diff options
| author | des <des@FreeBSD.org> | 2014-01-31 13:12:02 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2014-01-31 13:12:02 +0000 |
| commit | 7573e91b127f1c198210fd345d3ca198b598cfc6 (patch) | |
| tree | d32fb61cec38c52314210c3459fd436685dacdba /crypto/openssh/sshconnect2.c | |
| parent | c692973c992c321bb10e631f572fab1500ae5b0e (diff) | |
| parent | 45d0197dd79eceffb5bbc29f75199eb09af5a5f9 (diff) | |
| download | FreeBSD-src-7573e91b127f1c198210fd345d3ca198b598cfc6.zip FreeBSD-src-7573e91b127f1c198210fd345d3ca198b598cfc6.tar.gz | |
Upgrade to OpenSSH 6.5p1.
Diffstat (limited to 'crypto/openssh/sshconnect2.c')
| -rw-r--r-- | crypto/openssh/sshconnect2.c | 36 |
1 files changed, 26 insertions, 10 deletions
diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c index a79f6c5..9a97875 100644 --- a/crypto/openssh/sshconnect2.c +++ b/crypto/openssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.198 2013/06/05 12:52:38 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.201 2014/01/09 23:20:00 djm Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -199,11 +199,12 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) } if (options.hostkeyalgorithms != NULL) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = - options.hostkeyalgorithms; + compat_pkalg_proposal(options.hostkeyalgorithms); else { /* Prefer algorithms that we already have keys for */ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = - order_hostkeyalgs(host, hostaddr, port); + compat_pkalg_proposal( + order_hostkeyalgs(host, hostaddr, port)); } if (options.kex_algorithms != NULL) myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; @@ -219,6 +220,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; kex->kex[KEX_ECDH_SHA2] = kexecdh_client; + kex->kex[KEX_C25519_SHA256] = kexc25519_client; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; kex->verify_host_key=&verify_host_key_callback; @@ -1038,7 +1040,7 @@ jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme, debug3("%s: crypted = %s", __func__, crypted); #endif - if (hash_buffer(crypted, strlen(crypted), EVP_sha256(), + if (hash_buffer(crypted, strlen(crypted), SSH_DIGEST_SHA1, &secret, &secret_len) != 0) fatal("%s: hash_buffer", __func__); @@ -1522,17 +1524,31 @@ userauth_pubkey(Authctxt *authctxt) * encrypted keys we cannot do this and have to load the * private key instead */ - if (id->key && id->key->type != KEY_RSA1) { - debug("Offering %s public key: %s", key_type(id->key), - id->filename); - sent = send_pubkey_test(authctxt, id); - } else if (id->key == NULL) { + if (id->key != NULL) { + if (key_type_plain(id->key->type) == KEY_RSA && + (datafellows & SSH_BUG_RSASIGMD5) != 0) { + debug("Skipped %s key %s for RSA/MD5 server", + key_type(id->key), id->filename); + } else if (id->key->type != KEY_RSA1) { + debug("Offering %s public key: %s", + key_type(id->key), id->filename); + sent = send_pubkey_test(authctxt, id); + } + } else { debug("Trying private key: %s", id->filename); id->key = load_identity_file(id->filename, id->userprovided); if (id->key != NULL) { id->isprivate = 1; - sent = sign_and_send_pubkey(authctxt, id); + if (key_type_plain(id->key->type) == KEY_RSA && + (datafellows & SSH_BUG_RSASIGMD5) != 0) { + debug("Skipped %s key %s for RSA/MD5 " + "server", key_type(id->key), + id->filename); + } else { + sent = sign_and_send_pubkey( + authctxt, id); + } key_free(id->key); id->key = NULL; } |
