| version 1.344, 2021/01/26 05:32:22 |
version 1.345, 2021/01/27 09:26:54 |
|
|
| |
|
| if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) |
if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) |
| fatal_f("kex_names_cat"); |
fatal_f("kex_names_cat"); |
| myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); |
myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, s); |
| myproposal[PROPOSAL_ENC_ALGS_CTOS] = |
myproposal[PROPOSAL_ENC_ALGS_CTOS] = |
| compat_cipher_proposal(options.ciphers); |
compat_cipher_proposal(ssh, options.ciphers); |
| myproposal[PROPOSAL_ENC_ALGS_STOC] = |
myproposal[PROPOSAL_ENC_ALGS_STOC] = |
| compat_cipher_proposal(options.ciphers); |
compat_cipher_proposal(ssh, options.ciphers); |
| myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
| myproposal[PROPOSAL_COMP_ALGS_STOC] = |
myproposal[PROPOSAL_COMP_ALGS_STOC] = |
| (char *)compression_alg_list(options.compression); |
(char *)compression_alg_list(options.compression); |
|
|
| if (use_known_hosts_order) { |
if (use_known_hosts_order) { |
| /* Query known_hosts and prefer algorithms that appear there */ |
/* Query known_hosts and prefer algorithms that appear there */ |
| myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = |
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = |
| compat_pkalg_proposal( |
compat_pkalg_proposal(ssh, |
| order_hostkeyalgs(host, hostaddr, port, cinfo)); |
order_hostkeyalgs(host, hostaddr, port, cinfo)); |
| } else { |
} else { |
| /* Use specified HostkeyAlgorithms exactly */ |
/* Use specified HostkeyAlgorithms exactly */ |
| myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = |
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = |
| compat_pkalg_proposal(options.hostkeyalgorithms); |
compat_pkalg_proposal(ssh, options.hostkeyalgorithms); |
| } |
} |
| |
|
| if (options.rekey_limit || options.rekey_interval) |
if (options.rekey_limit || options.rekey_interval) |
|
|
| |
|
| /* remove ext-info from the KEX proposals for rekeying */ |
/* remove ext-info from the KEX proposals for rekeying */ |
| myproposal[PROPOSAL_KEX_ALGS] = |
myproposal[PROPOSAL_KEX_ALGS] = |
| compat_kex_proposal(options.kex_algorithms); |
compat_kex_proposal(ssh, options.kex_algorithms); |
| if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) |
if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) |
| fatal_r(r, "kex_prop2buf"); |
fatal_r(r, "kex_prop2buf"); |
| |
|
|
|
| */ |
*/ |
| if (ssh == NULL || ssh->kex->server_sig_algs == NULL || |
if (ssh == NULL || ssh->kex->server_sig_algs == NULL || |
| (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || |
(key->type != KEY_RSA && key->type != KEY_RSA_CERT) || |
| (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) { |
(key->type == KEY_RSA_CERT && (ssh->compat & SSH_BUG_SIGTYPE))) { |
| /* Filter base key signature alg against our configuration */ |
/* Filter base key signature alg against our configuration */ |
| return match_list(sshkey_ssh_name(key), |
return match_list(sshkey_ssh_name(key), |
| options.pubkey_accepted_algos, NULL); |
options.pubkey_accepted_algos, NULL); |
|
|
| sshbuf_free(b); |
sshbuf_free(b); |
| if ((b = sshbuf_new()) == NULL) |
if ((b = sshbuf_new()) == NULL) |
| fatal_f("sshbuf_new failed"); |
fatal_f("sshbuf_new failed"); |
| if (datafellows & SSH_OLD_SESSIONID) { |
if (ssh->compat & SSH_OLD_SESSIONID) { |
| if ((r = sshbuf_put(b, session_id2, |
if ((r = sshbuf_put(b, session_id2, |
| session_id2_len)) != 0) |
session_id2_len)) != 0) |
| fatal_fr(r, "sshbuf_put"); |
fatal_fr(r, "sshbuf_put"); |
|
|
| |
|
| /* generate signature */ |
/* generate signature */ |
| r = identity_sign(sign_id, &signature, &slen, |
r = identity_sign(sign_id, &signature, &slen, |
| sshbuf_ptr(b), sshbuf_len(b), datafellows, alg); |
sshbuf_ptr(b), sshbuf_len(b), ssh->compat, alg); |
| if (r == 0) |
if (r == 0) |
| break; |
break; |
| else if (r == SSH_ERR_KEY_NOT_FOUND) |
else if (r == SSH_ERR_KEY_NOT_FOUND) |
|
|
| } |
} |
| |
|
| static int |
static int |
| try_identity(Identity *id) |
try_identity(struct ssh *ssh, Identity *id) |
| { |
{ |
| if (!id->key) |
if (!id->key) |
| return (0); |
return (0); |
| if (sshkey_type_plain(id->key->type) == KEY_RSA && |
if (sshkey_type_plain(id->key->type) == KEY_RSA && |
| (datafellows & SSH_BUG_RSASIGMD5) != 0) { |
(ssh->compat & SSH_BUG_RSASIGMD5) != 0) { |
| debug("Skipped %s key %s for RSA/MD5 server", |
debug("Skipped %s key %s for RSA/MD5 server", |
| sshkey_type(id->key), id->filename); |
sshkey_type(id->key), id->filename); |
| return (0); |
return (0); |
|
|
| * private key instead |
* private key instead |
| */ |
*/ |
| if (id->key != NULL) { |
if (id->key != NULL) { |
| if (try_identity(id)) { |
if (try_identity(ssh, id)) { |
| ident = format_identity(id); |
ident = format_identity(id); |
| debug("Offering public key: %s", ident); |
debug("Offering public key: %s", ident); |
| free(ident); |
free(ident); |
|
|
| debug("Trying private key: %s", id->filename); |
debug("Trying private key: %s", id->filename); |
| id->key = load_identity_file(id); |
id->key = load_identity_file(id); |
| if (id->key != NULL) { |
if (id->key != NULL) { |
| if (try_identity(id)) { |
if (try_identity(ssh, id)) { |
| id->isprivate = 1; |
id->isprivate = 1; |
| sent = sign_and_send_pubkey(ssh, id); |
sent = sign_and_send_pubkey(ssh, id); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshconnect2.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh