68 files changed, 138 insertions, 89 deletions
diff --git a/ChangeLog b/ChangeLog
index c35b7366c..af56ec53a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,29 @@
 - (djm) Automatically generate host key during "make install". Suggested
   by Gary E. Miller <gem@rellim.com>
 - (djm) Paranoia before kill() system call
+ - OpenBSD CVS Updates:
+   - markus@cvs.openbsd.org  2000/06/18 18:50:11
+     [auth2.c compat.c compat.h sshconnect2.c]
+     make userauth+pubkey interop with ssh.com-2.2.0
+   - markus@cvs.openbsd.org  2000/06/18 20:56:17
+     [dsa.c]
+     mem leak + be more paranoid in dsa_verify.
+   - markus@cvs.openbsd.org  2000/06/18 21:29:50
+     [key.c]
+     cleanup fingerprinting, less hardcoded sizes
+   - markus@cvs.openbsd.org  2000/06/19 19:39:45
+     [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
+     [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
+     [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] 
+     [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
+     [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
+     [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] 
+     [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] 
+     [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
+     [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
+     OpenBSD tag
+   - markus@cvs.openbsd.org  2000/06/21 10:46:10
+     sshconnect2.c missing free; nuke old comment
 20000620
 - (djm) Replace use of '-o' and '-a' logical operators in configure tests
diff --git a/atomicio.c b/atomicio.c
index 3f12344ea..7d9f9340c 100644
--- a/atomicio.c
+++ b/atomicio.c
@@ -24,7 +24,7 @@
 */
 #include "includes.h"
-RCSID("$Id: atomicio.c,v 1.11 2000/04/16 02:31:49 damien Exp $");
+RCSID("$OpenBSD: atomicio.c,v 1.4 2000/06/20 01:39:37 markus Exp $");
 #include "xmalloc.h"
 #include "ssh.h"
diff --git a/auth-options.c b/auth-options.c
index 7ebbb7661..55ccc8519 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,5 +1,5 @@
 #include "includes.h"
-RCSID("$Id: auth-options.c,v 1.1 2000/06/18 04:50:44 djm Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.2 2000/06/20 01:39:38 markus Exp $");
 #include "ssh.h"
 #include "packet.h"
diff --git a/auth-passwd.c b/auth-passwd.c
index b27c5bae8..d722122c7 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -11,7 +11,7 @@
 #ifndef USE_PAM
-RCSID("$Id: auth-passwd.c,v 1.20 2000/05/20 05:03:00 damien Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.16 2000/06/20 01:39:38 markus Exp $");
 #include "packet.h"
 #include "ssh.h"
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 1073ecc10..4386758d0 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -15,7 +15,7 @@
 */
 #include "includes.h"
-RCSID("$Id: auth-rh-rsa.c,v 1.11 2000/04/16 02:31:49 damien Exp $");
+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.14 2000/06/20 01:39:38 markus Exp $");
 #include "packet.h"
 #include "ssh.h"
diff --git a/auth-rhosts.c b/auth-rhosts.c
index 6a5c13e43..f670276b9 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -16,7 +16,7 @@
 */
 #include "includes.h"
-RCSID("$Id: auth-rhosts.c,v 1.8 2000/04/16 01:18:39 damien Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.14 2000/06/20 01:39:38 markus Exp $");
 #include "packet.h"
 #include "ssh.h"
diff --git a/auth-rsa.c b/auth-rsa.c
index 546e1d845..1a246f7f2 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -16,7 +16,7 @@
 */
 #include "includes.h"
-RCSID("$Id: auth-rsa.c,v 1.21 2000/06/18 04:50:44 djm Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.26 2000/06/20 01:39:38 markus Exp $");
 #include "rsa.h"
 #include "packet.h"
diff --git a/auth-skey.c b/auth-skey.c
index 7eb32e8f2..d66d84e7d 100644
--- a/auth-skey.c
+++ b/auth-skey.c
@@ -1,6 +1,6 @@
 #include "includes.h"
 #ifdef SKEY
-RCSID("$Id: auth-skey.c,v 1.6 2000/04/14 10:30:29 markus Exp $");
+RCSID("$OpenBSD: auth-skey.c,v 1.7 2000/06/20 01:39:38 markus Exp $");
 #include "ssh.h"
 #include "packet.h"
diff --git a/auth2.c b/auth2.c
index c7dcf1953..a3d4ab60e 100644
--- a/auth2.c
+++ b/auth2.c
@@ -27,7 +27,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.10 2000/06/18 04:05:02 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.11 2000/06/19 00:50:11 markus Exp $");
 #include <openssl/dsa.h>
 #include <openssl/rsa.h>
@@ -302,8 +302,11 @@ ssh2_auth_pubkey(struct passwd *pw, char *service)
                        sig = packet_get_string(&slen);
                        packet_done();
                        buffer_init(&b);
-                        buffer_append(&b, session_id2, session_id2_len);
+                        if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) {
+                                buffer_put_string(&b, session_id2, session_id2_len);
+                        } else {
+                                buffer_append(&b, session_id2, session_id2_len);
+                        }
                        /* reconstruct packet */
                        buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
                        buffer_put_cstring(&b, pw->pw_name);
diff --git a/authfd.c b/authfd.c
index 36b4d6ce4..69d77d7dd 100644
--- a/authfd.c
+++ b/authfd.c
@@ -14,7 +14,7 @@
 */
 #include "includes.h"
-RCSID("$Id: authfd.c,v 1.14 2000/04/30 00:00:53 damien Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.20 2000/06/20 01:39:38 markus Exp $");
 #include "ssh.h"
 #include "rsa.h"
diff --git a/authfd.h b/authfd.h
index 420f592bb..d7ff4be20 100644
--- a/authfd.h
+++ b/authfd.h
@@ -13,7 +13,7 @@
 *
 */
-/* RCSID("$Id: authfd.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */
+/* RCSID("$OpenBSD: authfd.h,v 1.8 2000/06/20 01:39:38 markus Exp $"); */
 #ifndef AUTHFD_H
 #define AUTHFD_H
diff --git a/authfile.c b/authfile.c
index f93c9d470..71c4a5d84 100644
--- a/authfile.c
+++ b/authfile.c
@@ -15,7 +15,7 @@
 */
 #include "includes.h"
-RCSID("$Id: authfile.c,v 1.12 2000/04/29 13:57:10 damien Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.17 2000/06/20 01:39:38 markus Exp $");
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
diff --git a/bufaux.c b/bufaux.c
index 9ae5e9e61..ecf529ff6 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -17,7 +17,7 @@
 */
 #include "includes.h"
-RCSID("$Id: bufaux.c,v 1.12 2000/04/16 02:31:50 damien Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.12 2000/06/20 01:39:39 markus Exp $");
 #include "ssh.h"
 #include <openssl/bn.h>
diff --git a/bufaux.h b/bufaux.h
index 80bad6ea7..42df46394 100644
--- a/bufaux.h
+++ b/bufaux.h
@@ -11,7 +11,7 @@
 *
 */
-/* RCSID("$Id: bufaux.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */
+/* RCSID("$OpenBSD: bufaux.h,v 1.7 2000/06/20 01:39:39 markus Exp $"); */
 #ifndef BUFAUX_H
 #define BUFAUX_H
diff --git a/buffer.c b/buffer.c
index 83a63e6f0..db5ae0a23 100644
--- a/buffer.c
+++ b/buffer.c
@@ -14,7 +14,7 @@
 */
 #include "includes.h"
-RCSID("$Id: buffer.c,v 1.5 2000/04/16 01:18:40 damien Exp $");
+RCSID("$OpenBSD: buffer.c,v 1.7 2000/06/20 01:39:39 markus Exp $");
 #include "xmalloc.h"
 #include "buffer.h"
diff --git a/buffer.h b/buffer.h
index f33e6f724..a2b4effff 100644
--- a/buffer.h
+++ b/buffer.h
@@ -13,7 +13,7 @@
 *
 */
-/* RCSID("$Id: buffer.h,v 1.4 2000/04/16 02:31:50 damien Exp $"); */
+/* RCSID("$OpenBSD: buffer.h,v 1.5 2000/06/20 01:39:39 markus Exp $"); */
 #ifndef BUFFER_H
 #define BUFFER_H
diff --git a/canohost.c b/canohost.c
index 1b5790929..7ded0e3ba 100644
--- a/canohost.c
+++ b/canohost.c
@@ -14,7 +14,7 @@
 */
 #include "includes.h"
-RCSID("$Id: canohost.c,v 1.9 2000/04/16 01:18:40 damien Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.13 2000/06/20 01:39:39 markus Exp $");
 #include "packet.h"
 #include "xmalloc.h"
diff --git a/channels.c b/channels.c
index 9da9db474..038670da2 100644
--- a/channels.c
+++ b/channels.c
@@ -17,7 +17,7 @@
 */
 #include "includes.h"
-RCSID("$Id: channels.c,v 1.33 2000/06/18 04:50:44 djm Exp $");
+RCSID("$OpenBSD: channels.c,v 1.62 2000/06/20 01:39:39 markus Exp $");
 #include "ssh.h"
 #include "packet.h"
diff --git a/channels.h b/channels.h
index 922c5d0ae..9629124b9 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/* RCSID("$Id: channels.h,v 1.10 2000/06/07 09:55:44 djm Exp $"); */
+/* RCSID("$OpenBSD: channels.h,v 1.14 2000/06/20 01:39:40 markus Exp $"); */
 #ifndef CHANNELS_H
 #define CHANNELS_H
diff --git a/cipher.c b/cipher.c
index 4117cb772..97cbd38ca 100644
--- a/cipher.c
+++ b/cipher.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$Id: cipher.c,v 1.21 2000/05/30 03:44:52 damien Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.28 2000/06/20 01:39:40 markus Exp $");
 #include "ssh.h"
 #include "cipher.h"
diff --git a/cipher.h b/cipher.h
index b7410fbc0..a13799077 100644
--- a/cipher.h
+++ b/cipher.h
@@ -11,7 +11,7 @@
 *
 */
-/* RCSID("$Id: cipher.h,v 1.13 2000/05/09 01:03:00 damien Exp $"); */
+/* RCSID("$OpenBSD: cipher.h,v 1.18 2000/06/20 01:39:40 markus Exp $"); */
 #ifndef CIPHER_H
 #define CIPHER_H
diff --git a/clientloop.c b/clientloop.c
index 82d1d27d6..5df584ab2 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -16,7 +16,7 @@
 */
 #include "includes.h"
-RCSID("$Id: clientloop.c,v 1.16 2000/05/09 01:03:00 damien Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.27 2000/06/20 01:39:40 markus Exp $");
 #include "xmalloc.h"
 #include "ssh.h"
diff --git a/compat.c b/compat.c
index 8e77fd799..e3410d497 100644
--- a/compat.c
+++ b/compat.c
@@ -28,7 +28,7 @@
 */
 #include "includes.h"
-RCSID("$Id: compat.c,v 1.12 2000/06/18 04:50:44 djm Exp $");
+RCSID("$OpenBSD: compat.c,v 1.17 2000/06/20 01:39:40 markus Exp $");
 #include "ssh.h"
 #include "packet.h"
@@ -61,7 +61,7 @@ compat_datafellows(const char *version)
                char    *version;
                int     bugs;
        } check[] = {
-                {"2.2.0",       SSH_BUG_HMAC},
+                {"2.2.0",       SSH_BUG_HMAC|SSH_COMPAT_SESSIONID_ENCODING},
                {"2.1.0",       SSH_BUG_SIGBLOB|SSH_BUG_HMAC},
                {"2.0.1",       SSH_BUG_SIGBLOB|SSH_BUG_HMAC|SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD},
                {NULL,          0}
diff --git a/compat.h b/compat.h
index cd7c190c7..2060a39f4 100644
--- a/compat.h
+++ b/compat.h
@@ -26,7 +26,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-/* RCSID("$Id: compat.h,v 1.6 2000/05/09 01:03:00 damien Exp $"); */
+/* RCSID("$OpenBSD: compat.h,v 1.9 2000/06/20 01:39:40 markus Exp $"); */
 #ifndef COMPAT_H
 #define COMPAT_H
@@ -40,6 +40,7 @@
 #define SSH_BUG_PUBKEYAUTH      0x02
 #define SSH_BUG_HMAC            0x04
 #define SSH_BUG_X11FWD          0x08
+#define SSH_COMPAT_SESSIONID_ENCODING           0x10
 void    enable_compat13(void);
 void    enable_compat20(void);
diff --git a/compress.c b/compress.c
index 610aaf7e6..4ec20104e 100644
--- a/compress.c
+++ b/compress.c
@@ -14,7 +14,7 @@
 */
 #include "includes.h"
-RCSID("$Id: compress.c,v 1.6 2000/04/16 01:18:42 damien Exp $");
+RCSID("$OpenBSD: compress.c,v 1.8 2000/06/20 01:39:40 markus Exp $");
 #include "ssh.h"
 #include "buffer.h"
diff --git a/compress.h b/compress.h
index f13183324..ce7d7fab4 100644
--- a/compress.h
+++ b/compress.h
@@ -13,7 +13,7 @@
 *
 */
-/* RCSID("$Id: compress.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */
+/* RCSID("$OpenBSD: compress.h,v 1.5 2000/06/20 01:39:40 markus Exp $"); */
 #ifndef COMPRESS_H
 #define COMPRESS_H
diff --git a/crc32.c b/crc32.c
index 2d3867d0b..05a1af7b3 100644
--- a/crc32.c
+++ b/crc32.c
@@ -6,7 +6,7 @@
 */
 #include "includes.h"
-RCSID("$Id: crc32.c,v 1.2 1999/11/24 13:26:22 damien Exp $");
+RCSID("$OpenBSD: crc32.c,v 1.5 2000/06/20 01:39:40 markus Exp $");
 #include "crc32.h"
diff --git a/crc32.h b/crc32.h
index 15ac29999..45495b422 100644
--- a/crc32.h
+++ b/crc32.h
@@ -13,7 +13,7 @@
 *
 */
-/* RCSID("$Id: crc32.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */
+/* RCSID("$OpenBSD: crc32.h,v 1.6 2000/06/20 01:39:40 markus Exp $"); */
 #ifndef CRC32_H
 #define CRC32_H
diff --git a/deattack.c b/deattack.c
index 81b1c8efb..7f95eca31 100644
--- a/deattack.c
+++ b/deattack.c
@@ -1,5 +1,5 @@
 /*
- * $Id: deattack.c,v 1.3 1999/11/24 13:26:22 damien Exp $
+ * $OpenBSD: deattack.c,v 1.7 2000/06/20 01:39:41 markus Exp $
 * Cryptographic attack detector for ssh - source code
 *
 * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
diff --git a/dispatch.c b/dispatch.c
index 50f11f3cc..8df08b173 100644
--- a/dispatch.c
+++ b/dispatch.c
@@ -27,7 +27,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$Id: dispatch.c,v 1.3 2000/04/16 01:18:42 damien Exp $");
+RCSID("$OpenBSD: dispatch.c,v 1.3 2000/06/20 01:39:41 markus Exp $");
 #include "ssh.h"
 #include "dispatch.h"
 #include "packet.h"
diff --git a/dsa.c b/dsa.c
index 51d7ff285..c1c37bceb 100644
--- a/dsa.c
+++ b/dsa.c
@@ -28,7 +28,7 @@
 */
 #include "includes.h"
-RCSID("$Id: dsa.c,v 1.7 2000/05/08 17:42:24 markus Exp $");
+RCSID("$OpenBSD: dsa.c,v 1.9 2000/06/20 01:39:41 markus Exp $");
 #include "ssh.h"
 #include "xmalloc.h"
@@ -72,7 +72,7 @@ dsa_key_from_blob(
        buffer_append(&b, blob, blen);
        ktype = buffer_get_string(&b, NULL);
        if (strcmp(KEX_DSS, ktype) != 0) {
-                error("dsa_key_from_blob: cannot handle type  %s", ktype);
+                error("dsa_key_from_blob: cannot handle type %s", ktype);
                key_free(key);
                return NULL;
        }
@@ -197,7 +197,6 @@ dsa_verify(
        DSA_SIG *sig;
        EVP_MD *evp_md = EVP_sha1();
        EVP_MD_CTX md;
-        char *ktype;
        unsigned char *sigblob;
        char *txt;
        unsigned int len;
@@ -227,14 +226,24 @@ dsa_verify(
                len = signaturelen;
        } else {
                /* ietf-drafts */
+                char *ktype;
                buffer_init(&b);
                buffer_append(&b, (char *) signature, signaturelen);
                ktype = buffer_get_string(&b, NULL);
+                if (strcmp(KEX_DSS, ktype) != 0) {
+                        error("dsa_verify: cannot handle type %s", ktype);
+                        buffer_free(&b);
+                        return -1;
+                }
                sigblob = (unsigned char *)buffer_get_string(&b, &len);
                rlen = buffer_len(&b);
-                if(rlen != 0)
+                if(rlen != 0) {
                        error("remaining bytes in signature %d", rlen);
+                        buffer_free(&b);
+                        return -1;
+                }
                buffer_free(&b);
+                xfree(ktype);
        }
        if (len != SIGBLOB_LEN) {
diff --git a/fingerprint.c b/fingerprint.c
index 4b0966d91..801f6a6e2 100644
--- a/fingerprint.c
+++ b/fingerprint.c
@@ -28,7 +28,7 @@
 */
 #include "includes.h"
-RCSID("$Id: fingerprint.c,v 1.6 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: fingerprint.c,v 1.7 2000/06/20 01:39:41 markus Exp $");
 #include "ssh.h"
 #include "xmalloc.h"
diff --git a/fingerprint.h b/fingerprint.h
index fbb0d4c46..3d7bcb32c 100644
--- a/fingerprint.h
+++ b/fingerprint.h
@@ -26,7 +26,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-/* RCSID("$Id: fingerprint.h,v 1.3 1999/11/24 16:15:25 markus Exp $"); */
+/* RCSID("$OpenBSD: fingerprint.h,v 1.4 2000/06/20 01:39:41 markus Exp $"); */
 #ifndef FINGERPRINT_H
 #define FINGERPRINT_H
diff --git a/getput.h b/getput.h
index 22235f5d9..5f6b14114 100644
--- a/getput.h
+++ b/getput.h
@@ -13,7 +13,7 @@
 *
 */
-/* RCSID("$Id: getput.h,v 1.3 2000/04/16 01:18:42 damien Exp $"); */
+/* RCSID("$OpenBSD: getput.h,v 1.4 2000/06/20 01:39:41 markus Exp $"); */
 #ifndef GETPUT_H
 #define GETPUT_H
diff --git a/hmac.c b/hmac.c
index fe53aa47e..27590ec80 100644
--- a/hmac.c
+++ b/hmac.c
@@ -28,7 +28,7 @@
 */
 #include "includes.h"
-RCSID("$Id: hmac.c,v 1.2 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: hmac.c,v 1.3 2000/06/20 01:39:41 markus Exp $");
 #include "xmalloc.h"
 #include "ssh.h"
diff --git a/kex.c b/kex.c
index 199e04264..b0d47b5b1 100644
--- a/kex.c
+++ b/kex.c
@@ -28,7 +28,7 @@
 */
 #include "includes.h"
-RCSID("$Id: kex.c,v 1.9 2000/05/30 03:44:53 damien Exp $");
+RCSID("$OpenBSD: kex.c,v 1.8 2000/06/20 01:39:41 markus Exp $");
 #include "ssh.h"
 #include "ssh2.h"
diff --git a/key.c b/key.c
index d474f85c6..be38a88f5 100644
--- a/key.c
+++ b/key.c
@@ -121,8 +121,6 @@ key_equal(Key *a, Key *b)
        return 0;
 }
-#define FPRINT "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x"
 /*
 * Generate key fingerprint in ascii format.
 * Based on ideas and code from Bjoern Groenvall <bg@sics.se>
@@ -130,7 +128,7 @@ key_equal(Key *a, Key *b)
 char *
 key_fingerprint(Key *k)
 {
-        static char retval[80];
+        static char retval[(EVP_MAX_MD_SIZE+1)*3];
        unsigned char *blob = NULL;
        int len = 0;
        int nlen, elen;
@@ -151,15 +149,22 @@ key_fingerprint(Key *k)
                fatal("key_fingerprint: bad key type %d", k->type);
                break;
        }
+        retval[0] = '\0';
        if (blob != NULL) {
-                unsigned char d[16];
+                int i;
-                EVP_MD_CTX md;
+                unsigned char digest[EVP_MAX_MD_SIZE];
-                EVP_DigestInit(&md, EVP_md5());
+                EVP_MD *md = EVP_md5();
-                EVP_DigestUpdate(&md, blob, len);
+                EVP_MD_CTX ctx;
-                EVP_DigestFinal(&md, d, NULL);
+                EVP_DigestInit(&ctx, md);
-                snprintf(retval, sizeof(retval), FPRINT,
+                EVP_DigestUpdate(&ctx, blob, len);
-                    d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7],
+                EVP_DigestFinal(&ctx, digest, NULL);
-                    d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]);
+                for(i = 0; i < md->md_size; i++) {
+                        char hex[4];
+                        snprintf(hex, sizeof(hex), "%02x:", digest[i]);
+                        strlcat(retval, hex, sizeof(retval));
+                }
+                retval[strlen(retval) - 1] = '\0';
                memset(blob, 0, len);
                xfree(blob);
        }
diff --git a/log-client.c b/log-client.c
index e86a2e330..7e9fd61e7 100644
--- a/log-client.c
+++ b/log-client.c
@@ -15,7 +15,7 @@
 */
 #include "includes.h"
-RCSID("$Id: log-client.c,v 1.6 2000/04/16 01:18:43 damien Exp $");
+RCSID("$OpenBSD: log-client.c,v 1.9 2000/06/20 01:39:42 markus Exp $");
 #include "xmalloc.h"
 #include "ssh.h"
diff --git a/log-server.c b/log-server.c
index 57c7b3715..9db77d9e0 100644
--- a/log-server.c
+++ b/log-server.c
@@ -15,7 +15,7 @@
 */
 #include "includes.h"
-RCSID("$Id: log-server.c,v 1.10 2000/05/01 23:56:42 damien Exp $");
+RCSID("$OpenBSD: log-server.c,v 1.15 2000/06/20 01:39:42 markus Exp $");
 #include <syslog.h>
 #include "packet.h"
diff --git a/login.c b/login.c
index eb320178a..c50721823 100644
--- a/login.c
+++ b/login.c
@@ -18,7 +18,7 @@
 */
 #include "includes.h"
-RCSID("$Id: login.c,v 1.32 2000/06/04 17:07:49 andre Exp $");
+RCSID("$OpenBSD: login.c,v 1.14 2000/06/20 01:39:42 markus Exp $");
 #include "loginrec.h"
diff --git a/match.c b/match.c
index 1551ed574..c4f54b2c4 100644
--- a/match.c
+++ b/match.c
@@ -14,7 +14,7 @@
 */
 #include "includes.h"
-RCSID("$Id: match.c,v 1.6 2000/06/07 09:55:44 djm Exp $");
+RCSID("$OpenBSD: match.c,v 1.8 2000/06/20 01:39:42 markus Exp $");
 #include "ssh.h"
diff --git a/mpaux.c b/mpaux.c
index 2384c826b..6caae64d6 100644
--- a/mpaux.c
+++ b/mpaux.c
@@ -15,7 +15,7 @@
 */
 #include "includes.h"
-RCSID("$Id: mpaux.c,v 1.12 2000/04/16 02:31:51 damien Exp $");
+RCSID("$OpenBSD: mpaux.c,v 1.13 2000/06/20 01:39:42 markus Exp $");
 #include <openssl/bn.h>
 #include "getput.h"
diff --git a/mpaux.h b/mpaux.h
index d3e24cfd6..b05c14bf7 100644
--- a/mpaux.h
+++ b/mpaux.h
@@ -13,7 +13,7 @@
 * precision integers.
 */
-/* RCSID("$Id: mpaux.h,v 1.5 2000/04/16 01:18:43 damien Exp $"); */
+/* RCSID("$OpenBSD: mpaux.h,v 1.7 2000/06/20 01:39:42 markus Exp $"); */
 #ifndef MPAUX_H
 #define MPAUX_H
diff --git a/nchan.c b/nchan.c
index 0ea88da33..cef56497b 100644
--- a/nchan.c
+++ b/nchan.c
@@ -28,7 +28,7 @@
 */
 #include "includes.h"
-RCSID("$Id: nchan.c,v 1.10 2000/05/09 01:03:01 damien Exp $");
+RCSID("$OpenBSD: nchan.c,v 1.18 2000/06/20 01:39:42 markus Exp $");
 #include "ssh.h"
diff --git a/nchan.h b/nchan.h
index ae2b70619..38205cfaf 100644
--- a/nchan.h
+++ b/nchan.h
@@ -27,7 +27,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-/* RCSID("$Id: nchan.h,v 1.5 2000/04/04 04:39:02 damien Exp $"); */
+/* RCSID("$OpenBSD: nchan.h,v 1.8 2000/06/20 01:39:43 markus Exp $"); */
 #ifndef NCHAN_H
 #define NCHAN_H
diff --git a/packet.c b/packet.c
index fd7a32259..137d0181a 100644
--- a/packet.c
+++ b/packet.c
@@ -17,7 +17,7 @@
 */
 #include "includes.h"
-RCSID("$Id: packet.c,v 1.23 2000/05/17 12:53:35 damien Exp $");
+RCSID("$OpenBSD: packet.c,v 1.33 2000/06/20 01:39:43 markus Exp $");
 #include "xmalloc.h"
 #include "buffer.h"
diff --git a/packet.h b/packet.h
index b5fc196ef..015d9ec85 100644
--- a/packet.h
+++ b/packet.h
@@ -13,7 +13,7 @@
 *
 */
-/* RCSID("$Id: packet.h,v 1.15 2000/04/16 02:31:51 damien Exp $"); */
+/* RCSID("$OpenBSD: packet.h,v 1.16 2000/06/20 01:39:43 markus Exp $"); */
 #ifndef PACKET_H
 #define PACKET_H
diff --git a/pty.c b/pty.c
index 21ddab5c2..a6c238bd9 100644
--- a/pty.c
+++ b/pty.c
@@ -14,7 +14,7 @@
 */
 #include "includes.h"
-RCSID("$Id: pty.c,v 1.19 2000/04/20 13:12:59 damien Exp $");
+RCSID("$OpenBSD: pty.c,v 1.14 2000/06/20 01:39:43 markus Exp $");
 #ifdef HAVE_UTIL_H
 # include <util.h>
diff --git a/pty.h b/pty.h
index a9bdeaee8..284196813 100644
--- a/pty.h
+++ b/pty.h
@@ -13,7 +13,7 @@
 * tty.
 */
-/* RCSID("$Id: pty.h,v 1.8 2000/04/16 01:18:44 damien Exp $"); */
+/* RCSID("$OpenBSD: pty.h,v 1.7 2000/06/20 01:39:43 markus Exp $"); */
 #ifndef PTY_H
 #define PTY_H
diff --git a/readconf.c b/readconf.c
index c6d6f67db..6d015a202 100644
--- a/readconf.c
+++ b/readconf.c
@@ -14,7 +14,7 @@
 */
 #include "includes.h"
-RCSID("$Id: readconf.c,v 1.17 2000/06/18 04:50:44 djm Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.37 2000/06/20 01:39:43 markus Exp $");
 #include "ssh.h"
 #include "cipher.h"
diff --git a/readconf.h b/readconf.h
index aeaf39a1c..e33cebce1 100644
--- a/readconf.h
+++ b/readconf.h
@@ -13,7 +13,7 @@
 *
 */
-/* RCSID("$Id: readconf.h,v 1.12 2000/06/07 09:55:44 djm Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.20 2000/06/20 01:39:43 markus Exp $"); */
 #ifndef READCONF_H
 #define READCONF_H
diff --git a/readpass.c b/readpass.c
index e3402b480..c38292f15 100644
--- a/readpass.c
+++ b/readpass.c
@@ -32,7 +32,7 @@
 */
 #include "includes.h"
-RCSID("$Id: readpass.c,v 1.6 2000/04/16 01:18:44 damien Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.11 2000/06/20 01:39:44 markus Exp $");
 #include "xmalloc.h"
 #include "ssh.h"
diff --git a/rsa.c b/rsa.c
index 1e8c434f9..46ad6b6e2 100644
--- a/rsa.c
+++ b/rsa.c
@@ -35,7 +35,7 @@
 */
 #include "includes.h"
-RCSID("$Id: rsa.c,v 1.14 2000/04/16 01:18:45 damien Exp $");
+RCSID("$OpenBSD: rsa.c,v 1.15 2000/06/20 01:39:44 markus Exp $");
 #include "rsa.h"
 #include "ssh.h"
diff --git a/rsa.h b/rsa.h
index 672f20d49..dfbf6f487 100644
--- a/rsa.h
+++ b/rsa.h
@@ -13,7 +13,7 @@
 *
 */
-/* RCSID("$Id: rsa.h,v 1.9 2000/04/16 02:31:51 damien Exp $"); */
+/* RCSID("$OpenBSD: rsa.h,v 1.7 2000/06/20 01:39:44 markus Exp $"); */
 #ifndef RSA_H
 #define RSA_H
diff --git a/scp.c b/scp.c
index 773a4f59f..0a89985de 100644
--- a/scp.c
+++ b/scp.c
@@ -45,7 +45,7 @@
 */
 #include "includes.h"
-RCSID("$Id: scp.c,v 1.24 2000/06/18 04:50:44 djm Exp $");
+RCSID("$OpenBSD: scp.c,v 1.32 2000/06/20 01:39:44 markus Exp $");
 #include "ssh.h"
 #include "xmalloc.h"
@@ -1007,7 +1007,7 @@ run_err(const char *fmt,...)
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- *      $Id: scp.c,v 1.24 2000/06/18 04:50:44 djm Exp $
+ *      $OpenBSD: scp.c,v 1.32 2000/06/20 01:39:44 markus Exp $
 */
 char *
diff --git a/servconf.c b/servconf.c
index 0e323231d..12cc15260 100644
--- a/servconf.c
+++ b/servconf.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$Id: servconf.c,v 1.19 2000/06/18 04:50:44 djm Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.45 2000/06/20 01:39:44 markus Exp $");
 #include "ssh.h"
 #include "servconf.h"
diff --git a/servconf.h b/servconf.h
index 6c647c2ed..c698bc74e 100644
--- a/servconf.h
+++ b/servconf.h
@@ -13,7 +13,7 @@
 *
 */
-/* RCSID("$Id: servconf.h,v 1.13 2000/06/18 04:50:44 djm Exp $"); */
+/* RCSID("$OpenBSD: servconf.h,v 1.25 2000/06/20 01:39:44 markus Exp $"); */
 #ifndef SERVCONF_H
 #define SERVCONF_H
diff --git a/ssh-add.c b/ssh-add.c
index ad9423977..661e1ffa9 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -7,7 +7,7 @@
 */
 #include "includes.h"
-RCSID("$Id: ssh-add.c,v 1.18 2000/05/01 10:59:50 damien Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.17 2000/06/20 01:39:44 markus Exp $");
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 621b9c143..4b89c15e1 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -7,7 +7,7 @@
 */
 #include "includes.h"
-RCSID("$Id: ssh-keygen.c,v 1.19 2000/06/07 09:55:44 djm Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.27 2000/06/20 01:39:44 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/pem.h>
diff --git a/ssh.c b/ssh.c
index a5c1ac6ba..f9742dc8d 100644
--- a/ssh.c
+++ b/ssh.c
@@ -11,7 +11,7 @@
 */
 #include "includes.h"
-RCSID("$Id: ssh.c,v 1.34 2000/06/07 09:55:44 djm Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.56 2000/06/20 01:39:44 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/dsa.h>
diff --git a/ssh.h b/ssh.h
index ed124cece..213f73def 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@
 *
 */
-/* RCSID("$Id: ssh.h,v 1.40 2000/05/17 12:34:24 damien Exp $"); */
+/* RCSID("$OpenBSD: ssh.h,v 1.47 2000/06/20 01:39:45 markus Exp $"); */
 #ifndef SSH_H
 #define SSH_H
diff --git a/sshconnect2.c b/sshconnect2.c
index 77b8652ea..ae96d534e 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -28,7 +28,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.13 2000/06/02 02:00:19 todd Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.15 2000/06/21 16:46:10 markus Exp $");
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
@@ -295,6 +295,7 @@ ssh2_try_pubkey(char *filename,
        unsigned char *blob, *signature;
        int bloblen, slen;
        struct stat st;
+        int skip = 0;
        if (stat(filename, &st) != 0) {
                debug("key does not exist: %s", filename);
@@ -314,14 +315,22 @@ ssh2_try_pubkey(char *filename,
                success = load_private_key(filename, passphrase, k, NULL);
                memset(passphrase, 0, strlen(passphrase));
                xfree(passphrase);
-                if (!success)
+                if (!success) {
+                        key_free(k);
                        return 0;
+                }
        }
        dsa_make_key_blob(k, &blob, &bloblen);
        /* data to be signed */
        buffer_init(&b);
-        buffer_append(&b, session_id2, session_id2_len);
+        if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) {
+                buffer_put_string(&b, session_id2, session_id2_len);
+                skip = buffer_len(&b);
+        } else {
+                buffer_append(&b, session_id2, session_id2_len);
+                skip = session_id2_len; 
+        }
        buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
        buffer_put_cstring(&b, server_user);
        buffer_put_cstring(&b,
@@ -340,7 +349,6 @@ ssh2_try_pubkey(char *filename,
        buffer_dump(&b);
 #endif
        if (datafellows & SSH_BUG_PUBKEYAUTH) {
-                /* e.g. ssh-2.0.13: data-to-be-signed != data-on-the-wire */
                buffer_clear(&b);
                buffer_append(&b, session_id2, session_id2_len);
                buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
@@ -357,9 +365,9 @@ ssh2_try_pubkey(char *filename,
        xfree(signature);
        /* skip session id and packet type */
-        if (buffer_len(&b) < session_id2_len + 1)
+        if (buffer_len(&b) < skip + 1)
                fatal("ssh2_try_pubkey: internal error");
-        buffer_consume(&b, session_id2_len + 1);
+        buffer_consume(&b, skip + 1);
        /* put remaining data from buffer into packet */
        packet_start(SSH2_MSG_USERAUTH_REQUEST);
diff --git a/tildexpand.c b/tildexpand.c
index f615362f9..d10ea0054 100644
--- a/tildexpand.c
+++ b/tildexpand.c
@@ -6,7 +6,7 @@
 */
 #include "includes.h"
-RCSID("$Id: tildexpand.c,v 1.4 1999/12/07 04:38:32 damien Exp $");
+RCSID("$OpenBSD: tildexpand.c,v 1.7 2000/06/20 01:39:45 markus Exp $");
 #include "xmalloc.h"
 #include "ssh.h"
diff --git a/ttymodes.c b/ttymodes.c
index 647c66035..f4b7af580 100644
--- a/ttymodes.c
+++ b/ttymodes.c
@@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$Id: ttymodes.c,v 1.4 2000/04/16 01:18:49 damien Exp $");
+RCSID("$OpenBSD: ttymodes.c,v 1.7 2000/06/20 01:39:45 markus Exp $");
 #include "packet.h"
 #include "ssh.h"
diff --git a/ttymodes.h b/ttymodes.h
index 41aad79d6..b0ef24760 100644
--- a/ttymodes.h
+++ b/ttymodes.h
@@ -12,7 +12,7 @@
 *
 */
-/* RCSID("$Id: ttymodes.h,v 1.4 2000/04/16 01:18:49 damien Exp $"); */
+/* RCSID("$OpenBSD: ttymodes.h,v 1.8 2000/06/20 01:39:45 markus Exp $"); */
 /* The tty mode description is a stream of bytes.  The stream consists of
 * opcode-arguments pairs.  It is terminated by opcode TTY_OP_END (0).
diff --git a/uidswap.c b/uidswap.c
index e57be3a3d..4213d34ec 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -7,7 +7,7 @@
 */
 #include "includes.h"
-RCSID("$Id: uidswap.c,v 1.5 2000/04/16 01:18:49 damien Exp $");
+RCSID("$OpenBSD: uidswap.c,v 1.7 2000/06/20 01:39:45 markus Exp $");
 #include "ssh.h"
 #include "uidswap.h"
diff --git a/xmalloc.c b/xmalloc.c
index fb29a62e9..ec62c5804 100644
--- a/xmalloc.c
+++ b/xmalloc.c
@@ -8,7 +8,7 @@
 */
 #include "includes.h"
-RCSID("$Id: xmalloc.c,v 1.3 2000/04/16 01:18:49 damien Exp $");
+RCSID("$OpenBSD: xmalloc.c,v 1.7 2000/06/20 01:39:45 markus Exp $");
 #include "ssh.h"
diff --git a/xmalloc.h b/xmalloc.h
index a5603522d..b11b49cbf 100644
--- a/xmalloc.h
+++ b/xmalloc.h
@@ -14,7 +14,7 @@
 *
 */
-/* RCSID("$Id: xmalloc.h,v 1.3 2000/04/16 01:18:49 damien Exp $"); */
+/* RCSID("$OpenBSD: xmalloc.h,v 1.4 2000/06/20 01:39:45 markus Exp $"); */
 #ifndef XMALLOC_H
 #define XMALLOC_H