- (djm) Big OpenBSD sync:
- markus@cvs.openbsd.org 2000/09/30 10:27:44
[log.c]
allow loglevel debug
- markus@cvs.openbsd.org 2000/10/03 11:59:57
[packet.c]
hmac->mac
- markus@cvs.openbsd.org 2000/10/03 12:03:03
[auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
move fake-auth from auth1.c to individual auth methods, disables s/key in
debug-msg
- markus@cvs.openbsd.org 2000/10/03 12:16:48
ssh.c
do not resolve canonname, i have no idea why this was added oin ossh
- markus@cvs.openbsd.org 2000/10/09 15:30:44
ssh-keygen.1 ssh-keygen.c
-X now reads private ssh.com DSA keys, too.
- markus@cvs.openbsd.org 2000/10/09 15:32:34
auth-options.c
clear options on every call.
- markus@cvs.openbsd.org 2000/10/09 15:51:00
authfd.c authfd.h
interop with ssh-agent2, from <res@shore.net>
- markus@cvs.openbsd.org 2000/10/10 14:20:45
compat.c
use rexexp for version string matching
- provos@cvs.openbsd.org 2000/10/10 22:02:18
[kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
First rough implementation of the diffie-hellman group exchange. The
client can ask the server for bigger groups to perform the diffie-hellman
in, thus increasing the attack complexity when using ciphers with longer
keys. University of Windsor provided network, T the company.
- markus@cvs.openbsd.org 2000/10/11 13:59:52
[auth-rsa.c auth2.c]
clear auth options unless auth sucessfull
- markus@cvs.openbsd.org 2000/10/11 14:00:27
[auth-options.h]
clear auth options unless auth sucessfull
- markus@cvs.openbsd.org 2000/10/11 14:03:27
[scp.1 scp.c]
support 'scp -o' with help from mouring@pconline.com
- markus@cvs.openbsd.org 2000/10/11 14:11:35
[dh.c]
Wall
- markus@cvs.openbsd.org 2000/10/11 14:14:40
[auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
[ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
add support for s/key (kbd-interactive) to ssh2, based on work by
mkiernan@avantgo.com and me
- markus@cvs.openbsd.org 2000/10/11 14:27:24
[auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
[myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
[sshconnect2.c sshd.c]
new cipher framework
- markus@cvs.openbsd.org 2000/10/11 14:45:21
[cipher.c]
remove DES
- markus@cvs.openbsd.org 2000/10/12 03:59:20
[cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
enable DES in SSH-1 clients only
- markus@cvs.openbsd.org 2000/10/12 08:21:13
[kex.h packet.c]
remove unused
- markus@cvs.openbsd.org 2000/10/13 12:34:46
[sshd.c]
Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
- markus@cvs.openbsd.org 2000/10/13 12:59:15
[cipher.c cipher.h myproposal.h rijndael.c rijndael.h]
rijndael/aes support
- markus@cvs.openbsd.org 2000/10/13 13:10:54
[sshd.8]
more info about -V
- markus@cvs.openbsd.org 2000/10/13 13:12:02
[myproposal.h]
prefer no compression
diff --git a/dh.c b/dh.c
new file mode 100644
index 0000000..ff84619
--- /dev/null
+++ b/dh.c
@@ -0,0 +1,157 @@
+/*
+ * Copyright (c) 2000 Niels Provos. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: dh.c,v 1.2 2000/10/11 20:11:35 markus Exp $");
+
+#include "xmalloc.h"
+
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/evp.h>
+
+#include "ssh.h"
+#include "buffer.h"
+#include "kex.h"
+#include "dh.h"
+
+int
+parse_prime(int linenum, char *line, struct dhgroup *dhg)
+{
+ char *cp, *arg;
+ char *strsize, *gen, *prime;
+
+ cp = line;
+ arg = strdelim(&cp);
+ /* Ignore leading whitespace */
+ if (*arg == '\0')
+ arg = strdelim(&cp);
+ if (!*arg || *arg == '#')
+ return 0;
+
+ /* time */
+ if (cp == NULL || *arg == '\0')
+ goto fail;
+ arg = strsep(&cp, " "); /* type */
+ if (cp == NULL || *arg == '\0')
+ goto fail;
+ arg = strsep(&cp, " "); /* tests */
+ if (cp == NULL || *arg == '\0')
+ goto fail;
+ arg = strsep(&cp, " "); /* tries */
+ if (cp == NULL || *arg == '\0')
+ goto fail;
+ strsize = strsep(&cp, " "); /* size */
+ if (cp == NULL || *strsize == '\0' ||
+ (dhg->size = atoi(strsize)) == 0)
+ goto fail;
+ gen = strsep(&cp, " "); /* gen */
+ if (cp == NULL || *gen == '\0')
+ goto fail;
+ prime = strsep(&cp, " "); /* prime */
+ if (cp != NULL || *prime == '\0')
+ goto fail;
+
+ dhg->g = BN_new();
+ if (BN_hex2bn(&dhg->g, gen) < 0) {
+ BN_free(dhg->g);
+ goto fail;
+ }
+ dhg->p = BN_new();
+ if (BN_hex2bn(&dhg->p, prime) < 0) {
+ BN_free(dhg->g);
+ BN_free(dhg->p);
+ goto fail;
+ }
+
+ return (1);
+ fail:
+ fprintf(stderr, "Bad prime description in line %d\n", linenum);
+ return (0);
+}
+
+DH *
+choose_dh(int minbits)
+{
+ FILE *f;
+ char line[1024];
+ int best, bestcount, which;
+ int linenum;
+ struct dhgroup dhg;
+
+ f = fopen(DH_PRIMES, "r");
+ if (!f) {
+ perror(DH_PRIMES);
+ log("WARNING: %s does not exist, using old prime", DH_PRIMES);
+ return (dh_new_group1());
+ }
+
+ linenum = 0;
+ best = bestcount = 0;
+ while (fgets(line, sizeof(line), f)) {
+ linenum++;
+ if (!parse_prime(linenum, line, &dhg))
+ continue;
+ BN_free(dhg.g);
+ BN_free(dhg.p);
+
+ if ((dhg.size > minbits && dhg.size < best) ||
+ (dhg.size > best && best < minbits)) {
+ best = dhg.size;
+ bestcount = 0;
+ }
+ if (dhg.size == best)
+ bestcount++;
+ }
+ fclose (f);
+
+ if (bestcount == 0) {
+ log("WARNING: no primes in %s, using old prime", DH_PRIMES);
+ return (dh_new_group1());
+ }
+
+ f = fopen(DH_PRIMES, "r");
+ if (!f) {
+ perror(DH_PRIMES);
+ exit(1);
+ }
+
+ linenum = 0;
+ which = arc4random() % bestcount;
+ while (fgets(line, sizeof(line), f)) {
+ if (!parse_prime(linenum, line, &dhg))
+ continue;
+ if (dhg.size != best)
+ continue;
+ if (linenum++ != which) {
+ BN_free(dhg.g);
+ BN_free(dhg.p);
+ continue;
+ }
+ break;
+ }
+ fclose(f);
+
+ return (dh_new_group(dhg.g, dhg.p));
+}