summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.bin/ssh/ssh.c14
-rw-r--r--usr.bin/ssh/sshconnect1.c5
-rw-r--r--usr.bin/ssh/sshconnect2.c13
3 files changed, 17 insertions, 15 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 2dc44baf131..03b7539cc62 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -39,7 +39,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.73 2000/11/15 19:58:08 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.74 2000/11/23 21:03:47 markus Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
@@ -405,12 +405,18 @@ main(int ac, char **av)
options.cipher = SSH_CIPHER_ILLEGAL;
} else {
/* SSH1 only */
- Cipher *c = cipher_by_name(optarg);
- if (c == NULL || c->number < 0) {
+ options.cipher = cipher_number(optarg);
+ if (options.cipher == -1) {
fprintf(stderr, "Unknown cipher type '%s'\n", optarg);
exit(1);
}
- options.cipher = c->number;
+ if (options.cipher == SSH_CIPHER_3DES) {
+ options.ciphers = "3des-cbc";
+ } else if (options.cipher == SSH_CIPHER_BLOWFISH) {
+ options.ciphers = "blowfish-cbc";
+ } else {
+ options.ciphers = (char *)-1;
+ }
}
break;
case 'p':
diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c
index 227e10b4b9c..32fcdc633c0 100644
--- a/usr.bin/ssh/sshconnect1.c
+++ b/usr.bin/ssh/sshconnect1.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.9 2000/11/12 19:50:38 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.10 2000/11/23 21:03:47 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
@@ -833,7 +833,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
RSA_free(public_key);
RSA_free(host_key);
- if (options.cipher == SSH_CIPHER_ILLEGAL) {
+ if (options.cipher == SSH_CIPHER_ILLEGAL ||
+ !(cipher_mask_ssh1(1) & (1 << options.cipher))) {
log("No valid SSH1 cipher, using %.100s instead.",
cipher_name(ssh_cipher_default));
options.cipher = ssh_cipher_default;
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index bb4774aa46f..69d9c49e3c7 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.28 2000/11/12 19:50:38 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.29 2000/11/23 21:03:47 markus Exp $");
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -74,14 +74,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
Buffer *client_kexinit, *server_kexinit;
char *sprop[PROPOSAL_MAX];
- if (options.ciphers == NULL) {
- if (options.cipher == SSH_CIPHER_3DES) {
- options.ciphers = "3des-cbc";
- } else if (options.cipher == SSH_CIPHER_BLOWFISH) {
- options.ciphers = "blowfish-cbc";
- } else if (options.cipher == SSH_CIPHER_DES) {
- fatal("cipher DES not supported for protocol version 2");
- }
+ if (options.ciphers == (char *)-1) {
+ log("No valid ciphers for protocol version 2 given, using defaults.");
+ options.ciphers = NULL;
}
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =