Mercurial > dropbear
diff svr-kex.c @ 1733:d529a52b2f7c coverity coverity
merge coverity from main
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 26 Jun 2020 21:07:34 +0800 |
parents | 435cfb9ec96e |
children | 284c3837891c |
line wrap: on
line diff
--- a/svr-kex.c Thu Mar 21 23:28:59 2019 +0800 +++ b/svr-kex.c Fri Jun 26 21:07:34 2020 +0800 @@ -38,13 +38,15 @@ #include "gensignkey.h" static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs); +#if DROPBEAR_EXT_INFO +static void send_msg_ext_info(void); +#endif /* Handle a diffie-hellman key exchange initialisation. This involves * calculating a session key reply value, and corresponding hash. These * are carried out by send_msg_kexdh_reply(). recv_msg_kexdh_init() calls * that function, then brings the new keys into use */ void recv_msg_kexdh_init() { - DEF_MP_INT(dh_e); buffer *ecdh_qs = NULL; @@ -86,6 +88,14 @@ } send_msg_newkeys(); + +#if DROPBEAR_EXT_INFO + /* Only send it following the first newkeys */ + if (!ses.kexstate.donesecondkex && ses.allow_ext_info) { + send_msg_ext_info(); + } +#endif + ses.requirenext = SSH_MSG_NEWKEYS; TRACE(("leave recv_msg_kexdh_init")) } @@ -123,6 +133,11 @@ fn = ECDSA_PRIV_FILENAME; break; #endif +#if DROPBEAR_ED25519 + case DROPBEAR_SIGNKEY_ED25519: + fn = ED25519_PRIV_FILENAME; + break; +#endif default: dropbear_assert(0); } @@ -219,7 +234,8 @@ { struct kex_curve25519_param *param = gen_kexcurve25519_param(); kexcurve25519_comb_key(param, ecdh_qs, svr_opts.hostkey); - buf_putstring(ses.writepayload, (const char*)param->pub, CURVE25519_LEN); + + buf_putstring(ses.writepayload, param->pub, CURVE25519_LEN); free_kexcurve25519_param(param); } break; @@ -228,7 +244,7 @@ /* calc the signature */ buf_put_sign(ses.writepayload, svr_opts.hostkey, - ses.newkeys->algo_hostkey, ses.hash); + ses.newkeys->algo_signature, ses.hash); /* the SSH_MSG_KEXDH_REPLY is done */ encrypt_packet(); @@ -236,3 +252,20 @@ TRACE(("leave send_msg_kexdh_reply")) } +#if DROPBEAR_EXT_INFO +/* Only used for server-sig-algs on the server side */ +static void send_msg_ext_info(void) { + TRACE(("enter send_msg_ext_info")) + + buf_putbyte(ses.writepayload, SSH_MSG_EXT_INFO); + /* nr-extensions */ + buf_putint(ses.writepayload, 1); + + buf_putstring(ses.writepayload, SSH_SERVER_SIG_ALGS, strlen(SSH_SERVER_SIG_ALGS)); + buf_put_algolist_all(ses.writepayload, sigalgs, 1); + + encrypt_packet(); + + TRACE(("leave send_msg_ext_info")) +} +#endif