- OpenBSD CVS update

   - [auth-krb4.c]
     -Wall
   - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
     [match.h ssh.c ssh.h sshconnect.c sshd.c]
     initial support for DSA keys. ok deraadt@, niels@
   - [cipher.c cipher.h]
     remove unused cipher_attack_detected code
   - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
     Fix some formatting problems I missed before.
   - [ssh.1 sshd.8]
     fix spelling errors, From: FreeBSD
   - [ssh.c]
     switch to raw mode only if he _get_ a pty (not if we _want_ a pty).

1 files changed, 15 insertions, 15 deletions

diff --git a/sshd.c b/sshd.c
index 98b6138ab..bf951212c 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.92 2000/03/16 20:56:15 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.94 2000/03/23 22:15:34 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -516,9 +516,6 @@ main(int ac, char **av)
            unmounted if desired. */
         chdir("/");
 
-        /* Close connection cleanly after attack. */
-        cipher_attack_detected = packet_disconnect;
-
         /* Start listening for a socket, unless started from inetd. */
         if (inetd_flag) {
                 int s1, s2;
@@ -1301,7 +1298,7 @@ do_authloop(struct passwd * pw)
 {
         int attempt = 0;
         unsigned int bits;
-        BIGNUM *client_host_key_e, *client_host_key_n;
+        RSA *client_host_key;
         BIGNUM *n;
         char *client_user = NULL, *password = NULL;
         char user[1024];
@@ -1417,21 +1414,24 @@ do_authloop(struct passwd * pw)
                         client_user = packet_get_string(&ulen);
 
                         /* Get the client host key. */
-                        client_host_key_e = BN_new();
-                        client_host_key_n = BN_new();
+                        client_host_key = RSA_new();
+                        if (client_host_key == NULL)
+                                fatal("RSA_new failed");
+                        client_host_key->e = BN_new();
+                        client_host_key->n = BN_new();
+                        if (client_host_key->e == NULL || client_host_key->n == NULL)
+                                fatal("BN_new failed");
                         bits = packet_get_int();
-                        packet_get_bignum(client_host_key_e, &elen);
-                        packet_get_bignum(client_host_key_n, &nlen);
+                        packet_get_bignum(client_host_key->e, &elen);
+                        packet_get_bignum(client_host_key->n, &nlen);
 
-                        if (bits != BN_num_bits(client_host_key_n))
+                        if (bits != BN_num_bits(client_host_key->n))
                                 error("Warning: keysize mismatch for client_host_key: "
-                                      "actual %d, announced %d", BN_num_bits(client_host_key_n), bits);
+                                      "actual %d, announced %d", BN_num_bits(client_host_key->n), bits);
                         packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type);
 
-                        authenticated = auth_rhosts_rsa(pw, client_user,
-                                   client_host_key_e, client_host_key_n);
-                        BN_clear_free(client_host_key_e);
-                        BN_clear_free(client_host_key_n);
+                        authenticated = auth_rhosts_rsa(pw, client_user, client_host_key);
+                        RSA_free(client_host_key);
 
                         snprintf(user, sizeof user, " ruser %s", client_user);
                         break;