diff options
| author | Colin Watson <cjwatson@debian.org> | 2013-05-07 11:47:26 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2013-05-07 11:47:26 +0100 |
| commit | 2ea3f720daeb1ca9f765365fce3a9546961fe624 (patch) | |
| tree | c4fb7d1f51fa51e7677232de806aae150e29e2ac /monitor_wrap.c | |
| parent | f5efcd3450bbf8261915e0c4a6f851229dddaa79 (diff) | |
| parent | ecebda56da46a03dafff923d91c382f31faa9eec (diff) | |
* New upstream release (http://www.openssh.com/txt/release-6.2).
- Add support for multiple required authentication in SSH protocol 2 via
an AuthenticationMethods option (closes: #195716).
- Fix Sophie Germain formula in moduli(5) (closes: #698612).
- Update ssh-copy-id to Phil Hands' greatly revised version (closes:
#99785, #322228, #620428; LP: #518883, #835901, #1074798).
Diffstat (limited to 'monitor_wrap.c')
| -rw-r--r-- | monitor_wrap.c | 41 |
1 files changed, 21 insertions, 20 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index b758c9f72..8cc76b380 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: monitor_wrap.c,v 1.73 2011/06/17 21:44:31 djm Exp $ */ | 1 | /* $OpenBSD: monitor_wrap.c,v 1.75 2013/01/08 18:49:04 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
| 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
| @@ -509,25 +509,24 @@ mm_newkeys_from_blob(u_char *blob, int blen) | |||
| 509 | enc->enabled = buffer_get_int(&b); | 509 | enc->enabled = buffer_get_int(&b); |
| 510 | enc->block_size = buffer_get_int(&b); | 510 | enc->block_size = buffer_get_int(&b); |
| 511 | enc->key = buffer_get_string(&b, &enc->key_len); | 511 | enc->key = buffer_get_string(&b, &enc->key_len); |
| 512 | enc->iv = buffer_get_string(&b, &len); | 512 | enc->iv = buffer_get_string(&b, &enc->iv_len); |
| 513 | if (len != enc->block_size) | ||
| 514 | fatal("%s: bad ivlen: expected %u != %u", __func__, | ||
| 515 | enc->block_size, len); | ||
| 516 | 513 | ||
| 517 | if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher) | 514 | if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher) |
| 518 | fatal("%s: bad cipher name %s or pointer %p", __func__, | 515 | fatal("%s: bad cipher name %s or pointer %p", __func__, |
| 519 | enc->name, enc->cipher); | 516 | enc->name, enc->cipher); |
| 520 | 517 | ||
| 521 | /* Mac structure */ | 518 | /* Mac structure */ |
| 522 | mac->name = buffer_get_string(&b, NULL); | 519 | if (cipher_authlen(enc->cipher) == 0) { |
| 523 | if (mac->name == NULL || mac_setup(mac, mac->name) == -1) | 520 | mac->name = buffer_get_string(&b, NULL); |
| 524 | fatal("%s: can not setup mac %s", __func__, mac->name); | 521 | if (mac->name == NULL || mac_setup(mac, mac->name) == -1) |
| 525 | mac->enabled = buffer_get_int(&b); | 522 | fatal("%s: can not setup mac %s", __func__, mac->name); |
| 526 | mac->key = buffer_get_string(&b, &len); | 523 | mac->enabled = buffer_get_int(&b); |
| 527 | if (len > mac->key_len) | 524 | mac->key = buffer_get_string(&b, &len); |
| 528 | fatal("%s: bad mac key length: %u > %d", __func__, len, | 525 | if (len > mac->key_len) |
| 529 | mac->key_len); | 526 | fatal("%s: bad mac key length: %u > %d", __func__, len, |
| 530 | mac->key_len = len; | 527 | mac->key_len); |
| 528 | mac->key_len = len; | ||
| 529 | } | ||
| 531 | 530 | ||
| 532 | /* Comp structure */ | 531 | /* Comp structure */ |
| 533 | comp->type = buffer_get_int(&b); | 532 | comp->type = buffer_get_int(&b); |
| @@ -569,13 +568,15 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp) | |||
| 569 | buffer_put_int(&b, enc->enabled); | 568 | buffer_put_int(&b, enc->enabled); |
| 570 | buffer_put_int(&b, enc->block_size); | 569 | buffer_put_int(&b, enc->block_size); |
| 571 | buffer_put_string(&b, enc->key, enc->key_len); | 570 | buffer_put_string(&b, enc->key, enc->key_len); |
| 572 | packet_get_keyiv(mode, enc->iv, enc->block_size); | 571 | packet_get_keyiv(mode, enc->iv, enc->iv_len); |
| 573 | buffer_put_string(&b, enc->iv, enc->block_size); | 572 | buffer_put_string(&b, enc->iv, enc->iv_len); |
| 574 | 573 | ||
| 575 | /* Mac structure */ | 574 | /* Mac structure */ |
| 576 | buffer_put_cstring(&b, mac->name); | 575 | if (cipher_authlen(enc->cipher) == 0) { |
| 577 | buffer_put_int(&b, mac->enabled); | 576 | buffer_put_cstring(&b, mac->name); |
| 578 | buffer_put_string(&b, mac->key, mac->key_len); | 577 | buffer_put_int(&b, mac->enabled); |
| 578 | buffer_put_string(&b, mac->key, mac->key_len); | ||
| 579 | } | ||
| 579 | 580 | ||
| 580 | /* Comp structure */ | 581 | /* Comp structure */ |
| 581 | buffer_put_int(&b, comp->type); | 582 | buffer_put_int(&b, comp->type); |
| @@ -639,7 +640,7 @@ mm_send_keystate(struct monitor *monitor) | |||
| 639 | ivlen = packet_get_keyiv_len(MODE_OUT); | 640 | ivlen = packet_get_keyiv_len(MODE_OUT); |
| 640 | packet_get_keyiv(MODE_OUT, iv, ivlen); | 641 | packet_get_keyiv(MODE_OUT, iv, ivlen); |
| 641 | buffer_put_string(&m, iv, ivlen); | 642 | buffer_put_string(&m, iv, ivlen); |
| 642 | ivlen = packet_get_keyiv_len(MODE_OUT); | 643 | ivlen = packet_get_keyiv_len(MODE_IN); |
| 643 | packet_get_keyiv(MODE_IN, iv, ivlen); | 644 | packet_get_keyiv(MODE_IN, iv, ivlen); |
| 644 | buffer_put_string(&m, iv, ivlen); | 645 | buffer_put_string(&m, iv, ivlen); |
| 645 | goto skip; | 646 | goto skip; |