]> asedeno.scripts.mit.edu Git - PuTTY.git/blobdiff - ssh.c
Clean up GTK keyboard event diagnostics.
[PuTTY.git] / ssh.c
diff --git a/ssh.c b/ssh.c
index c565059689c531d95b0404c1488a39bcb1161827..f56e10a9f11c1f1d441595e07599bf8195c787d1 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -6127,16 +6127,24 @@ static void ssh2_pkt_addstring_commasep(struct Packet *pkt, const char *data)
 
 
 /*
- * SSH-2 key creation method.
- * (Currently assumes 2 lots of any hash are sufficient to generate
- * keys/IVs for any cipher/MAC. SSH2_MKKEY_ITERS documents this assumption.)
+ * SSH-2 key derivation (RFC 4253 section 7.2).
  */
-#define SSH2_MKKEY_ITERS (2)
-static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H, char chr,
-                      unsigned char *keyspace)
+static unsigned char *ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H,
+                                 char chr, int keylen)
 {
     const struct ssh_hash *h = ssh->kex->hash;
-    void *s;
+    int keylen_padded;
+    unsigned char *key;
+    void *s, *s2;
+
+    if (keylen == 0)
+        return NULL;
+
+    /* Round up to the next multiple of hash length. */
+    keylen_padded = ((keylen + h->hlen - 1) / h->hlen) * h->hlen;
+
+    key = snewn(keylen_padded, unsigned char);
+
     /* First hlen bytes. */
     s = h->init();
     if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
@@ -6144,14 +6152,33 @@ static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H, char chr,
     h->bytes(s, H, h->hlen);
     h->bytes(s, &chr, 1);
     h->bytes(s, ssh->v2_session_id, ssh->v2_session_id_len);
-    h->final(s, keyspace);
-    /* Next hlen bytes. */
-    s = h->init();
-    if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
-       hash_mpint(h, s, K);
-    h->bytes(s, H, h->hlen);
-    h->bytes(s, keyspace, h->hlen);
-    h->final(s, keyspace + h->hlen);
+    h->final(s, key);
+
+    /* Subsequent blocks of hlen bytes. */
+    if (keylen_padded > h->hlen) {
+        int offset;
+
+        s = h->init();
+        if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
+            hash_mpint(h, s, K);
+        h->bytes(s, H, h->hlen);
+
+        for (offset = h->hlen; offset < keylen_padded; offset += h->hlen) {
+            h->bytes(s, key + offset - h->hlen, h->hlen);
+            s2 = h->copy(s);
+            h->final(s2, key + offset);
+        }
+
+        h->free(s);
+    }
+
+    /* Now clear any extra bytes of key material beyond the length
+     * we're officially returning, because the caller won't know to
+     * smemclr those. */
+    if (keylen_padded > keylen)
+        smemclr(key + keylen, keylen_padded - keylen);
+
+    return key;
 }
 
 /*
@@ -6197,6 +6224,7 @@ static struct kexinit_algorithm *ssh2_kexinit_addalg(struct kexinit_algorithm
            return &list[i];
        }
     assert(!"No space in KEXINIT list");
+    return NULL;
 }
 
 /*
@@ -6778,6 +6806,10 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
         }
         set_busy_status(ssh->frontend, BUSY_CPU); /* cogitate */
         ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
+        if (!s->hostkeydata) {
+            bombout(("unable to parse key exchange reply packet"));
+            crStopV;
+        }
         s->hkey = ssh->hostkey->newkey(ssh->hostkey,
                                        s->hostkeydata, s->hostkeylen);
         s->f = ssh2_pkt_getmp(pktin);
@@ -6786,6 +6818,10 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
             crStopV;
         }
         ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
+        if (!s->sigdata) {
+            bombout(("unable to parse key exchange reply packet"));
+            crStopV;
+        }
 
         {
             const char *err = dh_validate_f(ssh->kex_ctx, s->f);
@@ -6857,6 +6893,10 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
         }
 
         ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
+        if (!s->hostkeydata) {
+            bombout(("unable to parse ECDH reply packet"));
+            crStopV;
+        }
         hash_string(ssh->kex->hash, ssh->exhash, s->hostkeydata, s->hostkeylen);
         s->hkey = ssh->hostkey->newkey(ssh->hostkey,
                                        s->hostkeydata, s->hostkeylen);
@@ -6879,6 +6919,10 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
             char *keydata;
             int keylen;
             ssh_pkt_getstring(pktin, &keydata, &keylen);
+            if (!keydata) {
+                bombout(("unable to parse ECDH reply packet"));
+                crStopV;
+            }
             hash_string(ssh->kex->hash, ssh->exhash, keydata, keylen);
             s->K = ssh_ecdhkex_getkey(s->eckey, keydata, keylen);
             if (!s->K) {
@@ -6889,6 +6933,10 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
         }
 
         ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
+        if (!s->sigdata) {
+            bombout(("unable to parse key exchange reply packet"));
+            crStopV;
+        }
 
         ssh_ecdhkex_freekey(s->eckey);
     } else {
@@ -6906,6 +6954,10 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
         }
 
         ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
+        if (!s->hostkeydata) {
+            bombout(("unable to parse RSA public key packet"));
+            crStopV;
+        }
         hash_string(ssh->kex->hash, ssh->exhash,
                    s->hostkeydata, s->hostkeylen);
        s->hkey = ssh->hostkey->newkey(ssh->hostkey,
@@ -6914,6 +6966,10 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
         {
             char *keydata;
             ssh_pkt_getstring(pktin, &keydata, &s->rsakeylen);
+            if (!keydata) {
+                bombout(("unable to parse RSA public key packet"));
+                crStopV;
+            }
             s->rsakeydata = snewn(s->rsakeylen, char);
             memcpy(s->rsakeydata, keydata, s->rsakeylen);
         }
@@ -6990,6 +7046,10 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
         }
 
         ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
+        if (!s->sigdata) {
+            bombout(("unable to parse signature packet"));
+            crStopV;
+        }
 
         sfree(s->rsakeydata);
     }
@@ -7120,21 +7180,25 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
      * hash from the _first_ key exchange.
      */
     {
-       unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
-       assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
-       ssh2_mkkey(ssh,s->K,s->exchange_hash,'C',keyspace);
-       assert((ssh->cscipher->keylen+7) / 8 <=
-              ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
-       ssh->cscipher->setkey(ssh->cs_cipher_ctx, keyspace);
-       ssh2_mkkey(ssh,s->K,s->exchange_hash,'A',keyspace);
-       assert(ssh->cscipher->blksize <=
-              ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
-       ssh->cscipher->setiv(ssh->cs_cipher_ctx, keyspace);
-       ssh2_mkkey(ssh,s->K,s->exchange_hash,'E',keyspace);
-       assert(ssh->csmac->len <=
-              ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
-       ssh->csmac->setkey(ssh->cs_mac_ctx, keyspace);
-       smemclr(keyspace, sizeof(keyspace));
+       unsigned char *key;
+
+       key = ssh2_mkkey(ssh, s->K, s->exchange_hash, 'C',
+                         (ssh->cscipher->keylen+7) / 8);
+       ssh->cscipher->setkey(ssh->cs_cipher_ctx, key);
+        smemclr(key, (ssh->cscipher->keylen+7) / 8);
+        sfree(key);
+
+       key = ssh2_mkkey(ssh, s->K, s->exchange_hash, 'A',
+                         ssh->cscipher->blksize);
+       ssh->cscipher->setiv(ssh->cs_cipher_ctx, key);
+        smemclr(key, ssh->cscipher->blksize);
+        sfree(key);
+
+       key = ssh2_mkkey(ssh, s->K, s->exchange_hash, 'E',
+                         ssh->csmac->keylen);
+       ssh->csmac->setkey(ssh->cs_mac_ctx, key);
+        smemclr(key, ssh->csmac->keylen);
+        sfree(key);
     }
 
     logeventf(ssh, "Initialised %.200s client->server encryption",
@@ -7189,21 +7253,25 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
      * hash from the _first_ key exchange.
      */
     {
-       unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
-       assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
-       ssh2_mkkey(ssh,s->K,s->exchange_hash,'D',keyspace);
-       assert((ssh->sccipher->keylen+7) / 8 <=
-              ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
-       ssh->sccipher->setkey(ssh->sc_cipher_ctx, keyspace);
-       ssh2_mkkey(ssh,s->K,s->exchange_hash,'B',keyspace);
-       assert(ssh->sccipher->blksize <=
-              ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
-       ssh->sccipher->setiv(ssh->sc_cipher_ctx, keyspace);
-       ssh2_mkkey(ssh,s->K,s->exchange_hash,'F',keyspace);
-       assert(ssh->scmac->len <=
-              ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
-       ssh->scmac->setkey(ssh->sc_mac_ctx, keyspace);
-       smemclr(keyspace, sizeof(keyspace));
+       unsigned char *key;
+
+       key = ssh2_mkkey(ssh, s->K, s->exchange_hash, 'D',
+                         (ssh->sccipher->keylen + 7) / 8);
+       ssh->sccipher->setkey(ssh->sc_cipher_ctx, key);
+        smemclr(key, (ssh->sccipher->keylen + 7) / 8);
+        sfree(key);
+
+       key = ssh2_mkkey(ssh, s->K, s->exchange_hash, 'B',
+                         ssh->sccipher->blksize);
+       ssh->sccipher->setiv(ssh->sc_cipher_ctx, key);
+        smemclr(key, ssh->sccipher->blksize);
+        sfree(key);
+
+       key = ssh2_mkkey(ssh, s->K, s->exchange_hash, 'F',
+                         ssh->scmac->keylen);
+       ssh->scmac->setkey(ssh->sc_mac_ctx, key);
+        smemclr(key, ssh->scmac->keylen);
+        sfree(key);
     }
     logeventf(ssh, "Initialised %.200s server->client encryption",
              ssh->sccipher->text_name);
@@ -7785,7 +7853,7 @@ static void ssh_check_termination(Ssh ssh)
 {
     if (ssh->version == 2 &&
         !conf_get_int(ssh->conf, CONF_ssh_no_shell) &&
-        count234(ssh->channels) == 0 &&
+        (ssh->channels && count234(ssh->channels) == 0) &&
         !(ssh->connshare && share_ndownstreams(ssh->connshare) > 0)) {
         /*
          * We used to send SSH_MSG_DISCONNECT here, because I'd
@@ -9326,11 +9394,20 @@ static void do_ssh2_authconn(Ssh ssh, const unsigned char *in, int inlen,
                s->can_keyb_inter = conf_get_int(ssh->conf, CONF_try_ki_auth) &&
                    in_commasep_string("keyboard-interactive", methods, methlen);
 #ifndef NO_GSSAPI
-               if (!ssh->gsslibs)
-                   ssh->gsslibs = ssh_gss_setup(ssh->conf);
-               s->can_gssapi = conf_get_int(ssh->conf, CONF_try_gssapi_auth) &&
-                   in_commasep_string("gssapi-with-mic", methods, methlen) &&
-                   ssh->gsslibs->nlibraries > 0;
+                if (conf_get_int(ssh->conf, CONF_try_gssapi_auth) &&
+                   in_commasep_string("gssapi-with-mic", methods, methlen)) {
+                    /* Try loading the GSS libraries and see if we
+                     * have any. */
+                    if (!ssh->gsslibs)
+                        ssh->gsslibs = ssh_gss_setup(ssh->conf);
+                    s->can_gssapi = (ssh->gsslibs->nlibraries > 0);
+                } else {
+                    /* No point in even bothering to try to load the
+                     * GSS libraries, if the user configuration and
+                     * server aren't both prepared to attempt GSSAPI
+                     * auth in the first place. */
+                    s->can_gssapi = FALSE;
+                }
 #endif
            }
 
@@ -10524,7 +10601,8 @@ static void do_ssh2_authconn(Ssh ssh, const unsigned char *in, int inlen,
             * Try to send data on all channels if we can.
             */
            for (i = 0; NULL != (c = index234(ssh->channels, i)); i++)
-               ssh2_try_send_and_unthrottle(ssh, c);
+                if (c->type != CHAN_SHARING)
+                    ssh2_try_send_and_unthrottle(ssh, c);
        }
     }