scmno****@osdn*****
scmno****@osdn*****
2017年 12月 26日 (火) 18:13:33 JST
Tera TermRevision: 7010
http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7010
Author: doda
Date: 2017-12-26 18:13:33 +0900 (Tue, 26 Dec 2017)
Log Message:
-----------
Kex Reply の handler の共通部分を関数に括りだした
KEX 後に必要な共通の処理が各 KEX のハンドラに分散していてメンテナンス
しづらいので、関数にまとめた。
もうちょっとうまくまとまらないだろうか。
Modified Paths:
--------------
trunk/ttssh2/ttxssh/ssh.c
-------------- next part --------------
Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c 2017-12-19 11:50:14 UTC (rev 7009)
+++ trunk/ttssh2/ttxssh/ssh.c 2017-12-26 09:13:33 UTC (rev 7010)
@@ -5500,7 +5500,94 @@
pvar->ssh2_keys[mode] = current_keys[mode];
}
+static BOOL ssh2_kex_finish(PTInstVar pvar, char *hash, int hashlen, BIGNUM *share_key, Key *hostkey, char *signature, int siglen)
+{
+ int ret;
+ char emsg[1024]; // error message
+ //debug_print(30, hash, hashlen);
+ //debug_print(31, pvar->client_version_string, strlen(pvar->client_version_string));
+ //debug_print(32, pvar->server_version_string, strlen(pvar->server_version_string));
+ //debug_print(33, buffer_ptr(pvar->my_kex), buffer_len(pvar->my_kex));
+ //debug_print(34, buffer_ptr(pvar->peer_kex), buffer_len(pvar->peer_kex));
+ //debug_print(35, server_host_key_blob, bloblen);
+
+ // session id\x82̕ۑ\xB6\x81i\x8F\x89\x89\xF1\x90ڑ\xB1\x8E\x9E\x82̂݁j
+ if (pvar->session_id == NULL) {
+ pvar->session_id_len = hashlen;
+ pvar->session_id = malloc(pvar->session_id_len);
+ if (pvar->session_id != NULL) {
+ memcpy(pvar->session_id, hash, pvar->session_id_len);
+ } else {
+ // TODO:
+ }
+ }
+
+ if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) {
+ if (ret == -3 && hostkey->type == KEY_RSA) {
+ if (!pvar->settings.EnableRsaShortKeyServer) {
+ _snprintf_s(emsg, sizeof(emsg), _TRUNCATE, __FUNCTION__
+ ": key verify error. remote rsa key length is too short (%d-bit)",
+ BN_num_bits(hostkey->rsa->n));
+ }
+ else {
+ goto cont;
+ }
+ }
+ else {
+ _snprintf_s(emsg, sizeof(emsg), _TRUNCATE, __FUNCTION__ ": key verify error (%d)\r\n%s", ret, SENDTOME);
+ }
+
+ save_memdump(LOGDUMP);
+ notify_fatal_error(pvar, emsg, TRUE);
+ return FALSE;
+ }
+
+cont:
+ kex_derive_keys(pvar, pvar->we_need, hash, share_key, pvar->session_id, pvar->session_id_len);
+
+ // KEX finish
+ begin_send_packet(pvar, SSH2_MSG_NEWKEYS, 0);
+ finish_send_packet(pvar);
+
+ logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_NEWKEYS was sent at handle_SSH2_dh_kex_reply().");
+
+ // SSH2_MSG_NEWKEYS\x82𑗂\xE8\x8FI\x82\xED\x82\xC1\x82\xBD\x82\xA0\x82ƂɃL\x81[\x82̐ݒ肨\x82\xE6\x82эĐݒ\xE8\x82\xF0\x8Ds\x82\xA4
+ // \x91\x97\x90M\x97p\x82̈Í\x86\x8C\xAE\x82\xCD SSH2_MSG_NEWKEYS \x82̑\x97\x90M\x8C\xE3\x82ɁA\x8E\xF3\x90M\x97p\x82̂\xCD SSH2_MSG_NEWKEYS \x82\xCC
+ // \x8E\xF3\x90M\x8C\xE3\x82ɍĐݒ\xE8\x82\xF0\x8Ds\x82\xA4\x81B
+ if (pvar->rekeying == 1) { // \x83L\x81[\x82̍Đݒ\xE8
+ // \x82܂\xB8\x81A\x91\x97\x90M\x97p\x82\xBE\x82\xAF\x90ݒ肷\x82\xE9\x81B
+ ssh2_set_newkeys(pvar, MODE_OUT);
+ pvar->ssh2_keys[MODE_OUT].mac.enabled = 1;
+ pvar->ssh2_keys[MODE_OUT].comp.enabled = 1;
+ enable_send_compression(pvar);
+ if (!CRYPT_start_encryption(pvar, 1, 0)) {
+ // TODO: error
+ }
+
+ } else {
+ // \x8F\x89\x89\xF1\x90ڑ\xB1\x82̏ꍇ\x82͎\xC0\x8DۂɈÍ\x86\x83\x8B\x81[\x83`\x83\x93\x82\xAA\x90ݒ肳\x82\xEA\x82\xE9\x82̂́A\x82\xA0\x82ƂɂȂ\xC1\x82Ă\xA9\x82\xE7
+ // \x82Ȃ̂ŁiCRYPT_start_encryption\x8A\x94\x81j\x81A\x82\xB1\x82\xB1\x82Ō\xAE\x82̐ݒ\xE8\x82\xF0\x82\xB5\x82Ă\xB5\x82܂\xC1\x82Ă\xE0\x82悢\x81B
+ ssh2_set_newkeys(pvar, MODE_OUT);
+
+ // SSH2_MSG_NEWKEYS\x82𑗐M\x82\xB5\x82\xBD\x8E\x9E\x93_\x82ŁAMAC\x82\xF0\x97L\x8C\xF8\x82ɂ\xB7\x82\xE9\x81B(2006.10.30 yutaka)
+ pvar->ssh2_keys[MODE_OUT].mac.enabled = 1;
+ pvar->ssh2_keys[MODE_OUT].comp.enabled = 1;
+
+ // \x83p\x83P\x83b\x83g\x88\xB3\x8Fk\x82\xAA\x97L\x8C\xF8\x82Ȃ珉\x8A\x{227B0B7}\x82\xE9\x81B(2005.7.9 yutaka)
+ // SSH2_MSG_NEWKEYS\x82̎\xF3\x90M\x82\xE6\x82\xE8\x91O\x82Ȃ̂ł\xB1\x82\xB1\x82\xBE\x82\xAF\x82ł悢\x81B(2006.10.30 maya)
+ prep_compression(pvar);
+ enable_compression(pvar);
+ }
+
+ SSH2_dispatch_init(3);
+ SSH2_dispatch_add_message(SSH2_MSG_NEWKEYS);
+ SSH2_dispatch_add_message(SSH2_MSG_IGNORE);
+ SSH2_dispatch_add_message(SSH2_MSG_DEBUG);
+
+ return TRUE;
+}
+
//
// Diffie-Hellman Key Exchange Reply(SSH2_MSG_KEXDH_REPLY:31)
//
@@ -5517,8 +5604,8 @@
char *dh_buf = NULL;
BIGNUM *share_key = NULL;
char *hash;
- char *emsg, emsg_tmp[1024]; // error message
- int ret, hashlen;
+ char *emsg = NULL, emsg_tmp[1024]; // error message
+ int hashlen;
Key *hostkey; // hostkey
BOOL result = FALSE;
@@ -5622,92 +5709,12 @@
push_memdump("KEXDH_REPLY kex_dh_kex_hash", "hash", hash, hashlen);
}
- //debug_print(30, hash, hashlen);
- //debug_print(31, pvar->client_version_string, strlen(pvar->client_version_string));
- //debug_print(32, pvar->server_version_string, strlen(pvar->server_version_string));
- //debug_print(33, buffer_ptr(pvar->my_kex), buffer_len(pvar->my_kex));
- //debug_print(34, buffer_ptr(pvar->peer_kex), buffer_len(pvar->peer_kex));
- //debug_print(35, server_host_key_blob, bloblen);
-
- // session id\x82̕ۑ\xB6\x81i\x8F\x89\x89\xF1\x90ڑ\xB1\x8E\x9E\x82̂݁j
- if (pvar->session_id == NULL) {
- pvar->session_id_len = hashlen;
- pvar->session_id = malloc(pvar->session_id_len);
- if (pvar->session_id != NULL) {
- memcpy(pvar->session_id, hash, pvar->session_id_len);
- } else {
- // TODO:
- }
- }
-
- if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) {
- if (ret == -3 && hostkey->type == KEY_RSA) {
- if (!pvar->settings.EnableRsaShortKeyServer) {
- _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
- "key verify error(remote rsa key length is too short %d-bit) "
- "@ handle_SSH2_dh_kex_reply()", BN_num_bits(hostkey->rsa->n));
- }
- else {
- goto cont;
- }
- }
- else {
- _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
- "key verify error(%d) @ handle_SSH2_dh_kex_reply()\r\n%s", ret, SENDTOME);
- }
- emsg = emsg_tmp;
- save_memdump(LOGDUMP);
- goto error;
- }
-
-cont:
- kex_derive_keys(pvar, pvar->we_need, hash, share_key, pvar->session_id, pvar->session_id_len);
-
- // KEX finish
- begin_send_packet(pvar, SSH2_MSG_NEWKEYS, 0);
- finish_send_packet(pvar);
-
- logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_NEWKEYS was sent at handle_SSH2_dh_kex_reply().");
-
- // SSH2_MSG_NEWKEYS\x82𑗂\xE8\x8FI\x82\xED\x82\xC1\x82\xBD\x82\xA0\x82ƂɃL\x81[\x82̐ݒ肨\x82\xE6\x82эĐݒ\xE8\x82\xF0\x8Ds\x82\xA4
- // \x91\x97\x90M\x97p\x82̈Í\x86\x8C\xAE\x82\xCD SSH2_MSG_NEWKEYS \x82̑\x97\x90M\x8C\xE3\x82ɁA\x8E\xF3\x90M\x97p\x82̂\xCD SSH2_MSG_NEWKEYS \x82\xCC
- // \x8E\xF3\x90M\x8C\xE3\x82ɍĐݒ\xE8\x82\xF0\x8Ds\x82\xA4\x81B
- if (pvar->rekeying == 1) { // \x83L\x81[\x82̍Đݒ\xE8
- // \x82܂\xB8\x81A\x91\x97\x90M\x97p\x82\xBE\x82\xAF\x90ݒ肷\x82\xE9\x81B
- ssh2_set_newkeys(pvar, MODE_OUT);
- pvar->ssh2_keys[MODE_OUT].mac.enabled = 1;
- pvar->ssh2_keys[MODE_OUT].comp.enabled = 1;
- enable_send_compression(pvar);
- if (!CRYPT_start_encryption(pvar, 1, 0)) {
- // TODO: error
- }
-
- } else {
- // \x8F\x89\x89\xF1\x90ڑ\xB1\x82̏ꍇ\x82͎\xC0\x8DۂɈÍ\x86\x83\x8B\x81[\x83`\x83\x93\x82\xAA\x90ݒ肳\x82\xEA\x82\xE9\x82̂́A\x82\xA0\x82ƂɂȂ\xC1\x82Ă\xA9\x82\xE7
- // \x82Ȃ̂ŁiCRYPT_start_encryption\x8A\x94\x81j\x81A\x82\xB1\x82\xB1\x82Ō\xAE\x82̐ݒ\xE8\x82\xF0\x82\xB5\x82Ă\xB5\x82܂\xC1\x82Ă\xE0\x82悢\x81B
- ssh2_set_newkeys(pvar, MODE_OUT);
-
- // SSH2_MSG_NEWKEYS\x82𑗐M\x82\xB5\x82\xBD\x8E\x9E\x93_\x82ŁAMAC\x82\xF0\x97L\x8C\xF8\x82ɂ\xB7\x82\xE9\x81B(2006.10.30 yutaka)
- pvar->ssh2_keys[MODE_OUT].mac.enabled = 1;
- pvar->ssh2_keys[MODE_OUT].comp.enabled = 1;
-
- // \x83p\x83P\x83b\x83g\x88\xB3\x8Fk\x82\xAA\x97L\x8C\xF8\x82Ȃ珉\x8A\x{227B0B7}\x82\xE9\x81B(2005.7.9 yutaka)
- // SSH2_MSG_NEWKEYS\x82̎\xF3\x90M\x82\xE6\x82\xE8\x91O\x82Ȃ̂ł\xB1\x82\xB1\x82\xBE\x82\xAF\x82ł悢\x81B(2006.10.30 maya)
- prep_compression(pvar);
- enable_compression(pvar);
- }
-
// TTSSH\x83o\x81[\x83W\x83\x87\x83\x93\x8F\xEE\x95\xF1\x82ɕ\\x8E\xA6\x82\xB7\x82\xE9\x83L\x81[\x83r\x83b\x83g\x90\x94\x82\xF0\x8B\x81\x82߂Ă\xA8\x82\xAD (2004.10.30 yutaka)
pvar->client_key_bits = BN_num_bits(pvar->kexdh->pub_key);
pvar->server_key_bits = BN_num_bits(dh_server_pub);
- SSH2_dispatch_init(3);
- SSH2_dispatch_add_message(SSH2_MSG_NEWKEYS);
- SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka)
- SSH2_dispatch_add_message(SSH2_MSG_DEBUG);
+ result = ssh2_kex_finish(pvar, hash, hashlen, share_key, hostkey, signature, siglen);
- result = TRUE;
-
error:
BN_free(dh_server_pub);
DH_free(pvar->kexdh); pvar->kexdh = NULL;
@@ -5715,7 +5722,7 @@
free(dh_buf);
BN_free(share_key);
- if (result == FALSE)
+ if (emsg)
notify_fatal_error(pvar, emsg, TRUE);
return result;
@@ -5740,8 +5747,8 @@
char *dh_buf = NULL;
BIGNUM *share_key = NULL;
char *hash;
- char *emsg, emsg_tmp[1024]; // error message
- int ret, hashlen;
+ char *emsg = NULL, emsg_tmp[1024]; // error message
+ int hashlen;
Key *hostkey = NULL; // hostkey
BOOL result = FALSE;
@@ -5854,92 +5861,12 @@
push_memdump("DH_GEX_REPLY kex_dh_gex_hash", "hash", hash, hashlen);
}
- //debug_print(30, hash, hashlen);
- //debug_print(31, pvar->client_version_string, strlen(pvar->client_version_string));
- //debug_print(32, pvar->server_version_string, strlen(pvar->server_version_string));
- //debug_print(33, buffer_ptr(pvar->my_kex), buffer_len(pvar->my_kex));
- //debug_print(34, buffer_ptr(pvar->peer_kex), buffer_len(pvar->peer_kex));
- //debug_print(35, server_host_key_blob, bloblen);
-
- // session id\x82̕ۑ\xB6\x81i\x8F\x89\x89\xF1\x90ڑ\xB1\x8E\x9E\x82̂݁j
- if (pvar->session_id == NULL) {
- pvar->session_id_len = hashlen;
- pvar->session_id = malloc(pvar->session_id_len);
- if (pvar->session_id != NULL) {
- memcpy(pvar->session_id, hash, pvar->session_id_len);
- } else {
- // TODO:
- }
- }
-
- if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) {
- if (ret == -3 && hostkey->type == KEY_RSA) {
- if (!pvar->settings.EnableRsaShortKeyServer) {
- _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
- "key verify error(remote rsa key length is too short %d-bit) "
- "@ handle_SSH2_dh_gex_reply()", BN_num_bits(hostkey->rsa->n));
- }
- else {
- goto cont;
- }
- }
- else {
- _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
- "key verify error(%d) @ handle_SSH2_dh_gex_reply()\r\n%s", ret, SENDTOME);
- }
- emsg = emsg_tmp;
- save_memdump(LOGDUMP);
- goto error;
- }
-
-cont:
- kex_derive_keys(pvar, pvar->we_need, hash, share_key, pvar->session_id, pvar->session_id_len);
-
- // KEX finish
- begin_send_packet(pvar, SSH2_MSG_NEWKEYS, 0);
- finish_send_packet(pvar);
-
- logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_NEWKEYS was sent at handle_SSH2_dh_gex_reply().");
-
- // SSH2_MSG_NEWKEYS\x82𑗂\xE8\x8FI\x82\xED\x82\xC1\x82\xBD\x82\xA0\x82ƂɃL\x81[\x82̐ݒ肨\x82\xE6\x82эĐݒ\xE8\x82\xF0\x8Ds\x82\xA4
- // \x91\x97\x90M\x97p\x82̈Í\x86\x8C\xAE\x82\xCD SSH2_MSG_NEWKEYS \x82̑\x97\x90M\x8C\xE3\x82ɁA\x8E\xF3\x90M\x97p\x82̂\xCD SSH2_MSG_NEWKEYS \x82\xCC
- // \x8E\xF3\x90M\x8C\xE3\x82ɍĐݒ\xE8\x82\xF0\x8Ds\x82\xA4\x81B
- if (pvar->rekeying == 1) { // \x83L\x81[\x82̍Đݒ\xE8
- // \x82܂\xB8\x81A\x91\x97\x90M\x97p\x82\xBE\x82\xAF\x90ݒ肷\x82\xE9\x81B
- ssh2_set_newkeys(pvar, MODE_OUT);
- pvar->ssh2_keys[MODE_OUT].mac.enabled = 1;
- pvar->ssh2_keys[MODE_OUT].comp.enabled = 1;
- enable_send_compression(pvar);
- if (!CRYPT_start_encryption(pvar, 1, 0)) {
- // TODO: error
- }
-
- } else {
- // \x8F\x89\x89\xF1\x90ڑ\xB1\x82̏ꍇ\x82͎\xC0\x8DۂɈÍ\x86\x83\x8B\x81[\x83`\x83\x93\x82\xAA\x90ݒ肳\x82\xEA\x82\xE9\x82̂́A\x82\xA0\x82ƂɂȂ\xC1\x82Ă\xA9\x82\xE7
- // \x82Ȃ̂ŁiCRYPT_start_encryption\x8A\x94\x81j\x81A\x82\xB1\x82\xB1\x82Ō\xAE\x82̐ݒ\xE8\x82\xF0\x82\xB5\x82Ă\xB5\x82܂\xC1\x82Ă\xE0\x82悢\x81B
- ssh2_set_newkeys(pvar, MODE_OUT);
-
- // SSH2_MSG_NEWKEYS\x82𑗐M\x82\xB5\x82\xBD\x8E\x9E\x93_\x82ŁAMAC\x82\xF0\x97L\x8C\xF8\x82ɂ\xB7\x82\xE9\x81B(2006.10.30 yutaka)
- pvar->ssh2_keys[MODE_OUT].mac.enabled = 1;
- pvar->ssh2_keys[MODE_OUT].comp.enabled = 1;
-
- // \x83p\x83P\x83b\x83g\x88\xB3\x8Fk\x82\xAA\x97L\x8C\xF8\x82Ȃ珉\x8A\x{227B0B7}\x82\xE9\x81B(2005.7.9 yutaka)
- // SSH2_MSG_NEWKEYS\x82̎\xF3\x90M\x82\xE6\x82\xE8\x91O\x82Ȃ̂ł\xB1\x82\xB1\x82\xBE\x82\xAF\x82ł悢\x81B(2006.10.30 maya)
- prep_compression(pvar);
- enable_compression(pvar);
- }
-
// TTSSH\x83o\x81[\x83W\x83\x87\x83\x93\x8F\xEE\x95\xF1\x82ɕ\\x8E\xA6\x82\xB7\x82\xE9\x83L\x81[\x83r\x83b\x83g\x90\x94\x82\xF0\x8B\x81\x82߂Ă\xA8\x82\xAD (2004.10.30 yutaka)
pvar->client_key_bits = BN_num_bits(pvar->kexdh->pub_key);
pvar->server_key_bits = BN_num_bits(dh_server_pub);
- SSH2_dispatch_init(3);
- SSH2_dispatch_add_message(SSH2_MSG_NEWKEYS);
- SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka)
- SSH2_dispatch_add_message(SSH2_MSG_DEBUG);
+ result = ssh2_kex_finish(pvar, hash, hashlen, share_key, hostkey, signature, siglen);
- result = TRUE;
-
error:
BN_free(dh_server_pub);
DH_free(pvar->kexdh); pvar->kexdh = NULL;
@@ -5947,7 +5874,7 @@
free(dh_buf);
BN_free(share_key);
- if (result == FALSE)
+ if (emsg)
notify_fatal_error(pvar, emsg, TRUE);
return result;
@@ -5955,7 +5882,7 @@
//
-// Elliptic Curv Diffie-Hellman Key Exchange Reply(SSH2_MSG_KEX_ECDH_REPLY:31)
+// Elliptic Curve Diffie-Hellman Key Exchange Reply(SSH2_MSG_KEX_ECDH_REPLY:31)
//
static BOOL handle_SSH2_ecdh_kex_reply(PTInstVar pvar)
{
@@ -5971,8 +5898,8 @@
char *ecdh_buf = NULL;
BIGNUM *share_key = NULL;
char *hash;
- char *emsg, emsg_tmp[1024]; // error message
- int ret, hashlen;
+ char *emsg = NULL, emsg_tmp[1024]; // error message
+ int hashlen;
Key *hostkey = NULL; // hostkey
BOOL result = FALSE;
@@ -6083,81 +6010,6 @@
push_memdump("KEX_ECDH_REPLY ecdh_kex_reply", "hash", hash, hashlen);
}
- //debug_print(30, hash, hashlen);
- //debug_print(31, pvar->client_version_string, strlen(pvar->client_version_string));
- //debug_print(32, pvar->server_version_string, strlen(pvar->server_version_string));
- //debug_print(33, buffer_ptr(pvar->my_kex), buffer_len(pvar->my_kex));
- //debug_print(34, buffer_ptr(pvar->peer_kex), buffer_len(pvar->peer_kex));
- //debug_print(35, server_host_key_blob, bloblen);
-
- // session id\x82̕ۑ\xB6\x81i\x8F\x89\x89\xF1\x90ڑ\xB1\x8E\x9E\x82̂݁j
- if (pvar->session_id == NULL) {
- pvar->session_id_len = hashlen;
- pvar->session_id = malloc(pvar->session_id_len);
- if (pvar->session_id != NULL) {
- memcpy(pvar->session_id, hash, pvar->session_id_len);
- } else {
- // TODO:
- }
- }
-
- if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) {
- if (ret == -3 && hostkey->type == KEY_RSA) {
- if (!pvar->settings.EnableRsaShortKeyServer) {
- _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
- "key verify error(remote rsa key length is too short %d-bit) "
- "@ handle_SSH2_ecdh_kex_reply()", BN_num_bits(hostkey->rsa->n));
- }
- else {
- goto cont;
- }
- }
- else {
- _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
- "key verify error(%d) @ handle_SSH2_ecdh_kex_reply()\r\n%s", ret, SENDTOME);
- }
- emsg = emsg_tmp;
- save_memdump(LOGDUMP);
- goto error;
- }
-
-cont:
- kex_derive_keys(pvar, pvar->we_need, hash, share_key, pvar->session_id, pvar->session_id_len);
-
- // KEX finish
- begin_send_packet(pvar, SSH2_MSG_NEWKEYS, 0);
- finish_send_packet(pvar);
-
- logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_NEWKEYS was sent at handle_SSH2_ecdh_kex_reply().");
-
- // SSH2_MSG_NEWKEYS\x82𑗂\xE8\x8FI\x82\xED\x82\xC1\x82\xBD\x82\xA0\x82ƂɃL\x81[\x82̐ݒ肨\x82\xE6\x82эĐݒ\xE8\x82\xF0\x8Ds\x82\xA4
- // \x91\x97\x90M\x97p\x82̈Í\x86\x8C\xAE\x82\xCD SSH2_MSG_NEWKEYS \x82̑\x97\x90M\x8C\xE3\x82ɁA\x8E\xF3\x90M\x97p\x82̂\xCD SSH2_MSG_NEWKEYS \x82\xCC
- // \x8E\xF3\x90M\x8C\xE3\x82ɍĐݒ\xE8\x82\xF0\x8Ds\x82\xA4\x81B
- if (pvar->rekeying == 1) { // \x83L\x81[\x82̍Đݒ\xE8
- // \x82܂\xB8\x81A\x91\x97\x90M\x97p\x82\xBE\x82\xAF\x90ݒ肷\x82\xE9\x81B
- ssh2_set_newkeys(pvar, MODE_OUT);
- pvar->ssh2_keys[MODE_OUT].mac.enabled = 1;
- pvar->ssh2_keys[MODE_OUT].comp.enabled = 1;
- enable_send_compression(pvar);
- if (!CRYPT_start_encryption(pvar, 1, 0)) {
- // TODO: error
- }
-
- } else {
- // \x8F\x89\x89\xF1\x90ڑ\xB1\x82̏ꍇ\x82͎\xC0\x8DۂɈÍ\x86\x83\x8B\x81[\x83`\x83\x93\x82\xAA\x90ݒ肳\x82\xEA\x82\xE9\x82̂́A\x82\xA0\x82ƂɂȂ\xC1\x82Ă\xA9\x82\xE7
- // \x82Ȃ̂ŁiCRYPT_start_encryption\x8A\x94\x81j\x81A\x82\xB1\x82\xB1\x82Ō\xAE\x82̐ݒ\xE8\x82\xF0\x82\xB5\x82Ă\xB5\x82܂\xC1\x82Ă\xE0\x82悢\x81B
- ssh2_set_newkeys(pvar, MODE_OUT);
-
- // SSH2_MSG_NEWKEYS\x82𑗐M\x82\xB5\x82\xBD\x8E\x9E\x93_\x82ŁAMAC\x82\xF0\x97L\x8C\xF8\x82ɂ\xB7\x82\xE9\x81B(2006.10.30 yutaka)
- pvar->ssh2_keys[MODE_OUT].mac.enabled = 1;
- pvar->ssh2_keys[MODE_OUT].comp.enabled = 1;
-
- // \x83p\x83P\x83b\x83g\x88\xB3\x8Fk\x82\xAA\x97L\x8C\xF8\x82Ȃ珉\x8A\x{227B0B7}\x82\xE9\x81B(2005.7.9 yutaka)
- // SSH2_MSG_NEWKEYS\x82̎\xF3\x90M\x82\xE6\x82\xE8\x91O\x82Ȃ̂ł\xB1\x82\xB1\x82\xBE\x82\xAF\x82ł悢\x81B(2006.10.30 maya)
- prep_compression(pvar);
- enable_compression(pvar);
- }
-
// TTSSH\x83o\x81[\x83W\x83\x87\x83\x93\x8F\xEE\x95\xF1\x82ɕ\\x8E\xA6\x82\xB7\x82\xE9\x83L\x81[\x83r\x83b\x83g\x90\x94\x82\xF0\x8B\x81\x82߂Ă\xA8\x82\xAD
switch (pvar->kex_type) {
case KEX_ECDH_SHA2_256:
@@ -6177,21 +6029,16 @@
break;
}
- SSH2_dispatch_init(3);
- SSH2_dispatch_add_message(SSH2_MSG_NEWKEYS);
- SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka)
- SSH2_dispatch_add_message(SSH2_MSG_DEBUG);
+ result = ssh2_kex_finish(pvar, hash, hashlen, share_key, hostkey, signature, siglen);
- result = TRUE;
-
error:
+ EC_POINT_clear_free(server_public);
EC_KEY_free(pvar->ecdh_client_key); pvar->ecdh_client_key = NULL;
- EC_POINT_clear_free(server_public);
key_free(hostkey);
free(ecdh_buf);
BN_free(share_key);
- if (result == FALSE)
+ if (emsg)
notify_fatal_error(pvar, emsg, TRUE);
return result;