diff options
| author | Colin Watson <cjwatson@debian.org> | 2014-02-10 00:18:28 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2014-02-10 00:18:28 +0000 |
| commit | 9a975a9faed7c4f334e8c8490db3e77e102f2b21 (patch) | |
| tree | 764a885ec9a963f6a8b15de6e1765f16b9ac4738 /sshconnect2.c | |
| parent | ee196dab7c5f97f0b80c8099343a375bead92010 (diff) | |
| parent | cdb6c90811caa5df2df856be9b0b16db020fe31d (diff) | |
Import openssh_6.5p1.orig.tar.gz
Diffstat (limited to 'sshconnect2.c')
| -rw-r--r-- | sshconnect2.c | 36 |
1 files changed, 26 insertions, 10 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 70e3cd8c9..8acffc5c3 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect2.c,v 1.198 2013/06/05 12:52:38 dtucker Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.201 2014/01/09 23:20:00 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
| @@ -188,11 +188,12 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
| 188 | } | 188 | } |
| 189 | if (options.hostkeyalgorithms != NULL) | 189 | if (options.hostkeyalgorithms != NULL) |
| 190 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = | 190 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = |
| 191 | options.hostkeyalgorithms; | 191 | compat_pkalg_proposal(options.hostkeyalgorithms); |
| 192 | else { | 192 | else { |
| 193 | /* Prefer algorithms that we already have keys for */ | 193 | /* Prefer algorithms that we already have keys for */ |
| 194 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = | 194 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = |
| 195 | order_hostkeyalgs(host, hostaddr, port); | 195 | compat_pkalg_proposal( |
| 196 | order_hostkeyalgs(host, hostaddr, port)); | ||
| 196 | } | 197 | } |
| 197 | if (options.kex_algorithms != NULL) | 198 | if (options.kex_algorithms != NULL) |
| 198 | myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; | 199 | myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; |
| @@ -208,6 +209,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
| 208 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | 209 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
| 209 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; | 210 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
| 210 | kex->kex[KEX_ECDH_SHA2] = kexecdh_client; | 211 | kex->kex[KEX_ECDH_SHA2] = kexecdh_client; |
| 212 | kex->kex[KEX_C25519_SHA256] = kexc25519_client; | ||
| 211 | kex->client_version_string=client_version_string; | 213 | kex->client_version_string=client_version_string; |
| 212 | kex->server_version_string=server_version_string; | 214 | kex->server_version_string=server_version_string; |
| 213 | kex->verify_host_key=&verify_host_key_callback; | 215 | kex->verify_host_key=&verify_host_key_callback; |
| @@ -1004,7 +1006,7 @@ jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme, | |||
| 1004 | debug3("%s: crypted = %s", __func__, crypted); | 1006 | debug3("%s: crypted = %s", __func__, crypted); |
| 1005 | #endif | 1007 | #endif |
| 1006 | 1008 | ||
| 1007 | if (hash_buffer(crypted, strlen(crypted), EVP_sha256(), | 1009 | if (hash_buffer(crypted, strlen(crypted), SSH_DIGEST_SHA1, |
| 1008 | &secret, &secret_len) != 0) | 1010 | &secret, &secret_len) != 0) |
| 1009 | fatal("%s: hash_buffer", __func__); | 1011 | fatal("%s: hash_buffer", __func__); |
| 1010 | 1012 | ||
| @@ -1488,17 +1490,31 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 1488 | * encrypted keys we cannot do this and have to load the | 1490 | * encrypted keys we cannot do this and have to load the |
| 1489 | * private key instead | 1491 | * private key instead |
| 1490 | */ | 1492 | */ |
| 1491 | if (id->key && id->key->type != KEY_RSA1) { | 1493 | if (id->key != NULL) { |
| 1492 | debug("Offering %s public key: %s", key_type(id->key), | 1494 | if (key_type_plain(id->key->type) == KEY_RSA && |
| 1493 | id->filename); | 1495 | (datafellows & SSH_BUG_RSASIGMD5) != 0) { |
| 1494 | sent = send_pubkey_test(authctxt, id); | 1496 | debug("Skipped %s key %s for RSA/MD5 server", |
| 1495 | } else if (id->key == NULL) { | 1497 | key_type(id->key), id->filename); |
| 1498 | } else if (id->key->type != KEY_RSA1) { | ||
| 1499 | debug("Offering %s public key: %s", | ||
| 1500 | key_type(id->key), id->filename); | ||
| 1501 | sent = send_pubkey_test(authctxt, id); | ||
| 1502 | } | ||
| 1503 | } else { | ||
| 1496 | debug("Trying private key: %s", id->filename); | 1504 | debug("Trying private key: %s", id->filename); |
| 1497 | id->key = load_identity_file(id->filename, | 1505 | id->key = load_identity_file(id->filename, |
| 1498 | id->userprovided); | 1506 | id->userprovided); |
| 1499 | if (id->key != NULL) { | 1507 | if (id->key != NULL) { |
| 1500 | id->isprivate = 1; | 1508 | id->isprivate = 1; |
| 1501 | sent = sign_and_send_pubkey(authctxt, id); | 1509 | if (key_type_plain(id->key->type) == KEY_RSA && |
| 1510 | (datafellows & SSH_BUG_RSASIGMD5) != 0) { | ||
| 1511 | debug("Skipped %s key %s for RSA/MD5 " | ||
| 1512 | "server", key_type(id->key), | ||
| 1513 | id->filename); | ||
| 1514 | } else { | ||
| 1515 | sent = sign_and_send_pubkey( | ||
| 1516 | authctxt, id); | ||
| 1517 | } | ||
| 1502 | key_free(id->key); | 1518 | key_free(id->key); |
| 1503 | id->key = NULL; | 1519 | id->key = NULL; |
| 1504 | } | 1520 | } |