summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2000-06-22 21:32:31 +1000
committerDamien Miller <djm@mindrot.org>2000-06-22 21:32:31 +1000
commit6536c7d3c9d0e794c5c85d4f1746b958d7e04343 (patch)
tree9551d0d84924d6a206130fb575df5d90f1cc7a28
parent099f505f9526311e48f828e95d90d488fe237219 (diff)
downloadopenssh-git-6536c7d3c9d0e794c5c85d4f1746b958d7e04343.tar.gz
- OpenBSD CVS Updates:
- markus@cvs.openbsd.org 2000/06/18 18:50:11 [auth2.c compat.c compat.h sshconnect2.c] make userauth+pubkey interop with ssh.com-2.2.0 - markus@cvs.openbsd.org 2000/06/18 20:56:17 [dsa.c] mem leak + be more paranoid in dsa_verify. - markus@cvs.openbsd.org 2000/06/18 21:29:50 [key.c] cleanup fingerprinting, less hardcoded sizes - markus@cvs.openbsd.org 2000/06/19 19:39:45 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] OpenBSD tag - markus@cvs.openbsd.org 2000/06/21 10:46:10 sshconnect2.c missing free; nuke old comment
-rw-r--r--ChangeLog23
-rw-r--r--atomicio.c2
-rw-r--r--auth-options.c2
-rw-r--r--auth-passwd.c2
-rw-r--r--auth-rh-rsa.c2
-rw-r--r--auth-rhosts.c2
-rw-r--r--auth-rsa.c2
-rw-r--r--auth-skey.c2
-rw-r--r--auth2.c9
-rw-r--r--authfd.c2
-rw-r--r--authfd.h2
-rw-r--r--authfile.c2
-rw-r--r--bufaux.c2
-rw-r--r--bufaux.h2
-rw-r--r--buffer.c2
-rw-r--r--buffer.h2
-rw-r--r--canohost.c2
-rw-r--r--channels.c2
-rw-r--r--channels.h2
-rw-r--r--cipher.c2
-rw-r--r--cipher.h2
-rw-r--r--clientloop.c2
-rw-r--r--compat.c4
-rw-r--r--compat.h3
-rw-r--r--compress.c2
-rw-r--r--compress.h2
-rw-r--r--crc32.c2
-rw-r--r--crc32.h2
-rw-r--r--deattack.c2
-rw-r--r--dispatch.c2
-rw-r--r--dsa.c17
-rw-r--r--fingerprint.c2
-rw-r--r--fingerprint.h2
-rw-r--r--getput.h2
-rw-r--r--hmac.c2
-rw-r--r--kex.c2
-rw-r--r--key.c27
-rw-r--r--log-client.c2
-rw-r--r--log-server.c2
-rw-r--r--login.c2
-rw-r--r--match.c2
-rw-r--r--mpaux.c2
-rw-r--r--mpaux.h2
-rw-r--r--nchan.c2
-rw-r--r--nchan.h2
-rw-r--r--packet.c2
-rw-r--r--packet.h2
-rw-r--r--pty.c2
-rw-r--r--pty.h2
-rw-r--r--readconf.c2
-rw-r--r--readconf.h2
-rw-r--r--readpass.c2
-rw-r--r--rsa.c2
-rw-r--r--rsa.h2
-rw-r--r--scp.c4
-rw-r--r--servconf.c2
-rw-r--r--servconf.h2
-rw-r--r--ssh-add.c2
-rw-r--r--ssh-keygen.c2
-rw-r--r--ssh.c2
-rw-r--r--ssh.h2
-rw-r--r--sshconnect2.c20
-rw-r--r--tildexpand.c2
-rw-r--r--ttymodes.c2
-rw-r--r--ttymodes.h2
-rw-r--r--uidswap.c2
-rw-r--r--xmalloc.c2
-rw-r--r--xmalloc.h2
68 files changed, 138 insertions, 89 deletions
diff --git a/ChangeLog b/ChangeLog
index c35b7366..af56ec53 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,29 @@
- (djm) Automatically generate host key during "make install". Suggested
by Gary E. Miller <gem@rellim.com>
- (djm) Paranoia before kill() system call
+ - OpenBSD CVS Updates:
+ - markus@cvs.openbsd.org 2000/06/18 18:50:11
+ [auth2.c compat.c compat.h sshconnect2.c]
+ make userauth+pubkey interop with ssh.com-2.2.0
+ - markus@cvs.openbsd.org 2000/06/18 20:56:17
+ [dsa.c]
+ mem leak + be more paranoid in dsa_verify.
+ - markus@cvs.openbsd.org 2000/06/18 21:29:50
+ [key.c]
+ cleanup fingerprinting, less hardcoded sizes
+ - markus@cvs.openbsd.org 2000/06/19 19:39:45
+ [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
+ [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
+ [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
+ [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
+ [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
+ [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
+ [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
+ [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
+ [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
+ OpenBSD tag
+ - markus@cvs.openbsd.org 2000/06/21 10:46:10
+ sshconnect2.c missing free; nuke old comment
20000620
- (djm) Replace use of '-o' and '-a' logical operators in configure tests
diff --git a/atomicio.c b/atomicio.c
index 3f12344e..7d9f9340 100644
--- a/atomicio.c
+++ b/atomicio.c
@@ -24,7 +24,7 @@
*/
#include "includes.h"
-RCSID("$Id: atomicio.c,v 1.11 2000/04/16 02:31:49 damien Exp $");
+RCSID("$OpenBSD: atomicio.c,v 1.4 2000/06/20 01:39:37 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
diff --git a/auth-options.c b/auth-options.c
index 7ebbb766..55ccc851 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,5 +1,5 @@
#include "includes.h"
-RCSID("$Id: auth-options.c,v 1.1 2000/06/18 04:50:44 djm Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.2 2000/06/20 01:39:38 markus Exp $");
#include "ssh.h"
#include "packet.h"
diff --git a/auth-passwd.c b/auth-passwd.c
index b27c5bae..d722122c 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -11,7 +11,7 @@
#ifndef USE_PAM
-RCSID("$Id: auth-passwd.c,v 1.20 2000/05/20 05:03:00 damien Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.16 2000/06/20 01:39:38 markus Exp $");
#include "packet.h"
#include "ssh.h"
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 1073ecc1..4386758d 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -15,7 +15,7 @@
*/
#include "includes.h"
-RCSID("$Id: auth-rh-rsa.c,v 1.11 2000/04/16 02:31:49 damien Exp $");
+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.14 2000/06/20 01:39:38 markus Exp $");
#include "packet.h"
#include "ssh.h"
diff --git a/auth-rhosts.c b/auth-rhosts.c
index 6a5c13e4..f670276b 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -16,7 +16,7 @@
*/
#include "includes.h"
-RCSID("$Id: auth-rhosts.c,v 1.8 2000/04/16 01:18:39 damien Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.14 2000/06/20 01:39:38 markus Exp $");
#include "packet.h"
#include "ssh.h"
diff --git a/auth-rsa.c b/auth-rsa.c
index 546e1d84..1a246f7f 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -16,7 +16,7 @@
*/
#include "includes.h"
-RCSID("$Id: auth-rsa.c,v 1.21 2000/06/18 04:50:44 djm Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.26 2000/06/20 01:39:38 markus Exp $");
#include "rsa.h"
#include "packet.h"
diff --git a/auth-skey.c b/auth-skey.c
index 7eb32e8f..d66d84e7 100644
--- a/auth-skey.c
+++ b/auth-skey.c
@@ -1,6 +1,6 @@
#include "includes.h"
#ifdef SKEY
-RCSID("$Id: auth-skey.c,v 1.6 2000/04/14 10:30:29 markus Exp $");
+RCSID("$OpenBSD: auth-skey.c,v 1.7 2000/06/20 01:39:38 markus Exp $");
#include "ssh.h"
#include "packet.h"
diff --git a/auth2.c b/auth2.c
index c7dcf195..a3d4ab60 100644
--- a/auth2.c
+++ b/auth2.c
@@ -27,7 +27,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.10 2000/06/18 04:05:02 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.11 2000/06/19 00:50:11 markus Exp $");
#include <openssl/dsa.h>
#include <openssl/rsa.h>
@@ -302,8 +302,11 @@ ssh2_auth_pubkey(struct passwd *pw, char *service)
sig = packet_get_string(&slen);
packet_done();
buffer_init(&b);
- buffer_append(&b, session_id2, session_id2_len);
-
+ if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) {
+ buffer_put_string(&b, session_id2, session_id2_len);
+ } else {
+ buffer_append(&b, session_id2, session_id2_len);
+ }
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, pw->pw_name);
diff --git a/authfd.c b/authfd.c
index 36b4d6ce..69d77d7d 100644
--- a/authfd.c
+++ b/authfd.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$Id: authfd.c,v 1.14 2000/04/30 00:00:53 damien Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.20 2000/06/20 01:39:38 markus Exp $");
#include "ssh.h"
#include "rsa.h"
diff --git a/authfd.h b/authfd.h
index 420f592b..d7ff4be2 100644
--- a/authfd.h
+++ b/authfd.h
@@ -13,7 +13,7 @@
*
*/
-/* RCSID("$Id: authfd.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */
+/* RCSID("$OpenBSD: authfd.h,v 1.8 2000/06/20 01:39:38 markus Exp $"); */
#ifndef AUTHFD_H
#define AUTHFD_H
diff --git a/authfile.c b/authfile.c
index f93c9d47..71c4a5d8 100644
--- a/authfile.c
+++ b/authfile.c
@@ -15,7 +15,7 @@
*/
#include "includes.h"
-RCSID("$Id: authfile.c,v 1.12 2000/04/29 13:57:10 damien Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.17 2000/06/20 01:39:38 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
diff --git a/bufaux.c b/bufaux.c
index 9ae5e9e6..ecf529ff 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -17,7 +17,7 @@
*/
#include "includes.h"
-RCSID("$Id: bufaux.c,v 1.12 2000/04/16 02:31:50 damien Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.12 2000/06/20 01:39:39 markus Exp $");
#include "ssh.h"
#include <openssl/bn.h>
diff --git a/bufaux.h b/bufaux.h
index 80bad6ea..42df4639 100644
--- a/bufaux.h
+++ b/bufaux.h
@@ -11,7 +11,7 @@
*
*/
-/* RCSID("$Id: bufaux.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */
+/* RCSID("$OpenBSD: bufaux.h,v 1.7 2000/06/20 01:39:39 markus Exp $"); */
#ifndef BUFAUX_H
#define BUFAUX_H
diff --git a/buffer.c b/buffer.c
index 83a63e6f..db5ae0a2 100644
--- a/buffer.c
+++ b/buffer.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$Id: buffer.c,v 1.5 2000/04/16 01:18:40 damien Exp $");
+RCSID("$OpenBSD: buffer.c,v 1.7 2000/06/20 01:39:39 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
diff --git a/buffer.h b/buffer.h
index f33e6f72..a2b4efff 100644
--- a/buffer.h
+++ b/buffer.h
@@ -13,7 +13,7 @@
*
*/
-/* RCSID("$Id: buffer.h,v 1.4 2000/04/16 02:31:50 damien Exp $"); */
+/* RCSID("$OpenBSD: buffer.h,v 1.5 2000/06/20 01:39:39 markus Exp $"); */
#ifndef BUFFER_H
#define BUFFER_H
diff --git a/canohost.c b/canohost.c
index 1b579092..7ded0e3b 100644
--- a/canohost.c
+++ b/canohost.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$Id: canohost.c,v 1.9 2000/04/16 01:18:40 damien Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.13 2000/06/20 01:39:39 markus Exp $");
#include "packet.h"
#include "xmalloc.h"
diff --git a/channels.c b/channels.c
index 9da9db47..038670da 100644
--- a/channels.c
+++ b/channels.c
@@ -17,7 +17,7 @@
*/
#include "includes.h"
-RCSID("$Id: channels.c,v 1.33 2000/06/18 04:50:44 djm Exp $");
+RCSID("$OpenBSD: channels.c,v 1.62 2000/06/20 01:39:39 markus Exp $");
#include "ssh.h"
#include "packet.h"
diff --git a/channels.h b/channels.h
index 922c5d0a..9629124b 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/* RCSID("$Id: channels.h,v 1.10 2000/06/07 09:55:44 djm Exp $"); */
+/* RCSID("$OpenBSD: channels.h,v 1.14 2000/06/20 01:39:40 markus Exp $"); */
#ifndef CHANNELS_H
#define CHANNELS_H
diff --git a/cipher.c b/cipher.c
index 4117cb77..97cbd38c 100644
--- a/cipher.c
+++ b/cipher.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$Id: cipher.c,v 1.21 2000/05/30 03:44:52 damien Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.28 2000/06/20 01:39:40 markus Exp $");
#include "ssh.h"
#include "cipher.h"
diff --git a/cipher.h b/cipher.h
index b7410fbc..a1379907 100644
--- a/cipher.h
+++ b/cipher.h
@@ -11,7 +11,7 @@
*
*/
-/* RCSID("$Id: cipher.h,v 1.13 2000/05/09 01:03:00 damien Exp $"); */
+/* RCSID("$OpenBSD: cipher.h,v 1.18 2000/06/20 01:39:40 markus Exp $"); */
#ifndef CIPHER_H
#define CIPHER_H
diff --git a/clientloop.c b/clientloop.c
index 82d1d27d..5df584ab 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -16,7 +16,7 @@
*/
#include "includes.h"
-RCSID("$Id: clientloop.c,v 1.16 2000/05/09 01:03:00 damien Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.27 2000/06/20 01:39:40 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
diff --git a/compat.c b/compat.c
index 8e77fd79..e3410d49 100644
--- a/compat.c
+++ b/compat.c
@@ -28,7 +28,7 @@
*/
#include "includes.h"
-RCSID("$Id: compat.c,v 1.12 2000/06/18 04:50:44 djm Exp $");
+RCSID("$OpenBSD: compat.c,v 1.17 2000/06/20 01:39:40 markus Exp $");
#include "ssh.h"
#include "packet.h"
@@ -61,7 +61,7 @@ compat_datafellows(const char *version)
char *version;
int bugs;
} check[] = {
- {"2.2.0", SSH_BUG_HMAC},
+ {"2.2.0", SSH_BUG_HMAC|SSH_COMPAT_SESSIONID_ENCODING},
{"2.1.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC},
{"2.0.1", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD},
{NULL, 0}
diff --git a/compat.h b/compat.h
index cd7c190c..2060a39f 100644
--- a/compat.h
+++ b/compat.h
@@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$Id: compat.h,v 1.6 2000/05/09 01:03:00 damien Exp $"); */
+/* RCSID("$OpenBSD: compat.h,v 1.9 2000/06/20 01:39:40 markus Exp $"); */
#ifndef COMPAT_H
#define COMPAT_H
@@ -40,6 +40,7 @@
#define SSH_BUG_PUBKEYAUTH 0x02
#define SSH_BUG_HMAC 0x04
#define SSH_BUG_X11FWD 0x08
+#define SSH_COMPAT_SESSIONID_ENCODING 0x10
void enable_compat13(void);
void enable_compat20(void);
diff --git a/compress.c b/compress.c
index 610aaf7e..4ec20104 100644
--- a/compress.c
+++ b/compress.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$Id: compress.c,v 1.6 2000/04/16 01:18:42 damien Exp $");
+RCSID("$OpenBSD: compress.c,v 1.8 2000/06/20 01:39:40 markus Exp $");
#include "ssh.h"
#include "buffer.h"
diff --git a/compress.h b/compress.h
index f1318332..ce7d7fab 100644
--- a/compress.h
+++ b/compress.h
@@ -13,7 +13,7 @@
*
*/
-/* RCSID("$Id: compress.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */
+/* RCSID("$OpenBSD: compress.h,v 1.5 2000/06/20 01:39:40 markus Exp $"); */
#ifndef COMPRESS_H
#define COMPRESS_H
diff --git a/crc32.c b/crc32.c
index 2d3867d0..05a1af7b 100644
--- a/crc32.c
+++ b/crc32.c
@@ -6,7 +6,7 @@
*/
#include "includes.h"
-RCSID("$Id: crc32.c,v 1.2 1999/11/24 13:26:22 damien Exp $");
+RCSID("$OpenBSD: crc32.c,v 1.5 2000/06/20 01:39:40 markus Exp $");
#include "crc32.h"
diff --git a/crc32.h b/crc32.h
index 15ac2999..45495b42 100644
--- a/crc32.h
+++ b/crc32.h
@@ -13,7 +13,7 @@
*
*/
-/* RCSID("$Id: crc32.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */
+/* RCSID("$OpenBSD: crc32.h,v 1.6 2000/06/20 01:39:40 markus Exp $"); */
#ifndef CRC32_H
#define CRC32_H
diff --git a/deattack.c b/deattack.c
index 81b1c8ef..7f95eca3 100644
--- a/deattack.c
+++ b/deattack.c
@@ -1,5 +1,5 @@
/*
- * $Id: deattack.c,v 1.3 1999/11/24 13:26:22 damien Exp $
+ * $OpenBSD: deattack.c,v 1.7 2000/06/20 01:39:41 markus Exp $
* Cryptographic attack detector for ssh - source code
*
* Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
diff --git a/dispatch.c b/dispatch.c
index 50f11f3c..8df08b17 100644
--- a/dispatch.c
+++ b/dispatch.c
@@ -27,7 +27,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$Id: dispatch.c,v 1.3 2000/04/16 01:18:42 damien Exp $");
+RCSID("$OpenBSD: dispatch.c,v 1.3 2000/06/20 01:39:41 markus Exp $");
#include "ssh.h"
#include "dispatch.h"
#include "packet.h"
diff --git a/dsa.c b/dsa.c
index 51d7ff28..c1c37bce 100644
--- a/dsa.c
+++ b/dsa.c
@@ -28,7 +28,7 @@
*/
#include "includes.h"
-RCSID("$Id: dsa.c,v 1.7 2000/05/08 17:42:24 markus Exp $");
+RCSID("$OpenBSD: dsa.c,v 1.9 2000/06/20 01:39:41 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -72,7 +72,7 @@ dsa_key_from_blob(
buffer_append(&b, blob, blen);
ktype = buffer_get_string(&b, NULL);
if (strcmp(KEX_DSS, ktype) != 0) {
- error("dsa_key_from_blob: cannot handle type %s", ktype);
+ error("dsa_key_from_blob: cannot handle type %s", ktype);
key_free(key);
return NULL;
}
@@ -197,7 +197,6 @@ dsa_verify(
DSA_SIG *sig;
EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
- char *ktype;
unsigned char *sigblob;
char *txt;
unsigned int len;
@@ -227,14 +226,24 @@ dsa_verify(
len = signaturelen;
} else {
/* ietf-drafts */
+ char *ktype;
buffer_init(&b);
buffer_append(&b, (char *) signature, signaturelen);
ktype = buffer_get_string(&b, NULL);
+ if (strcmp(KEX_DSS, ktype) != 0) {
+ error("dsa_verify: cannot handle type %s", ktype);
+ buffer_free(&b);
+ return -1;
+ }
sigblob = (unsigned char *)buffer_get_string(&b, &len);
rlen = buffer_len(&b);
- if(rlen != 0)
+ if(rlen != 0) {
error("remaining bytes in signature %d", rlen);
+ buffer_free(&b);
+ return -1;
+ }
buffer_free(&b);
+ xfree(ktype);
}
if (len != SIGBLOB_LEN) {
diff --git a/fingerprint.c b/fingerprint.c
index 4b0966d9..801f6a6e 100644
--- a/fingerprint.c
+++ b/fingerprint.c
@@ -28,7 +28,7 @@
*/
#include "includes.h"
-RCSID("$Id: fingerprint.c,v 1.6 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: fingerprint.c,v 1.7 2000/06/20 01:39:41 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
diff --git a/fingerprint.h b/fingerprint.h
index fbb0d4c4..3d7bcb32 100644
--- a/fingerprint.h
+++ b/fingerprint.h
@@ -26,7 +26,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$Id: fingerprint.h,v 1.3 1999/11/24 16:15:25 markus Exp $"); */
+/* RCSID("$OpenBSD: fingerprint.h,v 1.4 2000/06/20 01:39:41 markus Exp $"); */
#ifndef FINGERPRINT_H
#define FINGERPRINT_H
diff --git a/getput.h b/getput.h
index 22235f5d..5f6b1411 100644
--- a/getput.h
+++ b/getput.h
@@ -13,7 +13,7 @@
*
*/
-/* RCSID("$Id: getput.h,v 1.3 2000/04/16 01:18:42 damien Exp $"); */
+/* RCSID("$OpenBSD: getput.h,v 1.4 2000/06/20 01:39:41 markus Exp $"); */
#ifndef GETPUT_H
#define GETPUT_H
diff --git a/hmac.c b/hmac.c
index fe53aa47..27590ec8 100644
--- a/hmac.c
+++ b/hmac.c
@@ -28,7 +28,7 @@
*/
#include "includes.h"
-RCSID("$Id: hmac.c,v 1.2 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: hmac.c,v 1.3 2000/06/20 01:39:41 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
diff --git a/kex.c b/kex.c
index 199e0426..b0d47b5b 100644
--- a/kex.c
+++ b/kex.c
@@ -28,7 +28,7 @@
*/
#include "includes.h"
-RCSID("$Id: kex.c,v 1.9 2000/05/30 03:44:53 damien Exp $");
+RCSID("$OpenBSD: kex.c,v 1.8 2000/06/20 01:39:41 markus Exp $");
#include "ssh.h"
#include "ssh2.h"
diff --git a/key.c b/key.c
index d474f85c..be38a88f 100644
--- a/key.c
+++ b/key.c
@@ -121,8 +121,6 @@ key_equal(Key *a, Key *b)
return 0;
}
-#define FPRINT "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x"
-
/*
* Generate key fingerprint in ascii format.
* Based on ideas and code from Bjoern Groenvall <bg@sics.se>
@@ -130,7 +128,7 @@ key_equal(Key *a, Key *b)
char *
key_fingerprint(Key *k)
{
- static char retval[80];
+ static char retval[(EVP_MAX_MD_SIZE+1)*3];
unsigned char *blob = NULL;
int len = 0;
int nlen, elen;
@@ -151,15 +149,22 @@ key_fingerprint(Key *k)
fatal("key_fingerprint: bad key type %d", k->type);
break;
}
+ retval[0] = '\0';
+
if (blob != NULL) {
- unsigned char d[16];
- EVP_MD_CTX md;
- EVP_DigestInit(&md, EVP_md5());
- EVP_DigestUpdate(&md, blob, len);
- EVP_DigestFinal(&md, d, NULL);
- snprintf(retval, sizeof(retval), FPRINT,
- d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7],
- d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]);
+ int i;
+ unsigned char digest[EVP_MAX_MD_SIZE];
+ EVP_MD *md = EVP_md5();
+ EVP_MD_CTX ctx;
+ EVP_DigestInit(&ctx, md);
+ EVP_DigestUpdate(&ctx, blob, len);
+ EVP_DigestFinal(&ctx, digest, NULL);
+ for(i = 0; i < md->md_size; i++) {
+ char hex[4];
+ snprintf(hex, sizeof(hex), "%02x:", digest[i]);
+ strlcat(retval, hex, sizeof(retval));
+ }
+ retval[strlen(retval) - 1] = '\0';
memset(blob, 0, len);
xfree(blob);
}
diff --git a/log-client.c b/log-client.c
index e86a2e33..7e9fd61e 100644
--- a/log-client.c
+++ b/log-client.c
@@ -15,7 +15,7 @@
*/
#include "includes.h"
-RCSID("$Id: log-client.c,v 1.6 2000/04/16 01:18:43 damien Exp $");
+RCSID("$OpenBSD: log-client.c,v 1.9 2000/06/20 01:39:42 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
diff --git a/log-server.c b/log-server.c
index 57c7b371..9db77d9e 100644
--- a/log-server.c
+++ b/log-server.c
@@ -15,7 +15,7 @@
*/
#include "includes.h"
-RCSID("$Id: log-server.c,v 1.10 2000/05/01 23:56:42 damien Exp $");
+RCSID("$OpenBSD: log-server.c,v 1.15 2000/06/20 01:39:42 markus Exp $");
#include <syslog.h>
#include "packet.h"
diff --git a/login.c b/login.c
index eb320178..c5072182 100644
--- a/login.c
+++ b/login.c
@@ -18,7 +18,7 @@
*/
#include "includes.h"
-RCSID("$Id: login.c,v 1.32 2000/06/04 17:07:49 andre Exp $");
+RCSID("$OpenBSD: login.c,v 1.14 2000/06/20 01:39:42 markus Exp $");
#include "loginrec.h"
diff --git a/match.c b/match.c
index 1551ed57..c4f54b2c 100644
--- a/match.c
+++ b/match.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$Id: match.c,v 1.6 2000/06/07 09:55:44 djm Exp $");
+RCSID("$OpenBSD: match.c,v 1.8 2000/06/20 01:39:42 markus Exp $");
#include "ssh.h"
diff --git a/mpaux.c b/mpaux.c
index 2384c826..6caae64d 100644
--- a/mpaux.c
+++ b/mpaux.c
@@ -15,7 +15,7 @@
*/
#include "includes.h"
-RCSID("$Id: mpaux.c,v 1.12 2000/04/16 02:31:51 damien Exp $");
+RCSID("$OpenBSD: mpaux.c,v 1.13 2000/06/20 01:39:42 markus Exp $");
#include <openssl/bn.h>
#include "getput.h"
diff --git a/mpaux.h b/mpaux.h
index d3e24cfd..b05c14bf 100644
--- a/mpaux.h
+++ b/mpaux.h
@@ -13,7 +13,7 @@
* precision integers.
*/
-/* RCSID("$Id: mpaux.h,v 1.5 2000/04/16 01:18:43 damien Exp $"); */
+/* RCSID("$OpenBSD: mpaux.h,v 1.7 2000/06/20 01:39:42 markus Exp $"); */
#ifndef MPAUX_H
#define MPAUX_H
diff --git a/nchan.c b/nchan.c
index 0ea88da3..cef56497 100644
--- a/nchan.c
+++ b/nchan.c
@@ -28,7 +28,7 @@
*/
#include "includes.h"
-RCSID("$Id: nchan.c,v 1.10 2000/05/09 01:03:01 damien Exp $");
+RCSID("$OpenBSD: nchan.c,v 1.18 2000/06/20 01:39:42 markus Exp $");
#include "ssh.h"
diff --git a/nchan.h b/nchan.h
index ae2b7061..38205cfa 100644
--- a/nchan.h
+++ b/nchan.h
@@ -27,7 +27,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$Id: nchan.h,v 1.5 2000/04/04 04:39:02 damien Exp $"); */
+/* RCSID("$OpenBSD: nchan.h,v 1.8 2000/06/20 01:39:43 markus Exp $"); */
#ifndef NCHAN_H
#define NCHAN_H
diff --git a/packet.c b/packet.c
index fd7a3225..137d0181 100644
--- a/packet.c
+++ b/packet.c
@@ -17,7 +17,7 @@
*/
#include "includes.h"
-RCSID("$Id: packet.c,v 1.23 2000/05/17 12:53:35 damien Exp $");
+RCSID("$OpenBSD: packet.c,v 1.33 2000/06/20 01:39:43 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
diff --git a/packet.h b/packet.h
index b5fc196e..015d9ec8 100644
--- a/packet.h
+++ b/packet.h
@@ -13,7 +13,7 @@
*
*/
-/* RCSID("$Id: packet.h,v 1.15 2000/04/16 02:31:51 damien Exp $"); */
+/* RCSID("$OpenBSD: packet.h,v 1.16 2000/06/20 01:39:43 markus Exp $"); */
#ifndef PACKET_H
#define PACKET_H
diff --git a/pty.c b/pty.c
index 21ddab5c..a6c238bd 100644
--- a/pty.c
+++ b/pty.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$Id: pty.c,v 1.19 2000/04/20 13:12:59 damien Exp $");
+RCSID("$OpenBSD: pty.c,v 1.14 2000/06/20 01:39:43 markus Exp $");
#ifdef HAVE_UTIL_H
# include <util.h>
diff --git a/pty.h b/pty.h
index a9bdeaee..28419681 100644
--- a/pty.h
+++ b/pty.h
@@ -13,7 +13,7 @@
* tty.
*/
-/* RCSID("$Id: pty.h,v 1.8 2000/04/16 01:18:44 damien Exp $"); */
+/* RCSID("$OpenBSD: pty.h,v 1.7 2000/06/20 01:39:43 markus Exp $"); */
#ifndef PTY_H
#define PTY_H
diff --git a/readconf.c b/readconf.c
index c6d6f67d..6d015a20 100644
--- a/readconf.c
+++ b/readconf.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$Id: readconf.c,v 1.17 2000/06/18 04:50:44 djm Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.37 2000/06/20 01:39:43 markus Exp $");
#include "ssh.h"
#include "cipher.h"
diff --git a/readconf.h b/readconf.h
index aeaf39a1..e33cebce 100644
--- a/readconf.h
+++ b/readconf.h
@@ -13,7 +13,7 @@
*
*/
-/* RCSID("$Id: readconf.h,v 1.12 2000/06/07 09:55:44 djm Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.20 2000/06/20 01:39:43 markus Exp $"); */
#ifndef READCONF_H
#define READCONF_H
diff --git a/readpass.c b/readpass.c
index e3402b48..c38292f1 100644
--- a/readpass.c
+++ b/readpass.c
@@ -32,7 +32,7 @@
*/
#include "includes.h"
-RCSID("$Id: readpass.c,v 1.6 2000/04/16 01:18:44 damien Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.11 2000/06/20 01:39:44 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
diff --git a/rsa.c b/rsa.c
index 1e8c434f..46ad6b6e 100644
--- a/rsa.c
+++ b/rsa.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$Id: rsa.c,v 1.14 2000/04/16 01:18:45 damien Exp $");
+RCSID("$OpenBSD: rsa.c,v 1.15 2000/06/20 01:39:44 markus Exp $");
#include "rsa.h"
#include "ssh.h"
diff --git a/rsa.h b/rsa.h
index 672f20d4..dfbf6f48 100644
--- a/rsa.h
+++ b/rsa.h
@@ -13,7 +13,7 @@
*
*/
-/* RCSID("$Id: rsa.h,v 1.9 2000/04/16 02:31:51 damien Exp $"); */
+/* RCSID("$OpenBSD: rsa.h,v 1.7 2000/06/20 01:39:44 markus Exp $"); */
#ifndef RSA_H
#define RSA_H
diff --git a/scp.c b/scp.c
index 773a4f59..0a89985d 100644
--- a/scp.c
+++ b/scp.c
@@ -45,7 +45,7 @@
*/
#include "includes.h"
-RCSID("$Id: scp.c,v 1.24 2000/06/18 04:50:44 djm Exp $");
+RCSID("$OpenBSD: scp.c,v 1.32 2000/06/20 01:39:44 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -1007,7 +1007,7 @@ run_err(const char *fmt,...)
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: scp.c,v 1.24 2000/06/18 04:50:44 djm Exp $
+ * $OpenBSD: scp.c,v 1.32 2000/06/20 01:39:44 markus Exp $
*/
char *
diff --git a/servconf.c b/servconf.c
index 0e323231..12cc1526 100644
--- a/servconf.c
+++ b/servconf.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$Id: servconf.c,v 1.19 2000/06/18 04:50:44 djm Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.45 2000/06/20 01:39:44 markus Exp $");
#include "ssh.h"
#include "servconf.h"
diff --git a/servconf.h b/servconf.h
index 6c647c2e..c698bc74 100644
--- a/servconf.h
+++ b/servconf.h
@@ -13,7 +13,7 @@
*
*/
-/* RCSID("$Id: servconf.h,v 1.13 2000/06/18 04:50:44 djm Exp $"); */
+/* RCSID("$OpenBSD: servconf.h,v 1.25 2000/06/20 01:39:44 markus Exp $"); */
#ifndef SERVCONF_H
#define SERVCONF_H
diff --git a/ssh-add.c b/ssh-add.c
index ad942397..661e1ffa 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -7,7 +7,7 @@
*/
#include "includes.h"
-RCSID("$Id: ssh-add.c,v 1.18 2000/05/01 10:59:50 damien Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.17 2000/06/20 01:39:44 markus Exp $");
#include <openssl/rsa.h>
#include <openssl/dsa.h>
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 621b9c14..4b89c15e 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -7,7 +7,7 @@
*/
#include "includes.h"
-RCSID("$Id: ssh-keygen.c,v 1.19 2000/06/07 09:55:44 djm Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.27 2000/06/20 01:39:44 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
diff --git a/ssh.c b/ssh.c
index a5c1ac6b..f9742dc8 100644
--- a/ssh.c
+++ b/ssh.c
@@ -11,7 +11,7 @@
*/
#include "includes.h"
-RCSID("$Id: ssh.c,v 1.34 2000/06/07 09:55:44 djm Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.56 2000/06/20 01:39:44 markus Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
diff --git a/ssh.h b/ssh.h
index ed124cec..213f73de 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@
*
*/
-/* RCSID("$Id: ssh.h,v 1.40 2000/05/17 12:34:24 damien Exp $"); */
+/* RCSID("$OpenBSD: ssh.h,v 1.47 2000/06/20 01:39:45 markus Exp $"); */
#ifndef SSH_H
#define SSH_H
diff --git a/sshconnect2.c b/sshconnect2.c
index 77b8652e..ae96d534 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -28,7 +28,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.13 2000/06/02 02:00:19 todd Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.15 2000/06/21 16:46:10 markus Exp $");
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -295,6 +295,7 @@ ssh2_try_pubkey(char *filename,
unsigned char *blob, *signature;
int bloblen, slen;
struct stat st;
+ int skip = 0;
if (stat(filename, &st) != 0) {
debug("key does not exist: %s", filename);
@@ -314,14 +315,22 @@ ssh2_try_pubkey(char *filename,
success = load_private_key(filename, passphrase, k, NULL);
memset(passphrase, 0, strlen(passphrase));
xfree(passphrase);
- if (!success)
+ if (!success) {
+ key_free(k);
return 0;
+ }
}
dsa_make_key_blob(k, &blob, &bloblen);
/* data to be signed */
buffer_init(&b);
- buffer_append(&b, session_id2, session_id2_len);
+ if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) {
+ buffer_put_string(&b, session_id2, session_id2_len);
+ skip = buffer_len(&b);
+ } else {
+ buffer_append(&b, session_id2, session_id2_len);
+ skip = session_id2_len;
+ }
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, server_user);
buffer_put_cstring(&b,
@@ -340,7 +349,6 @@ ssh2_try_pubkey(char *filename,
buffer_dump(&b);
#endif
if (datafellows & SSH_BUG_PUBKEYAUTH) {
- /* e.g. ssh-2.0.13: data-to-be-signed != data-on-the-wire */
buffer_clear(&b);
buffer_append(&b, session_id2, session_id2_len);
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
@@ -357,9 +365,9 @@ ssh2_try_pubkey(char *filename,
xfree(signature);
/* skip session id and packet type */
- if (buffer_len(&b) < session_id2_len + 1)
+ if (buffer_len(&b) < skip + 1)
fatal("ssh2_try_pubkey: internal error");
- buffer_consume(&b, session_id2_len + 1);
+ buffer_consume(&b, skip + 1);
/* put remaining data from buffer into packet */
packet_start(SSH2_MSG_USERAUTH_REQUEST);
diff --git a/tildexpand.c b/tildexpand.c
index f615362f..d10ea005 100644
--- a/tildexpand.c
+++ b/tildexpand.c
@@ -6,7 +6,7 @@
*/
#include "includes.h"
-RCSID("$Id: tildexpand.c,v 1.4 1999/12/07 04:38:32 damien Exp $");
+RCSID("$OpenBSD: tildexpand.c,v 1.7 2000/06/20 01:39:45 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
diff --git a/ttymodes.c b/ttymodes.c
index 647c6603..f4b7af58 100644
--- a/ttymodes.c
+++ b/ttymodes.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$Id: ttymodes.c,v 1.4 2000/04/16 01:18:49 damien Exp $");
+RCSID("$OpenBSD: ttymodes.c,v 1.7 2000/06/20 01:39:45 markus Exp $");
#include "packet.h"
#include "ssh.h"
diff --git a/ttymodes.h b/ttymodes.h
index 41aad79d..b0ef2476 100644
--- a/ttymodes.h
+++ b/ttymodes.h
@@ -12,7 +12,7 @@
*
*/
-/* RCSID("$Id: ttymodes.h,v 1.4 2000/04/16 01:18:49 damien Exp $"); */
+/* RCSID("$OpenBSD: ttymodes.h,v 1.8 2000/06/20 01:39:45 markus Exp $"); */
/* The tty mode description is a stream of bytes. The stream consists of
* opcode-arguments pairs. It is terminated by opcode TTY_OP_END (0).
diff --git a/uidswap.c b/uidswap.c
index e57be3a3..4213d34e 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -7,7 +7,7 @@
*/
#include "includes.h"
-RCSID("$Id: uidswap.c,v 1.5 2000/04/16 01:18:49 damien Exp $");
+RCSID("$OpenBSD: uidswap.c,v 1.7 2000/06/20 01:39:45 markus Exp $");
#include "ssh.h"
#include "uidswap.h"
diff --git a/xmalloc.c b/xmalloc.c
index fb29a62e..ec62c580 100644
--- a/xmalloc.c
+++ b/xmalloc.c
@@ -8,7 +8,7 @@
*/
#include "includes.h"
-RCSID("$Id: xmalloc.c,v 1.3 2000/04/16 01:18:49 damien Exp $");
+RCSID("$OpenBSD: xmalloc.c,v 1.7 2000/06/20 01:39:45 markus Exp $");
#include "ssh.h"
diff --git a/xmalloc.h b/xmalloc.h
index a5603522..b11b49cb 100644
--- a/xmalloc.h
+++ b/xmalloc.h
@@ -14,7 +14,7 @@
*
*/
-/* RCSID("$Id: xmalloc.h,v 1.3 2000/04/16 01:18:49 damien Exp $"); */
+/* RCSID("$OpenBSD: xmalloc.h,v 1.4 2000/06/20 01:39:45 markus Exp $"); */
#ifndef XMALLOC_H
#define XMALLOC_H