version 1.67, 2000/04/14 10:09:16 |
version 1.68, 2000/04/14 10:30:33 |
|
|
debug("Trying again..."); |
debug("Trying again..."); |
|
|
/* Loop through addresses for this host, and try each one in |
/* Loop through addresses for this host, and try each one in |
sequence until the connection succeeds. */ |
sequence until the connection succeeds. */ |
for (ai = aitop; ai; ai = ai->ai_next) { |
for (ai = aitop; ai; ai = ai->ai_next) { |
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) |
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) |
continue; |
continue; |
|
|
host, ntop, strport); |
host, ntop, strport); |
|
|
/* Create a socket for connecting. */ |
/* Create a socket for connecting. */ |
sock = ssh_create_socket(original_real_uid, |
sock = ssh_create_socket(original_real_uid, |
!anonymous && geteuid() == 0 && port < IPPORT_RESERVED, |
!anonymous && geteuid() == 0 && port < IPPORT_RESERVED, |
ai->ai_family); |
ai->ai_family); |
if (sock < 0) |
if (sock < 0) |
|
|
break; |
break; |
} |
} |
/* FALLTHROUGH */ |
/* FALLTHROUGH */ |
default: |
default: |
mismatch = 1; |
mismatch = 1; |
break; |
break; |
} |
} |
|
|
|
|
debug("Sending KEX init."); |
debug("Sending KEX init."); |
if (options.ciphers != NULL) { |
if (options.ciphers != NULL) { |
myproposal[PROPOSAL_ENC_ALGS_CTOS] = |
myproposal[PROPOSAL_ENC_ALGS_CTOS] = |
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; |
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; |
} else if ( |
} else if ( |
options.cipher == SSH_CIPHER_ARCFOUR || |
options.cipher == SSH_CIPHER_ARCFOUR || |
options.cipher == SSH_CIPHER_3DES_CBC || |
options.cipher == SSH_CIPHER_3DES_CBC || |
options.cipher == SSH_CIPHER_CAST128_CBC || |
options.cipher == SSH_CIPHER_CAST128_CBC || |
options.cipher == SSH_CIPHER_BLOWFISH_CBC) { |
options.cipher == SSH_CIPHER_BLOWFISH_CBC) { |
myproposal[PROPOSAL_ENC_ALGS_CTOS] = |
myproposal[PROPOSAL_ENC_ALGS_CTOS] = |
myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher); |
myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher); |
} |
} |
|
|
fprintf(stderr, "\npub= "); |
fprintf(stderr, "\npub= "); |
bignum_print(dh->pub_key); |
bignum_print(dh->pub_key); |
fprintf(stderr, "\n"); |
fprintf(stderr, "\n"); |
DHparams_print_fp(stderr, dh); |
DHparams_print_fp(stderr, dh); |
#endif |
#endif |
|
|
debug("Wait SSH2_MSG_KEXDH_REPLY."); |
debug("Wait SSH2_MSG_KEXDH_REPLY."); |
|
|
kout = DH_compute_key(kbuf, dh_server_pub, dh); |
kout = DH_compute_key(kbuf, dh_server_pub, dh); |
#ifdef DEBUG_KEXDH |
#ifdef DEBUG_KEXDH |
debug("shared secret: len %d/%d", klen, kout); |
debug("shared secret: len %d/%d", klen, kout); |
fprintf(stderr, "shared secret == "); |
fprintf(stderr, "shared secret == "); |
for (i = 0; i< kout; i++) |
for (i = 0; i< kout; i++) |
fprintf(stderr, "%02x", (kbuf[i])&0xff); |
fprintf(stderr, "%02x", (kbuf[i])&0xff); |
fprintf(stderr, "\n"); |
fprintf(stderr, "\n"); |
#endif |
#endif |
shared_secret = BN_new(); |
shared_secret = BN_new(); |
|
|
BN_bin2bn(kbuf, kout, shared_secret); |
BN_bin2bn(kbuf, kout, shared_secret); |
memset(kbuf, 0, klen); |
memset(kbuf, 0, klen); |
xfree(kbuf); |
xfree(kbuf); |
|
|
|
|
xfree(client_kexinit); |
xfree(client_kexinit); |
xfree(server_kexinit); |
xfree(server_kexinit); |
#ifdef DEBUG_KEXDH |
#ifdef DEBUG_KEXDH |
fprintf(stderr, "hash == "); |
fprintf(stderr, "hash == "); |
for (i = 0; i< 20; i++) |
for (i = 0; i< 20; i++) |
fprintf(stderr, "%02x", (hash[i])&0xff); |
fprintf(stderr, "%02x", (hash[i])&0xff); |
fprintf(stderr, "\n"); |
fprintf(stderr, "\n"); |
#endif |
#endif |
dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20); |
dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20); |
key_free(server_host_key); |
key_free(server_host_key); |