[BACK]Return to sshconnect2.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshconnect2.c between version 1.363 and 1.364

version 1.363, 2023/03/03 02:34:29 version 1.364, 2023/03/06 12:14:48
Line 51 
Line 51 
 #include "cipher.h"  #include "cipher.h"
 #include "sshkey.h"  #include "sshkey.h"
 #include "kex.h"  #include "kex.h"
 #include "myproposal.h"  
 #include "sshconnect.h"  #include "sshconnect.h"
 #include "authfile.h"  #include "authfile.h"
 #include "dh.h"  #include "dh.h"
Line 216 
Line 215 
 ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,  ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
     const struct ssh_conn_info *cinfo)      const struct ssh_conn_info *cinfo)
 {  {
         char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };          char *myproposal[PROPOSAL_MAX];
         char *s, *all_key;          char *s, *all_key, *hkalgs = NULL;
         char *prop_kex = NULL, *prop_enc = NULL, *prop_hostkey = NULL;          int r;
         int r, use_known_hosts_order = 0;  
   
         xxx_host = host;          xxx_host = host;
         xxx_hostaddr = hostaddr;          xxx_hostaddr = hostaddr;
         xxx_conn_info = cinfo;          xxx_conn_info = cinfo;
   
         /*          if (options.rekey_limit || options.rekey_interval)
          * If the user has not specified HostkeyAlgorithms, or has only                  ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
          * appended or removed algorithms from that list then prefer algorithms                      options.rekey_interval);
          * that are in the list that are supported by known_hosts keys.  
          */  
         if (options.hostkeyalgorithms == NULL ||  
             options.hostkeyalgorithms[0] == '-' ||  
             options.hostkeyalgorithms[0] == '+')  
                 use_known_hosts_order = 1;  
   
         /* Expand or fill in HostkeyAlgorithms */          /* Expand or fill in HostkeyAlgorithms */
         all_key = sshkey_alg_list(0, 0, 1, ',');          all_key = sshkey_alg_list(0, 0, 1, ',');
Line 244 
Line 236 
   
         if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)          if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
                 fatal_f("kex_names_cat");                  fatal_f("kex_names_cat");
         myproposal[PROPOSAL_KEX_ALGS] = prop_kex = compat_kex_proposal(ssh, s);  
         myproposal[PROPOSAL_ENC_ALGS_CTOS] =  
             myproposal[PROPOSAL_ENC_ALGS_STOC] = prop_enc =  
             compat_cipher_proposal(ssh, options.ciphers);  
         myproposal[PROPOSAL_COMP_ALGS_CTOS] =  
             myproposal[PROPOSAL_COMP_ALGS_STOC] =  
             (char *)compression_alg_list(options.compression);  
         myproposal[PROPOSAL_MAC_ALGS_CTOS] =  
             myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;  
         if (use_known_hosts_order) {  
                 /* Query known_hosts and prefer algorithms that appear there */  
                 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = prop_hostkey =  
                     compat_pkalg_proposal(ssh,  
                     order_hostkeyalgs(host, hostaddr, port, cinfo));  
         } else {  
                 /* Use specified HostkeyAlgorithms exactly */  
                 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = prop_hostkey =  
                     compat_pkalg_proposal(ssh, options.hostkeyalgorithms);  
         }  
   
         if (options.rekey_limit || options.rekey_interval)          /*
                 ssh_packet_set_rekey_limits(ssh, options.rekey_limit,           * If the user has not specified HostkeyAlgorithms, or has only
                     options.rekey_interval);           * appended or removed algorithms from that list then prefer algorithms
            * that are in the list that are supported by known_hosts keys.
            */
           if (options.hostkeyalgorithms == NULL ||
               options.hostkeyalgorithms[0] == '-' ||
               options.hostkeyalgorithms[0] == '+')
                   hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo);
   
           kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers,
               options.macs, compression_alg_list(options.compression),
               hkalgs ? hkalgs : options.hostkeyalgorithms);
   
           free(hkalgs);
   
         /* start key exchange */          /* start key exchange */
         if ((r = kex_setup(ssh, myproposal)) != 0)          if ((r = kex_setup(ssh, myproposal)) != 0)
                 fatal_r(r, "kex_setup");                  fatal_r(r, "kex_setup");
Line 288 
Line 273 
         ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);          ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);
   
         /* remove ext-info from the KEX proposals for rekeying */          /* remove ext-info from the KEX proposals for rekeying */
           free(myproposal[PROPOSAL_KEX_ALGS]);
         myproposal[PROPOSAL_KEX_ALGS] =          myproposal[PROPOSAL_KEX_ALGS] =
             compat_kex_proposal(ssh, options.kex_algorithms);              compat_kex_proposal(ssh, options.kex_algorithms);
         if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)          if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
Line 301 
Line 287 
             (r = ssh_packet_write_wait(ssh)) != 0)              (r = ssh_packet_write_wait(ssh)) != 0)
                 fatal_fr(r, "send packet");                  fatal_fr(r, "send packet");
 #endif  #endif
         /* Free only parts of proposal that were dynamically allocated here. */          kex_proposal_free_entries(myproposal);
         free(prop_kex);  
         free(prop_enc);  
         free(prop_hostkey);  
 }  }
   
 /*  /*
Legend:
Removed from v.1.363  
changed lines
  Added in v.1.364