diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2013-04-14 22:49:19 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2013-04-14 22:49:19 +0800 |
| commit | 3bdfae61a23e597acd97db189feea74fb27e028a (patch) | |
| tree | 4784b179e19f4db7b40dca3cdd7ab2741476c608 /cli-kex.c | |
| parent | 4404126501ba18184a8e04f815c21e7a9184414a (diff) | |
| parent | adeb372a66643000aee8445f8b2f9854fdfb4402 (diff) | |
merge
Diffstat (limited to 'cli-kex.c')
| -rw-r--r-- | cli-kex.c | 24 |
1 files changed, 16 insertions, 8 deletions
@@ -42,18 +42,27 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen); #define MAX_KNOWNHOSTS_LINE 4500 void send_msg_kexdh_init() { + TRACE(("send_msg_kexdh_init()")) + if ((cli_ses.dh_e && cli_ses.dh_x + && cli_ses.dh_val_algo == ses.newkeys->algo_kex)) { + TRACE(("reusing existing dh_e from first_kex_packet_follows")) + } else { + if (!cli_ses.dh_e || !cli_ses.dh_e) { + cli_ses.dh_e = (mp_int*)m_malloc(sizeof(mp_int)); + cli_ses.dh_x = (mp_int*)m_malloc(sizeof(mp_int)); + m_mp_init_multi(cli_ses.dh_e, cli_ses.dh_x, NULL); + } - cli_ses.dh_e = (mp_int*)m_malloc(sizeof(mp_int)); - cli_ses.dh_x = (mp_int*)m_malloc(sizeof(mp_int)); - m_mp_init_multi(cli_ses.dh_e, cli_ses.dh_x, NULL); - - gen_kexdh_vals(cli_ses.dh_e, cli_ses.dh_x); + gen_kexdh_vals(cli_ses.dh_e, cli_ses.dh_x); + cli_ses.dh_val_algo = ses.newkeys->algo_kex; + } CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT); buf_putmpint(ses.writepayload, cli_ses.dh_e); encrypt_packet(); - ses.requirenext = SSH_MSG_KEXDH_REPLY; + // XXX fixme + //ses.requirenext = SSH_MSG_KEXDH_REPLY; } /* Handle a diffie-hellman key exchange reply. */ @@ -98,6 +107,7 @@ void recv_msg_kexdh_reply() { mp_clear_multi(cli_ses.dh_e, cli_ses.dh_x, NULL); m_free(cli_ses.dh_e); m_free(cli_ses.dh_x); + cli_ses.dh_val_algo = DROPBEAR_KEX_NONE; if (buf_verify(ses.payload, hostkey, ses.hash, SHA1_HASH_SIZE) != DROPBEAR_SUCCESS) { @@ -251,7 +261,6 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) { /* Compare hostnames */ if (strncmp(cli_opts.remotehost, buf_getptr(line, hostlen), hostlen) != 0) { - TRACE(("hosts don't match")) continue; } @@ -314,7 +323,6 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) { buf_putbytes(line, algoname, algolen); buf_putbyte(line, ' '); len = line->size - line->pos; - TRACE(("keybloblen %d, len %d", keybloblen, len)) /* The only failure with base64 is buffer_overflow, but buf_getwriteptr * will die horribly in the case anyway */ base64_encode(keyblob, keybloblen, buf_getwriteptr(line, len), &len); |