===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/sshconnect1.c,v
retrieving revision 1.3
retrieving revision 1.3.2.2
diff -u -r1.3 -r1.3.2.2
--- src/usr.bin/ssh/Attic/sshconnect1.c	2000/05/08 17:12:16	1.3
+++ src/usr.bin/ssh/Attic/sshconnect1.c	2000/11/08 21:31:29	1.3.2.2
@@ -2,14 +2,18 @@
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
- * Created: Sat Mar 18 22:15:47 1995 ylo
  * Code to connect to a remote host, and to perform the client side of the
  * login (authentication) dialog.
  *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose.  Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.3 2000/05/08 17:12:16 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.3.2.2 2000/11/08 21:31:29 jason Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
@@ -21,12 +25,11 @@
 #include "ssh.h"
 #include "buffer.h"
 #include "packet.h"
-#include "authfd.h"
-#include "cipher.h"
 #include "mpaux.h"
 #include "uidswap.h"
 #include "readconf.h"
 #include "key.h"
+#include "authfd.h"
 #include "sshconnect.h"
 #include "authfile.h"
 
@@ -44,27 +47,27 @@
 int
 try_agent_authentication()
 {
-	int status, type;
+	int type;
 	char *comment;
 	AuthenticationConnection *auth;
 	unsigned char response[16];
 	unsigned int i;
-	BIGNUM *e, *n, *challenge;
+	int plen, clen;
+	Key *key;
+	BIGNUM *challenge;
 
 	/* Get connection to the agent. */
 	auth = ssh_get_authentication_connection();
 	if (!auth)
 		return 0;
 
-	e = BN_new();
-	n = BN_new();
 	challenge = BN_new();
+	key = key_new(KEY_RSA);
 
 	/* Loop through identities served by the agent. */
-	for (status = ssh_get_first_identity(auth, e, n, &comment);
-	     status;
-	     status = ssh_get_next_identity(auth, e, n, &comment)) {
-		int plen, clen;
+	for (key = ssh_get_first_identity(auth, &comment, 1);
+	     key != NULL;
+	     key = ssh_get_next_identity(auth, &comment, 1)) {
 
 		/* Try this identity. */
 		debug("Trying RSA authentication via agent with '%.100s'", comment);
@@ -72,7 +75,7 @@
 
 		/* Tell the server that we are willing to authenticate using this key. */
 		packet_start(SSH_CMSG_AUTH_RSA);
-		packet_put_bignum(n);
+		packet_put_bignum(key->rsa->n);
 		packet_send();
 		packet_write_wait();
 
@@ -83,6 +86,7 @@
 		   does not support RSA authentication. */
 		if (type == SSH_SMSG_FAILURE) {
 			debug("Server refused our key.");
+			key_free(key);
 			continue;
 		}
 		/* Otherwise it should have sent a challenge. */
@@ -97,13 +101,16 @@
 		debug("Received RSA challenge from server.");
 
 		/* Ask the agent to decrypt the challenge. */
-		if (!ssh_decrypt_challenge(auth, e, n, challenge,
-					   session_id, 1, response)) {
-			/* The agent failed to authenticate this identifier although it
-			   advertised it supports this.  Just return a wrong value. */
+		if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) {
+			/*
+			 * The agent failed to authenticate this identifier
+			 * although it advertised it supports this.  Just
+			 * return a wrong value.
+			 */
 			log("Authentication agent failed to decrypt challenge.");
 			memset(response, 0, sizeof(response));
 		}
+		key_free(key);
 		debug("Sending response to RSA challenge.");
 
 		/* Send the decrypted challenge back to the server. */
@@ -118,10 +125,8 @@
 
 		/* The server returns success if it accepted the authentication. */
 		if (type == SSH_SMSG_SUCCESS) {
-			debug("RSA authentication accepted by server.");
-			BN_clear_free(e);
-			BN_clear_free(n);
 			BN_clear_free(challenge);
+			debug("RSA authentication accepted by server.");
 			return 1;
 		}
 		/* Otherwise it should return failure. */
@@ -129,11 +134,7 @@
 			packet_disconnect("Protocol error waiting RSA auth response: %d",
 					  type);
 	}
-
-	BN_clear_free(e);
-	BN_clear_free(n);
 	BN_clear_free(challenge);
-
 	debug("RSA authentication using agent refused.");
 	return 0;
 }
@@ -834,17 +835,11 @@
 
 	if (options.cipher == SSH_CIPHER_ILLEGAL) {
 		log("No valid SSH1 cipher, using %.100s instead.",
-		    cipher_name(SSH_FALLBACK_CIPHER));
-		options.cipher = SSH_FALLBACK_CIPHER;
+		    cipher_name(ssh_cipher_default));
+		options.cipher = ssh_cipher_default;
 	} else if (options.cipher == SSH_CIPHER_NOT_SET) {
-		if (cipher_mask1() & supported_ciphers & (1 << ssh_cipher_default))
+		if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
 			options.cipher = ssh_cipher_default;
-		else {
-			debug("Cipher %s not supported, using %.100s instead.",
-			    cipher_name(ssh_cipher_default),
-			    cipher_name(SSH_FALLBACK_CIPHER));
-			options.cipher = SSH_FALLBACK_CIPHER;
-		}
 	}
 	/* Check that the selected cipher is supported. */
 	if (!(supported_ciphers & (1 << options.cipher)))