=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshconnect2.c,v retrieving revision 1.344 retrieving revision 1.345 diff -u -r1.344 -r1.345 --- src/usr.bin/ssh/sshconnect2.c 2021/01/26 05:32:22 1.344 +++ src/usr.bin/ssh/sshconnect2.c 2021/01/27 09:26:54 1.345 @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.344 2021/01/26 05:32:22 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.345 2021/01/27 09:26:54 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -241,11 +241,11 @@ if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) fatal_f("kex_names_cat"); - myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, s); myproposal[PROPOSAL_ENC_ALGS_CTOS] = - compat_cipher_proposal(options.ciphers); + compat_cipher_proposal(ssh, options.ciphers); myproposal[PROPOSAL_ENC_ALGS_STOC] = - compat_cipher_proposal(options.ciphers); + compat_cipher_proposal(ssh, options.ciphers); myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = (char *)compression_alg_list(options.compression); @@ -254,12 +254,12 @@ if (use_known_hosts_order) { /* Query known_hosts and prefer algorithms that appear there */ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = - compat_pkalg_proposal( + compat_pkalg_proposal(ssh, order_hostkeyalgs(host, hostaddr, port, cinfo)); } else { /* Use specified HostkeyAlgorithms exactly */ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = - compat_pkalg_proposal(options.hostkeyalgorithms); + compat_pkalg_proposal(ssh, options.hostkeyalgorithms); } if (options.rekey_limit || options.rekey_interval) @@ -287,7 +287,7 @@ /* remove ext-info from the KEX proposals for rekeying */ myproposal[PROPOSAL_KEX_ALGS] = - compat_kex_proposal(options.kex_algorithms); + compat_kex_proposal(ssh, options.kex_algorithms); if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) fatal_r(r, "kex_prop2buf"); @@ -1181,7 +1181,7 @@ */ if (ssh == NULL || ssh->kex->server_sig_algs == NULL || (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || - (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) { + (key->type == KEY_RSA_CERT && (ssh->compat & SSH_BUG_SIGTYPE))) { /* Filter base key signature alg against our configuration */ return match_list(sshkey_ssh_name(key), options.pubkey_accepted_algos, NULL); @@ -1401,7 +1401,7 @@ sshbuf_free(b); if ((b = sshbuf_new()) == NULL) fatal_f("sshbuf_new failed"); - if (datafellows & SSH_OLD_SESSIONID) { + if (ssh->compat & SSH_OLD_SESSIONID) { if ((r = sshbuf_put(b, session_id2, session_id2_len)) != 0) fatal_fr(r, "sshbuf_put"); @@ -1423,7 +1423,7 @@ /* generate signature */ r = identity_sign(sign_id, &signature, &slen, - sshbuf_ptr(b), sshbuf_len(b), datafellows, alg); + sshbuf_ptr(b), sshbuf_len(b), ssh->compat, alg); if (r == 0) break; else if (r == SSH_ERR_KEY_NOT_FOUND) @@ -1801,12 +1801,12 @@ } static int -try_identity(Identity *id) +try_identity(struct ssh *ssh, Identity *id) { if (!id->key) return (0); if (sshkey_type_plain(id->key->type) == KEY_RSA && - (datafellows & SSH_BUG_RSASIGMD5) != 0) { + (ssh->compat & SSH_BUG_RSASIGMD5) != 0) { debug("Skipped %s key %s for RSA/MD5 server", sshkey_type(id->key), id->filename); return (0); @@ -1834,7 +1834,7 @@ * private key instead */ if (id->key != NULL) { - if (try_identity(id)) { + if (try_identity(ssh, id)) { ident = format_identity(id); debug("Offering public key: %s", ident); free(ident); @@ -1844,7 +1844,7 @@ debug("Trying private key: %s", id->filename); id->key = load_identity_file(id); if (id->key != NULL) { - if (try_identity(id)) { + if (try_identity(ssh, id)) { id->isprivate = 1; sent = sign_and_send_pubkey(ssh, id); }