mirror of
https://git.libssh.org/projects/libssh.git
synced 2025-12-12 15:41:16 +03:00
kex: have server_kex use the elected methods
This commit is contained in:
Aris Adamantiadis
@@ -357,10 +357,11 @@ static void ssh_server_connection_callback(ssh_session session){
|
|||||||
case SSH_SESSION_STATE_KEXINIT_RECEIVED:
|
case SSH_SESSION_STATE_KEXINIT_RECEIVED:
|
||||||
set_status(session,0.6f);
|
set_status(session,0.6f);
|
||||||
ssh_list_kex(session, &session->client_kex); // log client kex
|
ssh_list_kex(session, &session->client_kex); // log client kex
|
||||||
crypt_set_algorithms_server(session);
|
|
||||||
if (ssh_kex_select_methods(session) < 0) {
|
if (ssh_kex_select_methods(session) < 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
if (crypt_set_algorithms_server(session) == SSH_ERROR)
|
||||||
|
goto error;
|
||||||
set_status(session,0.8f);
|
set_status(session,0.8f);
|
||||||
session->session_state=SSH_SESSION_STATE_DH;
|
session->session_state=SSH_SESSION_STATE_DH;
|
||||||
break;
|
break;
|
||||||
|
|||||||
109
src/wrapper.c
109
src/wrapper.c
@@ -250,12 +250,10 @@ int crypt_set_algorithms(ssh_session session) {
|
|||||||
crypt_set_algorithms2(session);
|
crypt_set_algorithms2(session);
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO Obviously too much cut and paste here
|
|
||||||
int crypt_set_algorithms_server(ssh_session session){
|
int crypt_set_algorithms_server(ssh_session session){
|
||||||
char *server = NULL;
|
char *method = NULL;
|
||||||
char *client = NULL;
|
|
||||||
char *match = NULL;
|
|
||||||
int i = 0;
|
int i = 0;
|
||||||
|
int rc = SSH_ERROR;
|
||||||
struct crypto_struct *ssh_ciphertab=ssh_get_ciphertab();
|
struct crypto_struct *ssh_ciphertab=ssh_get_ciphertab();
|
||||||
|
|
||||||
if (session == NULL) {
|
if (session == NULL) {
|
||||||
@@ -265,102 +263,65 @@ int crypt_set_algorithms_server(ssh_session session){
|
|||||||
/* we must scan the kex entries to find crypto algorithms and set their appropriate structure */
|
/* we must scan the kex entries to find crypto algorithms and set their appropriate structure */
|
||||||
enter_function();
|
enter_function();
|
||||||
/* out */
|
/* out */
|
||||||
server = session->server_kex.methods[SSH_CRYPT_S_C];
|
method = session->kex_methods[SSH_CRYPT_S_C];
|
||||||
if(session->client_kex.methods) {
|
while(ssh_ciphertab[i].name && strcmp(method,ssh_ciphertab[i].name))
|
||||||
client = session->client_kex.methods[SSH_CRYPT_S_C];
|
|
||||||
} else {
|
|
||||||
ssh_log(session,SSH_LOG_PROTOCOL, "Client KEX empty");
|
|
||||||
}
|
|
||||||
/* That's the client algorithms that are more important */
|
|
||||||
match = ssh_find_matching(server,client);
|
|
||||||
|
|
||||||
|
|
||||||
if(!match){
|
|
||||||
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no matching algorithm function found for %s",server);
|
|
||||||
free(match);
|
|
||||||
leave_function();
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
while(ssh_ciphertab[i].name && strcmp(match,ssh_ciphertab[i].name))
|
|
||||||
i++;
|
i++;
|
||||||
if(!ssh_ciphertab[i].name){
|
if(!ssh_ciphertab[i].name){
|
||||||
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no crypto algorithm function found for %s",server);
|
ssh_set_error(session,SSH_FATAL,"crypt_set_algorithms_server : "
|
||||||
free(match);
|
"no crypto algorithm function found for %s",method);
|
||||||
leave_function();
|
goto error;
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
}
|
||||||
ssh_log(session,SSH_LOG_PACKET,"Set output algorithm %s",match);
|
ssh_log(session,SSH_LOG_PACKET,"Set output algorithm %s",method);
|
||||||
SAFE_FREE(match);
|
|
||||||
|
|
||||||
session->next_crypto->out_cipher = cipher_new(i);
|
session->next_crypto->out_cipher = cipher_new(i);
|
||||||
if (session->next_crypto->out_cipher == NULL) {
|
if (session->next_crypto->out_cipher == NULL) {
|
||||||
ssh_set_error(session, SSH_FATAL, "No space left");
|
ssh_set_error_oom(session);
|
||||||
leave_function();
|
goto error;
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
}
|
||||||
i=0;
|
i=0;
|
||||||
/* in */
|
/* in */
|
||||||
client=session->client_kex.methods[SSH_CRYPT_C_S];
|
method = session->kex_methods[SSH_CRYPT_C_S];
|
||||||
server=session->server_kex.methods[SSH_CRYPT_S_C];
|
while(ssh_ciphertab[i].name && strcmp(method,ssh_ciphertab[i].name))
|
||||||
match=ssh_find_matching(server,client);
|
|
||||||
if(!match){
|
|
||||||
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no matching algorithm function found for %s",server);
|
|
||||||
free(match);
|
|
||||||
leave_function();
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
while(ssh_ciphertab[i].name && strcmp(match,ssh_ciphertab[i].name))
|
|
||||||
i++;
|
i++;
|
||||||
if(!ssh_ciphertab[i].name){
|
if(!ssh_ciphertab[i].name){
|
||||||
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no crypto algorithm function found for %s",server);
|
ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server :"
|
||||||
free(match);
|
"no crypto algorithm function found for %s",method);
|
||||||
leave_function();
|
goto error;
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
}
|
||||||
ssh_log(session,SSH_LOG_PACKET,"Set input algorithm %s",match);
|
ssh_log(session,SSH_LOG_PACKET,"Set input algorithm %s",method);
|
||||||
SAFE_FREE(match);
|
|
||||||
|
|
||||||
session->next_crypto->in_cipher = cipher_new(i);
|
session->next_crypto->in_cipher = cipher_new(i);
|
||||||
if (session->next_crypto->in_cipher == NULL) {
|
if (session->next_crypto->in_cipher == NULL) {
|
||||||
ssh_set_error(session, SSH_FATAL, "No space left");
|
ssh_set_error_oom(session);
|
||||||
leave_function();
|
goto error;
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* compression */
|
/* compression */
|
||||||
client=session->client_kex.methods[SSH_CRYPT_C_S];
|
method = session->kex_methods[SSH_CRYPT_C_S];
|
||||||
server=session->server_kex.methods[SSH_CRYPT_C_S];
|
if(strcmp(method,"zlib") == 0){
|
||||||
match=ssh_find_matching(server,client);
|
|
||||||
if(match && !strcmp(match,"zlib")){
|
|
||||||
ssh_log(session,SSH_LOG_PACKET,"enabling C->S compression");
|
ssh_log(session,SSH_LOG_PACKET,"enabling C->S compression");
|
||||||
session->next_crypto->do_compress_in=1;
|
session->next_crypto->do_compress_in=1;
|
||||||
}
|
}
|
||||||
SAFE_FREE(match);
|
if(strcmp(method,"zlib@openssh.com") == 0){
|
||||||
|
ssh_set_error(session,SSH_FATAL,"zlib@openssh.com not supported");
|
||||||
client=session->client_kex.methods[SSH_CRYPT_S_C];
|
goto error;
|
||||||
server=session->server_kex.methods[SSH_CRYPT_S_C];
|
}
|
||||||
match=ssh_find_matching(server,client);
|
method = session->kex_methods[SSH_CRYPT_S_C];
|
||||||
if(match && !strcmp(match,"zlib")){
|
if(strcmp(method,"zlib") == 0){
|
||||||
ssh_log(session,SSH_LOG_PACKET,"enabling S->C compression\n");
|
ssh_log(session,SSH_LOG_PACKET,"enabling S->C compression\n");
|
||||||
session->next_crypto->do_compress_out=1;
|
session->next_crypto->do_compress_out=1;
|
||||||
}
|
}
|
||||||
SAFE_FREE(match);
|
if(strcmp(method,"zlib@openssh.com") == 0){
|
||||||
|
ssh_set_error(session,SSH_FATAL,"zlib@openssh.com not supported");
|
||||||
server=session->server_kex.methods[SSH_HOSTKEYS];
|
goto error;
|
||||||
client=session->client_kex.methods[SSH_HOSTKEYS];
|
|
||||||
match=ssh_find_matching(server,client);
|
|
||||||
if (match) {
|
|
||||||
session->srv.hostkey = ssh_key_type_from_name(match);
|
|
||||||
} else {
|
|
||||||
ssh_set_error(session, SSH_FATAL, "Cannot know what %s is into %s",
|
|
||||||
match ? match : NULL, server);
|
|
||||||
SAFE_FREE(match);
|
|
||||||
leave_function();
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
}
|
||||||
SAFE_FREE(match);
|
|
||||||
|
method = session->kex_methods[SSH_HOSTKEYS];
|
||||||
|
session->srv.hostkey = ssh_key_type_from_name(method);
|
||||||
|
rc = SSH_OK;
|
||||||
|
error:
|
||||||
leave_function();
|
leave_function();
|
||||||
return SSH_OK;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* vim: set ts=2 sw=2 et cindent: */
|
/* vim: set ts=2 sw=2 et cindent: */
|
||||||
|
|||||||
Reference in New Issue
Block a user