diff options
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 3bddd7cc..99ffb2c4 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.8 2000/05/07 18:23:32 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.10 2000/05/08 17:42:25 markus Exp $"); #include <openssl/bn.h> #include <openssl/rsa.h> @@ -96,13 +96,14 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) if (options.ciphers != NULL) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; - } else if ( - options.cipher == SSH_CIPHER_ARCFOUR || - options.cipher == SSH_CIPHER_3DES_CBC || - options.cipher == SSH_CIPHER_CAST128_CBC || - options.cipher == SSH_CIPHER_BLOWFISH_CBC) { + } else if (options.cipher == SSH_CIPHER_3DES) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = - myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher); + myproposal[PROPOSAL_ENC_ALGS_STOC] = + cipher_name(SSH_CIPHER_3DES_CBC); + } else if (options.cipher == SSH_CIPHER_BLOWFISH) { + myproposal[PROPOSAL_ENC_ALGS_CTOS] = + myproposal[PROPOSAL_ENC_ALGS_STOC] = + cipher_name(SSH_CIPHER_BLOWFISH_CBC); } if (options.compression) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib"; @@ -344,12 +345,14 @@ ssh2_try_pubkey(char *filename, buffer_append(&b, session_id2, session_id2_len); buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); buffer_put_cstring(&b, server_user); - buffer_put_cstring(&b, service); + buffer_put_cstring(&b, + datafellows & SSH_BUG_PUBKEYAUTH ? + "ssh-userauth" : + service); buffer_put_cstring(&b, "publickey"); buffer_put_char(&b, 1); buffer_put_cstring(&b, KEX_DSS); buffer_put_string(&b, blob, bloblen); - xfree(blob); /* generate signature */ dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); @@ -357,6 +360,19 @@ ssh2_try_pubkey(char *filename, #ifdef DEBUG_DSS buffer_dump(&b); #endif + if (datafellows & SSH_BUG_PUBKEYAUTH) { + /* e.g. ssh-2.0.13: data-to-be-signed != data-on-the-wire */ + buffer_clear(&b); + buffer_append(&b, session_id2, session_id2_len); + buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); + buffer_put_cstring(&b, server_user); + buffer_put_cstring(&b, service); + buffer_put_cstring(&b, "publickey"); + buffer_put_char(&b, 1); + buffer_put_cstring(&b, KEX_DSS); + buffer_put_string(&b, blob, bloblen); + } + xfree(blob); /* append signature */ buffer_put_string(&b, signature, slen); xfree(signature); |