- Merged OpenBSD CVS changes:

- [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c] [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c] the keysize of rsa-parameter 'n' is passed implizit, a few more checks and warnings about 'pretended' keysizes. - [cipher.c cipher.h packet.c packet.h sshd.c] remove support for cipher RC4 - [ssh.c] a note for legay systems about secuity issues with permanently_set_uid(), the private hostkey and ptrace() - [sshconnect.c] more detailed messages about adding and checking hostkeys
author: Damien Miller <djm@mindrot.org> 1999-11-16 13:37:16 +1100
committer: Damien Miller <djm@mindrot.org> 1999-11-16 13:37:16 +1100
commit: 7e8e820153a620ab1dcd81857a7de0969c41d043 (patch)
tree: 226cc4185feae97f4069ad60b4c18d259aa5df2f /sshd.c
parent: 4874c79a3a05fc18678d7a85d7091f5139630fac (diff)
1 files changed, 9 insertions, 8 deletions
diff --git a/sshd.c b/sshd.c
index 2bf8193b7..a08252844 100644
--- a/sshd.c
+++ b/sshd.c
@@ -18,7 +18,7 @@ agent connections.
 */
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.20 1999/11/15 06:10:57 damien Exp $");
+RCSID("$Id: sshd.c,v 1.21 1999/11/16 02:37:17 damien Exp $");
 #include "xmalloc.h"
 #include "rsa.h"
@@ -1036,9 +1036,7 @@ do_connection()
  /* Compute session id for this session. */
  compute_session_id(session_id, check_bytes,
-                     BN_num_bits(sensitive_data.host_key->n),
                     sensitive_data.host_key->n, 
-                     BN_num_bits(sensitive_data.private_key->n),
                     sensitive_data.private_key->n);
  /* Extract session key from the decrypted integer.  The key is in the 
@@ -1061,8 +1059,7 @@ do_connection()
  
  /* Set the session key.  From this on all communications will be
     encrypted. */
-  packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, 
+  packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type);
-                            cipher_type, 0);
  
  /* Destroy our copy of the session key.  It is no longer needed. */
  memset(session_key, 0, sizeof(session_key));
@@ -1270,7 +1267,7 @@ void
 do_authloop(struct passwd *pw)
 {
  int authentication_failures = 0;
-  unsigned int client_host_key_bits;
+  unsigned int bits;
  BIGNUM *client_host_key_e, *client_host_key_n;
  BIGNUM *n;
  char *client_user = NULL, *password = NULL;
@@ -1398,13 +1395,17 @@ do_authloop(struct passwd *pw)
        /* Get the client host key. */
        client_host_key_e = BN_new();
        client_host_key_n = BN_new();
-        client_host_key_bits = packet_get_int();
+        bits = packet_get_int();
        packet_get_bignum(client_host_key_e, &elen);
        packet_get_bignum(client_host_key_n, &nlen);
+        if (bits != BN_num_bits(client_host_key_n))
+          error("Warning: keysize mismatch for client_host_key: "
+                "actual %d, announced %s", BN_num_bits(client_host_key_n), bits);
  
        packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type);
  
-        authenticated = auth_rhosts_rsa(pw, client_user, client_host_key_bits,
+        authenticated = auth_rhosts_rsa(pw, client_user,
                                        client_host_key_e, client_host_key_n);
        log("Rhosts authentication %s for %.100s, remote %.100s.",
             authenticated ? "accepted" : "failed",
author	Damien Miller <djm@mindrot.org>	1999-11-16 13:37:16 +1100
committer	Damien Miller <djm@mindrot.org>	1999-11-16 13:37:16 +1100
commit	7e8e820153a620ab1dcd81857a7de0969c41d043 (patch)
tree	226cc4185feae97f4069ad60b4c18d259aa5df2f /sshd.c
parent	4874c79a3a05fc18678d7a85d7091f5139630fac (diff)