summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--kex.c31
-rw-r--r--kex.h3
-rw-r--r--packet.c13
3 files changed, 38 insertions, 9 deletions
diff --git a/kex.c b/kex.c
index dbc55ef7e..5e8b51394 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.106 2015/04/17 13:25:52 djm Exp $ */ 1/* $OpenBSD: kex.c,v 1.107 2015/07/29 04:43:06 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -448,6 +448,7 @@ kex_free(struct kex *kex)
448 free(kex->session_id); 448 free(kex->session_id);
449 free(kex->client_version_string); 449 free(kex->client_version_string);
450 free(kex->server_version_string); 450 free(kex->server_version_string);
451 free(kex->failed_choice);
451 free(kex); 452 free(kex);
452} 453}
453 454
@@ -626,17 +627,26 @@ kex_choose_conf(struct ssh *ssh)
626 nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC; 627 nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC;
627 ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC; 628 ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC;
628 if ((r = choose_enc(&newkeys->enc, cprop[nenc], 629 if ((r = choose_enc(&newkeys->enc, cprop[nenc],
629 sprop[nenc])) != 0) 630 sprop[nenc])) != 0) {
631 kex->failed_choice = peer[nenc];
632 peer[nenc] = NULL;
630 goto out; 633 goto out;
634 }
631 authlen = cipher_authlen(newkeys->enc.cipher); 635 authlen = cipher_authlen(newkeys->enc.cipher);
632 /* ignore mac for authenticated encryption */ 636 /* ignore mac for authenticated encryption */
633 if (authlen == 0 && 637 if (authlen == 0 &&
634 (r = choose_mac(ssh, &newkeys->mac, cprop[nmac], 638 (r = choose_mac(ssh, &newkeys->mac, cprop[nmac],
635 sprop[nmac])) != 0) 639 sprop[nmac])) != 0) {
640 kex->failed_choice = peer[nmac];
641 peer[nmac] = NULL;
636 goto out; 642 goto out;
643 }
637 if ((r = choose_comp(&newkeys->comp, cprop[ncomp], 644 if ((r = choose_comp(&newkeys->comp, cprop[ncomp],
638 sprop[ncomp])) != 0) 645 sprop[ncomp])) != 0) {
646 kex->failed_choice = peer[ncomp];
647 peer[ncomp] = NULL;
639 goto out; 648 goto out;
649 }
640 debug("kex: %s %s %s %s", 650 debug("kex: %s %s %s %s",
641 ctos ? "client->server" : "server->client", 651 ctos ? "client->server" : "server->client",
642 newkeys->enc.name, 652 newkeys->enc.name,
@@ -644,10 +654,17 @@ kex_choose_conf(struct ssh *ssh)
644 newkeys->comp.name); 654 newkeys->comp.name);
645 } 655 }
646 if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], 656 if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS],
647 sprop[PROPOSAL_KEX_ALGS])) != 0 || 657 sprop[PROPOSAL_KEX_ALGS])) != 0) {
648 (r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], 658 kex->failed_choice = peer[PROPOSAL_KEX_ALGS];
649 sprop[PROPOSAL_SERVER_HOST_KEY_ALGS])) != 0) 659 peer[PROPOSAL_KEX_ALGS] = NULL;
650 goto out; 660 goto out;
661 }
662 if ((r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
663 sprop[PROPOSAL_SERVER_HOST_KEY_ALGS])) != 0) {
664 kex->failed_choice = cprop[PROPOSAL_SERVER_HOST_KEY_ALGS];
665 cprop[PROPOSAL_SERVER_HOST_KEY_ALGS] = NULL;
666 goto out;
667 }
651 need = dh_need = 0; 668 need = dh_need = 0;
652 for (mode = 0; mode < MODE_MAX; mode++) { 669 for (mode = 0; mode < MODE_MAX; mode++) {
653 newkeys = kex->newkeys[mode]; 670 newkeys = kex->newkeys[mode];
diff --git a/kex.h b/kex.h
index f70b81fc1..fea5a75dd 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.h,v 1.71 2015/02/16 22:13:32 djm Exp $ */ 1/* $OpenBSD: kex.h,v 1.72 2015/07/29 04:43:06 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -141,6 +141,7 @@ struct kex {
141 int ec_nid; 141 int ec_nid;
142 char *client_version_string; 142 char *client_version_string;
143 char *server_version_string; 143 char *server_version_string;
144 char *failed_choice;
144 int (*verify_host_key)(struct sshkey *, struct ssh *); 145 int (*verify_host_key)(struct sshkey *, struct ssh *);
145 struct sshkey *(*load_host_public_key)(int, int, struct ssh *); 146 struct sshkey *(*load_host_public_key)(int, int, struct ssh *);
146 struct sshkey *(*load_host_private_key)(int, int, struct ssh *); 147 struct sshkey *(*load_host_private_key)(int, int, struct ssh *);
diff --git a/packet.c b/packet.c
index a7727ef65..6008c2d94 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.212 2015/05/01 07:10:01 djm Exp $ */ 1/* $OpenBSD: packet.c,v 1.213 2015/07/29 04:43:06 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1933,6 +1933,17 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
1933 cleanup_exit(255); 1933 cleanup_exit(255);
1934 } 1934 }
1935 /* FALLTHROUGH */ 1935 /* FALLTHROUGH */
1936 case SSH_ERR_NO_CIPHER_ALG_MATCH:
1937 case SSH_ERR_NO_MAC_ALG_MATCH:
1938 case SSH_ERR_NO_COMPRESS_ALG_MATCH:
1939 case SSH_ERR_NO_KEX_ALG_MATCH:
1940 case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
1941 if (ssh && ssh->kex && ssh->kex->failed_choice) {
1942 fatal("Unable to negotiate with %.200s: %s. "
1943 "Their offer: %s", ssh_remote_ipaddr(ssh),
1944 ssh_err(r), ssh->kex->failed_choice);
1945 }
1946 /* FALLTHROUGH */
1936 default: 1947 default:
1937 fatal("%s%sConnection to %.200s: %s", 1948 fatal("%s%sConnection to %.200s: %s",
1938 tag != NULL ? tag : "", tag != NULL ? ": " : "", 1949 tag != NULL ? tag : "", tag != NULL ? ": " : "",
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 08:43:04 +0000