diff options
author | Damien Miller <djm@mindrot.org> | 1999-11-16 13:37:16 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 1999-11-16 13:37:16 +1100 |
commit | 7e8e820153a620ab1dcd81857a7de0969c41d043 (patch) | |
tree | 226cc4185feae97f4069ad60b4c18d259aa5df2f /sshd.c | |
parent | 4874c79a3a05fc18678d7a85d7091f5139630fac (diff) |
- Merged OpenBSD CVS changes:
- [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
[mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
the keysize of rsa-parameter 'n' is passed implizit,
a few more checks and warnings about 'pretended' keysizes.
- [cipher.c cipher.h packet.c packet.h sshd.c]
remove support for cipher RC4
- [ssh.c]
a note for legay systems about secuity issues with permanently_set_uid(),
the private hostkey and ptrace()
- [sshconnect.c]
more detailed messages about adding and checking hostkeys
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 17 |
1 files changed, 9 insertions, 8 deletions
@@ -18,7 +18,7 @@ agent connections. | |||
18 | */ | 18 | */ |
19 | 19 | ||
20 | #include "includes.h" | 20 | #include "includes.h" |
21 | RCSID("$Id: sshd.c,v 1.20 1999/11/15 06:10:57 damien Exp $"); | 21 | RCSID("$Id: sshd.c,v 1.21 1999/11/16 02:37:17 damien Exp $"); |
22 | 22 | ||
23 | #include "xmalloc.h" | 23 | #include "xmalloc.h" |
24 | #include "rsa.h" | 24 | #include "rsa.h" |
@@ -1036,9 +1036,7 @@ do_connection() | |||
1036 | 1036 | ||
1037 | /* Compute session id for this session. */ | 1037 | /* Compute session id for this session. */ |
1038 | compute_session_id(session_id, check_bytes, | 1038 | compute_session_id(session_id, check_bytes, |
1039 | BN_num_bits(sensitive_data.host_key->n), | ||
1040 | sensitive_data.host_key->n, | 1039 | sensitive_data.host_key->n, |
1041 | BN_num_bits(sensitive_data.private_key->n), | ||
1042 | sensitive_data.private_key->n); | 1040 | sensitive_data.private_key->n); |
1043 | 1041 | ||
1044 | /* Extract session key from the decrypted integer. The key is in the | 1042 | /* Extract session key from the decrypted integer. The key is in the |
@@ -1061,8 +1059,7 @@ do_connection() | |||
1061 | 1059 | ||
1062 | /* Set the session key. From this on all communications will be | 1060 | /* Set the session key. From this on all communications will be |
1063 | encrypted. */ | 1061 | encrypted. */ |
1064 | packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, | 1062 | packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type); |
1065 | cipher_type, 0); | ||
1066 | 1063 | ||
1067 | /* Destroy our copy of the session key. It is no longer needed. */ | 1064 | /* Destroy our copy of the session key. It is no longer needed. */ |
1068 | memset(session_key, 0, sizeof(session_key)); | 1065 | memset(session_key, 0, sizeof(session_key)); |
@@ -1270,7 +1267,7 @@ void | |||
1270 | do_authloop(struct passwd *pw) | 1267 | do_authloop(struct passwd *pw) |
1271 | { | 1268 | { |
1272 | int authentication_failures = 0; | 1269 | int authentication_failures = 0; |
1273 | unsigned int client_host_key_bits; | 1270 | unsigned int bits; |
1274 | BIGNUM *client_host_key_e, *client_host_key_n; | 1271 | BIGNUM *client_host_key_e, *client_host_key_n; |
1275 | BIGNUM *n; | 1272 | BIGNUM *n; |
1276 | char *client_user = NULL, *password = NULL; | 1273 | char *client_user = NULL, *password = NULL; |
@@ -1398,13 +1395,17 @@ do_authloop(struct passwd *pw) | |||
1398 | /* Get the client host key. */ | 1395 | /* Get the client host key. */ |
1399 | client_host_key_e = BN_new(); | 1396 | client_host_key_e = BN_new(); |
1400 | client_host_key_n = BN_new(); | 1397 | client_host_key_n = BN_new(); |
1401 | client_host_key_bits = packet_get_int(); | 1398 | bits = packet_get_int(); |
1402 | packet_get_bignum(client_host_key_e, &elen); | 1399 | packet_get_bignum(client_host_key_e, &elen); |
1403 | packet_get_bignum(client_host_key_n, &nlen); | 1400 | packet_get_bignum(client_host_key_n, &nlen); |
1401 | |||
1402 | if (bits != BN_num_bits(client_host_key_n)) | ||
1403 | error("Warning: keysize mismatch for client_host_key: " | ||
1404 | "actual %d, announced %s", BN_num_bits(client_host_key_n), bits); | ||
1404 | 1405 | ||
1405 | packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type); | 1406 | packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type); |
1406 | 1407 | ||
1407 | authenticated = auth_rhosts_rsa(pw, client_user, client_host_key_bits, | 1408 | authenticated = auth_rhosts_rsa(pw, client_user, |
1408 | client_host_key_e, client_host_key_n); | 1409 | client_host_key_e, client_host_key_n); |
1409 | log("Rhosts authentication %s for %.100s, remote %.100s.", | 1410 | log("Rhosts authentication %s for %.100s, remote %.100s.", |
1410 | authenticated ? "accepted" : "failed", | 1411 | authenticated ? "accepted" : "failed", |