aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2011-09-14 22:21:43 +0200
committerAris Adamantiadis <aris@0xbadc0de.be>2011-09-14 22:21:43 +0200
commit714aeca91f209bf5cc9cdaa6f754a94a00343a36 (patch)
treeff104fa94833b555c9874fe68f5564d49defa644
parentaf225e68cbb1cf06c922df620ad60ee69eeae10e (diff)
downloadlibssh-714aeca91f209bf5cc9cdaa6f754a94a00343a36.tar.gz
libssh-714aeca91f209bf5cc9cdaa6f754a94a00343a36.tar.xz
libssh-714aeca91f209bf5cc9cdaa6f754a94a00343a36.zip
SSH1: fix kex bugs introduced in refactoring
-rw-r--r--src/kex1.c29
1 files changed, 28 insertions, 1 deletions
diff --git a/src/kex1.c b/src/kex1.c
index ef1ccb48..a96a686d 100644
--- a/src/kex1.c
+++ b/src/kex1.c
@@ -86,6 +86,13 @@ static int build_session_id1(ssh_session session, ssh_string servern,
md5_update(md5,ssh_string_data(hostn),ssh_string_len(hostn));
md5_update(md5,ssh_string_data(servern),ssh_string_len(servern));
md5_update(md5,session->server_kex.cookie,8);
+ if(session->next_crypto->session_id != NULL)
+ SAFE_FREE(session->next_crypto->session_id);
+ session->next_crypto->session_id = malloc(MD5_DIGEST_LEN);
+ if(session->next_crypto->session_id == NULL){
+ ssh_set_error_oom(session);
+ return SSH_ERROR;
+ }
md5_final(session->next_crypto->session_id,md5);
#ifdef DEBUG_CRYPTO
ssh_print_hexa("session_id",session->next_crypto->session_id,MD5_DIGEST_LEN);
@@ -196,11 +203,31 @@ static ssh_string encrypt_session_key(ssh_session session, ssh_public_key srvkey
int i;
ssh_string data1 = NULL;
ssh_string data2 = NULL;
-
+ if(session->next_crypto->encryptkey != NULL)
+ SAFE_FREE(session->next_crypto->encryptkey);
+ if(session->next_crypto->decryptkey != NULL)
+ SAFE_FREE(session->next_crypto->decryptkey);
+ if(session->next_crypto->encryptIV != NULL)
+ SAFE_FREE(session->next_crypto->encryptIV);
+ if(session->next_crypto->decryptIV != NULL)
+ SAFE_FREE(session->next_crypto->decryptIV);
+ session->next_crypto->encryptkey = malloc(32);
+ session->next_crypto->decryptkey = malloc(32);
+ session->next_crypto->encryptIV = malloc(32);
+ session->next_crypto->decryptIV = malloc(32);
+ if(session->next_crypto->encryptkey == NULL ||
+ session->next_crypto->decryptkey == NULL ||
+ session->next_crypto->encryptIV == NULL ||
+ session->next_crypto->decryptIV == NULL){
+ ssh_set_error_oom(session);
+ return NULL;
+ }
/* first, generate a session key */
ssh_get_random(session->next_crypto->encryptkey, 32, 1);
memcpy(buffer, session->next_crypto->encryptkey, 32);
memcpy(session->next_crypto->decryptkey, session->next_crypto->encryptkey, 32);
+ memset(session->next_crypto->encryptIV, 0, 32);
+ memset(session->next_crypto->decryptIV, 0, 32);
#ifdef DEBUG_CRYPTO
ssh_print_hexa("session key",buffer,32);