ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-04-09 23:24:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

From Erik Hovland

Browse Source 
- Check for valid cipher independently to starting encryption
- Use failure-checking m_mp_init for initialising mpint value

--HG--
extra : convert_revision : a72c49d2d031aa3b6fe34b61fd5ce0315f35ec72
This commit is contained in:
Matt Johnston 2006-07-07 09:28:32 +00:00
parent c9319fbef5
commit 60797cb25f
2 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
common-kex.c
View File

@ -262,6 +262,7 @@ void gen_new_keys() {
hash_state hs; hash_state hs;
unsigned int C2S_keysize, S2C_keysize; unsigned int C2S_keysize, S2C_keysize;
char mactransletter, macrecvletter; /* Client or server specific */ char mactransletter, macrecvletter; /* Client or server specific */
int recv_cipher = 0, trans_cipher = 0;
TRACE(("enter gen_new_keys")) TRACE(("enter gen_new_keys"))
/* the dh_K and hash are the start of all hashes, we make use of that */ /* the dh_K and hash are the start of all hashes, we make use of that */
@ -298,17 +299,20 @@ void gen_new_keys() {
hashkeys(C2S_key, C2S_keysize, &hs, 'C'); hashkeys(C2S_key, C2S_keysize, &hs, 'C');
hashkeys(S2C_key, S2C_keysize, &hs, 'D'); hashkeys(S2C_key, S2C_keysize, &hs, 'D');
if (cbc_start( recv_cipher = find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name);
find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name), if (recv_cipher < 0)
recv_IV, recv_key, dropbear_exit("crypto error");
if (cbc_start(recv_cipher, recv_IV, recv_key,
ses.newkeys->recv_algo_crypt->keysize, 0, ses.newkeys->recv_algo_crypt->keysize, 0,
&ses.newkeys->recv_symmetric_struct) != CRYPT_OK) { &ses.newkeys->recv_symmetric_struct) != CRYPT_OK) {
dropbear_exit("crypto error"); dropbear_exit("crypto error");
} }
trans_cipher = find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name);
if (trans_cipher < 0)
dropbear_exit("crypto error");
if (cbc_start( if (cbc_start(trans_cipher, trans_IV, trans_key,
find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name),
trans_IV, trans_key,
ses.newkeys->trans_algo_crypt->keysize, 0, ses.newkeys->trans_algo_crypt->keysize, 0,
&ses.newkeys->trans_symmetric_struct) != CRYPT_OK) { &ses.newkeys->trans_symmetric_struct) != CRYPT_OK) {
dropbear_exit("crypto error"); dropbear_exit("crypto error");
@ -517,7 +521,7 @@ void kexdh_comb_key(mp_int *dh_pub_us, mp_int *dh_priv, mp_int *dh_pub_them,
hash_state hs; hash_state hs;
/* read the prime and generator*/ /* read the prime and generator*/
mp_init(&dh_p); m_mp_init(&dh_p);
bytes_to_mp(&dh_p, dh_p_val, DH_P_LEN); bytes_to_mp(&dh_p, dh_p_val, DH_P_LEN);
/* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */ /* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */

4
options.h
View File

@ -127,8 +127,8 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
* but there's an interface via a PAM module - don't bother using it otherwise. * but there's an interface via a PAM module - don't bother using it otherwise.
* You can't enable both PASSWORD and PAM. */ * You can't enable both PASSWORD and PAM. */
#define ENABLE_SVR_PASSWORD_AUTH /*#define ENABLE_SVR_PASSWORD_AUTH*/
/* #define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */ #define ENABLE_SVR_PAM_AUTH
#define ENABLE_SVR_PUBKEY_AUTH #define ENABLE_SVR_PUBKEY_AUTH
#define ENABLE_CLI_PASSWORD_AUTH #define ENABLE_CLI_PASSWORD_AUTH