From scmnotify @ osdn.net Mon Dec 18 19:40:54 2017 From: scmnotify @ osdn.net (scmnotify @ osdn.net) Date: Mon, 18 Dec 2017 19:40:54 +0900 Subject: [Ttssh2-commit] [6999] typo fix. Message-ID: <1513593654.071385.95053.nullmailer@users.osdn.me> Revision: 6999 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/6999 Author: doda Date: 2017-12-18 19:40:53 +0900 (Mon, 18 Dec 2017) Log Message: ----------- typo fix. Modified Paths: -------------- trunk/doc/ja/html/about/history.html -------------- next part -------------- Modified: trunk/doc/ja/html/about/history.html =================================================================== --- trunk/doc/ja/html/about/history.html 2017-11-29 22:54:33 UTC (rev 6998) +++ trunk/doc/ja/html/about/history.html 2017-12-18 10:40:53 UTC (rev 6999) @@ -43,7 +43,7 @@
  • DA2 \x97v\x8B\x81\x82??\x9E\x93\x9A\x93\xE0\x97e\x82\xF0\x95ύX\x82\xB5\x82\xBD\x81B
  • Telnet \x90?\xB1\x8E\x9E\x81A\x92[\x96\x96\x91\xAC\x93x\x82\xF0\x83T\x81[\x83o\x82?`\x82\xA6\x82\xE9\x82悤\x82?\xB5\x82\xBD\x81B
  • \x83\x8D\x83O\x82?s\x93\xAA\x82??\xC1\x82\xB7\x82\xE9\x83^\x83C\x83\x80\x83X\x83^\x83\x93\x83v\x82?\xED\x97?\xF0\x90?\xE8\x82ł\xAB\x82\xE9\x82悤\x82?\xB5\x82\xBD\x81B From scmnotify @ osdn.net Mon Dec 18 19:40:58 2017 From: scmnotify @ osdn.net (scmnotify @ osdn.net) Date: Mon, 18 Dec 2017 19:40:58 +0900 Subject: [Ttssh2-commit] =?utf-8?b?WzcwMDBdIEVsYXBzZWQgVGltZSAtPiAg57WM?= =?utf-8?b?6YGO5pmC6ZaT?= Message-ID: <1513593658.767192.95115.nullmailer@users.osdn.me> Revision: 7000 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7000 Author: doda Date: 2017-12-18 19:40:58 +0900 (Mon, 18 Dec 2017) Log Message: ----------- Elapsed Time -> 経過時間 Modified Paths: -------------- trunk/doc/ja/html/macro/command/logopen.html trunk/installer/release/lang/Japanese.lng -------------- next part -------------- Modified: trunk/doc/ja/html/macro/command/logopen.html =================================================================== --- trunk/doc/ja/html/macro/command/logopen.html 2017-12-18 10:40:53 UTC (rev 6999) +++ trunk/doc/ja/html/macro/command/logopen.html 2017-12-18 10:40:58 UTC (rev 7000) @@ -74,12 +74,12 @@ 2 - Elapsed Time (Logging) + \x8Co\x89?\x9E\x8A\xD4 (Logging) 3 - Elapsed Time (Connection) + \x8Co\x89?\x9E\x8A\xD4 (Connection) Modified: trunk/installer/release/lang/Japanese.lng =================================================================== --- trunk/installer/release/lang/Japanese.lng 2017-12-18 10:40:53 UTC (rev 6999) +++ trunk/installer/release/lang/Japanese.lng 2017-12-18 10:40:58 UTC (rev 7000) @@ -430,8 +430,8 @@ DLG_FOPT_ALLBUFFINFIRST=\x8C\xBB\x8D?o\x83b\x83t\x83@\x82\xF0\x8A?\xDE(&C) DLG_FOPT_TIMESTAMP_LOCAL=\x83\x8D\x81[\x83J\x83\x8B\x83^\x83C\x83\x80 DLG_FOPT_TIMESTAMP_UTC=UTC -DLG_FOPT_TIMESTAMP_ELAPSED_LOGGING=Elapsed Time (Logging) -DLG_FOPT_TIMESTAMP_ELAPSED_CONNECTION=Elapsed Time (Connection) +DLG_FOPT_TIMESTAMP_ELAPSED_LOGGING=\x8Co\x89?\x9E\x8A\xD4(Logging) +DLG_FOPT_TIMESTAMP_ELAPSED_CONNECTION=\x8Co\x89?\x9E\x8A\xD4(Connection) DLG_XOPT=\x83I\x83v\x83V\x83\x87\x83\x93 DLG_XOPT_CHECKSUM=\x83`\x83F\x83b\x83N\x83T\x83\x80(&S) From scmnotify @ osdn.net Mon Dec 18 19:41:06 2017 From: scmnotify @ osdn.net (scmnotify @ osdn.net) Date: Mon, 18 Dec 2017 19:41:06 +0900 Subject: [Ttssh2-commit] =?utf-8?b?WzcwMDJdICDmmpflj7fmlrnlvI/jga7nrqE=?= =?utf-8?b?55CG44KS44CB5pqX5Y+35pa55byP44KS6KGo44GZ5YCkIChTU0hDaXBoZXIp?= =?utf-8?b?IOOBi+OCiSBzc2gyX2NpcGhlcnMg5YaF44Gu44Ko44Oz44OI44Oq44G444Gu?= =?utf-8?b?44Od44Kk44Oz44K/44KS5L2/44GG44KI44GG44Gr5aSJ5pu044CC?= Message-ID: <1513593666.872488.95376.nullmailer@users.osdn.me> Revision: 7002 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7002 Author: doda Date: 2017-12-18 19:41:06 +0900 (Mon, 18 Dec 2017) Log Message: ----------- 暗号方式の管理を、暗号方式を表す値(SSHCipher)から ssh2_ciphers 内のエントリへのポインタを使うように変更。 これにより、暗号方式のパラメータ(ブロックサイズ等)が容易に参照できるようになる。 SSHCipher の値が欲しい時は cipher->id を使う。 Modified Paths: -------------- trunk/ttssh2/ttxssh/crypt.c trunk/ttssh2/ttxssh/keyfiles.c trunk/ttssh2/ttxssh/ssh.c trunk/ttssh2/ttxssh/ssh.h trunk/ttssh2/ttxssh/ttxssh.c trunk/ttssh2/ttxssh/ttxssh.h -------------- next part -------------- Modified: trunk/ttssh2/ttxssh/crypt.c =================================================================== --- trunk/ttssh2/ttxssh/crypt.c 2017-12-18 10:41:02 UTC (rev 7001) +++ trunk/ttssh2/ttxssh/crypt.c 2017-12-18 10:41:06 UTC (rev 7002) @@ -765,9 +765,18 @@ choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers); } else { // SSH2(yutaka) - pvar->crypt_state.sender_cipher = pvar->ctos_cipher; - pvar->crypt_state.receiver_cipher =pvar->stoc_cipher; - + if (pvar->ciphers[MODE_OUT] == NULL) { + pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE; + } + else { + pvar->crypt_state.sender_cipher = pvar->ciphers[MODE_OUT]->id; + } + if (pvar->ciphers[MODE_IN] == NULL) { + pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE; + } + else { + pvar->crypt_state.receiver_cipher = pvar->ciphers[MODE_IN]->id; + } } if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE @@ -1060,36 +1069,39 @@ struct Enc *enc; char *encryption_key = pvar->crypt_state.sender_cipher_key; char *decryption_key = pvar->crypt_state.receiver_cipher_key; - int cipher; + ssh2_cipher_t *cipher; BOOL isOK = TRUE; if (sender_flag) { - cipher = pvar->crypt_state.sender_cipher; - switch (cipher) { - case SSH_CIPHER_3DES: - c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES); - pvar->crypt_state.encrypt = c3DES_encrypt; - break; + if (SSHv1(pvar)) { + switch (pvar->crypt_state.sender_cipher) { + case SSH_CIPHER_3DES: + c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES); + pvar->crypt_state.encrypt = c3DES_encrypt; + break; - case SSH_CIPHER_DES: - cDES_init(encryption_key, &pvar->crypt_state.enc.cDES); - pvar->crypt_state.encrypt = cDES_encrypt; - break; + case SSH_CIPHER_DES: + cDES_init(encryption_key, &pvar->crypt_state.enc.cDES); + pvar->crypt_state.encrypt = cDES_encrypt; + break; - case SSH_CIPHER_BLOWFISH: - cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish); - pvar->crypt_state.encrypt = cBlowfish_encrypt; - break; + case SSH_CIPHER_BLOWFISH: + cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish); + pvar->crypt_state.encrypt = cBlowfish_encrypt; + break; - case SSH_CIPHER_NONE: - case SSH_CIPHER_IDEA: - case SSH_CIPHER_TSS: - case SSH_CIPHER_RC4: - isOK = FALSE; - break; - - default: // SSH2 - if (cipher <= SSH_CIPHER_MAX) { + case SSH_CIPHER_NONE: + case SSH_CIPHER_IDEA: + case SSH_CIPHER_TSS: + case SSH_CIPHER_RC4: + isOK = FALSE; + break; + } + } + else { + // SSH2 + cipher = pvar->ciphers[MODE_OUT]; + if (cipher) { enc = &pvar->ssh2_keys[MODE_OUT].enc; cipher_init_SSH2(&pvar->evpcip[MODE_OUT], enc->key, get_cipher_key_len(cipher), @@ -1105,37 +1117,39 @@ else { isOK = FALSE; } - break; } } if (receiver_flag) { - cipher = pvar->crypt_state.receiver_cipher; - switch (cipher) { - case SSH_CIPHER_3DES: - c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES); - pvar->crypt_state.decrypt = c3DES_decrypt; - break; + if (SSHv1(pvar)) { + switch (pvar->crypt_state.receiver_cipher) { + case SSH_CIPHER_3DES: + c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES); + pvar->crypt_state.decrypt = c3DES_decrypt; + break; - case SSH_CIPHER_DES: - cDES_init(decryption_key, &pvar->crypt_state.dec.cDES); - pvar->crypt_state.decrypt = cDES_decrypt; - break; + case SSH_CIPHER_DES: + cDES_init(decryption_key, &pvar->crypt_state.dec.cDES); + pvar->crypt_state.decrypt = cDES_decrypt; + break; - case SSH_CIPHER_BLOWFISH: - cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish); - pvar->crypt_state.decrypt = cBlowfish_decrypt; - break; + case SSH_CIPHER_BLOWFISH: + cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish); + pvar->crypt_state.decrypt = cBlowfish_decrypt; + break; - case SSH_CIPHER_NONE: - case SSH_CIPHER_IDEA: - case SSH_CIPHER_TSS: - case SSH_CIPHER_RC4: - isOK = FALSE; - break; - - default: // SSH2 - if (cipher <= SSH_CIPHER_MAX) { + case SSH_CIPHER_NONE: + case SSH_CIPHER_IDEA: + case SSH_CIPHER_TSS: + case SSH_CIPHER_RC4: + isOK = FALSE; + break; + } + } + else { + // SSH2 + cipher = pvar->ciphers[MODE_IN]; + if (cipher) { enc = &pvar->ssh2_keys[MODE_IN].enc; cipher_init_SSH2(&pvar->evpcip[MODE_IN], enc->key, get_cipher_key_len(cipher), @@ -1151,7 +1165,6 @@ else { isOK = FALSE; } - break; } } Modified: trunk/ttssh2/ttxssh/keyfiles.c =================================================================== --- trunk/ttssh2/ttxssh/keyfiles.c 2017-12-18 10:41:02 UTC (rev 7001) +++ trunk/ttssh2/ttxssh/keyfiles.c 2017-12-18 10:41:06 UTC (rev 7002) @@ -371,7 +371,7 @@ unsigned int len, klen, nkeys, blocksize, keylen, ivlen, slen, rounds; unsigned int check1, check2, m1len, m2len; int dlen, i; - SSHCipher ciphernameval; + ssh2_cipher_t *cipher; size_t authlen; EVP_CIPHER_CTX cipher_ctx; @@ -452,8 +452,8 @@ */ // \x88Í\x86\x89\xBB\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82?\xBC\x91O ciphername = buffer_get_string_msg(copy_consumed, NULL); - ciphernameval = get_cipher_by_name(ciphername); - if (ciphernameval == SSH_CIPHER_NONE && strcmp(ciphername, "none") != 0) { + cipher = get_cipher_by_name(ciphername); + if (cipher->id == SSH_CIPHER_NONE && strcmp(ciphername, "none") != 0) { logprintf(LOG_LEVEL_ERROR, "%s: unknown cipher name", __FUNCTION__); goto error; } @@ -509,7 +509,7 @@ /* size of encrypted key blob */ len = buffer_get_int(copy_consumed); - blocksize = get_cipher_block_size(ciphernameval); + blocksize = get_cipher_block_size(cipher); authlen = 0; // TODO: \x82??\x82\xA6\x82\xB8\x8CŒ艻 if (len < blocksize) { logprintf(LOG_LEVEL_ERROR, __FUNCTION__ ": encrypted data too small"); @@ -521,7 +521,7 @@ } /* setup key */ - keylen = get_cipher_key_len(ciphernameval); + keylen = get_cipher_key_len(cipher); ivlen = blocksize; key = calloc(1, keylen + ivlen); if (!strcmp(kdfname, KDFNAME)) { @@ -542,7 +542,7 @@ // \x95\x9C\x8D\x86\x89\xBB cp = buffer_append_space(b, len); cipher_init_SSH2(&cipher_ctx, key, keylen, key + keylen, ivlen, CIPHER_DECRYPT, - get_cipher_EVP_CIPHER(ciphernameval), 0, 0, pvar); + get_cipher_EVP_CIPHER(cipher), 0, 0, pvar); if (EVP_Cipher(&cipher_ctx, cp, buffer_tail_ptr(copy_consumed), len) == 0) { cipher_cleanup_SSH2(&cipher_ctx); goto error; Modified: trunk/ttssh2/ttxssh/ssh.c =================================================================== --- trunk/ttssh2/ttxssh/ssh.c 2017-12-18 10:41:02 UTC (rev 7001) +++ trunk/ttssh2/ttxssh/ssh.c 2017-12-18 10:41:06 UTC (rev 7002) @@ -4091,134 +4091,96 @@ // general // -int get_cipher_block_size(SSHCipher cipher) +int get_cipher_block_size(ssh2_cipher_t *cipher) { - ssh2_cipher_t *ptr = ssh2_ciphers; - - while (ptr->name != NULL) { - if (cipher == ptr->cipher) { - return ptr->block_size; - } - ptr++; + int blocksize = 0; + + if (cipher) { + blocksize = cipher->block_size; } - // not found. - return 8; + return max(blocksize, 8); } -int get_cipher_key_len(SSHCipher cipher) +int get_cipher_key_len(ssh2_cipher_t *cipher) { - ssh2_cipher_t *ptr = ssh2_ciphers; - - while (ptr->name != NULL) { - if (cipher == ptr->cipher) { - return ptr->key_len; - } - ptr++; + if (cipher) { + return cipher->key_len; } - - // not found. - return 0; + else { + return 0; + } } -int get_cipher_discard_len(SSHCipher cipher) +int get_cipher_discard_len(ssh2_cipher_t *cipher) { - ssh2_cipher_t *ptr = ssh2_ciphers; - - while (ptr->name != NULL) { - if (cipher == ptr->cipher) { - return ptr->discard_len; - } - ptr++; + if (cipher) { + return cipher->discard_len; } - - // not found. - return 0; + else { + return 0; + } } -int get_cipher_iv_len(SSHCipher cipher) +int get_cipher_iv_len(ssh2_cipher_t *cipher) { - ssh2_cipher_t *ptr = ssh2_ciphers; - - while (ptr->name != NULL) { - if (cipher == ptr->cipher) { - if (ptr->iv_len != 0) { - return ptr->iv_len; - } - else { - return ptr->block_size; - } + if (cipher) { + if (cipher->iv_len != 0) { + return cipher->iv_len; } - ptr++; + else { + return cipher->block_size; + } } - - // not found. - return 8; // block_size + else { + return 8; // block_size + } } -int get_cipher_auth_len(SSHCipher cipher) +int get_cipher_auth_len(ssh2_cipher_t *cipher) { - ssh2_cipher_t *ptr = ssh2_ciphers; - - while (ptr->name != NULL) { - if (cipher == ptr->cipher) { - return ptr->auth_len; - } - ptr++; + if (cipher) { + return cipher->auth_len; } - - // not found. - return 0; + else { + return 0; + } } // \x88Í\x86\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x96\xBC\x82\xA9\x82猟\x8D\x{142DC2}\xE9\x81B -SSHCipher get_cipher_by_name(char *name) +ssh2_cipher_t *get_cipher_by_name(char *name) { ssh2_cipher_t *ptr = ssh2_ciphers; - if (name == NULL) - goto error; - while (ptr->name != NULL) { - if (strcmp(ptr->name, name) == 0) { - return ptr->cipher; + if (name != NULL && strcmp(ptr->name, name) == 0) { + return ptr; } ptr++; } // not found. -error: - return SSH_CIPHER_NONE; + return ptr; } -static char * get_cipher_string(SSHCipher cipher) +static char * get_cipher_string(ssh2_cipher_t *cipher) { - ssh2_cipher_t *ptr = ssh2_ciphers; - - while (ptr->name != NULL) { - if (cipher == ptr->cipher) { - return ptr->name; - } - ptr++; + if (cipher) { + return cipher->name; } - - // not found. - return "unknown"; + else { + return "unknown"; + } } -const EVP_CIPHER* get_cipher_EVP_CIPHER(SSHCipher cipher) +const EVP_CIPHER* get_cipher_EVP_CIPHER(ssh2_cipher_t *cipher) { - ssh2_cipher_t *ptr = ssh2_ciphers; - - while (ptr->name != NULL) { - if (cipher == ptr->cipher) { - return ptr->func(); - } - ptr++; + if (cipher) { + return cipher->func(); } - - // not found. - return EVP_enc_null(); + else { + return EVP_enc_null(); + } } char* get_kex_algorithm_name(kex_algorithm kextype) @@ -4711,7 +4673,6 @@ { char tmp_cli[1024], *ptr_cli, *ctc_cli; char tmp_svr[1024], *ptr_svr, *ctc_svr; - SSHCipher cipher = SSH_CIPHER_NONE; strncpy_s(tmp_cli, sizeof(tmp_cli), my_proposal, _TRUNCATE); ptr_cli = strtok_s(tmp_cli, ",", &ctc_cli); @@ -4756,23 +4717,13 @@ return (type); } -static SSHCipher choose_SSH2_cipher_algorithm(char *server_proposal, char *my_proposal) +static ssh2_cipher_t *choose_SSH2_cipher_algorithm(char *server_proposal, char *my_proposal) { - SSHCipher cipher = SSH_CIPHER_NONE; char str_cipher[32]; ssh2_cipher_t *ptr = ssh2_ciphers; choose_SSH2_proposal(server_proposal, my_proposal, str_cipher, sizeof(str_cipher)); - - while (ptr->name != NULL) { - if (strcmp(ptr->name, str_cipher) == 0) { - cipher = ptr->cipher; - break; - } - ptr++; - } - - return (cipher); + return get_cipher_by_name(str_cipher); } @@ -4828,19 +4779,19 @@ int mode, val; unsigned int need = 0; const EVP_MD *md; - SSHCipher cipher; + ssh2_cipher_t *cipher; hmac_type mac; for (mode = 0; mode < MODE_MAX; mode++) { if (mode == MODE_OUT) { mac = pvar->ctos_hmac; - cipher = pvar->ctos_cipher; } else { mac = pvar->stoc_hmac; - cipher = pvar->stoc_cipher; } + cipher = pvar->ciphers[mode]; + // current_keys[]\x82???\x82Ă\xA8\x82\xA2\x82āA\x82\xA0\x82?\xC5 pvar->ssh2_keys[] \x82?R\x83s\x81[\x82\xB7\x82\xE9\x81B md = get_ssh2_mac_EVP_MD(mac); current_keys[mode].mac.md = md; @@ -4997,8 +4948,8 @@ logprintf(LOG_LEVEL_VERBOSE, "server proposal: encryption algorithm client to server: %s", buf); - pvar->ctos_cipher = choose_SSH2_cipher_algorithm(buf, myproposal[PROPOSAL_ENC_ALGS_CTOS]); - if (pvar->ctos_cipher == SSH_CIPHER_NONE) { + pvar->ciphers[MODE_OUT] = choose_SSH2_cipher_algorithm(buf, myproposal[PROPOSAL_ENC_ALGS_CTOS]); + if (pvar->ciphers[MODE_OUT]->id == SSH_CIPHER_NONE) { strncpy_s(tmp, sizeof(tmp), "unknown Encrypt algorithm(ctos): ", _TRUNCATE); strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE); msg = tmp; @@ -5017,8 +4968,8 @@ logprintf(LOG_LEVEL_VERBOSE, "server proposal: encryption algorithm server to client: %s", buf); - pvar->stoc_cipher = choose_SSH2_cipher_algorithm(buf, myproposal[PROPOSAL_ENC_ALGS_STOC]); - if (pvar->stoc_cipher == SSH_CIPHER_NONE) { + pvar->ciphers[MODE_IN] = choose_SSH2_cipher_algorithm(buf, myproposal[PROPOSAL_ENC_ALGS_STOC]); + if (pvar->ciphers[MODE_IN]->id == SSH_CIPHER_NONE) { strncpy_s(tmp, sizeof(tmp), "unknown Encrypt algorithm(stoc): ", _TRUNCATE); strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE); msg = tmp; @@ -5116,11 +5067,11 @@ logprintf(LOG_LEVEL_VERBOSE, "encryption algorithm client to server: %s", - get_cipher_string(pvar->ctos_cipher)); + get_cipher_string(pvar->ciphers[MODE_OUT])); logprintf(LOG_LEVEL_VERBOSE, "encryption algorithm server to client: %s", - get_cipher_string(pvar->stoc_cipher)); + get_cipher_string(pvar->ciphers[MODE_IN])); logprintf(LOG_LEVEL_VERBOSE, "MAC algorithm client to server: %s", Modified: trunk/ttssh2/ttxssh/ssh.h =================================================================== --- trunk/ttssh2/ttxssh/ssh.h 2017-12-18 10:41:02 UTC (rev 7001) +++ trunk/ttssh2/ttxssh/ssh.h 2017-12-18 10:41:06 UTC (rev 7002) @@ -376,7 +376,7 @@ typedef struct ssh2_cipher { - SSHCipher cipher; + SSHCipher id; char *name; int block_size; int key_len; @@ -773,13 +773,13 @@ BOOL do_SSH2_userauth(PTInstVar pvar); BOOL do_SSH2_authrequest(PTInstVar pvar); void debug_print(int no, char *msg, int len); -int get_cipher_block_size(SSHCipher cipher); -int get_cipher_key_len(SSHCipher cipher); -int get_cipher_iv_len(SSHCipher cipher); -int get_cipher_auth_len(SSHCipher cipher); -SSHCipher get_cipher_by_name(char *name); +int get_cipher_block_size(ssh2_cipher_t *cipher); +int get_cipher_key_len(ssh2_cipher_t *cipher); +int get_cipher_iv_len(ssh2_cipher_t *cipher); +int get_cipher_auth_len(ssh2_cipher_t *cipher); +ssh2_cipher_t *get_cipher_by_name(char *name); char* get_kex_algorithm_name(kex_algorithm kextype); -const EVP_CIPHER* get_cipher_EVP_CIPHER(SSHCipher cipher); +const EVP_CIPHER* get_cipher_EVP_CIPHER(ssh2_cipher_t *cipher); const EVP_MD* get_kex_algorithm_EVP_MD(kex_algorithm kextype); char* get_ssh2_mac_name(hmac_type type); const EVP_MD* get_ssh2_mac_EVP_MD(hmac_type type); @@ -787,7 +787,7 @@ char* get_ssh2_comp_name(compression_type type); char* get_ssh_keytype_name(ssh_keytype type); char* get_digest_algorithm_name(digest_algorithm id); -int get_cipher_discard_len(SSHCipher cipher); +int get_cipher_discard_len(ssh2_cipher_t *cipher); void ssh_heartbeat_lock_initialize(void); void ssh_heartbeat_lock_finalize(void); void ssh_heartbeat_lock(void); Modified: trunk/ttssh2/ttxssh/ttxssh.c =================================================================== --- trunk/ttssh2/ttxssh/ttxssh.c 2017-12-18 10:41:02 UTC (rev 7001) +++ trunk/ttssh2/ttxssh/ttxssh.c 2017-12-18 10:41:06 UTC (rev 7002) @@ -4128,7 +4128,7 @@ // based on OpenSSH 6.5:key_save_private(), key_private_to_blob2() static void save_bcrypt_private_key(char *passphrase, char *filename, char *comment, HWND dlg, PTInstVar pvar, int rounds) { - SSHCipher ciphernameval = SSH_CIPHER_NONE; + ssh2_cipher_t *cipher = NULL; char *ciphername = DEFAULT_CIPHERNAME; buffer_t *b = NULL; buffer_t *kdf = NULL; @@ -4156,9 +4156,9 @@ kdfname = "none"; } - ciphernameval = get_cipher_by_name(ciphername); - blocksize = get_cipher_block_size(ciphernameval); - keylen = get_cipher_key_len(ciphernameval); + cipher = get_cipher_by_name(ciphername); + blocksize = get_cipher_block_size(cipher); + keylen = get_cipher_key_len(cipher); ivlen = blocksize; authlen = 0; // TODO: \x82??\x82\xA6\x82\xB8\x8CŒ艻 key = calloc(1, keylen + ivlen); @@ -4176,7 +4176,7 @@ // TODO: OpenSSH 6.5\x82ł\xCD -Z \x83I\x83v\x83V\x83\x87\x83\x93\x82ŁA\x88Í\x86\x89\xBB\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82\xF0\x8Ew\x92\xE8\x89?\\x82\xBE\x82\xAA\x81A // \x82\xB1\x82\xB1\x82ł\xCD"AES256-CBC"\x82?Œ\xE8\x82?\xB7\x82\xE9\x81B cipher_init_SSH2(&cipher_ctx, key, keylen, key + keylen, ivlen, CIPHER_ENCRYPT, - get_cipher_EVP_CIPHER(ciphernameval), 0, 0, pvar); + get_cipher_EVP_CIPHER(cipher), 0, 0, pvar); SecureZeroMemory(key, keylen + ivlen); free(key); Modified: trunk/ttssh2/ttxssh/ttxssh.h =================================================================== --- trunk/ttssh2/ttxssh/ttxssh.h 2017-12-18 10:41:02 UTC (rev 7001) +++ trunk/ttssh2/ttxssh/ttxssh.h 2017-12-18 10:41:06 UTC (rev 7002) @@ -257,8 +257,7 @@ buffer_t *peer_kex; kex_algorithm kex_type; // KEX algorithm ssh_keytype hostkey_type; - SSHCipher ctos_cipher; - SSHCipher stoc_cipher; + ssh2_cipher_t *ciphers[MODE_MAX]; hmac_type ctos_hmac; hmac_type stoc_hmac; compression_type ctos_compression; From scmnotify @ osdn.net Mon Dec 18 19:41:02 2017 From: scmnotify @ osdn.net (scmnotify @ osdn.net) Date: Mon, 18 Dec 2017 19:41:02 +0900 Subject: [Ttssh2-commit] =?utf-8?q?=5B7001=5D__Newkeys_=E3=82=92_SSHKeys_?= =?utf-8?b?44Gr5ZCN56ew5aSJ5pu0?= Message-ID: <1513593662.919949.95249.nullmailer@users.osdn.me> Revision: 7001 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7001 Author: doda Date: 2017-12-18 19:41:02 +0900 (Mon, 18 Dec 2017) Log Message: ----------- Newkeys を SSHKeys に名称変更 SSHKeys の方が実態を表しているので。 Modified Paths: -------------- trunk/ttssh2/ttxssh/kex.c trunk/ttssh2/ttxssh/ssh.c trunk/ttssh2/ttxssh/ssh.h trunk/ttssh2/ttxssh/ttxssh.h -------------- next part -------------- Modified: trunk/ttssh2/ttxssh/kex.c =================================================================== --- trunk/ttssh2/ttxssh/kex.c 2017-12-18 10:40:58 UTC (rev 7000) +++ trunk/ttssh2/ttxssh/kex.c 2017-12-18 10:41:02 UTC (rev 7001) @@ -29,7 +29,7 @@ #include "ttxssh.h" #include "kex.h" -extern Newkeys current_keys[MODE_MAX]; +extern SSHKeys current_keys[MODE_MAX]; static DH *dh_new_group_asc(const char *gen, const char *modulus) { Modified: trunk/ttssh2/ttxssh/ssh.c =================================================================== --- trunk/ttssh2/ttxssh/ssh.c 2017-12-18 10:40:58 UTC (rev 7000) +++ trunk/ttssh2/ttxssh/ssh.c 2017-12-18 10:41:02 UTC (rev 7001) @@ -4081,7 +4081,7 @@ #endif } -Newkeys current_keys[MODE_MAX]; +SSHKeys current_keys[MODE_MAX]; #define write_buffer_file(buf,len) do_write_buffer_file(buf,len,__FILE__,__LINE__) Modified: trunk/ttssh2/ttxssh/ssh.h =================================================================== --- trunk/ttssh2/ttxssh/ssh.h 2017-12-18 10:40:58 UTC (rev 7000) +++ trunk/ttssh2/ttxssh/ssh.h 2017-12-18 10:41:02 UTC (rev 7001) @@ -561,7 +561,7 @@ struct Enc enc; struct Mac mac; struct Comp comp; -} Newkeys; +} SSHKeys; #define roundup(x, y) ((((x)+((y)-1))/(y))*(y)) Modified: trunk/ttssh2/ttxssh/ttxssh.h =================================================================== --- trunk/ttssh2/ttxssh/ttxssh.h 2017-12-18 10:40:58 UTC (rev 7000) +++ trunk/ttssh2/ttxssh/ttxssh.h 2017-12-18 10:41:02 UTC (rev 7001) @@ -268,7 +268,7 @@ int rekeying; char *session_id; int session_id_len; - Newkeys ssh2_keys[MODE_MAX]; + SSHKeys ssh2_keys[MODE_MAX]; EVP_CIPHER_CTX evpcip[MODE_MAX]; int userauth_success; int shell_id; From scmnotify @ osdn.net Mon Dec 18 19:41:13 2017 From: scmnotify @ osdn.net (scmnotify @ osdn.net) Date: Mon, 18 Dec 2017 19:41:13 +0900 Subject: [Ttssh2-commit] =?utf-8?b?WzcwMDRdICDlnovlkI3lpInmm7TjgILkuLs=?= =?utf-8?b?44Gr6KaL5qCE44GI44Gu54K644CC?= Message-ID: <1513593673.704923.95605.nullmailer@users.osdn.me> Revision: 7004 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7004 Author: doda Date: 2017-12-18 19:41:13 +0900 (Mon, 18 Dec 2017) Log Message: ----------- 型名変更。主に見栄えの為。 ・SSHCipher -> SSHCipherId ・ssh2_cipher_t -> SSH2Cipher Modified Paths: -------------- trunk/ttssh2/ttxssh/crypt.c trunk/ttssh2/ttxssh/keyfiles.c trunk/ttssh2/ttxssh/ssh.c trunk/ttssh2/ttxssh/ssh.h trunk/ttssh2/ttxssh/ttxssh.c trunk/ttssh2/ttxssh/ttxssh.h -------------- next part -------------- Modified: trunk/ttssh2/ttxssh/crypt.c =================================================================== --- trunk/ttssh2/ttxssh/crypt.c 2017-12-18 10:41:10 UTC (rev 7003) +++ trunk/ttssh2/ttxssh/crypt.c 2017-12-18 10:41:13 UTC (rev 7004) @@ -1069,7 +1069,7 @@ struct Enc *enc; char *encryption_key = pvar->crypt_state.sender_cipher_key; char *decryption_key = pvar->crypt_state.receiver_cipher_key; - ssh2_cipher_t *cipher; + SSH2Cipher *cipher; BOOL isOK = TRUE; if (sender_flag) { Modified: trunk/ttssh2/ttxssh/keyfiles.c =================================================================== --- trunk/ttssh2/ttxssh/keyfiles.c 2017-12-18 10:41:10 UTC (rev 7003) +++ trunk/ttssh2/ttxssh/keyfiles.c 2017-12-18 10:41:13 UTC (rev 7004) @@ -371,7 +371,7 @@ unsigned int len, klen, nkeys, blocksize, keylen, ivlen, slen, rounds; unsigned int check1, check2, m1len, m2len; int dlen, i; - ssh2_cipher_t *cipher; + SSH2Cipher *cipher; size_t authlen; EVP_CIPHER_CTX cipher_ctx; Modified: trunk/ttssh2/ttxssh/ssh.c =================================================================== --- trunk/ttssh2/ttxssh/ssh.c 2017-12-18 10:41:10 UTC (rev 7003) +++ trunk/ttssh2/ttxssh/ssh.c 2017-12-18 10:41:13 UTC (rev 7004) @@ -4091,7 +4091,7 @@ // general // -int get_cipher_block_size(ssh2_cipher_t *cipher) +int get_cipher_block_size(SSH2Cipher *cipher) { int blocksize = 0; @@ -4102,7 +4102,7 @@ return max(blocksize, 8); } -int get_cipher_key_len(ssh2_cipher_t *cipher) +int get_cipher_key_len(SSH2Cipher *cipher) { if (cipher) { return cipher->key_len; @@ -4112,7 +4112,7 @@ } } -int get_cipher_discard_len(ssh2_cipher_t *cipher) +int get_cipher_discard_len(SSH2Cipher *cipher) { if (cipher) { return cipher->discard_len; @@ -4122,7 +4122,7 @@ } } -int get_cipher_iv_len(ssh2_cipher_t *cipher) +int get_cipher_iv_len(SSH2Cipher *cipher) { if (cipher) { if (cipher->iv_len != 0) { @@ -4137,7 +4137,7 @@ } } -int get_cipher_auth_len(ssh2_cipher_t *cipher) +int get_cipher_auth_len(SSH2Cipher *cipher) { if (cipher) { return cipher->auth_len; @@ -4148,9 +4148,9 @@ } // \x88Í\x86\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x96\xBC\x82\xA9\x82猟\x8D\x{142DC2}\xE9\x81B -ssh2_cipher_t *get_cipher_by_name(char *name) +SSH2Cipher *get_cipher_by_name(char *name) { - ssh2_cipher_t *ptr = ssh2_ciphers; + SSH2Cipher *ptr = ssh2_ciphers; while (ptr->name != NULL) { if (name != NULL && strcmp(ptr->name, name) == 0) { @@ -4163,7 +4163,7 @@ return ptr; } -static char * get_cipher_string(ssh2_cipher_t *cipher) +static char * get_cipher_string(SSH2Cipher *cipher) { if (cipher) { return cipher->name; @@ -4173,7 +4173,7 @@ } } -const EVP_CIPHER* get_cipher_EVP_CIPHER(ssh2_cipher_t *cipher) +const EVP_CIPHER* get_cipher_EVP_CIPHER(SSH2Cipher *cipher) { if (cipher) { return cipher->func(); @@ -4717,10 +4717,10 @@ return (type); } -static ssh2_cipher_t *choose_SSH2_cipher_algorithm(char *server_proposal, char *my_proposal) +static SSH2Cipher *choose_SSH2_cipher_algorithm(char *server_proposal, char *my_proposal) { char str_cipher[32]; - ssh2_cipher_t *ptr = ssh2_ciphers; + SSH2Cipher *ptr = ssh2_ciphers; choose_SSH2_proposal(server_proposal, my_proposal, str_cipher, sizeof(str_cipher)); return get_cipher_by_name(str_cipher); @@ -4779,7 +4779,7 @@ int mode, val; unsigned int need = 0; const EVP_MD *md; - ssh2_cipher_t *cipher; + SSH2Cipher *cipher; hmac_type mac; for (mode = 0; mode < MODE_MAX; mode++) { Modified: trunk/ttssh2/ttxssh/ssh.h =================================================================== --- trunk/ttssh2/ttxssh/ssh.h 2017-12-18 10:41:10 UTC (rev 7003) +++ trunk/ttssh2/ttxssh/ssh.h 2017-12-18 10:41:13 UTC (rev 7004) @@ -97,7 +97,7 @@ SSH2_CIPHER_CAMELLIA128_CTR, SSH2_CIPHER_CAMELLIA192_CTR, SSH2_CIPHER_CAMELLIA256_CTR, SSH2_CIPHER_AES128_GCM, SSH2_CIPHER_AES256_GCM, SSH_CIPHER_MAX = SSH2_CIPHER_AES256_GCM, -} SSHCipher; +} SSHCipherId; typedef enum { SSH_AUTH_NONE, SSH_AUTH_RHOSTS, SSH_AUTH_RSA, SSH_AUTH_PASSWORD, @@ -376,7 +376,7 @@ typedef struct ssh2_cipher { - SSHCipher id; + SSHCipherId id; char *name; int block_size; int key_len; @@ -384,9 +384,9 @@ int iv_len; int auth_len; const EVP_CIPHER *(*func)(void); -} ssh2_cipher_t; +} SSH2Cipher; -static ssh2_cipher_t ssh2_ciphers[] = { +static SSH2Cipher ssh2_ciphers[] = { {SSH2_CIPHER_3DES_CBC, "3des-cbc", 8, 24, 0, 0, 0, EVP_des_ede3_cbc}, // RFC4253 {SSH2_CIPHER_AES128_CBC, "aes128-cbc", 16, 16, 0, 0, 0, EVP_aes_128_cbc}, // RFC4253 {SSH2_CIPHER_AES192_CBC, "aes192-cbc", 16, 24, 0, 0, 0, EVP_aes_192_cbc}, // RFC4253 @@ -773,13 +773,13 @@ BOOL do_SSH2_userauth(PTInstVar pvar); BOOL do_SSH2_authrequest(PTInstVar pvar); void debug_print(int no, char *msg, int len); -int get_cipher_block_size(ssh2_cipher_t *cipher); -int get_cipher_key_len(ssh2_cipher_t *cipher); -int get_cipher_iv_len(ssh2_cipher_t *cipher); -int get_cipher_auth_len(ssh2_cipher_t *cipher); -ssh2_cipher_t *get_cipher_by_name(char *name); +int get_cipher_block_size(SSH2Cipher *cipher); +int get_cipher_key_len(SSH2Cipher *cipher); +int get_cipher_iv_len(SSH2Cipher *cipher); +int get_cipher_auth_len(SSH2Cipher *cipher); +SSH2Cipher *get_cipher_by_name(char *name); char* get_kex_algorithm_name(kex_algorithm kextype); -const EVP_CIPHER* get_cipher_EVP_CIPHER(ssh2_cipher_t *cipher); +const EVP_CIPHER* get_cipher_EVP_CIPHER(SSH2Cipher *cipher); const EVP_MD* get_kex_algorithm_EVP_MD(kex_algorithm kextype); char* get_ssh2_mac_name(hmac_type type); const EVP_MD* get_ssh2_mac_EVP_MD(hmac_type type); @@ -787,7 +787,7 @@ char* get_ssh2_comp_name(compression_type type); char* get_ssh_keytype_name(ssh_keytype type); char* get_digest_algorithm_name(digest_algorithm id); -int get_cipher_discard_len(ssh2_cipher_t *cipher); +int get_cipher_discard_len(SSH2Cipher *cipher); void ssh_heartbeat_lock_initialize(void); void ssh_heartbeat_lock_finalize(void); void ssh_heartbeat_lock(void); Modified: trunk/ttssh2/ttxssh/ttxssh.c =================================================================== --- trunk/ttssh2/ttxssh/ttxssh.c 2017-12-18 10:41:10 UTC (rev 7003) +++ trunk/ttssh2/ttxssh/ttxssh.c 2017-12-18 10:41:13 UTC (rev 7004) @@ -4128,7 +4128,7 @@ // based on OpenSSH 6.5:key_save_private(), key_private_to_blob2() static void save_bcrypt_private_key(char *passphrase, char *filename, char *comment, HWND dlg, PTInstVar pvar, int rounds) { - ssh2_cipher_t *cipher = NULL; + SSH2Cipher *cipher = NULL; char *ciphername = DEFAULT_CIPHERNAME; buffer_t *b = NULL; buffer_t *kdf = NULL; Modified: trunk/ttssh2/ttxssh/ttxssh.h =================================================================== --- trunk/ttssh2/ttxssh/ttxssh.h 2017-12-18 10:41:10 UTC (rev 7003) +++ trunk/ttssh2/ttxssh/ttxssh.h 2017-12-18 10:41:13 UTC (rev 7004) @@ -257,7 +257,7 @@ buffer_t *peer_kex; kex_algorithm kex_type; // KEX algorithm ssh_keytype hostkey_type; - ssh2_cipher_t *ciphers[MODE_MAX]; + SSH2Cipher *ciphers[MODE_MAX]; hmac_type ctos_hmac; hmac_type stoc_hmac; compression_type ctos_compression; From scmnotify @ osdn.net Mon Dec 18 19:41:10 2017 From: scmnotify @ osdn.net (scmnotify @ osdn.net) Date: Mon, 18 Dec 2017 19:41:10 +0900 Subject: [Ttssh2-commit] [7003] memset() -> SecureZeroMemory() Message-ID: <1513593670.263509.95492.nullmailer@users.osdn.me> Revision: 7003 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7003 Author: doda Date: 2017-12-18 19:41:10 +0900 (Mon, 18 Dec 2017) Log Message: ----------- memset() -> SecureZeroMemory() memset() のままでも大丈夫だと思うけれど、念の為。 Modified Paths: -------------- trunk/ttssh2/ttxssh/crypt.c -------------- next part -------------- Modified: trunk/ttssh2/ttxssh/crypt.c =================================================================== --- trunk/ttssh2/ttxssh/crypt.c 2017-12-18 10:41:06 UTC (rev 7002) +++ trunk/ttssh2/ttxssh/crypt.c 2017-12-18 10:41:10 UTC (rev 7003) @@ -934,7 +934,7 @@ challenge + decrypted_challenge_len - SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH); } else { - memset(decrypted_challenge, 0, + SecureZeroMemory(decrypted_challenge, SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len); memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len, challenge, @@ -960,15 +960,15 @@ DES_set_key((const_DES_cblock *) session_key, &state->k1); DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2); DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3); - memset(state->ivec1, 0, 8); - memset(state->ivec2, 0, 8); - memset(state->ivec3, 0, 8); + SecureZeroMemory(state->ivec1, 8); + SecureZeroMemory(state->ivec2, 8); + SecureZeroMemory(state->ivec3, 8); } static void cDES_init(char *session_key, CipherDESState *state) { DES_set_key((const_DES_cblock *) session_key, &state->k); - memset(state->ivec, 0, 8); + SecureZeroMemory(state->ivec, 8); } static void cBlowfish_init(char *session_key, @@ -975,7 +975,7 @@ CipherBlowfishState *state) { BF_set_key(&state->k, 32, session_key); - memset(state->ivec, 0, 8); + SecureZeroMemory(state->ivec, 8); } @@ -1174,8 +1174,8 @@ notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE); return FALSE; } else { - memset(encryption_key, 0, CRYPT_KEY_LENGTH); - memset(decryption_key, 0, CRYPT_KEY_LENGTH); + SecureZeroMemory(encryption_key, CRYPT_KEY_LENGTH); + SecureZeroMemory(decryption_key, CRYPT_KEY_LENGTH); return TRUE; } } @@ -1345,9 +1345,9 @@ &state.k2); DES_set_key((const_DES_cblock *) passphrase_key, &state.k3); - memset(state.ivec1, 0, 8); - memset(state.ivec2, 0, 8); - memset(state.ivec3, 0, 8); + SecureZeroMemory(state.ivec1, 8); + SecureZeroMemory(state.ivec2, 8); + SecureZeroMemory(state.ivec3, 8); DES_ncbc_encrypt(buf, buf, bytes, &state.k3, &state.ivec3, DES_DECRYPT); DES_ncbc_encrypt(buf, buf, bytes, @@ -1370,7 +1370,7 @@ CipherBlowfishState state; BF_set_key(&state.k, 16, passphrase_key); - memset(state.ivec, 0, 8); + SecureZeroMemory(state.ivec, 8); flip_endianness(buf, bytes); BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec, BF_DECRYPT); From scmnotify @ osdn.net Mon Dec 18 20:06:06 2017 From: scmnotify @ osdn.net (scmnotify @ osdn.net) Date: Mon, 18 Dec 2017 20:06:06 +0900 Subject: [Ttssh2-commit] =?utf-8?b?WzcwMDVdICDjg5Hjgrnjg6/jg7zjg4nnhKE=?= =?utf-8?b?44GX44GnIGJjcnlwdF9LREYg5b2i5byP44Gn56eY5a+G6Y2144KS5L+d5a2Y?= =?utf-8?b?44GX44Gf5pmC44Gr6JC944Gh44KL44Gu44KS5L+u5q2j44CC?= Message-ID: <1513595166.590754.10206.nullmailer@users.osdn.me> Revision: 7005 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7005 Author: doda Date: 2017-12-18 20:06:06 +0900 (Mon, 18 Dec 2017) Log Message: ----------- パスワード無しで bcrypt_KDF 形式で秘密鍵を保存した時に落ちるのを修正。 r7002 でのエンバグ。 get_cipher_by_name() で暗号が見つからなかった場合に SSH_CIPHER_NONE へのポインタではなく、NULL を返すようにした。 Revision Links: -------------- http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7002 Modified Paths: -------------- trunk/ttssh2/ttxssh/keyfiles.c trunk/ttssh2/ttxssh/ssh.c -------------- next part -------------- Modified: trunk/ttssh2/ttxssh/keyfiles.c =================================================================== --- trunk/ttssh2/ttxssh/keyfiles.c 2017-12-18 10:41:13 UTC (rev 7004) +++ trunk/ttssh2/ttxssh/keyfiles.c 2017-12-18 11:06:06 UTC (rev 7005) @@ -453,7 +453,7 @@ // \x88Í\x86\x89\xBB\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82?\xBC\x91O ciphername = buffer_get_string_msg(copy_consumed, NULL); cipher = get_cipher_by_name(ciphername); - if (cipher->id == SSH_CIPHER_NONE && strcmp(ciphername, "none") != 0) { + if (cipher == NULL && strcmp(ciphername, "none") != 0) { logprintf(LOG_LEVEL_ERROR, "%s: unknown cipher name", __FUNCTION__); goto error; } Modified: trunk/ttssh2/ttxssh/ssh.c =================================================================== --- trunk/ttssh2/ttxssh/ssh.c 2017-12-18 10:41:13 UTC (rev 7004) +++ trunk/ttssh2/ttxssh/ssh.c 2017-12-18 11:06:06 UTC (rev 7005) @@ -4152,8 +4152,11 @@ { SSH2Cipher *ptr = ssh2_ciphers; + if (name == NULL || name[0] == '\0') + return NULL; + while (ptr->name != NULL) { - if (name != NULL && strcmp(ptr->name, name) == 0) { + if (strcmp(ptr->name, name) == 0) { return ptr; } ptr++; @@ -4160,7 +4163,7 @@ } // not found. - return ptr; + return NULL; } static char * get_cipher_string(SSH2Cipher *cipher) From scmnotify @ osdn.net Mon Dec 18 20:06:13 2017 From: scmnotify @ osdn.net (scmnotify @ osdn.net) Date: Mon, 18 Dec 2017 20:06:13 +0900 Subject: [Ttssh2-commit] =?utf-8?b?WzcwMDddICBNQUMg56iu5Yil44Go44GX44Gm?= =?utf-8?b?IEltcGxpY2l0IOOCkui/veWKoCBUaWNrZXQgOiAgIzM3NzQx?= Message-ID: <1513595173.564414.10353.nullmailer@users.osdn.me> Revision: 7007 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7007 Author: doda Date: 2017-12-18 20:06:13 +0900 (Mon, 18 Dec 2017) Log Message: ----------- MAC 種別として Implicit を追加 Ticket: #37741 取りあえず ssh.h に Implicit を追加 Ticket Links: ------------ http://sourceforge.jp/projects/ttssh2/tracker/detail/37741 Modified Paths: -------------- trunk/ttssh2/ttxssh/ssh.h -------------- next part -------------- Modified: trunk/ttssh2/ttxssh/ssh.h =================================================================== --- trunk/ttssh2/ttxssh/ssh.h 2017-12-18 11:06:09 UTC (rev 7006) +++ trunk/ttssh2/ttxssh/ssh.h 2017-12-18 11:06:13 UTC (rev 7007) @@ -477,6 +477,7 @@ HMAC_RIPEMD160_EtM, HMAC_SHA2_256_EtM, HMAC_SHA2_512_EtM, + HMAC_IMPLICIT, HMAC_UNKNOWN, HMAC_MAX = HMAC_UNKNOWN, } SSH2MacId; @@ -506,6 +507,7 @@ {HMAC_RIPEMD160_EtM,"hmac-ripemd160-etm @ openssh.com",EVP_ripemd160, 0, 1}, {HMAC_SHA2_256_EtM, "hmac-sha2-256-etm @ openssh.com", EVP_sha256, 0, 1}, {HMAC_SHA2_512_EtM, "hmac-sha2-512-etm @ openssh.com", EVP_sha512, 0, 1}, + {HMAC_IMPLICIT, "", EVP_md_null, 0, 0}, // for AEAD cipher {HMAC_NONE, NULL, NULL, 0, 0}, }; From scmnotify @ osdn.net Mon Dec 18 20:06:10 2017 From: scmnotify @ osdn.net (scmnotify @ osdn.net) Date: Mon, 18 Dec 2017 20:06:10 +0900 Subject: [Ttssh2-commit] =?utf-8?b?WzcwMDZdICBNQUMg5pa55byP44Gu566h55CG?= =?utf-8?b?44KS44CB5pqX5Y+35pa55byP44KS6KGo44GZ5YCkIChobWFjX3R5cGUpIA==?= =?utf-8?b?44GL44KJIHNzaDJfbWFjcyDlhoXjga7jgqjjg7Pjg4jjg6rjgbjjga7jg50=?= =?utf-8?b?44Kk44Oz44K/44KS5L2/44GG44KI44GG44Gr5aSJ5pu044CC?= Message-ID: <1513595170.121325.10292.nullmailer@users.osdn.me> Revision: 7006 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7006 Author: doda Date: 2017-12-18 20:06:09 +0900 (Mon, 18 Dec 2017) Log Message: ----------- MAC 方式の管理を、暗号方式を表す値(hmac_type)から ssh2_macs 内のエントリへのポインタを使うように変更。 これにより、MAC 式のパラメータ(truncatebits等)が容易に参照できるようになる。 また、TInstVar 内でも ctos_hmac/stoc_hmac のように方向を名前で分けるのではなく、 macs[MODE] のように配列にする事で扱い易くする。 Modified Paths: -------------- trunk/ttssh2/ttxssh/ssh.c trunk/ttssh2/ttxssh/ssh.h trunk/ttssh2/ttxssh/ttxssh.c trunk/ttssh2/ttxssh/ttxssh.h -------------- next part -------------- Modified: trunk/ttssh2/ttxssh/ssh.c =================================================================== --- trunk/ttssh2/ttxssh/ssh.c 2017-12-18 11:06:06 UTC (rev 7005) +++ trunk/ttssh2/ttxssh/ssh.c 2017-12-18 11:06:09 UTC (rev 7006) @@ -3165,8 +3165,8 @@ UTIL_get_lang_msg("DLG_ABOUT_MAC_INFO", pvar, "%s to server, %s from server"); _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg, - get_ssh2_mac_name(pvar->ctos_hmac), - get_ssh2_mac_name(pvar->stoc_hmac)); + get_ssh2_mac_name(pvar->macs[MODE_OUT]), + get_ssh2_mac_name(pvar->macs[MODE_IN])); } void SSH_end(PTInstVar pvar) @@ -4216,64 +4216,63 @@ return EVP_md_null(); } -char* get_ssh2_mac_name(hmac_type type) +SSH2Mac *get_ssh2_mac(SSH2MacId id) { - ssh2_mac_t *ptr = ssh2_macs; + SSH2Mac *ptr = ssh2_macs; while (ptr->name != NULL) { - if (type == ptr->type) { - return ptr->name; + if (ptr->id == id) { + return ptr; } ptr++; } - // not found. - return "unknown"; + return NULL; } -const EVP_MD* get_ssh2_mac_EVP_MD(hmac_type type) +char* get_ssh2_mac_name(SSH2Mac *mac) { - ssh2_mac_t *ptr = ssh2_macs; - - while (ptr->name != NULL) { - if (type == ptr->type) { - return ptr->evp_md(); - } - ptr++; + if (mac) { + return mac->name; } + else { + return "unknown"; + } +} - // not found. - return EVP_md_null(); +char* get_ssh2_mac_name_by_id(SSH2MacId id) +{ + return get_ssh2_mac_name(get_ssh2_mac(id)); } -int get_ssh2_mac_truncatebits(hmac_type type) +const EVP_MD* get_ssh2_mac_EVP_MD(SSH2Mac *mac) { - ssh2_mac_t *ptr = ssh2_macs; + if (mac) { + return mac->evp_md(); + } + else { + return EVP_md_null(); + } +} - while (ptr->name != NULL) { - if (type == ptr->type) { - return ptr->truncatebits; - } - ptr++; +int get_ssh2_mac_truncatebits(SSH2Mac *mac) +{ + if (mac) { + return mac->truncatebits; } - - // not found. - return 0; + else { + return 0; + } } -int get_ssh2_mac_etm(hmac_type type) +int get_ssh2_mac_etm(SSH2Mac *mac) { - ssh2_mac_t *ptr = ssh2_macs; - - while (ptr->name != NULL) { - if (type == ptr->type) { - return ptr->etm; - } - ptr++; + if (mac) { + return mac->etm; } - - // not found - return 0; + else { + return 0; + } } char* get_ssh2_comp_name(compression_type type) @@ -4580,7 +4579,7 @@ index = pvar->settings.MacOrder[i] - '0'; if (index == HMAC_NONE) // disabled line break; - strncat_s(buf, sizeof(buf), get_ssh2_mac_name(index), _TRUNCATE); + strncat_s(buf, sizeof(buf), get_ssh2_mac_name_by_id(index), _TRUNCATE); strncat_s(buf, sizeof(buf), ",", _TRUNCATE); } len = strlen(buf); @@ -4730,23 +4729,21 @@ } -static hmac_type choose_SSH2_hmac_algorithm(char *server_proposal, char *my_proposal) +static SSH2Mac *choose_SSH2_mac_algorithm(char *server_proposal, char *my_proposal) { - hmac_type type = HMAC_UNKNOWN; char str_hmac[64]; - ssh2_mac_t *ptr = ssh2_macs; + SSH2Mac *ptr = ssh2_macs; choose_SSH2_proposal(server_proposal, my_proposal, str_hmac, sizeof(str_hmac)); while (ptr->name != NULL) { if (strcmp(ptr->name, str_hmac) == 0) { - type = ptr->type; - break; + return ptr; } ptr++; } - return (type); + return (NULL); } @@ -4783,17 +4780,11 @@ unsigned int need = 0; const EVP_MD *md; SSH2Cipher *cipher; - hmac_type mac; + SSH2Mac *mac; for (mode = 0; mode < MODE_MAX; mode++) { - if (mode == MODE_OUT) { - mac = pvar->ctos_hmac; - } - else { - mac = pvar->stoc_hmac; - } - cipher = pvar->ciphers[mode]; + mac = pvar->macs[mode]; // current_keys[]\x82???\x82Ă\xA8\x82\xA2\x82āA\x82\xA0\x82?\xC5 pvar->ssh2_keys[] \x82?R\x83s\x81[\x82\xB7\x82\xE9\x81B md = get_ssh2_mac_EVP_MD(mac); @@ -4817,9 +4808,7 @@ // \x8C\xBB\x8E\x9E\x93_\x82ł\xCDMAC\x82\xCDdisable pvar->ssh2_keys[mode].mac.enabled = 0; pvar->ssh2_keys[mode].comp.enabled = 0; // (2005.7.9 yutaka) - } - for (mode = 0; mode < MODE_MAX; mode++) { need = max(need, current_keys[mode].enc.key_len); need = max(need, current_keys[mode].enc.block_size); need = max(need, current_keys[mode].enc.iv_len); @@ -4991,8 +4980,8 @@ logprintf(LOG_LEVEL_VERBOSE, "server proposal: MAC algorithm client to server: %s", buf); - pvar->ctos_hmac = choose_SSH2_hmac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_CTOS]); - if (pvar->ctos_hmac == HMAC_UNKNOWN) { // not match + pvar->macs[MODE_OUT] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_CTOS]); + if (pvar->macs[MODE_OUT] == NULL) { // not match strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE); strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE); msg = tmp; @@ -5010,8 +4999,8 @@ logprintf(LOG_LEVEL_VERBOSE, "server proposal: MAC algorithm server to client: %s", buf); - pvar->stoc_hmac = choose_SSH2_hmac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_STOC]); - if (pvar->stoc_hmac == HMAC_UNKNOWN) { // not match + pvar->macs[MODE_IN] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_STOC]); + if (pvar->macs[MODE_IN] == NULL) { // not match strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE); strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE); msg = tmp; @@ -5078,11 +5067,11 @@ logprintf(LOG_LEVEL_VERBOSE, "MAC algorithm client to server: %s", - get_ssh2_mac_name(pvar->ctos_hmac)); + get_ssh2_mac_name(pvar->macs[MODE_OUT])); logprintf(LOG_LEVEL_VERBOSE, "MAC algorithm server to client: %s", - get_ssh2_mac_name(pvar->stoc_hmac)); + get_ssh2_mac_name(pvar->macs[MODE_IN])); logprintf(LOG_LEVEL_VERBOSE, "compression algorithm client to server: %s", Modified: trunk/ttssh2/ttxssh/ssh.h =================================================================== --- trunk/ttssh2/ttxssh/ssh.h 2017-12-18 11:06:06 UTC (rev 7005) +++ trunk/ttssh2/ttxssh/ssh.h 2017-12-18 11:06:09 UTC (rev 7006) @@ -479,17 +479,17 @@ HMAC_SHA2_512_EtM, HMAC_UNKNOWN, HMAC_MAX = HMAC_UNKNOWN, -} hmac_type; +} SSH2MacId; typedef struct ssh2_mac { - hmac_type type; + SSH2MacId id; char *name; const EVP_MD *(*evp_md)(void); int truncatebits; int etm; -} ssh2_mac_t; +} SSH2Mac; -static ssh2_mac_t ssh2_macs[] = { +static SSH2Mac ssh2_macs[] = { {HMAC_SHA1, "hmac-sha1", EVP_sha1, 0, 0}, // RFC4253 {HMAC_MD5, "hmac-md5", EVP_md5, 0, 0}, // RFC4253 {HMAC_SHA1_96, "hmac-sha1-96", EVP_sha1, 96, 0}, // RFC4253 @@ -781,9 +781,11 @@ char* get_kex_algorithm_name(kex_algorithm kextype); const EVP_CIPHER* get_cipher_EVP_CIPHER(SSH2Cipher *cipher); const EVP_MD* get_kex_algorithm_EVP_MD(kex_algorithm kextype); -char* get_ssh2_mac_name(hmac_type type); -const EVP_MD* get_ssh2_mac_EVP_MD(hmac_type type); -int get_ssh2_mac_truncatebits(hmac_type type); +SSH2Mac *get_ssh2_mac(SSH2MacId id); +char* get_ssh2_mac_name(SSH2Mac *mac); +char* get_ssh2_mac_name_by_id(SSH2MacId id); +const EVP_MD* get_ssh2_mac_EVP_MD(SSH2Mac *mac); +int get_ssh2_mac_truncatebits(SSH2Mac *mac); char* get_ssh2_comp_name(compression_type type); char* get_ssh_keytype_name(ssh_keytype type); char* get_digest_algorithm_name(digest_algorithm id); Modified: trunk/ttssh2/ttxssh/ttxssh.c =================================================================== --- trunk/ttssh2/ttxssh/ttxssh.c 2017-12-18 11:06:06 UTC (rev 7005) +++ trunk/ttssh2/ttxssh/ttxssh.c 2017-12-18 11:06:09 UTC (rev 7006) @@ -2833,7 +2833,7 @@ ""); name = pvar->ts->UIMsg; } else { - name = get_ssh2_mac_name(index); + name = get_ssh2_mac_name_by_id(index); } if (name != NULL) { @@ -3093,7 +3093,7 @@ SendMessage(cipherControl, LB_GETTEXT, i, (LPARAM) buf); for (j = 0; j <= HMAC_MAX - && strcmp(buf, get_ssh2_mac_name(j)) != 0; j++) { + && strcmp(buf, get_ssh2_mac_name_by_id(j)) != 0; j++) { } if (j <= HMAC_MAX) { buf2[buf2index] = '0' + j; Modified: trunk/ttssh2/ttxssh/ttxssh.h =================================================================== --- trunk/ttssh2/ttxssh/ttxssh.h 2017-12-18 11:06:06 UTC (rev 7005) +++ trunk/ttssh2/ttxssh/ttxssh.h 2017-12-18 11:06:09 UTC (rev 7006) @@ -258,8 +258,7 @@ kex_algorithm kex_type; // KEX algorithm ssh_keytype hostkey_type; SSH2Cipher *ciphers[MODE_MAX]; - hmac_type ctos_hmac; - hmac_type stoc_hmac; + SSH2Mac *macs[MODE_MAX]; compression_type ctos_compression; compression_type stoc_compression; int we_need; From scmnotify @ osdn.net Mon Dec 18 20:06:16 2017 From: scmnotify @ osdn.net (scmnotify @ osdn.net) Date: Mon, 18 Dec 2017 20:06:16 +0900 Subject: [Ttssh2-commit] =?utf-8?b?WzcwMDhdICBBRUFEIOaal+WPt+S9v+eUqA==?= =?utf-8?b?5pmC44GvIE1BQyBOZWdvdGlhdGlvbiDjga7ntZDmnpzjgpLnhKHoppbjgZk=?= =?utf-8?b?44KL44KI44GG44Gr44GX44GfICMzNzc1MA==?= Message-ID: <1513595176.705539.10405.nullmailer@users.osdn.me> Revision: 7008 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7008 Author: doda Date: 2017-12-18 20:06:16 +0900 (Mon, 18 Dec 2017) Log Message: ----------- AEAD 暗号使用時は MAC Negotiation の結果を無視するようにした #37750 併せて、AEAD 暗号使用時に About TTSSH ダイアログで MAC 方式を と表示するようにした。 #37741 Ticket Links: ------------ http://sourceforge.jp/projects/ttssh2/tracker/detail/37750 http://sourceforge.jp/projects/ttssh2/tracker/detail/37741 Modified Paths: -------------- trunk/doc/en/html/about/history.html trunk/doc/ja/html/about/history.html trunk/ttssh2/ttxssh/ssh.c -------------- next part -------------- Modified: trunk/doc/en/html/about/history.html =================================================================== --- trunk/doc/en/html/about/history.html 2017-12-18 11:06:13 UTC (rev 7007) +++ trunk/doc/en/html/about/history.html 2017-12-18 11:06:16 UTC (rev 7008) @@ -33,6 +33,11 @@

    2018.02.28 (Ver 4.98) not released

      +
    • Misc +
        +
      • upgraded TTSSH to 2.84.
        • +
      +
    @@ -2968,7 +2973,9 @@
  • Bug fixes
    • Modified: trunk/doc/ja/html/about/history.html =================================================================== --- trunk/doc/ja/html/about/history.html 2017-12-18 11:06:13 UTC (rev 7007) +++ trunk/doc/ja/html/about/history.html 2017-12-18 11:06:16 UTC (rev 7008) @@ -33,6 +33,11 @@

    2018.02.28 (Ver 4.98) not released

    @@ -2974,7 +2979,9 @@
  • \x83o\x83O\x8FC\x90\xB3
    • Modified: trunk/ttssh2/ttxssh/ssh.c =================================================================== --- trunk/ttssh2/ttxssh/ssh.c 2017-12-18 11:06:13 UTC (rev 7007) +++ trunk/ttssh2/ttxssh/ssh.c 2017-12-18 11:06:16 UTC (rev 7008) @@ -4980,15 +4980,20 @@ logprintf(LOG_LEVEL_VERBOSE, "server proposal: MAC algorithm client to server: %s", buf); - pvar->macs[MODE_OUT] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_CTOS]); - if (pvar->macs[MODE_OUT] == NULL) { // not match - strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE); - strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE); - msg = tmp; - goto error; + if (pvar->ciphers[MODE_OUT]->auth_len > 0) { + logputs(LOG_LEVEL_VERBOSE, "AEAD cipher is selected, ignoring MAC algorithms. (c2s)"); + pvar->macs[MODE_OUT] = get_ssh2_mac(HMAC_IMPLICIT); } + else { + pvar->macs[MODE_OUT] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_CTOS]); + if (pvar->macs[MODE_OUT] == NULL) { // not match + strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE); + strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE); + msg = tmp; + goto error; + } + } - size = get_payload_uint32(pvar, offset); offset += 4; for (i = 0; i < size; i++) { @@ -4999,15 +5004,20 @@ logprintf(LOG_LEVEL_VERBOSE, "server proposal: MAC algorithm server to client: %s", buf); - pvar->macs[MODE_IN] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_STOC]); - if (pvar->macs[MODE_IN] == NULL) { // not match - strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE); - strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE); - msg = tmp; - goto error; + if (pvar->ciphers[MODE_IN]->auth_len > 0) { + logputs(LOG_LEVEL_VERBOSE, "AEAD cipher is selected, ignoring MAC algorithms. (s2c)"); + pvar->macs[MODE_IN] = get_ssh2_mac(HMAC_IMPLICIT); } + else { + pvar->macs[MODE_IN] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_STOC]); + if (pvar->macs[MODE_IN] == NULL) { // not match + strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE); + strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE); + msg = tmp; + goto error; + } + } - // \x88\xB3\x8Fk\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82?\x88\x92\xE8 // pvar->ssh_state.compressing = FALSE; \x82?\xB5\x82ĉ\xBA\x8BL\x83\x81\x83\x93\x83o\x82\xF0\x8Eg\x97p\x82\xB7\x82\xE9\x81B // (2005.7.9 yutaka) From scmnotify @ osdn.net Tue Dec 19 20:50:14 2017 From: scmnotify @ osdn.net (scmnotify @ osdn.net) Date: Tue, 19 Dec 2017 20:50:14 +0900 Subject: [Ttssh2-commit] =?utf-8?b?WzcwMDldICBzaGFyZV9rZXkg44Gu6Kej5pS+?= =?utf-8?b?44KC44KM44KS5L+u5q2j44CC44Gd44Gu5LuW44Kz44O844OJ5pW055CG44CC?= Message-ID: <1513684214.534160.133472.nullmailer@users.osdn.me> Revision: 7009 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7009 Author: doda Date: 2017-12-19 20:50:14 +0900 (Tue, 19 Dec 2017) Log Message: ----------- share_key の解放もれを修正。その他コード整理。 ・free() するポインタが NULL かどうかチェックするのを廃止 free(NULL) は何も行わない事が保証されている。 ・正常系と異常系でのリソース解放を共通化。 解放漏れが起きにくくするため。 Modified Paths: -------------- trunk/ttssh2/ttxssh/ssh.c -------------- next part -------------- Modified: trunk/ttssh2/ttxssh/ssh.c =================================================================== --- trunk/ttssh2/ttxssh/ssh.c 2017-12-18 11:06:16 UTC (rev 7008) +++ trunk/ttssh2/ttxssh/ssh.c 2017-12-19 11:50:14 UTC (rev 7009) @@ -5520,6 +5520,7 @@ char *emsg, emsg_tmp[1024]; // error message int ret, hashlen; Key *hostkey; // hostkey + BOOL result = FALSE; logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_KEXDH_REPLY was received."); @@ -5705,22 +5706,19 @@ SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) SSH2_dispatch_add_message(SSH2_MSG_DEBUG); - BN_free(dh_server_pub); - DH_free(pvar->kexdh); pvar->kexdh = NULL; - key_free(hostkey); - if (dh_buf != NULL) free(dh_buf); - return TRUE; + result = TRUE; error: BN_free(dh_server_pub); DH_free(pvar->kexdh); pvar->kexdh = NULL; key_free(hostkey); - if (dh_buf != NULL) free(dh_buf); + free(dh_buf); BN_free(share_key); - notify_fatal_error(pvar, emsg, TRUE); + if (result == FALSE) + notify_fatal_error(pvar, emsg, TRUE); - return FALSE; + return result; } @@ -5745,6 +5743,7 @@ char *emsg, emsg_tmp[1024]; // error message int ret, hashlen; Key *hostkey = NULL; // hostkey + BOOL result = FALSE; logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_KEX_DH_GEX_REPLY was received."); @@ -5939,22 +5938,19 @@ SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) SSH2_dispatch_add_message(SSH2_MSG_DEBUG); - BN_free(dh_server_pub); - DH_free(pvar->kexdh); pvar->kexdh = NULL; - key_free(hostkey); - if (dh_buf != NULL) free(dh_buf); - return TRUE; + result = TRUE; error: BN_free(dh_server_pub); DH_free(pvar->kexdh); pvar->kexdh = NULL; key_free(hostkey); - if (dh_buf != NULL) free(dh_buf); + free(dh_buf); BN_free(share_key); - notify_fatal_error(pvar, emsg, TRUE); + if (result == FALSE) + notify_fatal_error(pvar, emsg, TRUE); - return FALSE; + return result; } @@ -5978,6 +5974,7 @@ char *emsg, emsg_tmp[1024]; // error message int ret, hashlen; Key *hostkey = NULL; // hostkey + BOOL result = FALSE; logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_KEX_ECDH_REPLY was received."); @@ -6185,22 +6182,19 @@ SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) SSH2_dispatch_add_message(SSH2_MSG_DEBUG); - EC_KEY_free(pvar->ecdh_client_key); pvar->ecdh_client_key = NULL; - EC_POINT_clear_free(server_public); - key_free(hostkey); - if (ecdh_buf != NULL) free(ecdh_buf); - return TRUE; + result = TRUE; error: + EC_KEY_free(pvar->ecdh_client_key); pvar->ecdh_client_key = NULL; EC_POINT_clear_free(server_public); - EC_KEY_free(pvar->ecdh_client_key); pvar->ecdh_client_key = NULL; key_free(hostkey); - if (ecdh_buf != NULL) free(ecdh_buf); + free(ecdh_buf); BN_free(share_key); - notify_fatal_error(pvar, emsg, TRUE); + if (result == FALSE) + notify_fatal_error(pvar, emsg, TRUE); - return FALSE; + return result; } From scmnotify @ osdn.net Tue Dec 26 18:13:33 2017 From: scmnotify @ osdn.net (scmnotify @ osdn.net) Date: Tue, 26 Dec 2017 18:13:33 +0900 Subject: [Ttssh2-commit] =?utf-8?q?=5B7010=5D__Kex_Reply_=E3=81=AE_handler?= =?utf-8?b?IOOBruWFsemAmumDqOWIhuOCkumWouaVsOOBq+aLrOOCiuOBoOOBl+OBnw==?= Message-ID: <1514279613.454811.51264.nullmailer@users.osdn.me> Revision: 7010 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7010 Author: doda Date: 2017-12-26 18:13:33 +0900 (Tue, 26 Dec 2017) Log Message: ----------- Kex Reply の handler の共通部分を関数に括りだした KEX 後に必要な共通の処理が各 KEX のハンドラに分散していてメンテナンス しづらいので、関数にまとめた。 もうちょっとうまくまとまらないだろうか。 Modified Paths: -------------- trunk/ttssh2/ttxssh/ssh.c -------------- next part -------------- Modified: trunk/ttssh2/ttxssh/ssh.c =================================================================== --- trunk/ttssh2/ttxssh/ssh.c 2017-12-19 11:50:14 UTC (rev 7009) +++ trunk/ttssh2/ttxssh/ssh.c 2017-12-26 09:13:33 UTC (rev 7010) @@ -5500,7 +5500,94 @@ pvar->ssh2_keys[mode] = current_keys[mode]; } +static BOOL ssh2_kex_finish(PTInstVar pvar, char *hash, int hashlen, BIGNUM *share_key, Key *hostkey, char *signature, int siglen) +{ + int ret; + char emsg[1024]; // error message + //debug_print(30, hash, hashlen); + //debug_print(31, pvar->client_version_string, strlen(pvar->client_version_string)); + //debug_print(32, pvar->server_version_string, strlen(pvar->server_version_string)); + //debug_print(33, buffer_ptr(pvar->my_kex), buffer_len(pvar->my_kex)); + //debug_print(34, buffer_ptr(pvar->peer_kex), buffer_len(pvar->peer_kex)); + //debug_print(35, server_host_key_blob, bloblen); + + // session id\x82??\xB6\x81i\x8F\x89\x89\xF1\x90?\xB1\x8E\x9E\x82??j + if (pvar->session_id == NULL) { + pvar->session_id_len = hashlen; + pvar->session_id = malloc(pvar->session_id_len); + if (pvar->session_id != NULL) { + memcpy(pvar->session_id, hash, pvar->session_id_len); + } else { + // TODO: + } + } + + if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) { + if (ret == -3 && hostkey->type == KEY_RSA) { + if (!pvar->settings.EnableRsaShortKeyServer) { + _snprintf_s(emsg, sizeof(emsg), _TRUNCATE, __FUNCTION__ + ": key verify error. remote rsa key length is too short (%d-bit)", + BN_num_bits(hostkey->rsa->n)); + } + else { + goto cont; + } + } + else { + _snprintf_s(emsg, sizeof(emsg), _TRUNCATE, __FUNCTION__ ": key verify error (%d)\r\n%s", ret, SENDTOME); + } + + save_memdump(LOGDUMP); + notify_fatal_error(pvar, emsg, TRUE); + return FALSE; + } + +cont: + kex_derive_keys(pvar, pvar->we_need, hash, share_key, pvar->session_id, pvar->session_id_len); + + // KEX finish + begin_send_packet(pvar, SSH2_MSG_NEWKEYS, 0); + finish_send_packet(pvar); + + logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_NEWKEYS was sent at handle_SSH2_dh_kex_reply()."); + + // SSH2_MSG_NEWKEYS\x82?\xE8\x8FI\x82\xED\x82\xC1\x82\xBD\x82\xA0\x82??L\x81[\x82???\x82\xE6\x82эĐ?\xE8\x82\xF0\x8Ds\x82\xA4 + // \x91\x97\x90M\x97p\x82?Í\x86\x8C\xAE\x82\xCD SSH2_MSG_NEWKEYS \x82?\x97\x90M\x8C\xE3\x82?A\x8E\xF3\x90M\x97p\x82?\xCD SSH2_MSG_NEWKEYS \x82\xCC + // \x8E\xF3\x90M\x8C\xE3\x82?Đ?\xE8\x82\xF0\x8Ds\x82\xA4\x81B + if (pvar->rekeying == 1) { // \x83L\x81[\x82?Đ?\xE8 + // \x82?\xB8\x81A\x91\x97\x90M\x97p\x82\xBE\x82\xAF\x90??\x82\xE9\x81B + ssh2_set_newkeys(pvar, MODE_OUT); + pvar->ssh2_keys[MODE_OUT].mac.enabled = 1; + pvar->ssh2_keys[MODE_OUT].comp.enabled = 1; + enable_send_compression(pvar); + if (!CRYPT_start_encryption(pvar, 1, 0)) { + // TODO: error + } + + } else { + // \x8F\x89\x89\xF1\x90?\xB1\x82??\x82?\xC0\x8D??Í\x86\x83\x8B\x81[\x83`\x83\x93\x82\xAA\x90??\x82\xEA\x82\xE9\x82??A\x82\xA0\x82???\xC1\x82Ă\xA9\x82\xE7 + // \x82??ŁiCRYPT_start_encryption\x8A?\x94\x81j\x81A\x82\xB1\x82\xB1\x82Ō\xAE\x82??\xE8\x82\xF0\x82\xB5\x82Ă\xB5\x82?\xC1\x82Ă\xE0\x82悢\x81B + ssh2_set_newkeys(pvar, MODE_OUT); + + // SSH2_MSG_NEWKEYS\x82?M\x82\xB5\x82\xBD\x8E\x9E\x93_\x82ŁAMAC\x82\xF0\x97L\x8C\xF8\x82?\xB7\x82\xE9\x81B(2006.10.30 yutaka) + pvar->ssh2_keys[MODE_OUT].mac.enabled = 1; + pvar->ssh2_keys[MODE_OUT].comp.enabled = 1; + + // \x83p\x83P\x83b\x83g\x88\xB3\x8Fk\x82\xAA\x97L\x8C\xF8\x82?珉\x8A\x{227B0B7}\x82\xE9\x81B(2005.7.9 yutaka) + // SSH2_MSG_NEWKEYS\x82?\xF3\x90M\x82\xE6\x82\xE8\x91O\x82??ł\xB1\x82\xB1\x82\xBE\x82\xAF\x82ł悢\x81B(2006.10.30 maya) + prep_compression(pvar); + enable_compression(pvar); + } + + SSH2_dispatch_init(3); + SSH2_dispatch_add_message(SSH2_MSG_NEWKEYS); + SSH2_dispatch_add_message(SSH2_MSG_IGNORE); + SSH2_dispatch_add_message(SSH2_MSG_DEBUG); + + return TRUE; +} + // // Diffie-Hellman Key Exchange Reply(SSH2_MSG_KEXDH_REPLY:31) // @@ -5517,8 +5604,8 @@ char *dh_buf = NULL; BIGNUM *share_key = NULL; char *hash; - char *emsg, emsg_tmp[1024]; // error message - int ret, hashlen; + char *emsg = NULL, emsg_tmp[1024]; // error message + int hashlen; Key *hostkey; // hostkey BOOL result = FALSE; @@ -5622,92 +5709,12 @@ push_memdump("KEXDH_REPLY kex_dh_kex_hash", "hash", hash, hashlen); } - //debug_print(30, hash, hashlen); - //debug_print(31, pvar->client_version_string, strlen(pvar->client_version_string)); - //debug_print(32, pvar->server_version_string, strlen(pvar->server_version_string)); - //debug_print(33, buffer_ptr(pvar->my_kex), buffer_len(pvar->my_kex)); - //debug_print(34, buffer_ptr(pvar->peer_kex), buffer_len(pvar->peer_kex)); - //debug_print(35, server_host_key_blob, bloblen); - - // session id\x82??\xB6\x81i\x8F\x89\x89\xF1\x90?\xB1\x8E\x9E\x82??j - if (pvar->session_id == NULL) { - pvar->session_id_len = hashlen; - pvar->session_id = malloc(pvar->session_id_len); - if (pvar->session_id != NULL) { - memcpy(pvar->session_id, hash, pvar->session_id_len); - } else { - // TODO: - } - } - - if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) { - if (ret == -3 && hostkey->type == KEY_RSA) { - if (!pvar->settings.EnableRsaShortKeyServer) { - _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, - "key verify error(remote rsa key length is too short %d-bit) " - "@ handle_SSH2_dh_kex_reply()", BN_num_bits(hostkey->rsa->n)); - } - else { - goto cont; - } - } - else { - _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, - "key verify error(%d) @ handle_SSH2_dh_kex_reply()\r\n%s", ret, SENDTOME); - } - emsg = emsg_tmp; - save_memdump(LOGDUMP); - goto error; - } - -cont: - kex_derive_keys(pvar, pvar->we_need, hash, share_key, pvar->session_id, pvar->session_id_len); - - // KEX finish - begin_send_packet(pvar, SSH2_MSG_NEWKEYS, 0); - finish_send_packet(pvar); - - logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_NEWKEYS was sent at handle_SSH2_dh_kex_reply()."); - - // SSH2_MSG_NEWKEYS\x82?\xE8\x8FI\x82\xED\x82\xC1\x82\xBD\x82\xA0\x82??L\x81[\x82???\x82\xE6\x82эĐ?\xE8\x82\xF0\x8Ds\x82\xA4 - // \x91\x97\x90M\x97p\x82?Í\x86\x8C\xAE\x82\xCD SSH2_MSG_NEWKEYS \x82?\x97\x90M\x8C\xE3\x82?A\x8E\xF3\x90M\x97p\x82?\xCD SSH2_MSG_NEWKEYS \x82\xCC - // \x8E\xF3\x90M\x8C\xE3\x82?Đ?\xE8\x82\xF0\x8Ds\x82\xA4\x81B - if (pvar->rekeying == 1) { // \x83L\x81[\x82?Đ?\xE8 - // \x82?\xB8\x81A\x91\x97\x90M\x97p\x82\xBE\x82\xAF\x90??\x82\xE9\x81B - ssh2_set_newkeys(pvar, MODE_OUT); - pvar->ssh2_keys[MODE_OUT].mac.enabled = 1; - pvar->ssh2_keys[MODE_OUT].comp.enabled = 1; - enable_send_compression(pvar); - if (!CRYPT_start_encryption(pvar, 1, 0)) { - // TODO: error - } - - } else { - // \x8F\x89\x89\xF1\x90?\xB1\x82??\x82?\xC0\x8D??Í\x86\x83\x8B\x81[\x83`\x83\x93\x82\xAA\x90??\x82\xEA\x82\xE9\x82??A\x82\xA0\x82???\xC1\x82Ă\xA9\x82\xE7 - // \x82??ŁiCRYPT_start_encryption\x8A?\x94\x81j\x81A\x82\xB1\x82\xB1\x82Ō\xAE\x82??\xE8\x82\xF0\x82\xB5\x82Ă\xB5\x82?\xC1\x82Ă\xE0\x82悢\x81B - ssh2_set_newkeys(pvar, MODE_OUT); - - // SSH2_MSG_NEWKEYS\x82?M\x82\xB5\x82\xBD\x8E\x9E\x93_\x82ŁAMAC\x82\xF0\x97L\x8C\xF8\x82?\xB7\x82\xE9\x81B(2006.10.30 yutaka) - pvar->ssh2_keys[MODE_OUT].mac.enabled = 1; - pvar->ssh2_keys[MODE_OUT].comp.enabled = 1; - - // \x83p\x83P\x83b\x83g\x88\xB3\x8Fk\x82\xAA\x97L\x8C\xF8\x82?珉\x8A\x{227B0B7}\x82\xE9\x81B(2005.7.9 yutaka) - // SSH2_MSG_NEWKEYS\x82?\xF3\x90M\x82\xE6\x82\xE8\x91O\x82??ł\xB1\x82\xB1\x82\xBE\x82\xAF\x82ł悢\x81B(2006.10.30 maya) - prep_compression(pvar); - enable_compression(pvar); - } - // TTSSH\x83o\x81[\x83W\x83\x87\x83\x93\x8F\xEE\x95\xF1\x82?\\x8E\xA6\x82\xB7\x82\xE9\x83L\x81[\x83r\x83b\x83g\x90\x94\x82\xF0\x8B\x81\x82?Ă\xA8\x82\xAD (2004.10.30 yutaka) pvar->client_key_bits = BN_num_bits(pvar->kexdh->pub_key); pvar->server_key_bits = BN_num_bits(dh_server_pub); - SSH2_dispatch_init(3); - SSH2_dispatch_add_message(SSH2_MSG_NEWKEYS); - SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) - SSH2_dispatch_add_message(SSH2_MSG_DEBUG); + result = ssh2_kex_finish(pvar, hash, hashlen, share_key, hostkey, signature, siglen); - result = TRUE; - error: BN_free(dh_server_pub); DH_free(pvar->kexdh); pvar->kexdh = NULL; @@ -5715,7 +5722,7 @@ free(dh_buf); BN_free(share_key); - if (result == FALSE) + if (emsg) notify_fatal_error(pvar, emsg, TRUE); return result; @@ -5740,8 +5747,8 @@ char *dh_buf = NULL; BIGNUM *share_key = NULL; char *hash; - char *emsg, emsg_tmp[1024]; // error message - int ret, hashlen; + char *emsg = NULL, emsg_tmp[1024]; // error message + int hashlen; Key *hostkey = NULL; // hostkey BOOL result = FALSE; @@ -5854,92 +5861,12 @@ push_memdump("DH_GEX_REPLY kex_dh_gex_hash", "hash", hash, hashlen); } - //debug_print(30, hash, hashlen); - //debug_print(31, pvar->client_version_string, strlen(pvar->client_version_string)); - //debug_print(32, pvar->server_version_string, strlen(pvar->server_version_string)); - //debug_print(33, buffer_ptr(pvar->my_kex), buffer_len(pvar->my_kex)); - //debug_print(34, buffer_ptr(pvar->peer_kex), buffer_len(pvar->peer_kex)); - //debug_print(35, server_host_key_blob, bloblen); - - // session id\x82??\xB6\x81i\x8F\x89\x89\xF1\x90?\xB1\x8E\x9E\x82??j - if (pvar->session_id == NULL) { - pvar->session_id_len = hashlen; - pvar->session_id = malloc(pvar->session_id_len); - if (pvar->session_id != NULL) { - memcpy(pvar->session_id, hash, pvar->session_id_len); - } else { - // TODO: - } - } - - if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) { - if (ret == -3 && hostkey->type == KEY_RSA) { - if (!pvar->settings.EnableRsaShortKeyServer) { - _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, - "key verify error(remote rsa key length is too short %d-bit) " - "@ handle_SSH2_dh_gex_reply()", BN_num_bits(hostkey->rsa->n)); - } - else { - goto cont; - } - } - else { - _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, - "key verify error(%d) @ handle_SSH2_dh_gex_reply()\r\n%s", ret, SENDTOME); - } - emsg = emsg_tmp; - save_memdump(LOGDUMP); - goto error; - } - -cont: - kex_derive_keys(pvar, pvar->we_need, hash, share_key, pvar->session_id, pvar->session_id_len); - - // KEX finish - begin_send_packet(pvar, SSH2_MSG_NEWKEYS, 0); - finish_send_packet(pvar); - - logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_NEWKEYS was sent at handle_SSH2_dh_gex_reply()."); - - // SSH2_MSG_NEWKEYS\x82?\xE8\x8FI\x82\xED\x82\xC1\x82\xBD\x82\xA0\x82??L\x81[\x82???\x82\xE6\x82эĐ?\xE8\x82\xF0\x8Ds\x82\xA4 - // \x91\x97\x90M\x97p\x82?Í\x86\x8C\xAE\x82\xCD SSH2_MSG_NEWKEYS \x82?\x97\x90M\x8C\xE3\x82?A\x8E\xF3\x90M\x97p\x82?\xCD SSH2_MSG_NEWKEYS \x82\xCC - // \x8E\xF3\x90M\x8C\xE3\x82?Đ?\xE8\x82\xF0\x8Ds\x82\xA4\x81B - if (pvar->rekeying == 1) { // \x83L\x81[\x82?Đ?\xE8 - // \x82?\xB8\x81A\x91\x97\x90M\x97p\x82\xBE\x82\xAF\x90??\x82\xE9\x81B - ssh2_set_newkeys(pvar, MODE_OUT); - pvar->ssh2_keys[MODE_OUT].mac.enabled = 1; - pvar->ssh2_keys[MODE_OUT].comp.enabled = 1; - enable_send_compression(pvar); - if (!CRYPT_start_encryption(pvar, 1, 0)) { - // TODO: error - } - - } else { - // \x8F\x89\x89\xF1\x90?\xB1\x82??\x82?\xC0\x8D??Í\x86\x83\x8B\x81[\x83`\x83\x93\x82\xAA\x90??\x82\xEA\x82\xE9\x82??A\x82\xA0\x82???\xC1\x82Ă\xA9\x82\xE7 - // \x82??ŁiCRYPT_start_encryption\x8A?\x94\x81j\x81A\x82\xB1\x82\xB1\x82Ō\xAE\x82??\xE8\x82\xF0\x82\xB5\x82Ă\xB5\x82?\xC1\x82Ă\xE0\x82悢\x81B - ssh2_set_newkeys(pvar, MODE_OUT); - - // SSH2_MSG_NEWKEYS\x82?M\x82\xB5\x82\xBD\x8E\x9E\x93_\x82ŁAMAC\x82\xF0\x97L\x8C\xF8\x82?\xB7\x82\xE9\x81B(2006.10.30 yutaka) - pvar->ssh2_keys[MODE_OUT].mac.enabled = 1; - pvar->ssh2_keys[MODE_OUT].comp.enabled = 1; - - // \x83p\x83P\x83b\x83g\x88\xB3\x8Fk\x82\xAA\x97L\x8C\xF8\x82?珉\x8A\x{227B0B7}\x82\xE9\x81B(2005.7.9 yutaka) - // SSH2_MSG_NEWKEYS\x82?\xF3\x90M\x82\xE6\x82\xE8\x91O\x82??ł\xB1\x82\xB1\x82\xBE\x82\xAF\x82ł悢\x81B(2006.10.30 maya) - prep_compression(pvar); - enable_compression(pvar); - } - // TTSSH\x83o\x81[\x83W\x83\x87\x83\x93\x8F\xEE\x95\xF1\x82?\\x8E\xA6\x82\xB7\x82\xE9\x83L\x81[\x83r\x83b\x83g\x90\x94\x82\xF0\x8B\x81\x82?Ă\xA8\x82\xAD (2004.10.30 yutaka) pvar->client_key_bits = BN_num_bits(pvar->kexdh->pub_key); pvar->server_key_bits = BN_num_bits(dh_server_pub); - SSH2_dispatch_init(3); - SSH2_dispatch_add_message(SSH2_MSG_NEWKEYS); - SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) - SSH2_dispatch_add_message(SSH2_MSG_DEBUG); + result = ssh2_kex_finish(pvar, hash, hashlen, share_key, hostkey, signature, siglen); - result = TRUE; - error: BN_free(dh_server_pub); DH_free(pvar->kexdh); pvar->kexdh = NULL; @@ -5947,7 +5874,7 @@ free(dh_buf); BN_free(share_key); - if (result == FALSE) + if (emsg) notify_fatal_error(pvar, emsg, TRUE); return result; @@ -5955,7 +5882,7 @@ // -// Elliptic Curv Diffie-Hellman Key Exchange Reply(SSH2_MSG_KEX_ECDH_REPLY:31) +// Elliptic Curve Diffie-Hellman Key Exchange Reply(SSH2_MSG_KEX_ECDH_REPLY:31) // static BOOL handle_SSH2_ecdh_kex_reply(PTInstVar pvar) { @@ -5971,8 +5898,8 @@ char *ecdh_buf = NULL; BIGNUM *share_key = NULL; char *hash; - char *emsg, emsg_tmp[1024]; // error message - int ret, hashlen; + char *emsg = NULL, emsg_tmp[1024]; // error message + int hashlen; Key *hostkey = NULL; // hostkey BOOL result = FALSE; @@ -6083,81 +6010,6 @@ push_memdump("KEX_ECDH_REPLY ecdh_kex_reply", "hash", hash, hashlen); } - //debug_print(30, hash, hashlen); - //debug_print(31, pvar->client_version_string, strlen(pvar->client_version_string)); - //debug_print(32, pvar->server_version_string, strlen(pvar->server_version_string)); - //debug_print(33, buffer_ptr(pvar->my_kex), buffer_len(pvar->my_kex)); - //debug_print(34, buffer_ptr(pvar->peer_kex), buffer_len(pvar->peer_kex)); - //debug_print(35, server_host_key_blob, bloblen); - - // session id\x82??\xB6\x81i\x8F\x89\x89\xF1\x90?\xB1\x8E\x9E\x82??j - if (pvar->session_id == NULL) { - pvar->session_id_len = hashlen; - pvar->session_id = malloc(pvar->session_id_len); - if (pvar->session_id != NULL) { - memcpy(pvar->session_id, hash, pvar->session_id_len); - } else { - // TODO: - } - } - - if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) { - if (ret == -3 && hostkey->type == KEY_RSA) { - if (!pvar->settings.EnableRsaShortKeyServer) { - _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, - "key verify error(remote rsa key length is too short %d-bit) " - "@ handle_SSH2_ecdh_kex_reply()", BN_num_bits(hostkey->rsa->n)); - } - else { - goto cont; - } - } - else { - _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE, - "key verify error(%d) @ handle_SSH2_ecdh_kex_reply()\r\n%s", ret, SENDTOME); - } - emsg = emsg_tmp; - save_memdump(LOGDUMP); - goto error; - } - -cont: - kex_derive_keys(pvar, pvar->we_need, hash, share_key, pvar->session_id, pvar->session_id_len); - - // KEX finish - begin_send_packet(pvar, SSH2_MSG_NEWKEYS, 0); - finish_send_packet(pvar); - - logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_NEWKEYS was sent at handle_SSH2_ecdh_kex_reply()."); - - // SSH2_MSG_NEWKEYS\x82?\xE8\x8FI\x82\xED\x82\xC1\x82\xBD\x82\xA0\x82??L\x81[\x82???\x82\xE6\x82эĐ?\xE8\x82\xF0\x8Ds\x82\xA4 - // \x91\x97\x90M\x97p\x82?Í\x86\x8C\xAE\x82\xCD SSH2_MSG_NEWKEYS \x82?\x97\x90M\x8C\xE3\x82?A\x8E\xF3\x90M\x97p\x82?\xCD SSH2_MSG_NEWKEYS \x82\xCC - // \x8E\xF3\x90M\x8C\xE3\x82?Đ?\xE8\x82\xF0\x8Ds\x82\xA4\x81B - if (pvar->rekeying == 1) { // \x83L\x81[\x82?Đ?\xE8 - // \x82?\xB8\x81A\x91\x97\x90M\x97p\x82\xBE\x82\xAF\x90??\x82\xE9\x81B - ssh2_set_newkeys(pvar, MODE_OUT); - pvar->ssh2_keys[MODE_OUT].mac.enabled = 1; - pvar->ssh2_keys[MODE_OUT].comp.enabled = 1; - enable_send_compression(pvar); - if (!CRYPT_start_encryption(pvar, 1, 0)) { - // TODO: error - } - - } else { - // \x8F\x89\x89\xF1\x90?\xB1\x82??\x82?\xC0\x8D??Í\x86\x83\x8B\x81[\x83`\x83\x93\x82\xAA\x90??\x82\xEA\x82\xE9\x82??A\x82\xA0\x82???\xC1\x82Ă\xA9\x82\xE7 - // \x82??ŁiCRYPT_start_encryption\x8A?\x94\x81j\x81A\x82\xB1\x82\xB1\x82Ō\xAE\x82??\xE8\x82\xF0\x82\xB5\x82Ă\xB5\x82?\xC1\x82Ă\xE0\x82悢\x81B - ssh2_set_newkeys(pvar, MODE_OUT); - - // SSH2_MSG_NEWKEYS\x82?M\x82\xB5\x82\xBD\x8E\x9E\x93_\x82ŁAMAC\x82\xF0\x97L\x8C\xF8\x82?\xB7\x82\xE9\x81B(2006.10.30 yutaka) - pvar->ssh2_keys[MODE_OUT].mac.enabled = 1; - pvar->ssh2_keys[MODE_OUT].comp.enabled = 1; - - // \x83p\x83P\x83b\x83g\x88\xB3\x8Fk\x82\xAA\x97L\x8C\xF8\x82?珉\x8A\x{227B0B7}\x82\xE9\x81B(2005.7.9 yutaka) - // SSH2_MSG_NEWKEYS\x82?\xF3\x90M\x82\xE6\x82\xE8\x91O\x82??ł\xB1\x82\xB1\x82\xBE\x82\xAF\x82ł悢\x81B(2006.10.30 maya) - prep_compression(pvar); - enable_compression(pvar); - } - // TTSSH\x83o\x81[\x83W\x83\x87\x83\x93\x8F\xEE\x95\xF1\x82?\\x8E\xA6\x82\xB7\x82\xE9\x83L\x81[\x83r\x83b\x83g\x90\x94\x82\xF0\x8B\x81\x82?Ă\xA8\x82\xAD switch (pvar->kex_type) { case KEX_ECDH_SHA2_256: @@ -6177,21 +6029,16 @@ break; } - SSH2_dispatch_init(3); - SSH2_dispatch_add_message(SSH2_MSG_NEWKEYS); - SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) - SSH2_dispatch_add_message(SSH2_MSG_DEBUG); + result = ssh2_kex_finish(pvar, hash, hashlen, share_key, hostkey, signature, siglen); - result = TRUE; - error: + EC_POINT_clear_free(server_public); EC_KEY_free(pvar->ecdh_client_key); pvar->ecdh_client_key = NULL; - EC_POINT_clear_free(server_public); key_free(hostkey); free(ecdh_buf); BN_free(share_key); - if (result == FALSE) + if (emsg) notify_fatal_error(pvar, emsg, TRUE); return result; From scmnotify @ osdn.net Tue Dec 26 18:13:38 2017 From: scmnotify @ osdn.net (scmnotify @ osdn.net) Date: Tue, 26 Dec 2017 18:13:38 +0900 Subject: [Ttssh2-commit] =?utf-8?b?WzcwMTFdICDlv4XpoIjjga7jg6Hjg4Pjgrs=?= =?utf-8?b?44O844K444Gv5bi444Gr5Yem55CG44GV44KM44KL44KI44GG44GrIFNTSDJf?= =?utf-8?b?ZGlzcGF0Y2hfaW5pdCAoKSAg5YaF44Gn5pyJ5Yq544Gr44GZ44KL44CC?= Message-ID: <1514279618.230998.51336.nullmailer@users.osdn.me> Revision: 7011 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7011 Author: doda Date: 2017-12-26 18:13:38 +0900 (Tue, 26 Dec 2017) Log Message: ----------- 必須のメッセージは常に処理されるように SSH2_dispatch_init() 内で有効にする。 対象メッセージ: ・SSH2_MSG_DISCONNECT ・SSH2_MSG_IGNORE ・SSH2_MSG_DEBUG ・SSH2_MSG_UNIMPLEMENTED RFC 4253 では、これらの Additional Messages について以下の記述がある。 | 11. Additional Messages | | Either party may send any of the following messages at any time. RFC 4253 では SSH2_MSG_IGNORE, SSH2_MSG_DISCONNECT, SSH2_MSG_DEBUG は 処理が出来る必要がある。(MUST understand / MUST be able to process) これらのメッセージを確実に処理する為に、SSH2_dispatch_init() 内で ハンドラを有効にするようにした。 SSH2_MSG_UNIMPLEMENTED に関しては処理できる必要が有るとはなっていないが 同様に考えるべきだと思われるので、これのハンドラも一緒に有効にする。 Modified Paths: -------------- trunk/ttssh2/ttxssh/ssh.c -------------- next part -------------- Modified: trunk/ttssh2/ttxssh/ssh.c =================================================================== --- trunk/ttssh2/ttxssh/ssh.c 2017-12-26 09:13:33 UTC (rev 7010) +++ trunk/ttssh2/ttxssh/ssh.c 2017-12-26 09:13:38 UTC (rev 7011) @@ -1860,8 +1860,6 @@ SSH2_dispatch_init(1); SSH2_dispatch_add_message(SSH2_MSG_KEXINIT); - SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.3 yutaka) - SSH2_dispatch_add_message(SSH2_MSG_DEBUG); } } @@ -2068,6 +2066,11 @@ { handle_message_count = 0; handle_message_stage = stage; + + SSH2_dispatch_add_message(SSH2_MSG_IGNORE); + SSH2_dispatch_add_message(SSH2_MSG_DEBUG); + SSH2_dispatch_add_message(SSH2_MSG_DISCONNECT); + SSH2_dispatch_add_message(SSH2_MSG_UNIMPLEMENTED); } int SSH2_dispatch_enabled_check(unsigned char message) @@ -5186,8 +5189,6 @@ SSH2_dispatch_init(2); SSH2_dispatch_add_message(SSH2_MSG_KEXDH_REPLY); - SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) - SSH2_dispatch_add_message(SSH2_MSG_DEBUG); buffer_free(msg); @@ -5269,8 +5270,6 @@ SSH2_dispatch_init(2); SSH2_dispatch_add_message(SSH2_MSG_KEX_DH_GEX_GROUP); - SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) - SSH2_dispatch_add_message(SSH2_MSG_DEBUG); buffer_free(msg); @@ -5403,8 +5402,6 @@ SSH2_dispatch_init(2); SSH2_dispatch_add_message(SSH2_MSG_KEX_DH_GEX_REPLY); - SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) - SSH2_dispatch_add_message(SSH2_MSG_DEBUG); buffer_free(msg); @@ -5467,8 +5464,6 @@ SSH2_dispatch_init(2); SSH2_dispatch_add_message(SSH2_MSG_KEX_ECDH_REPLY); - SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) - SSH2_dispatch_add_message(SSH2_MSG_DEBUG); buffer_free(msg); @@ -5582,8 +5577,6 @@ SSH2_dispatch_init(3); SSH2_dispatch_add_message(SSH2_MSG_NEWKEYS); - SSH2_dispatch_add_message(SSH2_MSG_IGNORE); - SSH2_dispatch_add_message(SSH2_MSG_DEBUG); return TRUE; } @@ -6081,14 +6074,7 @@ SSH2_dispatch_init(6); SSH2_dispatch_add_range_message(SSH2_MSG_GLOBAL_REQUEST, SSH2_MSG_CHANNEL_FAILURE); - SSH2_dispatch_add_message(SSH2_MSG_UNIMPLEMENTED); - SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX - // OpenSSH 3.9\x82ł?f\x81[\x83^\x92?M\x92\x86\x82\xCCDH\x8C\xAE\x8C\xF0\x8A\xB7\x97v\x8B\x81\x82\xAA\x81A\x83T\x81[\x83o\x82\xA9\x82瑗\x82\xE7\x82\xEA\x82Ă\xAD\x82邱\x82?\xAA\x82\xA0\x82\xE9\x81B SSH2_dispatch_add_message(SSH2_MSG_KEXINIT); - // HP-UX\x82\xC5X11 forwarding\x82\xAA\x8E\xB8\x94s\x82\xB5\x82\xBD\x8F?\x81A\x89\xBA\x8BL\x82?\x81\x83b\x83Z\x81[\x83W\x82\xAA\x91\x97\x82\xE7\x82\xEA\x82Ă\xAD\x82\xE9\x81B(2006.4.7 yutaka) - SSH2_dispatch_add_message(SSH2_MSG_DEBUG); - // OpenSSH \x82?f\x81[\x83^\x92?M\x92\x86\x82?v\x96\xBD\x93I\x82?G\x83\x89\x81[\x82\xAA\x82\xA0\x82\xE9\x82\xC6 SSH2_MSG_DISCONNECT \x82?\xC1\x82Ă\xAD\x82\xE9 (2007.10.25 maya) - SSH2_dispatch_add_message(SSH2_MSG_DISCONNECT); } @@ -6206,8 +6192,6 @@ SSH2_dispatch_init(4); SSH2_dispatch_add_message(SSH2_MSG_SERVICE_ACCEPT); - SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) - SSH2_dispatch_add_message(SSH2_MSG_DEBUG); logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_SERVICE_REQUEST was sent at do_SSH2_userauth()."); @@ -6229,7 +6213,6 @@ free(svc); SSH2_dispatch_init(5); - SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka) if (pvar->auth_state.cur_cred.method == SSH_AUTH_TIS) { // keyboard-interactive method SSH2_dispatch_add_message(SSH2_MSG_USERAUTH_INFO_REQUEST); @@ -6244,7 +6227,6 @@ SSH2_dispatch_add_message(SSH2_MSG_USERAUTH_SUCCESS); SSH2_dispatch_add_message(SSH2_MSG_USERAUTH_FAILURE); SSH2_dispatch_add_message(SSH2_MSG_USERAUTH_BANNER); - SSH2_dispatch_add_message(SSH2_MSG_DEBUG); // support for authorized_keys command (2006.2.23 yutaka) return do_SSH2_authrequest(pvar); }