diff options
| author | Damien Miller <djm@mindrot.org> | 2002-01-22 23:11:38 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2002-01-22 23:11:38 +1100 |
| commit | 66823cddbe80d1d22ac44d503b8c121f071e7105 (patch) | |
| tree | f08715640b009f1db31f07e73a15a627496c2d79 /sshconnect1.c | |
| parent | d221ca6cc96082a27ae9b4a7a0600d8ac8b1b2d7 (diff) | |
- markus@cvs.openbsd.org 2001/12/27 20:39:58
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
Diffstat (limited to 'sshconnect1.c')
| -rw-r--r-- | sshconnect1.c | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/sshconnect1.c b/sshconnect1.c index 166e392e7..240bdffe2 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
| @@ -13,7 +13,7 @@ | |||
| 13 | */ | 13 | */ |
| 14 | 14 | ||
| 15 | #include "includes.h" | 15 | #include "includes.h" |
| 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.43 2001/12/27 18:22:16 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.44 2001/12/27 20:39:58 markus Exp $"); |
| 17 | 17 | ||
| 18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
| 19 | #include <openssl/evp.h> | 19 | #include <openssl/evp.h> |
| @@ -109,8 +109,7 @@ try_agent_authentication(void) | |||
| 109 | type); | 109 | type); |
| 110 | 110 | ||
| 111 | packet_get_bignum(challenge, &clen); | 111 | packet_get_bignum(challenge, &clen); |
| 112 | 112 | packet_done(); | |
| 113 | packet_integrity_check(plen, clen, type); | ||
| 114 | 113 | ||
| 115 | debug("Received RSA challenge from server."); | 114 | debug("Received RSA challenge from server."); |
| 116 | 115 | ||
| @@ -244,8 +243,7 @@ try_rsa_authentication(int idx) | |||
| 244 | if ((challenge = BN_new()) == NULL) | 243 | if ((challenge = BN_new()) == NULL) |
| 245 | fatal("try_rsa_authentication: BN_new failed"); | 244 | fatal("try_rsa_authentication: BN_new failed"); |
| 246 | packet_get_bignum(challenge, &clen); | 245 | packet_get_bignum(challenge, &clen); |
| 247 | 246 | packet_done(); | |
| 248 | packet_integrity_check(plen, clen, type); | ||
| 249 | 247 | ||
| 250 | debug("Received RSA challenge from server."); | 248 | debug("Received RSA challenge from server."); |
| 251 | 249 | ||
| @@ -359,8 +357,7 @@ try_rhosts_rsa_authentication(const char *local_user, Key * host_key) | |||
| 359 | if ((challenge = BN_new()) == NULL) | 357 | if ((challenge = BN_new()) == NULL) |
| 360 | fatal("try_rhosts_rsa_authentication: BN_new failed"); | 358 | fatal("try_rhosts_rsa_authentication: BN_new failed"); |
| 361 | packet_get_bignum(challenge, &clen); | 359 | packet_get_bignum(challenge, &clen); |
| 362 | 360 | packet_done(); | |
| 363 | packet_integrity_check(plen, clen, type); | ||
| 364 | 361 | ||
| 365 | debug("Received RSA challenge for host key from server."); | 362 | debug("Received RSA challenge for host key from server."); |
| 366 | 363 | ||
| @@ -467,7 +464,7 @@ try_krb4_authentication(void) | |||
| 467 | memcpy(auth.dat, reply, auth.length); | 464 | memcpy(auth.dat, reply, auth.length); |
| 468 | xfree(reply); | 465 | xfree(reply); |
| 469 | 466 | ||
| 470 | packet_integrity_check(plen, 4 + auth.length, type); | 467 | packet_done(); |
| 471 | 468 | ||
| 472 | /* | 469 | /* |
| 473 | * If his response isn't properly encrypted with the session | 470 | * If his response isn't properly encrypted with the session |
| @@ -576,8 +573,7 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) | |||
| 576 | 573 | ||
| 577 | /* Get server's response. */ | 574 | /* Get server's response. */ |
| 578 | ap.data = packet_get_string((unsigned int *) &ap.length); | 575 | ap.data = packet_get_string((unsigned int *) &ap.length); |
| 579 | 576 | packet_done(); | |
| 580 | packet_integrity_check(payload_len, 4 + ap.length, type); | ||
| 581 | /* XXX je to dobre? */ | 577 | /* XXX je to dobre? */ |
| 582 | 578 | ||
| 583 | problem = krb5_rd_rep(*context, *auth_context, &ap, &reply); | 579 | problem = krb5_rd_rep(*context, *auth_context, &ap, &reply); |
| @@ -842,7 +838,7 @@ try_challenge_response_authentication(void) | |||
| 842 | return 0; | 838 | return 0; |
| 843 | } | 839 | } |
| 844 | challenge = packet_get_string(&clen); | 840 | challenge = packet_get_string(&clen); |
| 845 | packet_integrity_check(payload_len, (4 + clen), type); | 841 | packet_done(); |
| 846 | snprintf(prompt, sizeof prompt, "%s%s", challenge, | 842 | snprintf(prompt, sizeof prompt, "%s%s", challenge, |
| 847 | strchr(challenge, '\n') ? "" : "\nResponse: "); | 843 | strchr(challenge, '\n') ? "" : "\nResponse: "); |
| 848 | xfree(challenge); | 844 | xfree(challenge); |
| @@ -968,13 +964,11 @@ ssh_kex(char *host, struct sockaddr *hostaddr) | |||
| 968 | 964 | ||
| 969 | supported_ciphers = packet_get_int(); | 965 | supported_ciphers = packet_get_int(); |
| 970 | supported_authentications = packet_get_int(); | 966 | supported_authentications = packet_get_int(); |
| 967 | packet_done(); | ||
| 971 | 968 | ||
| 972 | debug("Received server public key (%d bits) and host key (%d bits).", | 969 | debug("Received server public key (%d bits) and host key (%d bits).", |
| 973 | BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); | 970 | BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); |
| 974 | 971 | ||
| 975 | packet_integrity_check(payload_len, | ||
| 976 | 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4, | ||
| 977 | SSH_SMSG_PUBLIC_KEY); | ||
| 978 | if (verify_host_key(host, hostaddr, host_key) == -1) | 972 | if (verify_host_key(host, hostaddr, host_key) == -1) |
| 979 | fatal("Host key verification failed."); | 973 | fatal("Host key verification failed."); |
| 980 | 974 | ||