From 94a545505ab96a2b539673cd535f51e363e8704d Mon Sep 17 00:00:00 2001 From: djm Date: Wed, 27 Jan 2021 10:05:28 +0000 Subject: [PATCH] make ssh->kex->session_id a sshbuf instead of u_char*/size_t and use that instead of global variables containing copies of it. feedback/ok markus@ --- usr.bin/ssh/auth2-gss.c | 4 +-- usr.bin/ssh/auth2-hostbased.c | 7 +++-- usr.bin/ssh/auth2-pubkey.c | 11 ++++---- usr.bin/ssh/auth2.c | 4 +-- usr.bin/ssh/clientloop.c | 9 +++---- usr.bin/ssh/gss-genr.c | 9 +++---- usr.bin/ssh/kex.c | 22 +++++++++------- usr.bin/ssh/kex.h | 5 ++-- usr.bin/ssh/monitor.c | 49 ++++++++++++++++++++--------------- usr.bin/ssh/packet.c | 11 ++++---- usr.bin/ssh/serverloop.c | 6 ++--- usr.bin/ssh/ssh-gss.h | 4 +-- usr.bin/ssh/ssh_api.c | 6 +---- usr.bin/ssh/sshconnect2.c | 24 +++++++---------- usr.bin/ssh/sshd.c | 12 +-------- 15 files changed, 80 insertions(+), 103 deletions(-) diff --git a/usr.bin/ssh/auth2-gss.c b/usr.bin/ssh/auth2-gss.c index 1c63e0508de..dfe29c09ccc 100644 --- a/usr.bin/ssh/auth2-gss.c +++ b/usr.bin/ssh/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.30 2020/10/18 11:32:01 djm Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.31 2021/01/27 10:05:28 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -294,7 +294,7 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) mic.value = p; mic.length = len; ssh_gssapi_buildmic(b, authctxt->user, authctxt->service, - "gssapi-with-mic"); + "gssapi-with-mic", ssh->kex->session_id); if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL) fatal_f("sshbuf_mutable_ptr failed"); diff --git a/usr.bin/ssh/auth2-hostbased.c b/usr.bin/ssh/auth2-hostbased.c index 6bdd7559e7d..3f201f35bea 100644 --- a/usr.bin/ssh/auth2-hostbased.c +++ b/usr.bin/ssh/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.45 2021/01/26 05:32:21 dtucker Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.46 2021/01/27 10:05:28 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -34,6 +34,7 @@ #include "xmalloc.h" #include "ssh2.h" #include "packet.h" +#include "kex.h" #include "sshbuf.h" #include "log.h" #include "misc.h" @@ -53,8 +54,6 @@ /* import */ extern ServerOptions options; -extern u_char *session_id2; -extern u_int session_id2_len; static int userauth_hostbased(struct ssh *ssh) @@ -128,7 +127,7 @@ userauth_hostbased(struct ssh *ssh) if ((b = sshbuf_new()) == NULL) fatal_f("sshbuf_new failed"); /* reconstruct packet */ - if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || + if ((r = sshbuf_put_stringb(b, ssh->kex->session_id)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || (r = sshbuf_put_cstring(b, authctxt->user)) != 0 || (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c index 8acb5531610..5234033f843 100644 --- a/usr.bin/ssh/auth2-pubkey.c +++ b/usr.bin/ssh/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.105 2021/01/26 00:49:30 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.106 2021/01/27 10:05:28 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -44,6 +44,7 @@ #include "ssh.h" #include "ssh2.h" #include "packet.h" +#include "kex.h" #include "sshbuf.h" #include "log.h" #include "misc.h" @@ -69,8 +70,6 @@ /* import */ extern ServerOptions options; -extern u_char *session_id2; -extern u_int session_id2_len; static char * format_key(const struct sshkey *key) @@ -172,11 +171,11 @@ userauth_pubkey(struct ssh *ssh) if ((b = sshbuf_new()) == NULL) fatal_f("sshbuf_new failed"); if (ssh->compat & SSH_OLD_SESSIONID) { - if ((r = sshbuf_put(b, session_id2, session_id2_len)) != 0) + if ((r = sshbuf_putb(b, ssh->kex->session_id)) != 0) fatal_fr(r, "put old session id"); } else { - if ((r = sshbuf_put_string(b, session_id2, - session_id2_len)) != 0) + if ((r = sshbuf_put_stringb(b, + ssh->kex->session_id)) != 0) fatal_fr(r, "put session id"); } if (!authctxt->valid || authctxt->user == NULL) { diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index 0a5c5e12d09..34361aeec20 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.159 2020/10/18 11:32:01 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.160 2021/01/27 10:05:28 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -59,8 +59,6 @@ /* import */ extern ServerOptions options; -extern u_char *session_id2; -extern u_int session_id2_len; /* methods */ diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index c70c16428a5..563a23f5ca9 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.357 2021/01/27 09:26:54 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.358 2021/01/27 10:05:28 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2111,9 +2111,6 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, if ((signdata = sshbuf_new()) == NULL) fatal_f("sshbuf_new failed"); - /* Don't want to accidentally accept an unbound signature */ - if (ssh->kex->session_id_len == 0) - fatal_f("ssh->kex->session_id_len == 0"); /* * Expect a signature for each of the ctx->nnew private keys we * haven't seen before. They will be in the same order as the @@ -2126,8 +2123,8 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, sshbuf_reset(signdata); if ( (r = sshbuf_put_cstring(signdata, "hostkeys-prove-00@openssh.com")) != 0 || - (r = sshbuf_put_string(signdata, ssh->kex->session_id, - ssh->kex->session_id_len)) != 0 || + (r = sshbuf_put_stringb(signdata, + ssh->kex->session_id)) != 0 || (r = sshkey_puts(ctx->keys[i], signdata)) != 0) fatal_fr(r, "compose signdata"); /* Extract and verify signature */ diff --git a/usr.bin/ssh/gss-genr.c b/usr.bin/ssh/gss-genr.c index dff6db18cec..38fd1d835be 100644 --- a/usr.bin/ssh/gss-genr.c +++ b/usr.bin/ssh/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.27 2020/10/18 11:32:01 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.28 2021/01/27 10:05:28 djm Exp $ */ /* * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. @@ -39,9 +39,6 @@ #include "ssh-gss.h" -extern u_char *session_id2; -extern u_int session_id2_len; - /* sshbuf_get for gss_buffer_desc */ int ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g) @@ -254,12 +251,12 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) void ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service, - const char *context) + const char *context, const struct sshbuf *session_id) { int r; sshbuf_reset(b); - if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || + if ((r = sshbuf_put_stringb(b, session_id)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || (r = sshbuf_put_cstring(b, user)) != 0 || (r = sshbuf_put_cstring(b, service)) != 0 || diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 393330d21a2..bc67619108c 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.164 2021/01/27 09:26:54 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.165 2021/01/27 10:05:28 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -622,7 +622,8 @@ kex_new(void) (kex->peer = sshbuf_new()) == NULL || (kex->my = sshbuf_new()) == NULL || (kex->client_version = sshbuf_new()) == NULL || - (kex->server_version = sshbuf_new()) == NULL) { + (kex->server_version = sshbuf_new()) == NULL || + (kex->session_id = sshbuf_new()) == NULL) { kex_free(kex); return NULL; } @@ -680,7 +681,7 @@ kex_free(struct kex *kex) sshbuf_free(kex->client_version); sshbuf_free(kex->server_version); sshbuf_free(kex->client_pub); - free(kex->session_id); + sshbuf_free(kex->session_id); free(kex->failed_choice); free(kex->hostkey_alg); free(kex->name); @@ -998,8 +999,7 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, ssh_digest_update_buffer(hashctx, shared_secret) != 0 || ssh_digest_update(hashctx, hash, hashlen) != 0 || ssh_digest_update(hashctx, &c, 1) != 0 || - ssh_digest_update(hashctx, kex->session_id, - kex->session_id_len) != 0 || + ssh_digest_update_buffer(hashctx, kex->session_id) != 0 || ssh_digest_final(hashctx, digest, mdsz) != 0) { r = SSH_ERR_LIBCRYPTO_ERROR; error_f("KEX hash failed"); @@ -1050,12 +1050,14 @@ kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen, int r; /* save initial hash as session id */ - if (kex->session_id == NULL) { - kex->session_id_len = hashlen; - kex->session_id = malloc(kex->session_id_len); - if (kex->session_id == NULL) + if ((kex->flags & KEX_INITIAL) != 0) { + if ((kex->session_id = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - memcpy(kex->session_id, hash, kex->session_id_len); + if ((r = sshbuf_put(kex->session_id, hash, hashlen)) != 0) + return r; + } else if (sshbuf_len(kex->session_id) == 0) { + error_f("no session ID in rekex"); + return SSH_ERR_INTERNAL_ERROR; } for (i = 0; i < NKEYS; i++) { if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen, diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h index 09294f86ba2..c81b491188f 100644 --- a/usr.bin/ssh/kex.h +++ b/usr.bin/ssh/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.112 2020/12/29 00:59:15 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.113 2021/01/27 10:05:28 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -125,8 +125,6 @@ struct newkeys { struct ssh; struct kex { - u_char *session_id; - size_t session_id_len; struct newkeys *newkeys[MODE_MAX]; u_int we_need; u_int dh_need; @@ -142,6 +140,7 @@ struct kex { struct sshbuf *peer; struct sshbuf *client_version; struct sshbuf *server_version; + struct sshbuf *session_id; sig_atomic_t done; u_int flags; int hash_alg; diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 5029f4f9a06..68158d57b03 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.222 2021/01/27 09:26:54 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.223 2021/01/27 10:05:28 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -89,7 +89,6 @@ static Gssctxt *gsscontext = NULL; /* Imports */ extern ServerOptions options; extern u_int utmp_len; -extern u_char session_id[]; extern struct sshbuf *loginmsg; extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */ @@ -1182,7 +1181,9 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) break; } if (!valid_data) - fatal_f("bad signature data blob"); + fatal_f("bad %s signature data blob", + key_blobtype == MM_USERKEY ? "userkey" : + (key_blobtype == MM_HOSTKEY ? "hostkey" : "unknown")); if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) @@ -1415,26 +1416,32 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) fatal_fr(r, "packet_set_state"); sshbuf_free(child_state); child_state = NULL; - - if ((kex = ssh->kex) != NULL) { - /* XXX set callbacks */ + if ((kex = ssh->kex) == NULL) + fatal_f("internal error: ssh->kex == NULL"); + if (session_id2_len != sshbuf_len(ssh->kex->session_id)) { + fatal_f("incorrect session id length %zu (expected %u)", + sshbuf_len(ssh->kex->session_id), session_id2_len); + } + if (memcmp(sshbuf_ptr(ssh->kex->session_id), session_id2, + session_id2_len) != 0) + fatal_f("session ID mismatch"); + /* XXX set callbacks */ #ifdef WITH_OPENSSL - kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; - kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; - kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; - kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; - kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; - kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; - kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; - kex->kex[KEX_ECDH_SHA2] = kex_gen_server; + kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; + kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; + kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; + kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; + kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; + kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; + kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; + kex->kex[KEX_ECDH_SHA2] = kex_gen_server; #endif - kex->kex[KEX_C25519_SHA256] = kex_gen_server; - kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server; - kex->load_host_public_key=&get_hostkey_public_by_type; - kex->load_host_private_key=&get_hostkey_private_by_type; - kex->host_key_index=&get_hostkey_index; - kex->sign = sshd_hostkey_sign; - } + kex->kex[KEX_C25519_SHA256] = kex_gen_server; + kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server; + kex->load_host_public_key=&get_hostkey_public_by_type; + kex->load_host_private_key=&get_hostkey_private_by_type; + kex->host_key_index=&get_hostkey_index; + kex->sign = sshd_hostkey_sign; } /* This function requires careful sanity checking */ diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index 2e96b0c30d8..897ad4272ac 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.298 2020/11/27 00:49:58 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.299 2021/01/27 10:05:28 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2173,9 +2173,7 @@ kex_to_blob(struct sshbuf *m, struct kex *kex) { int r; - if ((r = sshbuf_put_string(m, kex->session_id, - kex->session_id_len)) != 0 || - (r = sshbuf_put_u32(m, kex->we_need)) != 0 || + if ((r = sshbuf_put_u32(m, kex->we_need)) != 0 || (r = sshbuf_put_cstring(m, kex->hostkey_alg)) != 0 || (r = sshbuf_put_u32(m, kex->hostkey_type)) != 0 || (r = sshbuf_put_u32(m, kex->hostkey_nid)) != 0 || @@ -2184,6 +2182,7 @@ kex_to_blob(struct sshbuf *m, struct kex *kex) (r = sshbuf_put_stringb(m, kex->peer)) != 0 || (r = sshbuf_put_stringb(m, kex->client_version)) != 0 || (r = sshbuf_put_stringb(m, kex->server_version)) != 0 || + (r = sshbuf_put_stringb(m, kex->session_id)) != 0 || (r = sshbuf_put_u32(m, kex->flags)) != 0) return r; return 0; @@ -2336,8 +2335,7 @@ kex_from_blob(struct sshbuf *m, struct kex **kexp) if ((kex = kex_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_get_string(m, &kex->session_id, &kex->session_id_len)) != 0 || - (r = sshbuf_get_u32(m, &kex->we_need)) != 0 || + if ((r = sshbuf_get_u32(m, &kex->we_need)) != 0 || (r = sshbuf_get_cstring(m, &kex->hostkey_alg, NULL)) != 0 || (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_type)) != 0 || (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_nid)) != 0 || @@ -2346,6 +2344,7 @@ kex_from_blob(struct sshbuf *m, struct kex **kexp) (r = sshbuf_get_stringb(m, kex->peer)) != 0 || (r = sshbuf_get_stringb(m, kex->client_version)) != 0 || (r = sshbuf_get_stringb(m, kex->server_version)) != 0 || + (r = sshbuf_get_stringb(m, kex->session_id)) != 0 || (r = sshbuf_get_u32(m, &kex->flags)) != 0) goto out; kex->server = 1; diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 879bd07e788..3463104fea8 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.224 2020/10/18 11:32:02 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.225 2021/01/27 10:05:28 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -769,8 +769,8 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) sshkey_type_plain(key->type) == KEY_RSA; if ((r = sshbuf_put_cstring(sigbuf, "hostkeys-prove-00@openssh.com")) != 0 || - (r = sshbuf_put_string(sigbuf, - ssh->kex->session_id, ssh->kex->session_id_len)) != 0 || + (r = sshbuf_put_stringb(sigbuf, + ssh->kex->session_id)) != 0 || (r = sshkey_puts(key, sigbuf)) != 0 || (r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen, sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), diff --git a/usr.bin/ssh/ssh-gss.h b/usr.bin/ssh/ssh-gss.h index 8480608955d..271942b4452 100644 --- a/usr.bin/ssh/ssh-gss.h +++ b/usr.bin/ssh/ssh-gss.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-gss.h,v 1.14 2018/07/10 09:13:30 djm Exp $ */ +/* $OpenBSD: ssh-gss.h,v 1.15 2021/01/27 10:05:28 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. * @@ -101,7 +101,7 @@ void ssh_gssapi_build_ctx(Gssctxt **); void ssh_gssapi_delete_ctx(Gssctxt **); OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); void ssh_gssapi_buildmic(struct sshbuf *, const char *, - const char *, const char *); + const char *, const char *, const struct sshbuf *); int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *); /* In the server */ diff --git a/usr.bin/ssh/ssh_api.c b/usr.bin/ssh/ssh_api.c index 27b9c9e2410..3de29807654 100644 --- a/usr.bin/ssh/ssh_api.c +++ b/usr.bin/ssh/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.25 2021/01/27 09:26:54 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.26 2021/01/27 10:05:28 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -56,10 +56,6 @@ int mm_sshkey_sign(struct sshkey *, u_char **, u_int *, DH *mm_choose_dh(int, int, int); #endif -/* Define these two variables here so that they are part of the library */ -u_char *session_id2 = NULL; -u_int session_id2_len = 0; - int mm_sshkey_sign(struct sshkey *key, u_char **sigp, u_int *lenp, const u_char *data, u_int datalen, const char *alg, diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 29e71e9da52..c960fe76b19 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.345 2021/01/27 09:26:54 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.346 2021/01/27 10:05:28 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -84,9 +84,6 @@ extern Options options; * SSH2 key exchange */ -u_char *session_id2 = NULL; -u_int session_id2_len = 0; - static char *xxx_host; static struct sockaddr *xxx_hostaddr; static const struct ssh_conn_info *xxx_conn_info; @@ -291,9 +288,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) fatal_r(r, "kex_prop2buf"); - session_id2 = ssh->kex->session_id; - session_id2_len = ssh->kex->session_id_len; - #ifdef DEBUG_KEXDH /* send 1st encrypted/maced/compressed message */ if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE)) != 0 || @@ -871,7 +865,8 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) if ((b = sshbuf_new()) == NULL) fatal_f("sshbuf_new failed"); ssh_gssapi_buildmic(b, authctxt->server_user, - authctxt->service, "gssapi-with-mic"); + authctxt->service, "gssapi-with-mic", + ssh->kex->session_id); if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL) fatal_f("sshbuf_mutable_ptr failed"); @@ -1402,13 +1397,12 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id) if ((b = sshbuf_new()) == NULL) fatal_f("sshbuf_new failed"); if (ssh->compat & SSH_OLD_SESSIONID) { - if ((r = sshbuf_put(b, session_id2, - session_id2_len)) != 0) - fatal_fr(r, "sshbuf_put"); + if ((r = sshbuf_putb(b, ssh->kex->session_id)) != 0) + fatal_fr(r, "sshbuf_putb"); } else { - if ((r = sshbuf_put_string(b, session_id2, - session_id2_len)) != 0) - fatal_fr(r, "sshbuf_put_string"); + if ((r = sshbuf_put_stringb(b, + ssh->kex->session_id)) != 0) + fatal_fr(r, "sshbuf_put_stringb"); } skip = sshbuf_len(b); if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || @@ -2165,7 +2159,7 @@ userauth_hostbased(struct ssh *ssh) error_fr(r, "sshkey_to_blob"); goto out; } - if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || + if ((r = sshbuf_put_stringb(b, ssh->kex->session_id)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 || (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index f063a0f2e2e..d89f7612a54 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.568 2021/01/27 09:26:54 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.569 2021/01/27 10:05:28 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -187,13 +187,6 @@ struct { static volatile sig_atomic_t received_sighup = 0; static volatile sig_atomic_t received_sigterm = 0; -/* session identifier, used by RSA-auth */ -u_char session_id[16]; - -/* same for ssh2 */ -u_char *session_id2 = NULL; -u_int session_id2_len = 0; - /* record remote hostname or ip */ u_int utmp_len = HOST_NAME_MAX+1; @@ -2217,9 +2210,6 @@ do_ssh2_kex(struct ssh *ssh) ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done); - session_id2 = kex->session_id; - session_id2_len = kex->session_id_len; - #ifdef DEBUG_KEXDH /* send 1st encrypted/maced/compressed message */ if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE)) != 0 || -- 2.20.1