- OpenBSD CVS update

  - markus@cvs.openbsd.org
    [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
    [ssh.h sshconnect1.c sshconnect2.c sshd.8]
    - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
  - hugh@cvs.openbsd.org
    [ssh.1]
    - zap typo
    [ssh-keygen.1]
    - One last nit fix. (markus approved)
    [sshd.8]
    - some markus certified spelling adjustments
  - markus@cvs.openbsd.org
    [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
    [sshconnect2.c ]
    - bug compat w/ ssh-2.0.13 x11, split out bugs
    [nchan.c]
    - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
    [ssh-keygen.c]
    - handle escapes in real and original key format, ok millert@
    [version.h]
    - OpenSSH-2.1

1 files changed, 25 insertions, 9 deletions

diff --git a/sshconnect2.c b/sshconnect2.c
index 3bddd7cc8..99ffb2c47 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.8 2000/05/07 18:23:32 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.10 2000/05/08 17:42:25 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
@@ -96,13 +96,14 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
         if (options.ciphers != NULL) {
                 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
                 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
-        } else if (
-            options.cipher == SSH_CIPHER_ARCFOUR ||
-            options.cipher == SSH_CIPHER_3DES_CBC ||
-            options.cipher == SSH_CIPHER_CAST128_CBC ||
-            options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
+        } else if (options.cipher == SSH_CIPHER_3DES) {
                 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
-                myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher);
+                myproposal[PROPOSAL_ENC_ALGS_STOC] =
+                    cipher_name(SSH_CIPHER_3DES_CBC);
+        } else if (options.cipher == SSH_CIPHER_BLOWFISH) {
+                myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+                myproposal[PROPOSAL_ENC_ALGS_STOC] =
+                    cipher_name(SSH_CIPHER_BLOWFISH_CBC);
         }
         if (options.compression) {
                 myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib";
@@ -344,12 +345,14 @@ ssh2_try_pubkey(char *filename,
         buffer_append(&b, session_id2, session_id2_len);
         buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
         buffer_put_cstring(&b, server_user);
-        buffer_put_cstring(&b, service);
+        buffer_put_cstring(&b,
+            datafellows & SSH_BUG_PUBKEYAUTH ?
+            "ssh-userauth" :
+            service);
         buffer_put_cstring(&b, "publickey");
         buffer_put_char(&b, 1);
         buffer_put_cstring(&b, KEX_DSS); 
         buffer_put_string(&b, blob, bloblen);
-        xfree(blob);
 
         /* generate signature */
         dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
@@ -357,6 +360,19 @@ ssh2_try_pubkey(char *filename,
 #ifdef DEBUG_DSS
         buffer_dump(&b);
 #endif
+        if (datafellows & SSH_BUG_PUBKEYAUTH) {
+                /* e.g. ssh-2.0.13: data-to-be-signed != data-on-the-wire */
+                buffer_clear(&b);
+                buffer_append(&b, session_id2, session_id2_len);
+                buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
+                buffer_put_cstring(&b, server_user);
+                buffer_put_cstring(&b, service);
+                buffer_put_cstring(&b, "publickey");
+                buffer_put_char(&b, 1);
+                buffer_put_cstring(&b, KEX_DSS); 
+                buffer_put_string(&b, blob, bloblen);
+        }
+        xfree(blob);
         /* append signature */
         buffer_put_string(&b, signature, slen);
         xfree(signature);