diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2023-03-06 12:14:48 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2023-03-06 23:31:52 +1100 |
| commit | 9641753e0fd146204d57b2a4165f552a81afade4 (patch) | |
| tree | 78feed3f9ff1590ae36a14355b308e887e881273 /kex.c | |
| parent | aa59d6a489fb20973fa461d0fdb1110db412947b (diff) | |
| download | openssh-git-9641753e0fd146204d57b2a4165f552a81afade4.tar.gz | |
upstream: Refactor creation of KEX proposal.
This adds kex_proposal_populate_entries (and corresponding free) which
populates the KEX proposal array with dynamically allocated strings.
This replaces the previous mix of static and dynamic that has been the
source of previous leaks and bugs. Remove unused compat functions.
With & ok djm@.
OpenBSD-Commit-ID: f2f99da4aae2233cb18bf9c749320c5e040a9c7b
Diffstat (limited to 'kex.c')
| -rw-r--r-- | kex.c | 59 |
1 files changed, 58 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.175 2023/02/28 21:31:50 dtucker Exp $ */ +/* $OpenBSD: kex.c,v 1.176 2023/03/06 12:14:48 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -57,10 +57,12 @@ #include "misc.h" #include "dispatch.h" #include "monitor.h" +#include "myproposal.h" #include "ssherr.h" #include "sshbuf.h" #include "digest.h" +#include "xmalloc.h" /* prototype */ static int kex_choose_conf(struct ssh *); @@ -317,6 +319,61 @@ kex_assemble_names(char **listp, const char *def, const char *all) return r; } +/* + * Fill out a proposal array with dynamically allocated values, which may + * be modified as required for compatibility reasons. + * Any of the options may be NULL, in which case the default is used. + * Array contents must be freed by calling kex_proposal_free_entries. + */ +void +kex_proposal_populate_entries(struct ssh *ssh, char *prop[PROPOSAL_MAX], + const char *kexalgos, const char *ciphers, const char *macs, + const char *comp, const char *hkalgs) +{ + const char *defpropserver[PROPOSAL_MAX] = { KEX_SERVER }; + const char *defpropclient[PROPOSAL_MAX] = { KEX_CLIENT }; + const char **defprop = ssh->kex->server ? defpropserver : defpropclient; + u_int i; + + if (prop == NULL) + fatal_f("proposal missing"); + + for (i = 0; i < PROPOSAL_MAX; i++) { + switch(i) { + case PROPOSAL_KEX_ALGS: + prop[i] = compat_kex_proposal(ssh, + kexalgos ? kexalgos : defprop[i]); + break; + case PROPOSAL_ENC_ALGS_CTOS: + case PROPOSAL_ENC_ALGS_STOC: + prop[i] = xstrdup(ciphers ? ciphers : defprop[i]); + break; + case PROPOSAL_MAC_ALGS_CTOS: + case PROPOSAL_MAC_ALGS_STOC: + prop[i] = xstrdup(macs ? macs : defprop[i]); + break; + case PROPOSAL_COMP_ALGS_CTOS: + case PROPOSAL_COMP_ALGS_STOC: + prop[i] = xstrdup(comp ? comp : defprop[i]); + break; + case PROPOSAL_SERVER_HOST_KEY_ALGS: + prop[i] = xstrdup(hkalgs ? hkalgs : defprop[i]); + break; + default: + prop[i] = xstrdup(defprop[i]); + } + } +} + +void +kex_proposal_free_entries(char *prop[PROPOSAL_MAX]) +{ + u_int i; + + for (i = 0; i < PROPOSAL_MAX; i++) + free(prop[i]); +} + /* put algorithm proposal into buffer */ int kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX]) |