aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2011-09-17 00:17:45 +0200
committerAris Adamantiadis <aris@0xbadc0de.be>2011-09-18 20:34:16 +0200
commitac41a083efd64d94dfb15845c6c25ba5667ba8b8 (patch)
tree3642f3995daf89d56e99f3da2ba57950a46608be
parent48980573c1918034216ac307fd3e687d09d352bc (diff)
downloadlibssh-ac41a083efd64d94dfb15845c6c25ba5667ba8b8.tar.gz
libssh-ac41a083efd64d94dfb15845c6c25ba5667ba8b8.tar.xz
libssh-ac41a083efd64d94dfb15845c6c25ba5667ba8b8.zip
kex: moved KEX structures to ssh_crypto_struct
-rw-r--r--include/libssh/crypto.h5
-rw-r--r--include/libssh/session.h6
-rw-r--r--src/client.c13
-rw-r--r--src/dh.c4
-rw-r--r--src/kex.c37
-rw-r--r--src/kex1.c6
-rw-r--r--src/server.c4
-rw-r--r--src/session.c11
-rw-r--r--src/wrapper.c29
9 files changed, 50 insertions, 65 deletions
diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h
index 2b155944..5f301ff2 100644
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -44,6 +44,7 @@
#include <openssl/ecdh.h>
#endif
#include "libssh/ecdh.h"
+#include "libssh/kex.h"
enum ssh_key_exchange_e {
/* diffie-hellman-group1-sha1 */
@@ -78,6 +79,10 @@ struct ssh_crypto_struct {
int delayed_compress_out;
void *compress_out_ctx; /* don't touch it */
void *compress_in_ctx; /* really, don't */
+ /* kex sent by server, client, and mutually elected methods */
+ KEX server_kex;
+ KEX client_kex;
+ char *kex_methods[SSH_KEX_METHODS];
enum ssh_key_exchange_e kex_type;
enum ssh_mac_e mac_type; /* Mac operations to use for key gen */
};
diff --git a/include/libssh/session.h b/include/libssh/session.h
index ac2ca76e..fd83ed0d 100644
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -27,7 +27,6 @@
#include "libssh/auth.h"
#include "libssh/channels.h"
#include "libssh/poll.h"
-#include "libssh/kex.h"
/* These are the different states a SSH session can be into its life */
enum ssh_session_state_e {
@@ -123,11 +122,6 @@ struct ssh_session_struct {
struct ssh_agent_state_struct *agent_state;
struct ssh_auth_auto_state_struct *auth_auto_state;
- /* kex sent by server, client, and mutually elected methods */
- KEX server_kex;
- KEX client_kex;
- char *kex_methods[SSH_KEX_METHODS];
-
ssh_buffer in_hashbuf;
ssh_buffer out_hashbuf;
struct ssh_crypto_struct *current_crypto;
diff --git a/src/client.c b/src/client.c
index f3683079..672d6949 100644
--- a/src/client.c
+++ b/src/client.c
@@ -545,7 +545,7 @@ static void ssh_client_connection_callback(ssh_session session){
break;
case SSH_SESSION_STATE_KEXINIT_RECEIVED:
set_status(session,0.6f);
- ssh_list_kex(session, &session->server_kex);
+ ssh_list_kex(session, &session->next_crypto->server_kex);
if (set_client_kex(session) < 0) {
goto error;
}
@@ -810,17 +810,6 @@ error:
session->auth_methods = 0;
SAFE_FREE(session->serverbanner);
SAFE_FREE(session->clientbanner);
- if (session->client_kex.methods) {
- for (i = 0; i < 10; i++) {
- SAFE_FREE(session->client_kex.methods[i]);
- }
- }
-
- if (session->server_kex.methods) {
- for (i = 0; i < 10; i++) {
- SAFE_FREE(session->server_kex.methods[i]);
- }
- }
if(session->ssh_message_list){
ssh_message msg;
diff --git a/src/dh.c b/src/dh.c
index 34d4e907..56964498 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -771,13 +771,13 @@ int hashbufout_add_cookie(ssh_session session) {
if (session->server) {
if (buffer_add_data(session->out_hashbuf,
- session->server_kex.cookie, 16) < 0) {
+ session->next_crypto->server_kex.cookie, 16) < 0) {
buffer_reinit(session->out_hashbuf);
return -1;
}
} else {
if (buffer_add_data(session->out_hashbuf,
- session->client_kex.cookie, 16) < 0) {
+ session->next_crypto->client_kex.cookie, 16) < 0) {
buffer_reinit(session->out_hashbuf);
return -1;
}
diff --git a/src/kex.c b/src/kex.c
index 54ab0e95..3f5c12e8 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -260,22 +260,22 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
goto error;
}
if (server_kex) {
- if (buffer_get_data(packet,session->client_kex.cookie,16) != 16) {
+ if (buffer_get_data(packet,session->next_crypto->client_kex.cookie,16) != 16) {
ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: no cookie in packet");
goto error;
}
- if (hashbufin_add_cookie(session, session->client_kex.cookie) < 0) {
+ if (hashbufin_add_cookie(session, session->next_crypto->client_kex.cookie) < 0) {
ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: adding cookie failed");
goto error;
}
} else {
- if (buffer_get_data(packet,session->server_kex.cookie,16) != 16) {
+ if (buffer_get_data(packet,session->next_crypto->server_kex.cookie,16) != 16) {
ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: no cookie in packet");
goto error;
}
- if (hashbufin_add_cookie(session, session->server_kex.cookie) < 0) {
+ if (hashbufin_add_cookie(session, session->next_crypto->server_kex.cookie) < 0) {
ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: adding cookie failed");
goto error;
}
@@ -303,12 +303,12 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
/* copy the server kex info into an array of strings */
if (server_kex) {
- for (i = 0; i < 10; i++) {
- session->client_kex.methods[i] = strings[i];
+ for (i = 0; i < SSH_KEX_METHODS; i++) {
+ session->next_crypto->client_kex.methods[i] = strings[i];
}
} else { /* client */
- for (i = 0; i < 10; i++) {
- session->server_kex.methods[i] = strings[i];
+ for (i = 0; i < SSH_KEX_METHODS; i++) {
+ session->next_crypto->server_kex.methods[i] = strings[i];
}
}
@@ -348,7 +348,7 @@ void ssh_list_kex(ssh_session session, KEX *kex) {
* in function of the options and available methods.
*/
int set_client_kex(ssh_session session){
- KEX *client= &session->client_kex;
+ KEX *client= &session->next_crypto->client_kex;
int i;
const char *wanted;
enter_function();
@@ -368,27 +368,27 @@ int set_client_kex(ssh_session session){
* server's kex messages, and watches out if a match is possible.
*/
int ssh_kex_select_methods (ssh_session session){
- KEX *server = &session->server_kex;
- KEX *client = &session->client_kex;
+ KEX *server = &session->next_crypto->server_kex;
+ KEX *client = &session->next_crypto->client_kex;
int rc = SSH_ERROR;
int i;
enter_function();
for (i=0;i<10;i++){
- session->kex_methods[i]=ssh_find_matching(server->methods[i],client->methods[i]);
- if(session->kex_methods[i] == NULL && i < SSH_LANG_C_S){
+ session->next_crypto->kex_methods[i]=ssh_find_matching(server->methods[i],client->methods[i]);
+ if(session->next_crypto->kex_methods[i] == NULL && i < SSH_LANG_C_S){
ssh_set_error(session,SSH_FATAL,"kex error : no match for method %s: server [%s], client [%s]",
ssh_kex_nums[i],server->methods[i],client->methods[i]);
goto error;
- } else if ((i >= SSH_LANG_C_S) && (session->kex_methods[i] == NULL)) {
+ } else if ((i >= SSH_LANG_C_S) && (session->next_crypto->kex_methods[i] == NULL)) {
/* we can safely do that for languages */
- session->kex_methods[i] = strdup("");
+ session->next_crypto->kex_methods[i] = strdup("");
}
}
- if(strcmp(session->kex_methods[SSH_KEX], "diffie-hellman-group1-sha1") == 0){
+ if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group1-sha1") == 0){
session->next_crypto->kex_type=SSH_KEX_DH_GROUP1_SHA1;
- } else if(strcmp(session->kex_methods[SSH_KEX], "ecdh-sha2-nistp256") == 0){
+ } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "ecdh-sha2-nistp256") == 0){
session->next_crypto->kex_type=SSH_KEX_ECDH_SHA2_NISTP256;
}
rc = SSH_OK;
@@ -400,7 +400,8 @@ error:
/* this function only sends the predefined set of kex methods */
int ssh_send_kex(ssh_session session, int server_kex) {
- KEX *kex = (server_kex ? &session->server_kex : &session->client_kex);
+ KEX *kex = (server_kex ? &session->next_crypto->server_kex :
+ &session->next_crypto->client_kex);
ssh_string str = NULL;
int i;
diff --git a/src/kex1.c b/src/kex1.c
index 9df6602f..d5426eba 100644
--- a/src/kex1.c
+++ b/src/kex1.c
@@ -85,7 +85,7 @@ static int build_session_id1(ssh_session session, ssh_string servern,
#endif
md5_update(md5,ssh_string_data(hostn),ssh_string_len(hostn));
md5_update(md5,ssh_string_data(servern),ssh_string_len(servern));
- md5_update(md5,session->server_kex.cookie,8);
+ md5_update(md5,session->next_crypto->server_kex.cookie,8);
if(session->next_crypto->session_id != NULL)
SAFE_FREE(session->next_crypto->session_id);
session->next_crypto->session_id = malloc(MD5_DIGEST_LEN);
@@ -319,7 +319,7 @@ SSH_PACKET_CALLBACK(ssh_packet_publickey1){
ssh_set_error(session,SSH_FATAL,"SSH_KEXINIT received in wrong state");
goto error;
}
- if (buffer_get_data(packet, session->server_kex.cookie, 8) != 8) {
+ if (buffer_get_data(packet, session->next_crypto->server_kex.cookie, 8) != 8) {
ssh_set_error(session, SSH_FATAL, "Can't get cookie in buffer");
goto error;
}
@@ -408,7 +408,7 @@ SSH_PACKET_CALLBACK(ssh_packet_publickey1){
if (buffer_add_u8(session->out_buffer, SSH_CIPHER_3DES) < 0) {
goto error;
}
- if (buffer_add_data(session->out_buffer, session->server_kex.cookie, 8) < 0) {
+ if (buffer_add_data(session->out_buffer, session->next_crypto->server_kex.cookie, 8) < 0) {
goto error;
}
diff --git a/src/server.c b/src/server.c
index e304b47a..e5be1170 100644
--- a/src/server.c
+++ b/src/server.c
@@ -83,7 +83,7 @@ extern const char *supported_methods[];
*/
static int server_set_kex(ssh_session session) {
- KEX *server = &session->server_kex;
+ KEX *server = &session->next_crypto->server_kex;
int i, j;
const char *wanted;
@@ -356,7 +356,7 @@ static void ssh_server_connection_callback(ssh_session session){
break;
case SSH_SESSION_STATE_KEXINIT_RECEIVED:
set_status(session,0.6f);
- ssh_list_kex(session, &session->client_kex); // log client kex
+ ssh_list_kex(session, &session->next_crypto->client_kex); // log client kex
if (ssh_kex_select_methods(session) < 0) {
goto error;
}
diff --git a/src/session.c b/src/session.c
index ba03a89b..34465dfa 100644
--- a/src/session.c
+++ b/src/session.c
@@ -197,17 +197,6 @@ void ssh_free(ssh_session session) {
#ifndef _WIN32
agent_free(session->agent);
#endif /* _WIN32 */
- if (session->client_kex.methods) {
- for (i = 0; i < 10; i++) {
- SAFE_FREE(session->client_kex.methods[i]);
- }
- }
-
- if (session->server_kex.methods) {
- for (i = 0; i < 10; i++) {
- SAFE_FREE(session->server_kex.methods[i]);
- }
- }
ssh_key_free(session->srv.dsa_key);
ssh_key_free(session->srv.rsa_key);
diff --git a/src/wrapper.c b/src/wrapper.c
index fa78ed34..7e52ef5d 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -98,6 +98,7 @@ struct ssh_crypto_struct *crypto_new(void) {
}
void crypto_free(struct ssh_crypto_struct *crypto){
+ int i;
if (crypto == NULL) {
return;
}
@@ -148,6 +149,12 @@ void crypto_free(struct ssh_crypto_struct *crypto){
SAFE_FREE(crypto->decryptkey);
}
+ for (i = 0; i < SSH_KEX_METHODS; i++) {
+ SAFE_FREE(crypto->client_kex.methods[i]);
+ SAFE_FREE(crypto->server_kex.methods[i]);
+ SAFE_FREE(crypto->kex_methods[i]);
+ }
+
memset(crypto,0,sizeof(*crypto));
SAFE_FREE(crypto);
@@ -162,7 +169,7 @@ static int crypt_set_algorithms2(ssh_session session){
enter_function();
/* we must scan the kex entries to find crypto algorithms and set their appropriate structure */
/* out */
- wanted = session->kex_methods[SSH_CRYPT_C_S];
+ wanted = session->next_crypto->kex_methods[SSH_CRYPT_C_S];
while (ssh_ciphertab[i].name && strcmp(wanted, ssh_ciphertab[i].name)) {
i++;
}
@@ -183,7 +190,7 @@ static int crypt_set_algorithms2(ssh_session session){
i = 0;
/* in */
- wanted = session->kex_methods[SSH_CRYPT_S_C];
+ wanted = session->next_crypto->kex_methods[SSH_CRYPT_S_C];
while (ssh_ciphertab[i].name && strcmp(wanted, ssh_ciphertab[i].name)) {
i++;
}
@@ -203,16 +210,16 @@ static int crypt_set_algorithms2(ssh_session session){
}
/* compression */
- if (strcmp(session->kex_methods[SSH_COMP_C_S], "zlib") == 0) {
+ if (strcmp(session->next_crypto->kex_methods[SSH_COMP_C_S], "zlib") == 0) {
session->next_crypto->do_compress_out = 1;
}
- if (strcmp(session->kex_methods[SSH_COMP_S_C], "zlib") == 0) {
+ if (strcmp(session->next_crypto->kex_methods[SSH_COMP_S_C], "zlib") == 0) {
session->next_crypto->do_compress_in = 1;
}
- if (strcmp(session->kex_methods[SSH_COMP_C_S], "zlib@openssh.com") == 0) {
+ if (strcmp(session->next_crypto->kex_methods[SSH_COMP_C_S], "zlib@openssh.com") == 0) {
session->next_crypto->delayed_compress_out = 1;
}
- if (strcmp(session->kex_methods[SSH_COMP_S_C], "zlib@openssh.com") == 0) {
+ if (strcmp(session->next_crypto->kex_methods[SSH_COMP_S_C], "zlib@openssh.com") == 0) {
session->next_crypto->delayed_compress_in = 1;
}
rc = SSH_OK;
@@ -270,7 +277,7 @@ int crypt_set_algorithms_server(ssh_session session){
/* we must scan the kex entries to find crypto algorithms and set their appropriate structure */
enter_function();
/* out */
- method = session->kex_methods[SSH_CRYPT_S_C];
+ method = session->next_crypto->kex_methods[SSH_CRYPT_S_C];
while(ssh_ciphertab[i].name && strcmp(method,ssh_ciphertab[i].name))
i++;
if(!ssh_ciphertab[i].name){
@@ -287,7 +294,7 @@ int crypt_set_algorithms_server(ssh_session session){
}
i=0;
/* in */
- method = session->kex_methods[SSH_CRYPT_C_S];
+ method = session->next_crypto->kex_methods[SSH_CRYPT_C_S];
while(ssh_ciphertab[i].name && strcmp(method,ssh_ciphertab[i].name))
i++;
if(!ssh_ciphertab[i].name){
@@ -304,7 +311,7 @@ int crypt_set_algorithms_server(ssh_session session){
}
/* compression */
- method = session->kex_methods[SSH_CRYPT_C_S];
+ method = session->next_crypto->kex_methods[SSH_CRYPT_C_S];
if(strcmp(method,"zlib") == 0){
ssh_log(session,SSH_LOG_PACKET,"enabling C->S compression");
session->next_crypto->do_compress_in=1;
@@ -313,7 +320,7 @@ int crypt_set_algorithms_server(ssh_session session){
ssh_set_error(session,SSH_FATAL,"zlib@openssh.com not supported");
goto error;
}
- method = session->kex_methods[SSH_CRYPT_S_C];
+ method = session->next_crypto->kex_methods[SSH_CRYPT_S_C];
if(strcmp(method,"zlib") == 0){
ssh_log(session,SSH_LOG_PACKET,"enabling S->C compression\n");
session->next_crypto->do_compress_out=1;
@@ -323,7 +330,7 @@ int crypt_set_algorithms_server(ssh_session session){
goto error;
}
- method = session->kex_methods[SSH_HOSTKEYS];
+ method = session->next_crypto->kex_methods[SSH_HOSTKEYS];
session->srv.hostkey = ssh_key_type_from_name(method);
rc = SSH_OK;
error: