-/* $OpenBSD: kex.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kex.c,v 1.79 2007/06/05 06:52:37 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
static void kex_choose_conf(Kex *);
/* put algorithm proposal into buffer */
+/* used in sshconnect.c as well as kex.c */
void
kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
{
kex_buf2prop(Buffer *raw, int *first_kex_follows)
{
Buffer b;
- int i;
+ u_int i;
char **proposal;
proposal = xcalloc(PROPOSAL_MAX, sizeof(char *));
*first_kex_follows = i;
debug2("kex_parse_kexinit: first_kex_follows %d ", i);
i = buffer_get_int(&b);
- debug2("kex_parse_kexinit: reserved %d ", i);
+ debug2("kex_parse_kexinit: reserved %u ", i);
buffer_free(&b);
return proposal;
}
xfree(proposal);
}
+/* ARGSUSED */
static void
kex_protocol_error(int type, u_int32_t seq, void *ctxt)
{
kex->flags |= KEX_INIT_SENT;
}
+/* ARGSUSED */
void
kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
{
{
char *name = match_list(client, server, NULL);
if (name == NULL)
- fatal("no matching cipher found: client %s server %s", client, server);
+ fatal("no matching cipher found: client %s server %s",
+ client, server);
if ((enc->cipher = cipher_by_name(name)) == NULL)
fatal("matching cipher is not supported: %s", name);
enc->name = name;
{
char *name = match_list(client, server, NULL);
if (name == NULL)
- fatal("no matching mac found: client %s server %s", client, server);
- if (mac_init(mac, name) < 0)
+ fatal("no matching mac found: client %s server %s",
+ client, server);
+ if (mac_setup(mac, name) < 0)
fatal("unsupported mac %s", name);
/* truncate the key */
if (datafellows & SSH_BUG_HMAC)
{
k->name = match_list(client, server, NULL);
if (k->name == NULL)
- fatal("no kex alg");
+ fatal("Unable to negotiate a key exchange method");
if (strcmp(k->name, KEX_DH1) == 0) {
k->kex_type = KEX_DH_GRP1_SHA1;
k->evp_md = EVP_sha1();
u_int mode, ctos, need;
int first_kex_follows, type;
+ int auth_flag;
+
+ auth_flag = packet_authentication_state();
+
+ debug ("AUTH STATE IS %d", auth_flag);
+
my = kex_buf2prop(&kex->my, NULL);
peer = kex_buf2prop(&kex->peer, &first_kex_follows);
for (mode = 0; mode < MODE_MAX; mode++) {
newkeys = xcalloc(1, sizeof(*newkeys));
kex->newkeys[mode] = newkeys;
- ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN);
+ ctos = (!kex->server && mode == MODE_OUT) ||
+ (kex->server && mode == MODE_IN);
nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC;
nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC;
ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC;
choose_enc (&newkeys->enc, cprop[nenc], sprop[nenc]);
choose_mac (&newkeys->mac, cprop[nmac], sprop[nmac]);
choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
+ debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
+ if (strcmp(newkeys->enc.name, "none") == 0) {
+ debug("Requesting NONE. Authflag is %d", auth_flag);
+ if (auth_flag == 1) {
+ debug("None requested post authentication.");
+ } else {
+ fatal("Pre-authentication none cipher requests are not allowed.");
+ }
+ }
debug("kex: %s %s %s %s",
ctos ? "client->server" : "server->client",
newkeys->enc.name,
u_int i;
fprintf(stderr, "%s\n", msg);
- for (i = 0; i< len; i++) {
+ for (i = 0; i < len; i++) {
fprintf(stderr, "%02x", digest[i]);
if (i%32 == 31)
fprintf(stderr, "\n");