303 hash_desc->done(&hs2, tmpout); | 303 hash_desc->done(&hs2, tmpout); |
| 304 memcpy(&out[offset], tmpout, MIN(outlen - offset, hash_desc->hashsize)); | 304 memcpy(&out[offset], tmpout, MIN(outlen - offset, hash_desc->hashsize)); |
| 305 } | 305 } |
| 306 | 306 m_burn(&hs2, sizeof(hash_state)); |
| 307 } | 307 } |
| 308 | 308 |
| 309 /* Generate the actual encryption/integrity keys, using the results of the | 309 /* Generate the actual encryption/integrity keys, using the results of the |
| 310 * key exchange, as specified in section 7.2 of the transport rfc 4253. | 310 * key exchange, as specified in section 7.2 of the transport rfc 4253. |
| 311 * This occurs after the DH key-exchange. | 311 * This occurs after the DH key-exchange. |
| 401 | 401 |
| 402 m_burn(C2S_IV, sizeof(C2S_IV)); | 402 m_burn(C2S_IV, sizeof(C2S_IV)); |
| 403 m_burn(C2S_key, sizeof(C2S_key)); | 403 m_burn(C2S_key, sizeof(C2S_key)); |
| 404 m_burn(S2C_IV, sizeof(S2C_IV)); | 404 m_burn(S2C_IV, sizeof(S2C_IV)); |
| 405 m_burn(S2C_key, sizeof(S2C_key)); | 405 m_burn(S2C_key, sizeof(S2C_key)); |
| 406 m_burn(&hs, sizeof(hash_state)); | |
| 406 | 407 |
| 407 TRACE(("leave gen_new_keys")) | 408 TRACE(("leave gen_new_keys")) |
| 408 } | 409 } |
| 409 | 410 |
| 410 #ifndef DISABLE_ZLIB | 411 #ifndef DISABLE_ZLIB |
| 796 } | 797 } |
| 797 #endif | 798 #endif |
| 798 | 799 |
| 799 buf_burn(ses.kexhashbuf); | 800 buf_burn(ses.kexhashbuf); |
| 800 buf_free(ses.kexhashbuf); | 801 buf_free(ses.kexhashbuf); |
| 802 m_burn(&hs, sizeof(hash_state)); | |
| 801 ses.kexhashbuf = NULL; | 803 ses.kexhashbuf = NULL; |
| 802 | 804 |
| 803 /* first time around, we set the session_id to H */ | 805 /* first time around, we set the session_id to H */ |
| 804 if (ses.session_id == NULL) { | 806 if (ses.session_id == NULL) { |
| 805 /* create the session_id, this never needs freeing */ | 807 /* create the session_id, this never needs freeing */ |
| 806 ses.session_id = buf_newcopy(ses.hash); | 808 ses.session_id = buf_newcopy(ses.hash); |
| 807 } | 809 } |
| 808 | |
| 809 } | 810 } |
| 810 | 811 |
| 811 /* read the other side's algo list. buf_match_algo is a callback to match | 812 /* read the other side's algo list. buf_match_algo is a callback to match |
| 812 * algos for the client or server. */ | 813 * algos for the client or server. */ |
| 813 static void read_kex_algos() { | 814 static void read_kex_algos() { |