21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 */ |
23 */ |
24 |
24 |
25 /* |
25 /* |
|
26 * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. |
|
27 */ |
|
28 |
|
29 /* |
26 * May 22, 2015 |
30 * May 22, 2015 |
27 * In version 6.8 a new packet interface has been introduced to OpenSSH, |
31 * In version 6.8 a new packet interface has been introduced to OpenSSH, |
28 * while the old packet API has been provided in opacket.c. |
32 * while the old packet API has been provided in opacket.c. |
29 * At this moment we are not rewritting GSS-API key exchange code to the new |
33 * At this moment we are not rewritting GSS-API key exchange code to the new |
30 * API, just adjusting it to still work with new struct ssh. |
34 * API, just adjusting it to still work with new struct ssh. |
113 kex->dh = dh_new_group14(); |
117 kex->dh = dh_new_group14(); |
114 break; |
118 break; |
115 case KEX_GSS_GEX_SHA1: |
119 case KEX_GSS_GEX_SHA1: |
116 debug("Doing group exchange"); |
120 debug("Doing group exchange"); |
117 packet_read_expect(SSH2_MSG_KEXGSS_GROUPREQ); |
121 packet_read_expect(SSH2_MSG_KEXGSS_GROUPREQ); |
118 min = packet_get_int(); |
122 kex->min = packet_get_int(); |
119 nbits = packet_get_int(); |
123 kex->nbits = packet_get_int(); |
120 max = packet_get_int(); |
124 kex->max = packet_get_int(); |
121 min = MAX(DH_GRP_MIN, min); |
125 min = MAX(DH_GRP_MIN, kex->min); |
122 max = MIN(DH_GRP_MAX, max); |
126 max = MIN(DH_GRP_MAX, kex->max); |
|
127 nbits = MAX(DH_GRP_MIN, kex->nbits); |
|
128 nbits = MIN(DH_GRP_MAX, nbits); |
123 packet_check_eom(); |
129 packet_check_eom(); |
124 if (max < min || nbits < min || max < nbits) |
130 if (kex->max < kex->min || kex->nbits < kex->min || |
|
131 kex->max < kex->nbits) |
125 fatal("GSS_GEX, bad parameters: %d !< %d !< %d", |
132 fatal("GSS_GEX, bad parameters: %d !< %d !< %d", |
126 min, nbits, max); |
133 kex->min, kex->nbits, kex->max); |
127 kex->dh = PRIVSEP(choose_dh(min, nbits, max)); |
134 kex->dh = PRIVSEP(choose_dh(min, nbits, max)); |
128 if (kex->dh == NULL) |
135 if (kex->dh == NULL) |
129 packet_disconnect("Protocol error:" |
136 packet_disconnect("Protocol error:" |
130 " no matching group found"); |
137 " no matching group found"); |
131 |
138 |
241 kex->hash_alg, |
248 kex->hash_alg, |
242 kex->client_version_string, kex->server_version_string, |
249 kex->client_version_string, kex->server_version_string, |
243 buffer_ptr(kex->peer), buffer_len(kex->peer), |
250 buffer_ptr(kex->peer), buffer_len(kex->peer), |
244 buffer_ptr(kex->my), buffer_len(kex->my), |
251 buffer_ptr(kex->my), buffer_len(kex->my), |
245 NULL, 0, |
252 NULL, 0, |
246 min, nbits, max, |
253 kex->min, kex->nbits, kex->max, |
247 kex->dh->p, kex->dh->g, |
254 kex->dh->p, kex->dh->g, |
248 dh_client_pub, |
255 dh_client_pub, |
249 kex->dh->pub_key, |
256 kex->dh->pub_key, |
250 shared_secret, |
257 shared_secret, |
251 hash, &hashlen); |
258 hash, &hashlen); |