| 2473 |
break; |
break; |
| 2474 |
} |
} |
| 2475 |
case SSH_AUTH_RSA:{ |
case SSH_AUTH_RSA:{ |
| 2476 |
int len = BN_num_bytes(cred->key_pair->RSA_key->n); |
int len = BN_num_bytes(cred->key_pair->rsa->n); |
| 2477 |
unsigned char FAR *outmsg = |
unsigned char FAR *outmsg = |
| 2478 |
begin_send_packet(pvar, SSH_CMSG_AUTH_RSA, 2 + len); |
begin_send_packet(pvar, SSH_CMSG_AUTH_RSA, 2 + len); |
| 2479 |
|
|
| 2482 |
LOG_LEVEL_VERBOSE); |
LOG_LEVEL_VERBOSE); |
| 2483 |
|
|
| 2484 |
set_ushort16_MSBfirst(outmsg, len * 8); |
set_ushort16_MSBfirst(outmsg, len * 8); |
| 2485 |
BN_bn2bin(cred->key_pair->RSA_key->n, outmsg + 2); |
BN_bn2bin(cred->key_pair->rsa->n, outmsg + 2); |
| 2486 |
/* don't destroy the current credentials yet */ |
/* don't destroy the current credentials yet */ |
| 2487 |
enque_handlers(pvar, 2, RSA_msgs, RSA_handlers); |
enque_handlers(pvar, 2, RSA_msgs, RSA_handlers); |
| 2488 |
break; |
break; |
| 2489 |
} |
} |
| 2490 |
case SSH_AUTH_RHOSTS_RSA:{ |
case SSH_AUTH_RHOSTS_RSA:{ |
| 2491 |
int mod_len = BN_num_bytes(cred->key_pair->RSA_key->n); |
int mod_len = BN_num_bytes(cred->key_pair->rsa->n); |
| 2492 |
int name_len = strlen(cred->rhosts_client_user); |
int name_len = strlen(cred->rhosts_client_user); |
| 2493 |
int exp_len = BN_num_bytes(cred->key_pair->RSA_key->e); |
int exp_len = BN_num_bytes(cred->key_pair->rsa->e); |
| 2494 |
int index; |
int index; |
| 2495 |
unsigned char FAR *outmsg = |
unsigned char FAR *outmsg = |
| 2496 |
begin_send_packet(pvar, SSH_CMSG_AUTH_RHOSTS_RSA, |
begin_send_packet(pvar, SSH_CMSG_AUTH_RHOSTS_RSA, |
| 2506 |
|
|
| 2507 |
set_uint32(outmsg + index, 8 * mod_len); |
set_uint32(outmsg + index, 8 * mod_len); |
| 2508 |
set_ushort16_MSBfirst(outmsg + index + 4, 8 * exp_len); |
set_ushort16_MSBfirst(outmsg + index + 4, 8 * exp_len); |
| 2509 |
BN_bn2bin(cred->key_pair->RSA_key->e, outmsg + index + 6); |
BN_bn2bin(cred->key_pair->rsa->e, outmsg + index + 6); |
| 2510 |
index += 6 + exp_len; |
index += 6 + exp_len; |
| 2511 |
|
|
| 2512 |
set_ushort16_MSBfirst(outmsg + index, 8 * mod_len); |
set_ushort16_MSBfirst(outmsg + index, 8 * mod_len); |
| 2513 |
BN_bn2bin(cred->key_pair->RSA_key->n, outmsg + index + 2); |
BN_bn2bin(cred->key_pair->rsa->n, outmsg + index + 2); |
| 2514 |
/* don't destroy the current credentials yet */ |
/* don't destroy the current credentials yet */ |
| 2515 |
enque_handlers(pvar, 2, RSA_msgs, RSA_handlers); |
enque_handlers(pvar, 2, RSA_msgs, RSA_handlers); |
| 2516 |
break; |
break; |
| 4515 |
msg = tmp; |
msg = tmp; |
| 4516 |
goto error; |
goto error; |
| 4517 |
} |
} |
| 4518 |
if (strcmp(str_keytype, "ssh-rsa") == 0) { |
pvar->hostkey_type = get_keytype_from_name(str_keytype); |
| 4519 |
pvar->hostkey_type = KEY_RSA; |
if (pvar->hostkey_type == KEY_UNSPEC) { |
| 4520 |
} else if (strcmp(str_keytype, "ssh-dss") == 0) { |
strncpy_s(tmp, sizeof(tmp), "unknown host KEY type: ", _TRUNCATE); |
| 4521 |
pvar->hostkey_type = KEY_DSA; |
strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE); |
|
} else if (strcmp(str_keytype, "rsa1") == 0) { |
|
|
pvar->hostkey_type = KEY_RSA1; |
|
|
} else if (strcmp(str_keytype, "rsa") == 0) { |
|
|
pvar->hostkey_type = KEY_RSA; |
|
|
} else if (strcmp(str_keytype, "dsa") == 0) { |
|
|
pvar->hostkey_type = KEY_DSA; |
|
|
} |
|
|
#if 0 |
|
|
// TODO: 現状は KEY_RSA しかサポートしていない (2004.10.24 yutaka) |
|
|
if (pvar->hostkey_type != KEY_RSA) { |
|
|
strcpy(tmp, "unknown KEY type: "); |
|
|
strcat(tmp, buf); |
|
| 4522 |
msg = tmp; |
msg = tmp; |
| 4523 |
goto error; |
goto error; |
| 4524 |
} |
} |
|
#endif |
|
| 4525 |
|
|
| 4526 |
_snprintf_s(buf, sizeof(buf), _TRUNCATE, |
_snprintf_s(buf, sizeof(buf), _TRUNCATE, |
| 4527 |
"server host key algorithm: %s", str_keytype); |
"server host key algorithm: %s", str_keytype); |
| 4912 |
int len; |
int len; |
| 4913 |
int offset = 0; |
int offset = 0; |
| 4914 |
char *server_host_key_blob; |
char *server_host_key_blob; |
| 4915 |
int bloblen, keynamelen, siglen; |
int bloblen, siglen; |
|
char key[128]; |
|
|
RSA *rsa = NULL; |
|
|
DSA *dsa = NULL; |
|
| 4916 |
BIGNUM *dh_server_pub = NULL; |
BIGNUM *dh_server_pub = NULL; |
| 4917 |
char *signature; |
char *signature; |
| 4918 |
int dh_len, share_len; |
int dh_len, share_len; |
| 4921 |
char *hash; |
char *hash; |
| 4922 |
char *emsg, emsg_tmp[1024]; // error message |
char *emsg, emsg_tmp[1024]; // error message |
| 4923 |
int ret, hashlen; |
int ret, hashlen; |
| 4924 |
Key hostkey; // hostkey |
Key *hostkey; // hostkey |
| 4925 |
|
|
| 4926 |
notify_verbose_message(pvar, "SSH2_MSG_KEXDH_REPLY was received.", LOG_LEVEL_VERBOSE); |
notify_verbose_message(pvar, "SSH2_MSG_KEXDH_REPLY was received.", LOG_LEVEL_VERBOSE); |
| 4927 |
|
|
| 4943 |
|
|
| 4944 |
push_memdump("KEXDH_REPLY", "server_host_key_blob", server_host_key_blob, bloblen); |
push_memdump("KEXDH_REPLY", "server_host_key_blob", server_host_key_blob, bloblen); |
| 4945 |
|
|
| 4946 |
// key_from_blob()#key.c の処理が以下から始まる。 |
hostkey = key_from_blob(data, bloblen); |
| 4947 |
// known_hosts検証用の server_host_key は rsa or dsa となる。 |
if (hostkey == NULL) { |
| 4948 |
keynamelen = get_uint32_MSBfirst(data); |
emsg = "key_from_blob error @ handle_SSH2_dh_gex_reply()"; |
|
if (keynamelen >= 128) { |
|
|
emsg = "keyname length too big @ handle_SSH2_dh_kex_reply()"; |
|
|
goto error; |
|
|
} |
|
|
data +=4 ; |
|
|
memcpy(key, data, keynamelen); |
|
|
key[keynamelen] = 0; |
|
|
data += keynamelen; |
|
|
|
|
|
push_memdump("KEXDH_REPLY", "keyname", key, keynamelen); |
|
|
|
|
|
// RSA key |
|
|
if (strcmp(key, "ssh-rsa") == 0) { |
|
|
rsa = RSA_new(); |
|
|
if (rsa == NULL) { |
|
|
emsg = "Out of memory1 @ handle_SSH2_dh_kex_reply()"; |
|
|
goto error; |
|
|
} |
|
|
rsa->n = BN_new(); |
|
|
rsa->e = BN_new(); |
|
|
if (rsa->n == NULL || rsa->e == NULL) { |
|
|
emsg = "Out of memory2 @ handle_SSH2_dh_kex_reply()"; |
|
|
goto error; |
|
|
} |
|
|
|
|
|
buffer_get_bignum2(&data, rsa->e); |
|
|
buffer_get_bignum2(&data, rsa->n); |
|
|
|
|
|
hostkey.type = KEY_RSA; |
|
|
hostkey.rsa = rsa; |
|
|
|
|
|
} else if (strcmp(key, "ssh-dss") == 0) { // DSA key |
|
|
dsa = DSA_new(); |
|
|
if (dsa == NULL) { |
|
|
emsg = "Out of memory3 @ handle_SSH2_dh_kex_reply()"; |
|
|
goto error; |
|
|
} |
|
|
dsa->p = BN_new(); |
|
|
dsa->q = BN_new(); |
|
|
dsa->g = BN_new(); |
|
|
dsa->pub_key = BN_new(); |
|
|
if (dsa->p == NULL || |
|
|
dsa->q == NULL || |
|
|
dsa->g == NULL || |
|
|
dsa->pub_key == NULL) { |
|
|
emsg = "Out of memory4 @ handle_SSH2_dh_kex_reply()"; |
|
|
goto error; |
|
|
} |
|
|
|
|
|
buffer_get_bignum2(&data, dsa->p); |
|
|
buffer_get_bignum2(&data, dsa->q); |
|
|
buffer_get_bignum2(&data, dsa->g); |
|
|
buffer_get_bignum2(&data, dsa->pub_key); |
|
|
|
|
|
hostkey.type = KEY_DSA; |
|
|
hostkey.dsa = dsa; |
|
|
|
|
|
} else { |
|
|
// unknown key |
|
|
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, |
|
|
"Unknown key type(%s) @ handle_SSH2_dh_kex_reply()", key); |
|
|
emsg = emsg_tmp; |
|
| 4949 |
goto error; |
goto error; |
|
|
|
| 4950 |
} |
} |
| 4951 |
|
data += bloblen; |
| 4952 |
|
|
| 4953 |
// known_hosts対応 (2006.3.20 yutaka) |
// known_hosts対応 (2006.3.20 yutaka) |
| 4954 |
if (hostkey.type != pvar->hostkey_type) { // ホストキーの種別比較 |
if (hostkey->type != pvar->hostkey_type) { // ホストキーの種別比較 |
| 4955 |
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, |
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, |
| 4956 |
"type mismatch for decoded server_host_key_blob @ %s", __FUNCTION__); |
"type mismatch for decoded server_host_key_blob @ %s", __FUNCTION__); |
| 4957 |
emsg = emsg_tmp; |
emsg = emsg_tmp; |
| 4958 |
goto error; |
goto error; |
| 4959 |
} |
} |
| 4960 |
HOSTS_check_host_key(pvar, pvar->ssh_state.hostname, pvar->ssh_state.tcpport, &hostkey); |
HOSTS_check_host_key(pvar, pvar->ssh_state.hostname, pvar->ssh_state.tcpport, hostkey); |
| 4961 |
if (pvar->socket == INVALID_SOCKET) { |
if (pvar->socket == INVALID_SOCKET) { |
| 4962 |
emsg = "Server disconnected @ handle_SSH2_dh_kex_reply()"; |
emsg = "Server disconnected @ handle_SSH2_dh_kex_reply()"; |
| 4963 |
goto error; |
goto error; |
| 4965 |
|
|
| 4966 |
dh_server_pub = BN_new(); |
dh_server_pub = BN_new(); |
| 4967 |
if (dh_server_pub == NULL) { |
if (dh_server_pub == NULL) { |
| 4968 |
emsg = "Out of memory5 @ handle_SSH2_dh_kex_reply()"; |
emsg = "Out of memory1 @ handle_SSH2_dh_kex_reply()"; |
| 4969 |
goto error; |
goto error; |
| 4970 |
} |
} |
| 4971 |
|
|
| 4986 |
dh_len = DH_size(pvar->kexdh); |
dh_len = DH_size(pvar->kexdh); |
| 4987 |
dh_buf = malloc(dh_len); |
dh_buf = malloc(dh_len); |
| 4988 |
if (dh_buf == NULL) { |
if (dh_buf == NULL) { |
| 4989 |
emsg = "Out of memory6 @ handle_SSH2_dh_kex_reply()"; |
emsg = "Out of memory2 @ handle_SSH2_dh_kex_reply()"; |
| 4990 |
goto error; |
goto error; |
| 4991 |
} |
} |
| 4992 |
share_len = DH_compute_key(dh_buf, dh_server_pub, pvar->kexdh); |
share_len = DH_compute_key(dh_buf, dh_server_pub, pvar->kexdh); |
| 4993 |
share_key = BN_new(); |
share_key = BN_new(); |
| 4994 |
if (share_key == NULL) { |
if (share_key == NULL) { |
| 4995 |
emsg = "Out of memory7 @ handle_SSH2_dh_kex_reply()"; |
emsg = "Out of memory3 @ handle_SSH2_dh_kex_reply()"; |
| 4996 |
goto error; |
goto error; |
| 4997 |
} |
} |
| 4998 |
// 'share_key'がサーバとクライアントで共有する鍵(G^A×B mod P)となる。 |
// 'share_key'がサーバとクライアントで共有する鍵(G^A×B mod P)となる。 |
| 5039 |
} |
} |
| 5040 |
} |
} |
| 5041 |
|
|
| 5042 |
if ((ret = key_verify(rsa, dsa, signature, siglen, hash, hashlen)) != 1) { |
if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) { |
| 5043 |
if (ret == -3 && rsa != NULL) { |
if (ret == -3 && hostkey->type == KEY_RSA) { |
| 5044 |
if (!pvar->settings.EnableRsaShortKeyServer) { |
if (!pvar->settings.EnableRsaShortKeyServer) { |
| 5045 |
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, |
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, |
| 5046 |
"key verify error(remote rsa key length is too short %d-bit) " |
"key verify error(remote rsa key length is too short %d-bit) " |
| 5047 |
"@ handle_SSH2_dh_kex_reply()", BN_num_bits(rsa->n)); |
"@ handle_SSH2_dh_kex_reply()", BN_num_bits(hostkey->rsa->n)); |
| 5048 |
} |
} |
| 5049 |
else { |
else { |
| 5050 |
goto cont; |
goto cont; |
| 5106 |
SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) |
SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) |
| 5107 |
|
|
| 5108 |
BN_free(dh_server_pub); |
BN_free(dh_server_pub); |
| 5109 |
RSA_free(rsa); |
key_free(hostkey); |
|
DSA_free(dsa); |
|
| 5110 |
DH_free(pvar->kexdh); pvar->kexdh = NULL; |
DH_free(pvar->kexdh); pvar->kexdh = NULL; |
| 5111 |
free(dh_buf); |
free(dh_buf); |
| 5112 |
return TRUE; |
return TRUE; |
| 5113 |
|
|
| 5114 |
error: |
error: |
|
RSA_free(rsa); |
|
|
DSA_free(dsa); |
|
|
DH_free(pvar->kexdh); pvar->kexdh = NULL; |
|
| 5115 |
BN_free(dh_server_pub); |
BN_free(dh_server_pub); |
| 5116 |
|
DH_free(pvar->kexdh); pvar->kexdh = NULL; |
| 5117 |
|
key_free(hostkey); |
| 5118 |
free(dh_buf); |
free(dh_buf); |
| 5119 |
BN_free(share_key); |
BN_free(share_key); |
| 5120 |
|
|
| 5135 |
int len; |
int len; |
| 5136 |
int offset = 0; |
int offset = 0; |
| 5137 |
char *server_host_key_blob; |
char *server_host_key_blob; |
| 5138 |
int bloblen, keynamelen, siglen; |
int bloblen, siglen; |
|
char key[128]; |
|
|
RSA *rsa = NULL; |
|
|
DSA *dsa = NULL; |
|
| 5139 |
BIGNUM *dh_server_pub = NULL; |
BIGNUM *dh_server_pub = NULL; |
| 5140 |
char *signature; |
char *signature; |
| 5141 |
int dh_len, share_len; |
int dh_len, share_len; |
| 5144 |
char *hash; |
char *hash; |
| 5145 |
char *emsg, emsg_tmp[1024]; // error message |
char *emsg, emsg_tmp[1024]; // error message |
| 5146 |
int ret, hashlen; |
int ret, hashlen; |
| 5147 |
Key hostkey; // hostkey |
Key *hostkey = NULL; // hostkey |
| 5148 |
|
|
| 5149 |
notify_verbose_message(pvar, "SSH2_MSG_KEX_DH_GEX_REPLY was received.", LOG_LEVEL_VERBOSE); |
notify_verbose_message(pvar, "SSH2_MSG_KEX_DH_GEX_REPLY was received.", LOG_LEVEL_VERBOSE); |
| 5150 |
|
|
| 5166 |
|
|
| 5167 |
push_memdump("DH_GEX_REPLY", "server_host_key_blob", server_host_key_blob, bloblen); |
push_memdump("DH_GEX_REPLY", "server_host_key_blob", server_host_key_blob, bloblen); |
| 5168 |
|
|
| 5169 |
// key_from_blob()#key.c の処理が以下から始まる。 |
hostkey = key_from_blob(data, bloblen); |
| 5170 |
// known_hosts検証用の server_host_key は rsa or dsa となる。 |
if (hostkey == NULL) { |
| 5171 |
keynamelen = get_uint32_MSBfirst(data); |
emsg = "key_from_blob error @ handle_SSH2_dh_gex_reply()"; |
|
if (keynamelen >= 128) { |
|
|
emsg = "keyname length too big @ handle_SSH2_dh_gex_reply()"; |
|
|
goto error; |
|
|
} |
|
|
data +=4 ; |
|
|
memcpy(key, data, keynamelen); |
|
|
key[keynamelen] = 0; |
|
|
data += keynamelen; |
|
|
|
|
|
push_memdump("DH_GEX_REPLY", "keyname", key, keynamelen); |
|
|
|
|
|
// RSA key |
|
|
if (strcmp(key, "ssh-rsa") == 0) { |
|
|
rsa = RSA_new(); |
|
|
if (rsa == NULL) { |
|
|
emsg = "Out of memory1 @ handle_SSH2_dh_gex_reply()"; |
|
|
goto error; |
|
|
} |
|
|
rsa->n = BN_new(); |
|
|
rsa->e = BN_new(); |
|
|
if (rsa->n == NULL || rsa->e == NULL) { |
|
|
emsg = "Out of memory2 @ handle_SSH2_dh_gex_reply()"; |
|
|
goto error; |
|
|
} |
|
|
|
|
|
buffer_get_bignum2(&data, rsa->e); |
|
|
buffer_get_bignum2(&data, rsa->n); |
|
|
|
|
|
hostkey.type = KEY_RSA; |
|
|
hostkey.rsa = rsa; |
|
|
|
|
|
} else if (strcmp(key, "ssh-dss") == 0) { // DSA key |
|
|
dsa = DSA_new(); |
|
|
if (dsa == NULL) { |
|
|
emsg = "Out of memory3 @ handle_SSH2_dh_gex_reply()"; |
|
|
goto error; |
|
|
} |
|
|
dsa->p = BN_new(); |
|
|
dsa->q = BN_new(); |
|
|
dsa->g = BN_new(); |
|
|
dsa->pub_key = BN_new(); |
|
|
if (dsa->p == NULL || |
|
|
dsa->q == NULL || |
|
|
dsa->g == NULL || |
|
|
dsa->pub_key == NULL) { |
|
|
emsg = "Out of memory4 @ handle_SSH2_dh_gex_reply()"; |
|
|
goto error; |
|
|
} |
|
|
|
|
|
buffer_get_bignum2(&data, dsa->p); |
|
|
buffer_get_bignum2(&data, dsa->q); |
|
|
buffer_get_bignum2(&data, dsa->g); |
|
|
buffer_get_bignum2(&data, dsa->pub_key); |
|
|
|
|
|
hostkey.type = KEY_DSA; |
|
|
hostkey.dsa = dsa; |
|
|
|
|
|
} else { |
|
|
// unknown key |
|
|
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, |
|
|
"Unknown key type(%s) @ handle_SSH2_dh_gex_reply()", key); |
|
|
emsg = emsg_tmp; |
|
| 5172 |
goto error; |
goto error; |
|
|
|
| 5173 |
} |
} |
| 5174 |
|
data += bloblen; |
| 5175 |
|
|
| 5176 |
// known_hosts対応 (2006.3.20 yutaka) |
// known_hosts対応 (2006.3.20 yutaka) |
| 5177 |
if (hostkey.type != pvar->hostkey_type) { // ホストキーの種別比較 |
if (hostkey->type != pvar->hostkey_type) { // ホストキーの種別比較 |
| 5178 |
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, |
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, |
| 5179 |
"type mismatch for decoded server_host_key_blob @ %s", __FUNCTION__); |
"type mismatch for decoded server_host_key_blob @ %s", __FUNCTION__); |
| 5180 |
emsg = emsg_tmp; |
emsg = emsg_tmp; |
| 5181 |
goto error; |
goto error; |
| 5182 |
} |
} |
| 5183 |
HOSTS_check_host_key(pvar, pvar->ssh_state.hostname, pvar->ssh_state.tcpport, &hostkey); |
HOSTS_check_host_key(pvar, pvar->ssh_state.hostname, pvar->ssh_state.tcpport, hostkey); |
| 5184 |
if (pvar->socket == INVALID_SOCKET) { |
if (pvar->socket == INVALID_SOCKET) { |
| 5185 |
emsg = "Server disconnected @ handle_SSH2_dh_gex_reply()"; |
emsg = "Server disconnected @ handle_SSH2_dh_gex_reply()"; |
| 5186 |
goto error; |
goto error; |
| 5188 |
|
|
| 5189 |
dh_server_pub = BN_new(); |
dh_server_pub = BN_new(); |
| 5190 |
if (dh_server_pub == NULL) { |
if (dh_server_pub == NULL) { |
| 5191 |
emsg = "Out of memory5 @ handle_SSH2_dh_gex_reply()"; |
emsg = "Out of memory1 @ handle_SSH2_dh_gex_reply()"; |
| 5192 |
goto error; |
goto error; |
| 5193 |
} |
} |
| 5194 |
|
|
| 5210 |
dh_len = DH_size(pvar->kexdh); |
dh_len = DH_size(pvar->kexdh); |
| 5211 |
dh_buf = malloc(dh_len); |
dh_buf = malloc(dh_len); |
| 5212 |
if (dh_buf == NULL) { |
if (dh_buf == NULL) { |
| 5213 |
emsg = "Out of memory6 @ handle_SSH2_dh_gex_reply()"; |
emsg = "Out of memory2 @ handle_SSH2_dh_gex_reply()"; |
| 5214 |
goto error; |
goto error; |
| 5215 |
} |
} |
| 5216 |
share_len = DH_compute_key(dh_buf, dh_server_pub, pvar->kexdh); |
share_len = DH_compute_key(dh_buf, dh_server_pub, pvar->kexdh); |
| 5217 |
share_key = BN_new(); |
share_key = BN_new(); |
| 5218 |
if (share_key == NULL) { |
if (share_key == NULL) { |
| 5219 |
emsg = "Out of memory7 @ handle_SSH2_dh_gex_reply()"; |
emsg = "Out of memory3 @ handle_SSH2_dh_gex_reply()"; |
| 5220 |
goto error; |
goto error; |
| 5221 |
} |
} |
| 5222 |
// 'share_key'がサーバとクライアントで共有する鍵(G^A×B mod P)となる。 |
// 'share_key'がサーバとクライアントで共有する鍵(G^A×B mod P)となる。 |
| 5272 |
} |
} |
| 5273 |
} |
} |
| 5274 |
|
|
| 5275 |
if ((ret = key_verify(rsa, dsa, signature, siglen, hash, hashlen)) != 1) { |
if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) { |
| 5276 |
if (ret == -3 && rsa != NULL) { |
if (ret == -3 && hostkey->type == KEY_RSA) { |
| 5277 |
if (!pvar->settings.EnableRsaShortKeyServer) { |
if (!pvar->settings.EnableRsaShortKeyServer) { |
| 5278 |
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, |
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, |
| 5279 |
"key verify error(remote rsa key length is too short %d-bit) " |
"key verify error(remote rsa key length is too short %d-bit) " |
| 5280 |
"@ handle_SSH2_dh_gex_reply", BN_num_bits(rsa->n)); |
"@ handle_SSH2_dh_gex_reply()", BN_num_bits(hostkey->rsa->n)); |
| 5281 |
} |
} |
| 5282 |
else { |
else { |
| 5283 |
goto cont; |
goto cont; |
| 5339 |
SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) |
SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) |
| 5340 |
|
|
| 5341 |
BN_free(dh_server_pub); |
BN_free(dh_server_pub); |
| 5342 |
RSA_free(rsa); |
key_free(hostkey); |
|
DSA_free(dsa); |
|
| 5343 |
DH_free(pvar->kexdh); pvar->kexdh = NULL; |
DH_free(pvar->kexdh); pvar->kexdh = NULL; |
| 5344 |
free(dh_buf); |
free(dh_buf); |
| 5345 |
return TRUE; |
return TRUE; |
| 5346 |
|
|
| 5347 |
error: |
error: |
|
RSA_free(rsa); |
|
|
DSA_free(dsa); |
|
|
DH_free(pvar->kexdh); pvar->kexdh = NULL; |
|
| 5348 |
BN_free(dh_server_pub); |
BN_free(dh_server_pub); |
| 5349 |
|
key_free(hostkey); |
| 5350 |
|
DH_free(pvar->kexdh); pvar->kexdh = NULL; |
| 5351 |
free(dh_buf); |
free(dh_buf); |
| 5352 |
BN_free(share_key); |
BN_free(share_key); |
| 5353 |
|
|
| 5618 |
int bloblen; |
int bloblen; |
| 5619 |
char *signature = NULL; |
char *signature = NULL; |
| 5620 |
int siglen; |
int siglen; |
| 5621 |
CRYPTKeyPair *keypair = pvar->auth_state.cur_cred.key_pair; |
Key *keypair = pvar->auth_state.cur_cred.key_pair; |
| 5622 |
|
|
| 5623 |
if (get_SSH2_publickey_blob(pvar, &blob, &bloblen) == FALSE) { |
if (get_SSH2_publickey_blob(pvar, &blob, &bloblen) == FALSE) { |
| 5624 |
goto error; |
goto error; |
| 5640 |
s = "publickey"; |
s = "publickey"; |
| 5641 |
buffer_put_string(signbuf, s, strlen(s)); |
buffer_put_string(signbuf, s, strlen(s)); |
| 5642 |
buffer_put_char(signbuf, 1); // true |
buffer_put_char(signbuf, 1); // true |
| 5643 |
s = get_SSH2_keyname(keypair); // key typeに応じた文字列を得る |
s = get_sshname_from_key(keypair); // key typeに応じた文字列を得る |
| 5644 |
buffer_put_string(signbuf, s, strlen(s)); |
buffer_put_string(signbuf, s, strlen(s)); |
| 5645 |
s = buffer_ptr(blob); |
s = buffer_ptr(blob); |
| 5646 |
buffer_append_length(signbuf, s, bloblen); |
buffer_append_length(signbuf, s, bloblen); |
| 5658 |
s = "publickey"; |
s = "publickey"; |
| 5659 |
buffer_put_string(msg, s, strlen(s)); |
buffer_put_string(msg, s, strlen(s)); |
| 5660 |
buffer_put_char(msg, 1); // true |
buffer_put_char(msg, 1); // true |
| 5661 |
s = get_SSH2_keyname(keypair); // key typeに応じた文字列を得る |
s = get_sshname_from_key(keypair); // key typeに応じた文字列を得る |
| 5662 |
buffer_put_string(msg, s, strlen(s)); |
buffer_put_string(msg, s, strlen(s)); |
| 5663 |
s = buffer_ptr(blob); |
s = buffer_ptr(blob); |
| 5664 |
buffer_append_length(msg, s, bloblen); |
buffer_append_length(msg, s, bloblen); |
Tera Term
Parent Directory
Revision Log
Patch