diff options
Diffstat (limited to 'kex.c')
-rw-r--r-- | kex.c | 31 |
1 files changed, 24 insertions, 7 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.106 2015/04/17 13:25:52 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.107 2015/07/29 04:43:06 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -448,6 +448,7 @@ kex_free(struct kex *kex) | |||
448 | free(kex->session_id); | 448 | free(kex->session_id); |
449 | free(kex->client_version_string); | 449 | free(kex->client_version_string); |
450 | free(kex->server_version_string); | 450 | free(kex->server_version_string); |
451 | free(kex->failed_choice); | ||
451 | free(kex); | 452 | free(kex); |
452 | } | 453 | } |
453 | 454 | ||
@@ -626,17 +627,26 @@ kex_choose_conf(struct ssh *ssh) | |||
626 | nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC; | 627 | nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC; |
627 | ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC; | 628 | ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC; |
628 | if ((r = choose_enc(&newkeys->enc, cprop[nenc], | 629 | if ((r = choose_enc(&newkeys->enc, cprop[nenc], |
629 | sprop[nenc])) != 0) | 630 | sprop[nenc])) != 0) { |
631 | kex->failed_choice = peer[nenc]; | ||
632 | peer[nenc] = NULL; | ||
630 | goto out; | 633 | goto out; |
634 | } | ||
631 | authlen = cipher_authlen(newkeys->enc.cipher); | 635 | authlen = cipher_authlen(newkeys->enc.cipher); |
632 | /* ignore mac for authenticated encryption */ | 636 | /* ignore mac for authenticated encryption */ |
633 | if (authlen == 0 && | 637 | if (authlen == 0 && |
634 | (r = choose_mac(ssh, &newkeys->mac, cprop[nmac], | 638 | (r = choose_mac(ssh, &newkeys->mac, cprop[nmac], |
635 | sprop[nmac])) != 0) | 639 | sprop[nmac])) != 0) { |
640 | kex->failed_choice = peer[nmac]; | ||
641 | peer[nmac] = NULL; | ||
636 | goto out; | 642 | goto out; |
643 | } | ||
637 | if ((r = choose_comp(&newkeys->comp, cprop[ncomp], | 644 | if ((r = choose_comp(&newkeys->comp, cprop[ncomp], |
638 | sprop[ncomp])) != 0) | 645 | sprop[ncomp])) != 0) { |
646 | kex->failed_choice = peer[ncomp]; | ||
647 | peer[ncomp] = NULL; | ||
639 | goto out; | 648 | goto out; |
649 | } | ||
640 | debug("kex: %s %s %s %s", | 650 | debug("kex: %s %s %s %s", |
641 | ctos ? "client->server" : "server->client", | 651 | ctos ? "client->server" : "server->client", |
642 | newkeys->enc.name, | 652 | newkeys->enc.name, |
@@ -644,10 +654,17 @@ kex_choose_conf(struct ssh *ssh) | |||
644 | newkeys->comp.name); | 654 | newkeys->comp.name); |
645 | } | 655 | } |
646 | if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], | 656 | if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], |
647 | sprop[PROPOSAL_KEX_ALGS])) != 0 || | 657 | sprop[PROPOSAL_KEX_ALGS])) != 0) { |
648 | (r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], | 658 | kex->failed_choice = peer[PROPOSAL_KEX_ALGS]; |
649 | sprop[PROPOSAL_SERVER_HOST_KEY_ALGS])) != 0) | 659 | peer[PROPOSAL_KEX_ALGS] = NULL; |
650 | goto out; | 660 | goto out; |
661 | } | ||
662 | if ((r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], | ||
663 | sprop[PROPOSAL_SERVER_HOST_KEY_ALGS])) != 0) { | ||
664 | kex->failed_choice = cprop[PROPOSAL_SERVER_HOST_KEY_ALGS]; | ||
665 | cprop[PROPOSAL_SERVER_HOST_KEY_ALGS] = NULL; | ||
666 | goto out; | ||
667 | } | ||
651 | need = dh_need = 0; | 668 | need = dh_need = 0; |
652 | for (mode = 0; mode < MODE_MAX; mode++) { | 669 | for (mode = 0; mode < MODE_MAX; mode++) { |
653 | newkeys = kex->newkeys[mode]; | 670 | newkeys = kex->newkeys[mode]; |