Mercurial > dropbear
comparison common-kex.c @ 1676:d5cdc60db08e
ext-info handling for server-sig-algs
only client side is handled
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Tue, 19 May 2020 00:31:41 +0800 |
parents | ba6fc7afe1c5 |
children | 4b4cfc92c5b7 |
comparison
equal
deleted
inserted
replaced
1675:ae41624c2198 | 1676:d5cdc60db08e |
---|---|
818 char * erralgo = NULL; | 818 char * erralgo = NULL; |
819 | 819 |
820 int goodguess = 0; | 820 int goodguess = 0; |
821 int allgood = 1; /* we AND this with each goodguess and see if its still | 821 int allgood = 1; /* we AND this with each goodguess and see if its still |
822 true after */ | 822 true after */ |
823 | 823 int kexguess2 = 0; |
824 | |
825 buf_incrpos(ses.payload, 16); /* start after the cookie */ | |
826 | |
827 memset(ses.newkeys, 0x0, sizeof(*ses.newkeys)); | |
828 | |
829 /* kex_algorithms */ | |
824 #if DROPBEAR_KEXGUESS2 | 830 #if DROPBEAR_KEXGUESS2 |
825 enum kexguess2_used kexguess2 = KEXGUESS2_LOOK; | 831 if (buf_has_algo(ses.payload, KEXGUESS2_ALGO_NAME) == DROPBEAR_SUCCESS) { |
826 #else | 832 kexguess2 = 1; |
827 enum kexguess2_used kexguess2 = KEXGUESS2_NO; | 833 } |
828 #endif | 834 #endif |
829 | 835 |
830 buf_incrpos(ses.payload, 16); /* start after the cookie */ | 836 /* Determine if SSH_MSG_EXT_INFO messages should be sent. |
831 | 837 Should be done for the first key exchange. */ |
832 memset(ses.newkeys, 0x0, sizeof(*ses.newkeys)); | 838 if (!ses.kexstate.donefirstkex) { |
833 | 839 if (IS_DROPBEAR_SERVER) { |
834 /* kex_algorithms */ | 840 if (buf_has_algo(ses.payload, SSH_EXT_INFO_C) == DROPBEAR_SUCCESS) { |
835 algo = buf_match_algo(ses.payload, sshkex, &kexguess2, &goodguess); | 841 ses.allow_ext_info = 1; |
842 } | |
843 } | |
844 } | |
845 | |
846 algo = buf_match_algo(ses.payload, sshkex, kexguess2, &goodguess); | |
836 allgood &= goodguess; | 847 allgood &= goodguess; |
837 if (algo == NULL || algo->val == KEXGUESS2_ALGO_ID) { | 848 if (algo == NULL || algo->data == NULL) { |
849 /* kexguess2, ext-info-c, ext-info-s should not match negotiation */ | |
838 erralgo = "kex"; | 850 erralgo = "kex"; |
839 goto error; | 851 goto error; |
840 } | 852 } |
841 TRACE(("kexguess2 %d", kexguess2)) | 853 TRACE(("kexguess2 %d", kexguess2)) |
842 TRACE(("kex algo %s", algo->name)) | 854 TRACE(("kex algo %s", algo->name)) |
843 ses.newkeys->algo_kex = algo->data; | 855 ses.newkeys->algo_kex = algo->data; |
844 | 856 |
845 /* server_host_key_algorithms */ | 857 /* server_host_key_algorithms */ |
846 algo = buf_match_algo(ses.payload, sshhostkey, &kexguess2, &goodguess); | 858 algo = buf_match_algo(ses.payload, sshhostkey, kexguess2, &goodguess); |
847 allgood &= goodguess; | 859 allgood &= goodguess; |
848 if (algo == NULL) { | 860 if (algo == NULL) { |
849 erralgo = "hostkey"; | 861 erralgo = "hostkey"; |
850 goto error; | 862 goto error; |
851 } | 863 } |