- OpenBSD CVS update
- markus@cvs.openbsd.org
[cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
[ssh.h sshconnect1.c sshconnect2.c sshd.8]
- complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
- hugh@cvs.openbsd.org
[ssh.1]
- zap typo
[ssh-keygen.1]
- One last nit fix. (markus approved)
[sshd.8]
- some markus certified spelling adjustments
- markus@cvs.openbsd.org
[auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
[sshconnect2.c ]
- bug compat w/ ssh-2.0.13 x11, split out bugs
[nchan.c]
- no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
[ssh-keygen.c]
- handle escapes in real and original key format, ok millert@
[version.h]
- OpenSSH-2.1
diff --git a/sshconnect2.c b/sshconnect2.c
index 3bddd7c..99ffb2c 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -28,7 +28,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.8 2000/05/07 18:23:32 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.10 2000/05/08 17:42:25 markus Exp $");
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -96,13 +96,14 @@
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
- } else if (
- options.cipher == SSH_CIPHER_ARCFOUR ||
- options.cipher == SSH_CIPHER_3DES_CBC ||
- options.cipher == SSH_CIPHER_CAST128_CBC ||
- options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
+ } else if (options.cipher == SSH_CIPHER_3DES) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
- myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher);
+ myproposal[PROPOSAL_ENC_ALGS_STOC] =
+ cipher_name(SSH_CIPHER_3DES_CBC);
+ } else if (options.cipher == SSH_CIPHER_BLOWFISH) {
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ myproposal[PROPOSAL_ENC_ALGS_STOC] =
+ cipher_name(SSH_CIPHER_BLOWFISH_CBC);
}
if (options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib";
@@ -344,12 +345,14 @@
buffer_append(&b, session_id2, session_id2_len);
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, server_user);
- buffer_put_cstring(&b, service);
+ buffer_put_cstring(&b,
+ datafellows & SSH_BUG_PUBKEYAUTH ?
+ "ssh-userauth" :
+ service);
buffer_put_cstring(&b, "publickey");
buffer_put_char(&b, 1);
buffer_put_cstring(&b, KEX_DSS);
buffer_put_string(&b, blob, bloblen);
- xfree(blob);
/* generate signature */
dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
@@ -357,6 +360,19 @@
#ifdef DEBUG_DSS
buffer_dump(&b);
#endif
+ if (datafellows & SSH_BUG_PUBKEYAUTH) {
+ /* e.g. ssh-2.0.13: data-to-be-signed != data-on-the-wire */
+ buffer_clear(&b);
+ buffer_append(&b, session_id2, session_id2_len);
+ buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
+ buffer_put_cstring(&b, server_user);
+ buffer_put_cstring(&b, service);
+ buffer_put_cstring(&b, "publickey");
+ buffer_put_char(&b, 1);
+ buffer_put_cstring(&b, KEX_DSS);
+ buffer_put_string(&b, blob, bloblen);
+ }
+ xfree(blob);
/* append signature */
buffer_put_string(&b, signature, slen);
xfree(signature);