vendor/openssh/7.6p1

author: Dag-Erling Smørgrav <des@FreeBSD.org> 2018-05-06 12:24:45 +0000
committer: Dag-Erling Smørgrav <des@FreeBSD.org> 2018-05-06 12:24:45 +0000
commit: 20adc8f2a99cd37b64a80ef63dfc5ba6627d4dfb (patch)
tree: ad57ce9ac9538c780c802adbdfc4c581f9100310 /ssh-keyscan.c
parent: 343d57711556d429eda777ab259ff924acbd6b34 (diff)
1 files changed, 31 insertions, 98 deletions
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 1f95239a37c6..258123ae80a8 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.109 2017/03/10 04:26:06 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.115 2017/06/30 04:17:23 dtucker Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -32,7 +32,6 @@
 
 #include "xmalloc.h"
 #include "ssh.h"
-#include "ssh1.h"
 #include "sshbuf.h"
 #include "sshkey.h"
 #include "cipher.h"
@@ -54,11 +53,13 @@ int IPv4or6 = AF_UNSPEC;
 
 int ssh_port = SSH_DEFAULT_PORT;
 
-#define KT_RSA1		1
-#define KT_DSA		2
-#define KT_RSA		4
-#define KT_ECDSA	8
-#define KT_ED25519	16
+#define KT_DSA		(1)
+#define KT_RSA		(1<<1)
+#define KT_ECDSA	(1<<2)
+#define KT_ED25519	(1<<3)
+
+#define KT_MIN		KT_DSA
+#define KT_MAX		KT_ED25519
 
 int get_cert = 0;
 int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519;
@@ -94,7 +95,7 @@ typedef struct Connection {
 	int c_plen;		/* Packet length field for ssh packet */
 	int c_len;		/* Total bytes which must be read. */
 	int c_off;		/* Length of data read so far. */
-	int c_keytype;		/* Only one of KT_RSA1, KT_DSA, or KT_RSA */
+	int c_keytype;		/* Only one of KT_* */
 	sig_atomic_t c_done;	/* SSH2 done */
 	char *c_namebase;	/* Address to free for c_name and c_namelist */
 	char *c_name;		/* Hostname of connection for errors */
@@ -187,52 +188,6 @@ strnnsep(char **stringp, char *delim)
 	return (tok);
 }
 
-#ifdef WITH_SSH1
-static struct sshkey *
-keygrab_ssh1(con *c)
-{
-	static struct sshkey *rsa;
-	static struct sshbuf *msg;
-	int r;
-	u_char type;
-
-	if (rsa == NULL) {
-		if ((rsa = sshkey_new(KEY_RSA1)) == NULL) {
-			error("%s: sshkey_new failed", __func__);
-			return NULL;
-		}
-		if ((msg = sshbuf_new()) == NULL)
-			fatal("%s: sshbuf_new failed", __func__);
-	}
-	if ((r = sshbuf_put(msg, c->c_data, c->c_plen)) != 0 ||
-	    (r = sshbuf_consume(msg, 8 - (c->c_plen & 7))) != 0 || /* padding */
-	    (r = sshbuf_get_u8(msg, &type)) != 0)
-		goto buf_err;
-	if (type != (int) SSH_SMSG_PUBLIC_KEY) {
-		error("%s: invalid packet type", c->c_name);
-		sshbuf_reset(msg);
-		return NULL;
-	}
-	if ((r = sshbuf_consume(msg, 8)) != 0 || /* cookie */
-	    /* server key */
-	    (r = sshbuf_get_u32(msg, NULL)) != 0 ||
-	    (r = sshbuf_get_bignum1(msg, NULL)) != 0 ||
-	    (r = sshbuf_get_bignum1(msg, NULL)) != 0 ||
-	    /* host key */
-	    (r = sshbuf_get_u32(msg, NULL)) != 0 ||
-	    (r = sshbuf_get_bignum1(msg, rsa->rsa->e)) != 0 ||
-	    (r = sshbuf_get_bignum1(msg, rsa->rsa->n)) != 0) {
- buf_err:
-		error("%s: buffer error: %s", __func__, ssh_err(r));
-		sshbuf_reset(msg);
-		return NULL;
-	}
-
-	sshbuf_reset(msg);
-
-	return (rsa);
-}
-#endif
 
 static int
 key_print_wrapper(struct sshkey *hostkey, struct ssh *ssh)
@@ -267,7 +222,6 @@ keygrab_ssh2(con *c)
 	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
 	int r;
 
-	enable_compat20();
 	switch (c->c_keytype) {
 	case KT_DSA:
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
@@ -317,7 +271,7 @@ keygrab_ssh2(con *c)
 	 * do the key-exchange until an error occurs or until
 	 * the key_print_wrapper() callback sets c_done.
 	 */
-	ssh_dispatch_run(c->c_ssh, DISPATCH_BLOCK, &c->c_done, c->c_ssh);
+	ssh_dispatch_run(c->c_ssh, DISPATCH_BLOCK, &c->c_done);
 }
 
 static void
@@ -436,7 +390,6 @@ confree(int s)
 {
 	if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
 		fatal("confree: attempt to free bad fdno %d", s);
-	close(s);
 	free(fdcon[s].c_namebase);
 	free(fdcon[s].c_output_name);
 	if (fdcon[s].c_status == CS_KEYS)
@@ -447,7 +400,8 @@ confree(int s)
 		ssh_packet_close(fdcon[s].c_ssh);
 		free(fdcon[s].c_ssh);
 		fdcon[s].c_ssh = NULL;
-	}
+	} else
+		close(s);
 	TAILQ_REMOVE(&tq, &fdcon[s], c_link);
 	FD_CLR(s, read_wait);
 	ncon--;
@@ -482,6 +436,20 @@ congreet(int s)
 	size_t bufsiz;
 	con *c = &fdcon[s];
 
+	/* send client banner */
+	n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
+	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2);
+	if (n < 0 || (size_t)n >= sizeof(buf)) {
+		error("snprintf: buffer too small");
+		confree(s);
+		return;
+	}
+	if (atomicio(vwrite, s, buf, n) != (size_t)n) {
+		error("write (%s): %s", c->c_name, strerror(errno));
+		confree(s);
+		return;
+	}
+
 	for (;;) {
 		memset(buf, '\0', sizeof(buf));
 		bufsiz = sizeof(buf);
@@ -524,38 +492,14 @@ congreet(int s)
 		c->c_ssh->compat = compat_datafellows(remote_version);
 	else
 		c->c_ssh->compat = 0;
-	if (c->c_keytype != KT_RSA1) {
-		if (!ssh2_capable(remote_major, remote_minor)) {
-			debug("%s doesn't support ssh2", c->c_name);
-			confree(s);
-			return;
-		}
-	} else if (remote_major != 1) {
-		debug("%s doesn't support ssh1", c->c_name);
+	if (!ssh2_capable(remote_major, remote_minor)) {
+		debug("%s doesn't support ssh2", c->c_name);
 		confree(s);
 		return;
 	}
 	fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf));
-	n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
-	    c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
-	    c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
-	if (n < 0 || (size_t)n >= sizeof(buf)) {
-		error("snprintf: buffer too small");
-		confree(s);
-		return;
-	}
-	if (atomicio(vwrite, s, buf, n) != (size_t)n) {
-		error("write (%s): %s", c->c_name, strerror(errno));
-		confree(s);
-		return;
-	}
-	if (c->c_keytype != KT_RSA1) {
-		keygrab_ssh2(c);
-		confree(s);
-		return;
-	}
-	c->c_status = CS_SIZE;
-	contouch(s);
+	keygrab_ssh2(c);
+	confree(s);
 }
 
 static void
@@ -585,12 +529,6 @@ conread(int s)
 			c->c_data = xmalloc(c->c_len);
 			c->c_status = CS_KEYS;
 			break;
-#ifdef WITH_SSH1
-		case CS_KEYS:
-			keyprint(c, keygrab_ssh1(c));
-			confree(s);
-			return;
-#endif
 		default:
 			fatal("conread: invalid status %d", c->c_status);
 			break;
@@ -659,7 +597,7 @@ do_host(char *host)
 
 	if (name == NULL)
 		return;
-	for (j = KT_RSA1; j <= KT_ED25519; j *= 2) {
+	for (j = KT_MIN; j <= KT_MAX; j *= 2) {
 		if (get_keytypes & j) {
 			while (ncon >= MAXCON)
 				conloop();
@@ -756,11 +694,6 @@ main(int argc, char **argv)
 				int type = sshkey_type_from_name(tname);
 
 				switch (type) {
-#ifdef WITH_SSH1
-				case KEY_RSA1:
-					get_keytypes |= KT_RSA1;
-					break;
-#endif
 				case KEY_DSA:
 					get_keytypes |= KT_DSA;
 					break;
author	Dag-Erling Smørgrav <des@FreeBSD.org>	2018-05-06 12:24:45 +0000
committer	Dag-Erling Smørgrav <des@FreeBSD.org>	2018-05-06 12:24:45 +0000
commit	20adc8f2a99cd37b64a80ef63dfc5ba6627d4dfb (patch)
tree	ad57ce9ac9538c780c802adbdfc4c581f9100310 /ssh-keyscan.c
parent	343d57711556d429eda777ab259ff924acbd6b34 (diff)