diff options
Diffstat (limited to 'kex.c')
| -rw-r--r-- | kex.c | 31 |
1 files changed, 24 insertions, 7 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kex.c,v 1.106 2015/04/17 13:25:52 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.107 2015/07/29 04:43:06 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -448,6 +448,7 @@ kex_free(struct kex *kex) | |||
| 448 | free(kex->session_id); | 448 | free(kex->session_id); |
| 449 | free(kex->client_version_string); | 449 | free(kex->client_version_string); |
| 450 | free(kex->server_version_string); | 450 | free(kex->server_version_string); |
| 451 | free(kex->failed_choice); | ||
| 451 | free(kex); | 452 | free(kex); |
| 452 | } | 453 | } |
| 453 | 454 | ||
| @@ -626,17 +627,26 @@ kex_choose_conf(struct ssh *ssh) | |||
| 626 | nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC; | 627 | nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC; |
| 627 | ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC; | 628 | ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC; |
| 628 | if ((r = choose_enc(&newkeys->enc, cprop[nenc], | 629 | if ((r = choose_enc(&newkeys->enc, cprop[nenc], |
| 629 | sprop[nenc])) != 0) | 630 | sprop[nenc])) != 0) { |
| 631 | kex->failed_choice = peer[nenc]; | ||
| 632 | peer[nenc] = NULL; | ||
| 630 | goto out; | 633 | goto out; |
| 634 | } | ||
| 631 | authlen = cipher_authlen(newkeys->enc.cipher); | 635 | authlen = cipher_authlen(newkeys->enc.cipher); |
| 632 | /* ignore mac for authenticated encryption */ | 636 | /* ignore mac for authenticated encryption */ |
| 633 | if (authlen == 0 && | 637 | if (authlen == 0 && |
| 634 | (r = choose_mac(ssh, &newkeys->mac, cprop[nmac], | 638 | (r = choose_mac(ssh, &newkeys->mac, cprop[nmac], |
| 635 | sprop[nmac])) != 0) | 639 | sprop[nmac])) != 0) { |
| 640 | kex->failed_choice = peer[nmac]; | ||
| 641 | peer[nmac] = NULL; | ||
| 636 | goto out; | 642 | goto out; |
| 643 | } | ||
| 637 | if ((r = choose_comp(&newkeys->comp, cprop[ncomp], | 644 | if ((r = choose_comp(&newkeys->comp, cprop[ncomp], |
| 638 | sprop[ncomp])) != 0) | 645 | sprop[ncomp])) != 0) { |
| 646 | kex->failed_choice = peer[ncomp]; | ||
| 647 | peer[ncomp] = NULL; | ||
| 639 | goto out; | 648 | goto out; |
| 649 | } | ||
| 640 | debug("kex: %s %s %s %s", | 650 | debug("kex: %s %s %s %s", |
| 641 | ctos ? "client->server" : "server->client", | 651 | ctos ? "client->server" : "server->client", |
| 642 | newkeys->enc.name, | 652 | newkeys->enc.name, |
| @@ -644,10 +654,17 @@ kex_choose_conf(struct ssh *ssh) | |||
| 644 | newkeys->comp.name); | 654 | newkeys->comp.name); |
| 645 | } | 655 | } |
| 646 | if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], | 656 | if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], |
| 647 | sprop[PROPOSAL_KEX_ALGS])) != 0 || | 657 | sprop[PROPOSAL_KEX_ALGS])) != 0) { |
| 648 | (r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], | 658 | kex->failed_choice = peer[PROPOSAL_KEX_ALGS]; |
| 649 | sprop[PROPOSAL_SERVER_HOST_KEY_ALGS])) != 0) | 659 | peer[PROPOSAL_KEX_ALGS] = NULL; |
| 650 | goto out; | 660 | goto out; |
| 661 | } | ||
| 662 | if ((r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], | ||
| 663 | sprop[PROPOSAL_SERVER_HOST_KEY_ALGS])) != 0) { | ||
| 664 | kex->failed_choice = cprop[PROPOSAL_SERVER_HOST_KEY_ALGS]; | ||
| 665 | cprop[PROPOSAL_SERVER_HOST_KEY_ALGS] = NULL; | ||
| 666 | goto out; | ||
| 667 | } | ||
| 651 | need = dh_need = 0; | 668 | need = dh_need = 0; |
| 652 | for (mode = 0; mode < MODE_MAX; mode++) { | 669 | for (mode = 0; mode < MODE_MAX; mode++) { |
| 653 | newkeys = kex->newkeys[mode]; | 670 | newkeys = kex->newkeys[mode]; |