OpenCoverage

kexgexc.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssh/src/kexgexc.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: kexgexc.c,v 1.27 2018/02/07 02:06:51 jsing Exp $ */-
2/*-
3 * Copyright (c) 2000 Niels Provos. All rights reserved.-
4 * Copyright (c) 2001 Markus Friedl. All rights reserved.-
5 *-
6 * Redistribution and use in source and binary forms, with or without-
7 * modification, are permitted provided that the following conditions-
8 * are met:-
9 * 1. Redistributions of source code must retain the above copyright-
10 * notice, this list of conditions and the following disclaimer.-
11 * 2. Redistributions in binary form must reproduce the above copyright-
12 * notice, this list of conditions and the following disclaimer in the-
13 * documentation and/or other materials provided with the distribution.-
14 *-
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR-
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES-
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.-
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,-
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,-
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY-
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT-
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF-
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.-
25 */-
26-
27#include "includes.h"-
28-
29#ifdef WITH_OPENSSL-
30-
31#include <sys/types.h>-
32-
33#include <openssl/dh.h>-
34-
35#include <stdarg.h>-
36#include <stdio.h>-
37#include <string.h>-
38#include <signal.h>-
39-
40#include "openbsd-compat/openssl-compat.h"-
41-
42#include "sshkey.h"-
43#include "cipher.h"-
44#include "digest.h"-
45#include "kex.h"-
46#include "log.h"-
47#include "packet.h"-
48#include "dh.h"-
49#include "ssh2.h"-
50#include "compat.h"-
51#include "dispatch.h"-
52#include "ssherr.h"-
53#include "sshbuf.h"-
54#include "misc.h"-
55-
56static int input_kex_dh_gex_group(int, u_int32_t, struct ssh *);-
57static int input_kex_dh_gex_reply(int, u_int32_t, struct ssh *);-
58-
59int-
60kexgex_client(struct ssh *ssh)-
61{-
62 struct kex *kex = ssh->kex;-
63 int r;-
64 u_int nbits;-
65-
66 nbits = dh_estimate(kex->dh_need * 8);-
67-
68 kex->min = DH_GRP_MIN;-
69 kex->max = DH_GRP_MAX;-
70 kex->nbits = nbits;-
71 if (datafellows & SSH_BUG_DHGEX_LARGE)
datafellows & 0x40000000Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
72 kex->nbits = MINIMUM(kex->nbits, 4096);
never executed: kex->nbits = (((kex->nbits) < (4096)) ? (kex->nbits) : (4096));
((kex->nbits) < (4096))Description
TRUEnever evaluated
FALSEnever evaluated
0
73 /* New GEX request */-
74 if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 ||
(r = sshpkt_st...ssh, 34)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
75 (r = sshpkt_put_u32(ssh, kex->min)) != 0 ||
(r = sshpkt_pu...ex->min)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
76 (r = sshpkt_put_u32(ssh, kex->nbits)) != 0 ||
(r = sshpkt_pu...->nbits)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
77 (r = sshpkt_put_u32(ssh, kex->max)) != 0 ||
(r = sshpkt_pu...ex->max)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
78 (r = sshpkt_send(ssh)) != 0)
(r = sshpkt_send(ssh)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
79 goto out;
never executed: goto out;
0
80 debug("SSH2_MSG_KEX_DH_GEX_REQUEST(%u<%u<%u) sent",-
81 kex->min, kex->nbits, kex->max);-
82#ifdef DEBUG_KEXDH-
83 fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n",-
84 kex->min, kex->nbits, kex->max);-
85#endif-
86 ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP,-
87 &input_kex_dh_gex_group);-
88 r = 0;-
89 out:
code before this statement executed 40 times by 1 test: out:
Executed by:
  • test_kex
40
90 return r;
executed 40 times by 1 test: return r;
Executed by:
  • test_kex
40
91}-
92-
93static int-
94input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh)-
95{-
96 struct kex *kex = ssh->kex;-
97 BIGNUM *p = NULL, *g = NULL;-
98 const BIGNUM *pub_key;-
99 int r, bits;-
100-
101 debug("got SSH2_MSG_KEX_DH_GEX_GROUP");-
102-
103 if ((p = BN_new()) == NULL ||
(p = BN_new()) == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
104 (g = BN_new()) == NULL) {
(g = BN_new()) == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
105 r = SSH_ERR_ALLOC_FAIL;-
106 goto out;
never executed: goto out;
0
107 }-
108 if ((r = sshpkt_get_bignum2(ssh, p)) != 0 ||
(r = sshpkt_ge...(ssh, p)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
109 (r = sshpkt_get_bignum2(ssh, g)) != 0 ||
(r = sshpkt_ge...(ssh, g)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
110 (r = sshpkt_get_end(ssh)) != 0)
(r = sshpkt_get_end(ssh)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
111 goto out;
never executed: goto out;
0
112 if ((bits = BN_num_bits(p)) < 0 ||
(bits = BN_num_bits(p)) < 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
113 (u_int)bits < kex->min || (u_int)bits > kex->max) {
(u_int)bits < kex->minDescription
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
(u_int)bits > kex->maxDescription
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
114 r = SSH_ERR_DH_GEX_OUT_OF_RANGE;-
115 goto out;
never executed: goto out;
0
116 }-
117 if ((kex->dh = dh_new_group(g, p)) == NULL) {
(kex->dh = dh_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
118 r = SSH_ERR_ALLOC_FAIL;-
119 goto out;
never executed: goto out;
0
120 }-
121 p = g = NULL; /* belong to kex->dh now */-
122-
123 /* generate and send 'e', client DH public key */-
124 if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
(r = dh_gen_ke...eed * 8)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
125 goto out;
never executed: goto out;
0
126 DH_get0_key(kex->dh, &pub_key, NULL);-
127 if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 ||
(r = sshpkt_st...ssh, 32)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
128 (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||
(r = sshpkt_pu...pub_key)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
129 (r = sshpkt_send(ssh)) != 0)
(r = sshpkt_send(ssh)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
130 goto out;
never executed: goto out;
0
131 debug("SSH2_MSG_KEX_DH_GEX_INIT sent");-
132#ifdef DEBUG_KEXDH-
133 DHparams_print_fp(stderr, kex->dh);-
134 fprintf(stderr, "pub= ");-
135 BN_print_fp(stderr, pub_key);-
136 fprintf(stderr, "\n");-
137#endif-
138 ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, NULL);-
139 ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply);-
140 r = 0;-
141out:
code before this statement executed 40 times by 1 test: out:
Executed by:
  • test_kex
40
142 BN_clear_free(p);-
143 BN_clear_free(g);-
144 return r;
executed 40 times by 1 test: return r;
Executed by:
  • test_kex
40
145}-
146-
147static int-
148input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)-
149{-
150 struct kex *kex = ssh->kex;-
151 BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;-
152 const BIGNUM *pub_key, *dh_p, *dh_g;-
153 struct sshkey *server_host_key = NULL;-
154 u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL;-
155 u_char hash[SSH_DIGEST_MAX_LENGTH];-
156 size_t klen = 0, slen, sbloblen, hashlen;-
157 int kout, r;-
158-
159 debug("got SSH2_MSG_KEX_DH_GEX_REPLY");-
160 if (kex->verify_host_key == NULL) {
kex->verify_ho...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
161 r = SSH_ERR_INVALID_ARGUMENT;-
162 goto out;
never executed: goto out;
0
163 }-
164 /* key, cert */-
165 if ((r = sshpkt_get_string(ssh, &server_host_key_blob,
(r = sshpkt_ge...bloblen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
166 &sbloblen)) != 0 ||
(r = sshpkt_ge...bloblen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
167 (r = sshkey_from_blob(server_host_key_blob, sbloblen,
(r = sshkey_fr...ost_key)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
168 &server_host_key)) != 0)
(r = sshkey_fr...ost_key)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
169 goto out;
never executed: goto out;
0
170 if (server_host_key->type != kex->hostkey_type ||
server_host_ke...->hostkey_typeDescription
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
171 (kex->hostkey_type == KEY_ECDSA &&
kex->hostkey_type == KEY_ECDSADescription
TRUEevaluated 10 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 30 times by 1 test
Evaluated by:
  • test_kex
10-30
172 server_host_key->ecdsa_nid != kex->hostkey_nid)) {
server_host_ke...x->hostkey_nidDescription
TRUEnever evaluated
FALSEevaluated 10 times by 1 test
Evaluated by:
  • test_kex
0-10
173 r = SSH_ERR_KEY_TYPE_MISMATCH;-
174 goto out;
never executed: goto out;
0
175 }-
176 if (kex->verify_host_key(server_host_key, ssh) == -1) {
kex->verify_ho...ey, ssh) == -1Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
177 r = SSH_ERR_SIGNATURE_INVALID;-
178 goto out;
never executed: goto out;
0
179 }-
180 /* DH parameter f, server public DH key */-
181 if ((dh_server_pub = BN_new()) == NULL) {
(dh_server_pub...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
182 r = SSH_ERR_ALLOC_FAIL;-
183 goto out;
never executed: goto out;
0
184 }-
185 /* signed H */-
186 if ((r = sshpkt_get_bignum2(ssh, dh_server_pub)) != 0 ||
(r = sshpkt_ge...ver_pub)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
187 (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||
(r = sshpkt_ge..., &slen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
188 (r = sshpkt_get_end(ssh)) != 0)
(r = sshpkt_get_end(ssh)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
189 goto out;
never executed: goto out;
0
190#ifdef DEBUG_KEXDH-
191 fprintf(stderr, "dh_server_pub= ");-
192 BN_print_fp(stderr, dh_server_pub);-
193 fprintf(stderr, "\n");-
194 debug("bits %d", BN_num_bits(dh_server_pub));-
195#endif-
196 if (!dh_pub_is_valid(kex->dh, dh_server_pub)) {
!dh_pub_is_val...dh_server_pub)Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
197 sshpkt_disconnect(ssh, "bad server public DH value");-
198 r = SSH_ERR_MESSAGE_INCOMPLETE;-
199 goto out;
never executed: goto out;
0
200 }-
201-
202 klen = DH_size(kex->dh);-
203 if ((kbuf = malloc(klen)) == NULL ||
(kbuf = malloc...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
204 (shared_secret = BN_new()) == NULL) {
(shared_secret...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
205 r = SSH_ERR_ALLOC_FAIL;-
206 goto out;
never executed: goto out;
0
207 }-
208 if ((kout = DH_compute_key(kbuf, dh_server_pub, kex->dh)) < 0 ||
(kout = DH_com... kex->dh)) < 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
209 BN_bin2bn(kbuf, kout, shared_secret) == NULL) {
BN_bin2bn(kbuf...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
210 r = SSH_ERR_LIBCRYPTO_ERROR;-
211 goto out;
never executed: goto out;
0
212 }-
213#ifdef DEBUG_KEXDH-
214 dump_digest("shared secret", kbuf, kout);-
215#endif-
216 if (ssh->compat & SSH_OLD_DHGEX)
ssh->compat & 0x00004000Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
217 kex->min = kex->max = -1;
never executed: kex->min = kex->max = -1;
0
218-
219 /* calc and verify H */-
220 DH_get0_key(kex->dh, &pub_key, NULL);-
221 DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);-
222 hashlen = sizeof(hash);-
223 if ((r = kexgex_hash(
(r = kexgex_ha...hashlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
224 kex->hash_alg,
(r = kexgex_ha...hashlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
225 kex->client_version_string,
(r = kexgex_ha...hashlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
226 kex->server_version_string,
(r = kexgex_ha...hashlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
227 sshbuf_ptr(kex->my), sshbuf_len(kex->my),
(r = kexgex_ha...hashlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
228 sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
(r = kexgex_ha...hashlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
229 server_host_key_blob, sbloblen,
(r = kexgex_ha...hashlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
230 kex->min, kex->nbits, kex->max,
(r = kexgex_ha...hashlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
231 dh_p, dh_g,
(r = kexgex_ha...hashlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
232 pub_key,
(r = kexgex_ha...hashlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
233 dh_server_pub,
(r = kexgex_ha...hashlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
234 shared_secret,
(r = kexgex_ha...hashlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
235 hash, &hashlen)) != 0)
(r = kexgex_ha...hashlen)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
236 goto out;
never executed: goto out;
0
237-
238 if ((r = sshkey_verify(server_host_key, signature, slen, hash,
(r = sshkey_ve...>compat)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
239 hashlen, kex->hostkey_alg, ssh->compat)) != 0)
(r = sshkey_ve...>compat)) != 0Description
TRUEnever evaluated
FALSEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
0-40
240 goto out;
never executed: goto out;
0
241-
242 /* save session id */-
243 if (kex->session_id == NULL) {
kex->session_id == ((void *)0)Description
TRUEevaluated 8 times by 1 test
Evaluated by:
  • test_kex
FALSEevaluated 32 times by 1 test
Evaluated by:
  • test_kex
8-32
244 kex->session_id_len = hashlen;-
245 kex->session_id = malloc(kex->session_id_len);-
246 if (kex->session_id == NULL) {
kex->session_id == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 8 times by 1 test
Evaluated by:
  • test_kex
0-8
247 r = SSH_ERR_ALLOC_FAIL;-
248 goto out;
never executed: goto out;
0
249 }-
250 memcpy(kex->session_id, hash, kex->session_id_len);-
251 }
executed 8 times by 1 test: end of block
Executed by:
  • test_kex
8
252-
253 if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
(r = kex_deriv..._secret)) == 0Description
TRUEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-40
254 r = kex_send_newkeys(ssh);
executed 40 times by 1 test: r = kex_send_newkeys(ssh);
Executed by:
  • test_kex
40
255 out:
code before this statement executed 40 times by 1 test: out:
Executed by:
  • test_kex
40
256 explicit_bzero(hash, sizeof(hash));-
257 DH_free(kex->dh);-
258 kex->dh = NULL;-
259 BN_clear_free(dh_server_pub);-
260 if (kbuf) {
kbufDescription
TRUEevaluated 40 times by 1 test
Evaluated by:
  • test_kex
FALSEnever evaluated
0-40
261 explicit_bzero(kbuf, klen);-
262 free(kbuf);-
263 }
executed 40 times by 1 test: end of block
Executed by:
  • test_kex
40
264 BN_clear_free(shared_secret);-
265 sshkey_free(server_host_key);-
266 free(server_host_key_blob);-
267 free(signature);-
268 return r;
executed 40 times by 1 test: return r;
Executed by:
  • test_kex
40
269}-
270#endif /* WITH_OPENSSL */-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2