Mercurial > dropbear
comparison common-kex.c @ 1676:d5cdc60db08e
ext-info handling for server-sig-algs
only client side is handled
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 19 May 2020 00:31:41 +0800 |
| parents | ba6fc7afe1c5 |
| children | 4b4cfc92c5b7 |
comparison
equal
deleted
inserted
replaced
| 1675:ae41624c2198 | 1676:d5cdc60db08e |
|---|---|
| 818 char * erralgo = NULL; | 818 char * erralgo = NULL; |
| 819 | 819 |
| 820 int goodguess = 0; | 820 int goodguess = 0; |
| 821 int allgood = 1; /* we AND this with each goodguess and see if its still | 821 int allgood = 1; /* we AND this with each goodguess and see if its still |
| 822 true after */ | 822 true after */ |
| 823 | 823 int kexguess2 = 0; |
| 824 | |
| 825 buf_incrpos(ses.payload, 16); /* start after the cookie */ | |
| 826 | |
| 827 memset(ses.newkeys, 0x0, sizeof(*ses.newkeys)); | |
| 828 | |
| 829 /* kex_algorithms */ | |
| 824 #if DROPBEAR_KEXGUESS2 | 830 #if DROPBEAR_KEXGUESS2 |
| 825 enum kexguess2_used kexguess2 = KEXGUESS2_LOOK; | 831 if (buf_has_algo(ses.payload, KEXGUESS2_ALGO_NAME) == DROPBEAR_SUCCESS) { |
| 826 #else | 832 kexguess2 = 1; |
| 827 enum kexguess2_used kexguess2 = KEXGUESS2_NO; | 833 } |
| 828 #endif | 834 #endif |
| 829 | 835 |
| 830 buf_incrpos(ses.payload, 16); /* start after the cookie */ | 836 /* Determine if SSH_MSG_EXT_INFO messages should be sent. |
| 831 | 837 Should be done for the first key exchange. */ |
| 832 memset(ses.newkeys, 0x0, sizeof(*ses.newkeys)); | 838 if (!ses.kexstate.donefirstkex) { |
| 833 | 839 if (IS_DROPBEAR_SERVER) { |
| 834 /* kex_algorithms */ | 840 if (buf_has_algo(ses.payload, SSH_EXT_INFO_C) == DROPBEAR_SUCCESS) { |
| 835 algo = buf_match_algo(ses.payload, sshkex, &kexguess2, &goodguess); | 841 ses.allow_ext_info = 1; |
| 842 } | |
| 843 } | |
| 844 } | |
| 845 | |
| 846 algo = buf_match_algo(ses.payload, sshkex, kexguess2, &goodguess); | |
| 836 allgood &= goodguess; | 847 allgood &= goodguess; |
| 837 if (algo == NULL || algo->val == KEXGUESS2_ALGO_ID) { | 848 if (algo == NULL || algo->data == NULL) { |
| 849 /* kexguess2, ext-info-c, ext-info-s should not match negotiation */ | |
| 838 erralgo = "kex"; | 850 erralgo = "kex"; |
| 839 goto error; | 851 goto error; |
| 840 } | 852 } |
| 841 TRACE(("kexguess2 %d", kexguess2)) | 853 TRACE(("kexguess2 %d", kexguess2)) |
| 842 TRACE(("kex algo %s", algo->name)) | 854 TRACE(("kex algo %s", algo->name)) |
| 843 ses.newkeys->algo_kex = algo->data; | 855 ses.newkeys->algo_kex = algo->data; |
| 844 | 856 |
| 845 /* server_host_key_algorithms */ | 857 /* server_host_key_algorithms */ |
| 846 algo = buf_match_algo(ses.payload, sshhostkey, &kexguess2, &goodguess); | 858 algo = buf_match_algo(ses.payload, sshhostkey, kexguess2, &goodguess); |
| 847 allgood &= goodguess; | 859 allgood &= goodguess; |
| 848 if (algo == NULL) { | 860 if (algo == NULL) { |
| 849 erralgo = "hostkey"; | 861 erralgo = "hostkey"; |
| 850 goto error; | 862 goto error; |
| 851 } | 863 } |