diff options
author | Damien Miller <djm@mindrot.org> | 2000-05-09 11:02:59 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-05-09 11:02:59 +1000 |
commit | 30c3d429306bb4afe71c18db92816b981f7b6d9d (patch) | |
tree | a65f45e0073cb55ad42957a36b4636ff21405108 /sshconnect2.c | |
parent | 61e50f10c276009bf9472fdd797bf6be60fc2a83 (diff) |
- OpenBSD CVS update
- markus@cvs.openbsd.org
[cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
[ssh.h sshconnect1.c sshconnect2.c sshd.8]
- complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
- hugh@cvs.openbsd.org
[ssh.1]
- zap typo
[ssh-keygen.1]
- One last nit fix. (markus approved)
[sshd.8]
- some markus certified spelling adjustments
- markus@cvs.openbsd.org
[auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
[sshconnect2.c ]
- bug compat w/ ssh-2.0.13 x11, split out bugs
[nchan.c]
- no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
[ssh-keygen.c]
- handle escapes in real and original key format, ok millert@
[version.h]
- OpenSSH-2.1
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 3bddd7cc8..99ffb2c47 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$OpenBSD: sshconnect2.c,v 1.8 2000/05/07 18:23:32 markus Exp $"); | 31 | RCSID("$OpenBSD: sshconnect2.c,v 1.10 2000/05/08 17:42:25 markus Exp $"); |
32 | 32 | ||
33 | #include <openssl/bn.h> | 33 | #include <openssl/bn.h> |
34 | #include <openssl/rsa.h> | 34 | #include <openssl/rsa.h> |
@@ -96,13 +96,14 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) | |||
96 | if (options.ciphers != NULL) { | 96 | if (options.ciphers != NULL) { |
97 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = | 97 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = |
98 | myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; | 98 | myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; |
99 | } else if ( | 99 | } else if (options.cipher == SSH_CIPHER_3DES) { |
100 | options.cipher == SSH_CIPHER_ARCFOUR || | ||
101 | options.cipher == SSH_CIPHER_3DES_CBC || | ||
102 | options.cipher == SSH_CIPHER_CAST128_CBC || | ||
103 | options.cipher == SSH_CIPHER_BLOWFISH_CBC) { | ||
104 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = | 100 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = |
105 | myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher); | 101 | myproposal[PROPOSAL_ENC_ALGS_STOC] = |
102 | cipher_name(SSH_CIPHER_3DES_CBC); | ||
103 | } else if (options.cipher == SSH_CIPHER_BLOWFISH) { | ||
104 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = | ||
105 | myproposal[PROPOSAL_ENC_ALGS_STOC] = | ||
106 | cipher_name(SSH_CIPHER_BLOWFISH_CBC); | ||
106 | } | 107 | } |
107 | if (options.compression) { | 108 | if (options.compression) { |
108 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib"; | 109 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib"; |
@@ -344,12 +345,14 @@ ssh2_try_pubkey(char *filename, | |||
344 | buffer_append(&b, session_id2, session_id2_len); | 345 | buffer_append(&b, session_id2, session_id2_len); |
345 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | 346 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
346 | buffer_put_cstring(&b, server_user); | 347 | buffer_put_cstring(&b, server_user); |
347 | buffer_put_cstring(&b, service); | 348 | buffer_put_cstring(&b, |
349 | datafellows & SSH_BUG_PUBKEYAUTH ? | ||
350 | "ssh-userauth" : | ||
351 | service); | ||
348 | buffer_put_cstring(&b, "publickey"); | 352 | buffer_put_cstring(&b, "publickey"); |
349 | buffer_put_char(&b, 1); | 353 | buffer_put_char(&b, 1); |
350 | buffer_put_cstring(&b, KEX_DSS); | 354 | buffer_put_cstring(&b, KEX_DSS); |
351 | buffer_put_string(&b, blob, bloblen); | 355 | buffer_put_string(&b, blob, bloblen); |
352 | xfree(blob); | ||
353 | 356 | ||
354 | /* generate signature */ | 357 | /* generate signature */ |
355 | dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); | 358 | dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); |
@@ -357,6 +360,19 @@ ssh2_try_pubkey(char *filename, | |||
357 | #ifdef DEBUG_DSS | 360 | #ifdef DEBUG_DSS |
358 | buffer_dump(&b); | 361 | buffer_dump(&b); |
359 | #endif | 362 | #endif |
363 | if (datafellows & SSH_BUG_PUBKEYAUTH) { | ||
364 | /* e.g. ssh-2.0.13: data-to-be-signed != data-on-the-wire */ | ||
365 | buffer_clear(&b); | ||
366 | buffer_append(&b, session_id2, session_id2_len); | ||
367 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | ||
368 | buffer_put_cstring(&b, server_user); | ||
369 | buffer_put_cstring(&b, service); | ||
370 | buffer_put_cstring(&b, "publickey"); | ||
371 | buffer_put_char(&b, 1); | ||
372 | buffer_put_cstring(&b, KEX_DSS); | ||
373 | buffer_put_string(&b, blob, bloblen); | ||
374 | } | ||
375 | xfree(blob); | ||
360 | /* append signature */ | 376 | /* append signature */ |
361 | buffer_put_string(&b, signature, slen); | 377 | buffer_put_string(&b, signature, slen); |
362 | xfree(signature); | 378 | xfree(signature); |