use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
our own implementation. allow use of AES hardware via libcrypto,
ok deraadt@
+ - markus@cvs.openbsd.org 2002/05/31 10:30:33
+ [sshconnect2.c]
+ extent ssh-keysign protocol:
+ pass # of socket-fd to ssh-keysign, keysign verfies locally used
+ ip-address using this socket-fd, restricts fake local hostnames
+ to actual local hostnames; ok stevesk@
20020604
- (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.102 2002/05/25 08:50:39 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.103 2002/05/31 10:30:33 markus Exp $");
#include "ssh.h"
#include "ssh2.h"
Buffer b;
struct stat st;
pid_t pid;
- int to[2], from[2], status, version = 1;
+ int to[2], from[2], status, version = 2;
debug("ssh_keysign called");
close(to[1]);
if (dup2(to[0], STDIN_FILENO) < 0)
fatal("ssh_keysign: dup2: %s", strerror(errno));
+ close(from[1]);
+ close(to[0]);
execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);
fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN,
strerror(errno));
close(to[0]);
buffer_init(&b);
+ buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
buffer_put_string(&b, data, datalen);
msg_send(to[1], version, &b);
close(from[0]);
close(to[1]);
- while (waitpid(pid, &status, 0) < 0)
- if (errno != EINTR)
- break;
+ while (waitpid(pid, &status, 0) < 0)
+ if (errno != EINTR)
+ break;
if (buffer_get_char(&b) != version) {
error("ssh_keysign: bad version");