diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2000-11-23 21:03:48 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2000-11-23 21:03:48 +0000 |
commit | 5939cf57cf668133ec0975b60d75af3ee37da41d (patch) | |
tree | c84084f5bc408f196d0779490b00ab08fb189d98 /usr.bin | |
parent | 2ad6ff4601683278154901b9f31bc4b6ae136b6c (diff) |
complain about invalid ciphers for ssh1/ssh2, fall back to reasonable defaults
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/ssh/ssh.c | 14 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect1.c | 5 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect2.c | 13 |
3 files changed, 17 insertions, 15 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 2dc44baf131..03b7539cc62 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.73 2000/11/15 19:58:08 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.74 2000/11/23 21:03:47 markus Exp $"); #include <openssl/evp.h> #include <openssl/dsa.h> @@ -405,12 +405,18 @@ main(int ac, char **av) options.cipher = SSH_CIPHER_ILLEGAL; } else { /* SSH1 only */ - Cipher *c = cipher_by_name(optarg); - if (c == NULL || c->number < 0) { + options.cipher = cipher_number(optarg); + if (options.cipher == -1) { fprintf(stderr, "Unknown cipher type '%s'\n", optarg); exit(1); } - options.cipher = c->number; + if (options.cipher == SSH_CIPHER_3DES) { + options.ciphers = "3des-cbc"; + } else if (options.cipher == SSH_CIPHER_BLOWFISH) { + options.ciphers = "blowfish-cbc"; + } else { + options.ciphers = (char *)-1; + } } break; case 'p': diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c index 227e10b4b9c..32fcdc633c0 100644 --- a/usr.bin/ssh/sshconnect1.c +++ b/usr.bin/ssh/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.9 2000/11/12 19:50:38 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.10 2000/11/23 21:03:47 markus Exp $"); #include <openssl/bn.h> #include <openssl/dsa.h> @@ -833,7 +833,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr) RSA_free(public_key); RSA_free(host_key); - if (options.cipher == SSH_CIPHER_ILLEGAL) { + if (options.cipher == SSH_CIPHER_ILLEGAL || + !(cipher_mask_ssh1(1) & (1 << options.cipher))) { log("No valid SSH1 cipher, using %.100s instead.", cipher_name(ssh_cipher_default)); options.cipher = ssh_cipher_default; diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index bb4774aa46f..69d9c49e3c7 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.28 2000/11/12 19:50:38 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.29 2000/11/23 21:03:47 markus Exp $"); #include <openssl/bn.h> #include <openssl/rsa.h> @@ -74,14 +74,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) Buffer *client_kexinit, *server_kexinit; char *sprop[PROPOSAL_MAX]; - if (options.ciphers == NULL) { - if (options.cipher == SSH_CIPHER_3DES) { - options.ciphers = "3des-cbc"; - } else if (options.cipher == SSH_CIPHER_BLOWFISH) { - options.ciphers = "blowfish-cbc"; - } else if (options.cipher == SSH_CIPHER_DES) { - fatal("cipher DES not supported for protocol version 2"); - } + if (options.ciphers == (char *)-1) { + log("No valid ciphers for protocol version 2 given, using defaults."); + options.ciphers = NULL; } if (options.ciphers != NULL) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = |