- (djm) Automatically generate host key during "make install". Suggested
by Gary E. Miller <gem@rellim.com>
- (djm) Paranoia before kill() system call
+ - OpenBSD CVS Updates:
+ - markus@cvs.openbsd.org 2000/06/18 18:50:11
+ [auth2.c compat.c compat.h sshconnect2.c]
+ make userauth+pubkey interop with ssh.com-2.2.0
+ - markus@cvs.openbsd.org 2000/06/18 20:56:17
+ [dsa.c]
+ mem leak + be more paranoid in dsa_verify.
+ - markus@cvs.openbsd.org 2000/06/18 21:29:50
+ [key.c]
+ cleanup fingerprinting, less hardcoded sizes
+ - markus@cvs.openbsd.org 2000/06/19 19:39:45
+ [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
+ [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
+ [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
+ [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
+ [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
+ [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
+ [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
+ [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
+ [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
+ OpenBSD tag
+ - markus@cvs.openbsd.org 2000/06/21 10:46:10
+ sshconnect2.c missing free; nuke old comment
20000620
- (djm) Replace use of '-o' and '-a' logical operators in configure tests
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: atomicio.c,v 1.4 2000/06/20 01:39:37 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: auth-options.c,v 1.2 2000/06/20 01:39:38 markus Exp $");
#include "ssh.h"
#include "packet.h"
#ifndef USE_PAM
-RCSID("$Id$");
+RCSID("$OpenBSD: auth-passwd.c,v 1.16 2000/06/20 01:39:38 markus Exp $");
#include "packet.h"
#include "ssh.h"
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.14 2000/06/20 01:39:38 markus Exp $");
#include "packet.h"
#include "ssh.h"
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.14 2000/06/20 01:39:38 markus Exp $");
#include "packet.h"
#include "ssh.h"
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: auth-rsa.c,v 1.26 2000/06/20 01:39:38 markus Exp $");
#include "rsa.h"
#include "packet.h"
#include "includes.h"
#ifdef SKEY
-RCSID("$Id$");
+RCSID("$OpenBSD: auth-skey.c,v 1.7 2000/06/20 01:39:38 markus Exp $");
#include "ssh.h"
#include "packet.h"
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.10 2000/06/18 04:05:02 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.11 2000/06/19 00:50:11 markus Exp $");
#include <openssl/dsa.h>
#include <openssl/rsa.h>
sig = packet_get_string(&slen);
packet_done();
buffer_init(&b);
- buffer_append(&b, session_id2, session_id2_len);
-
+ if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) {
+ buffer_put_string(&b, session_id2, session_id2_len);
+ } else {
+ buffer_append(&b, session_id2, session_id2_len);
+ }
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, pw->pw_name);
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: authfd.c,v 1.20 2000/06/20 01:39:38 markus Exp $");
#include "ssh.h"
#include "rsa.h"
*
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: authfd.h,v 1.8 2000/06/20 01:39:38 markus Exp $"); */
#ifndef AUTHFD_H
#define AUTHFD_H
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: authfile.c,v 1.17 2000/06/20 01:39:38 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: bufaux.c,v 1.12 2000/06/20 01:39:39 markus Exp $");
#include "ssh.h"
#include <openssl/bn.h>
*
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: bufaux.h,v 1.7 2000/06/20 01:39:39 markus Exp $"); */
#ifndef BUFAUX_H
#define BUFAUX_H
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: buffer.c,v 1.7 2000/06/20 01:39:39 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
*
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: buffer.h,v 1.5 2000/06/20 01:39:39 markus Exp $"); */
#ifndef BUFFER_H
#define BUFFER_H
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: canohost.c,v 1.13 2000/06/20 01:39:39 markus Exp $");
#include "packet.h"
#include "xmalloc.h"
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: channels.c,v 1.62 2000/06/20 01:39:39 markus Exp $");
#include "ssh.h"
#include "packet.h"
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: channels.h,v 1.14 2000/06/20 01:39:40 markus Exp $"); */
#ifndef CHANNELS_H
#define CHANNELS_H
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: cipher.c,v 1.28 2000/06/20 01:39:40 markus Exp $");
#include "ssh.h"
#include "cipher.h"
*
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: cipher.h,v 1.18 2000/06/20 01:39:40 markus Exp $"); */
#ifndef CIPHER_H
#define CIPHER_H
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: clientloop.c,v 1.27 2000/06/20 01:39:40 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: compat.c,v 1.17 2000/06/20 01:39:40 markus Exp $");
#include "ssh.h"
#include "packet.h"
char *version;
int bugs;
} check[] = {
- {"2.2.0", SSH_BUG_HMAC},
+ {"2.2.0", SSH_BUG_HMAC|SSH_COMPAT_SESSIONID_ENCODING},
{"2.1.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC},
{"2.0.1", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD},
{NULL, 0}
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: compat.h,v 1.9 2000/06/20 01:39:40 markus Exp $"); */
#ifndef COMPAT_H
#define COMPAT_H
#define SSH_BUG_PUBKEYAUTH 0x02
#define SSH_BUG_HMAC 0x04
#define SSH_BUG_X11FWD 0x08
+#define SSH_COMPAT_SESSIONID_ENCODING 0x10
void enable_compat13(void);
void enable_compat20(void);
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: compress.c,v 1.8 2000/06/20 01:39:40 markus Exp $");
#include "ssh.h"
#include "buffer.h"
*
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: compress.h,v 1.5 2000/06/20 01:39:40 markus Exp $"); */
#ifndef COMPRESS_H
#define COMPRESS_H
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: crc32.c,v 1.5 2000/06/20 01:39:40 markus Exp $");
#include "crc32.h"
*
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: crc32.h,v 1.6 2000/06/20 01:39:40 markus Exp $"); */
#ifndef CRC32_H
#define CRC32_H
/*
- * $Id$
+ * $OpenBSD: deattack.c,v 1.7 2000/06/20 01:39:41 markus Exp $
* Cryptographic attack detector for ssh - source code
*
* Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: dispatch.c,v 1.3 2000/06/20 01:39:41 markus Exp $");
#include "ssh.h"
#include "dispatch.h"
#include "packet.h"
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: dsa.c,v 1.9 2000/06/20 01:39:41 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
buffer_append(&b, blob, blen);
ktype = buffer_get_string(&b, NULL);
if (strcmp(KEX_DSS, ktype) != 0) {
- error("dsa_key_from_blob: cannot handle type %s", ktype);
+ error("dsa_key_from_blob: cannot handle type %s", ktype);
key_free(key);
return NULL;
}
DSA_SIG *sig;
EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
- char *ktype;
unsigned char *sigblob;
char *txt;
unsigned int len;
len = signaturelen;
} else {
/* ietf-drafts */
+ char *ktype;
buffer_init(&b);
buffer_append(&b, (char *) signature, signaturelen);
ktype = buffer_get_string(&b, NULL);
+ if (strcmp(KEX_DSS, ktype) != 0) {
+ error("dsa_verify: cannot handle type %s", ktype);
+ buffer_free(&b);
+ return -1;
+ }
sigblob = (unsigned char *)buffer_get_string(&b, &len);
rlen = buffer_len(&b);
- if(rlen != 0)
+ if(rlen != 0) {
error("remaining bytes in signature %d", rlen);
+ buffer_free(&b);
+ return -1;
+ }
buffer_free(&b);
+ xfree(ktype);
}
if (len != SIGBLOB_LEN) {
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: fingerprint.c,v 1.7 2000/06/20 01:39:41 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: fingerprint.h,v 1.4 2000/06/20 01:39:41 markus Exp $"); */
#ifndef FINGERPRINT_H
#define FINGERPRINT_H
*
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: getput.h,v 1.4 2000/06/20 01:39:41 markus Exp $"); */
#ifndef GETPUT_H
#define GETPUT_H
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: hmac.c,v 1.3 2000/06/20 01:39:41 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: kex.c,v 1.8 2000/06/20 01:39:41 markus Exp $");
#include "ssh.h"
#include "ssh2.h"
return 0;
}
-#define FPRINT "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x"
-
/*
* Generate key fingerprint in ascii format.
* Based on ideas and code from Bjoern Groenvall <bg@sics.se>
char *
key_fingerprint(Key *k)
{
- static char retval[80];
+ static char retval[(EVP_MAX_MD_SIZE+1)*3];
unsigned char *blob = NULL;
int len = 0;
int nlen, elen;
fatal("key_fingerprint: bad key type %d", k->type);
break;
}
+ retval[0] = '\0';
+
if (blob != NULL) {
- unsigned char d[16];
- EVP_MD_CTX md;
- EVP_DigestInit(&md, EVP_md5());
- EVP_DigestUpdate(&md, blob, len);
- EVP_DigestFinal(&md, d, NULL);
- snprintf(retval, sizeof(retval), FPRINT,
- d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7],
- d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]);
+ int i;
+ unsigned char digest[EVP_MAX_MD_SIZE];
+ EVP_MD *md = EVP_md5();
+ EVP_MD_CTX ctx;
+ EVP_DigestInit(&ctx, md);
+ EVP_DigestUpdate(&ctx, blob, len);
+ EVP_DigestFinal(&ctx, digest, NULL);
+ for(i = 0; i < md->md_size; i++) {
+ char hex[4];
+ snprintf(hex, sizeof(hex), "%02x:", digest[i]);
+ strlcat(retval, hex, sizeof(retval));
+ }
+ retval[strlen(retval) - 1] = '\0';
memset(blob, 0, len);
xfree(blob);
}
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: log-client.c,v 1.9 2000/06/20 01:39:42 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: log-server.c,v 1.15 2000/06/20 01:39:42 markus Exp $");
#include <syslog.h>
#include "packet.h"
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: login.c,v 1.14 2000/06/20 01:39:42 markus Exp $");
#include "loginrec.h"
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: match.c,v 1.8 2000/06/20 01:39:42 markus Exp $");
#include "ssh.h"
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: mpaux.c,v 1.13 2000/06/20 01:39:42 markus Exp $");
#include <openssl/bn.h>
#include "getput.h"
* precision integers.
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: mpaux.h,v 1.7 2000/06/20 01:39:42 markus Exp $"); */
#ifndef MPAUX_H
#define MPAUX_H
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: nchan.c,v 1.18 2000/06/20 01:39:42 markus Exp $");
#include "ssh.h"
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: nchan.h,v 1.8 2000/06/20 01:39:43 markus Exp $"); */
#ifndef NCHAN_H
#define NCHAN_H
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: packet.c,v 1.33 2000/06/20 01:39:43 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
*
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: packet.h,v 1.16 2000/06/20 01:39:43 markus Exp $"); */
#ifndef PACKET_H
#define PACKET_H
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: pty.c,v 1.14 2000/06/20 01:39:43 markus Exp $");
#ifdef HAVE_UTIL_H
# include <util.h>
* tty.
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: pty.h,v 1.7 2000/06/20 01:39:43 markus Exp $"); */
#ifndef PTY_H
#define PTY_H
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: readconf.c,v 1.37 2000/06/20 01:39:43 markus Exp $");
#include "ssh.h"
#include "cipher.h"
*
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.20 2000/06/20 01:39:43 markus Exp $"); */
#ifndef READCONF_H
#define READCONF_H
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: readpass.c,v 1.11 2000/06/20 01:39:44 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: rsa.c,v 1.15 2000/06/20 01:39:44 markus Exp $");
#include "rsa.h"
#include "ssh.h"
*
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: rsa.h,v 1.7 2000/06/20 01:39:44 markus Exp $"); */
#ifndef RSA_H
#define RSA_H
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: scp.c,v 1.32 2000/06/20 01:39:44 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id$
+ * $OpenBSD: scp.c,v 1.32 2000/06/20 01:39:44 markus Exp $
*/
char *
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: servconf.c,v 1.45 2000/06/20 01:39:44 markus Exp $");
#include "ssh.h"
#include "servconf.h"
*
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: servconf.h,v 1.25 2000/06/20 01:39:44 markus Exp $"); */
#ifndef SERVCONF_H
#define SERVCONF_H
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: ssh-add.c,v 1.17 2000/06/20 01:39:44 markus Exp $");
#include <openssl/rsa.h>
#include <openssl/dsa.h>
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.27 2000/06/20 01:39:44 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: ssh.c,v 1.56 2000/06/20 01:39:44 markus Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
*
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: ssh.h,v 1.47 2000/06/20 01:39:45 markus Exp $"); */
#ifndef SSH_H
#define SSH_H
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.13 2000/06/02 02:00:19 todd Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.15 2000/06/21 16:46:10 markus Exp $");
#include <openssl/bn.h>
#include <openssl/rsa.h>
unsigned char *blob, *signature;
int bloblen, slen;
struct stat st;
+ int skip = 0;
if (stat(filename, &st) != 0) {
debug("key does not exist: %s", filename);
success = load_private_key(filename, passphrase, k, NULL);
memset(passphrase, 0, strlen(passphrase));
xfree(passphrase);
- if (!success)
+ if (!success) {
+ key_free(k);
return 0;
+ }
}
dsa_make_key_blob(k, &blob, &bloblen);
/* data to be signed */
buffer_init(&b);
- buffer_append(&b, session_id2, session_id2_len);
+ if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) {
+ buffer_put_string(&b, session_id2, session_id2_len);
+ skip = buffer_len(&b);
+ } else {
+ buffer_append(&b, session_id2, session_id2_len);
+ skip = session_id2_len;
+ }
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, server_user);
buffer_put_cstring(&b,
buffer_dump(&b);
#endif
if (datafellows & SSH_BUG_PUBKEYAUTH) {
- /* e.g. ssh-2.0.13: data-to-be-signed != data-on-the-wire */
buffer_clear(&b);
buffer_append(&b, session_id2, session_id2_len);
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
xfree(signature);
/* skip session id and packet type */
- if (buffer_len(&b) < session_id2_len + 1)
+ if (buffer_len(&b) < skip + 1)
fatal("ssh2_try_pubkey: internal error");
- buffer_consume(&b, session_id2_len + 1);
+ buffer_consume(&b, skip + 1);
/* put remaining data from buffer into packet */
packet_start(SSH2_MSG_USERAUTH_REQUEST);
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: tildexpand.c,v 1.7 2000/06/20 01:39:45 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: ttymodes.c,v 1.7 2000/06/20 01:39:45 markus Exp $");
#include "packet.h"
#include "ssh.h"
*
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: ttymodes.h,v 1.8 2000/06/20 01:39:45 markus Exp $"); */
/* The tty mode description is a stream of bytes. The stream consists of
* opcode-arguments pairs. It is terminated by opcode TTY_OP_END (0).
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: uidswap.c,v 1.7 2000/06/20 01:39:45 markus Exp $");
#include "ssh.h"
#include "uidswap.h"
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: xmalloc.c,v 1.7 2000/06/20 01:39:45 markus Exp $");
#include "ssh.h"
*
*/
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: xmalloc.h,v 1.4 2000/06/20 01:39:45 markus Exp $"); */
#ifndef XMALLOC_H
#define XMALLOC_H