search for: hostkey_typ

..._char **, u_int *, u_char *, u_int); void (*kex[KEX_MAX])(Kex *); }; diff --git a/kexdhs.c b/kexdhs.c index 1512863..f6d43f2 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -80,9 +80,6 @@ kexdh_server(Kex *kex) if (server_host_public == NULL) fatal("Unsupported hostkey type %d", kex->hostkey_type); server_host_private = kex->load_host_private_key(kex->hostkey_type); - if (server_host_private == NULL) - fatal("Missing private key for hostkey type %d", - kex->hostkey_type); /* key, cert */ if ((dh_client_pub = BN_new()) == NULL) @@ -144,9 +141,8 @@ kexdh_serv...

...SH2_MSG_KEX_ECDH_REPLY); + + /* hostkey */ + server_host_key_blob = packet_get_string(&sbloblen); + server_host_key = key_from_blob(server_host_key_blob, sbloblen); + if (server_host_key == NULL) + fatal("cannot decode server_host_key_blob"); + if (server_host_key->type != kex->hostkey_type) + fatal("type mismatch for decoded server_host_key_blob"); + if (kex->verify_host_key == NULL) + fatal("cannot verify server_host_key"); + if (kex->verify_host_key(server_host_key) == -1) + fatal("server_host_key verification failed"); + + /* Q_S, server pub...

...y alg request from %.200s", client, get_remote_ipaddr()); + else + fatal("no '%.100s' hostkey alg(s) for %.200s", client, get_remote_ipaddr()); + } +/* + * Note that if KEY_UNSPEC is returned, BOTH the client and the server + * have the same bad key string. + */ k->hostkey_type = key_type_from_name(hostkeyalg); if (k->hostkey_type == KEY_UNSPEC) - fatal("bad hostkey alg '%s'", hostkeyalg); + fatal("unknown hostkey alg '%s'", hostkeyalg); xfree(hostkeyalg); } diff -u openssh-6.1p1/packet.c.orig openssh-6.1p1/packet.c --- ope...

...sponse = buffer_get_string(m, &len); + response = buffer_get_binary(m, &len); if (len != 16) fatal("%s: received bad response to challenge", __func__); success = auth_rsa_verify_response(key, ssh1_challenge, response); @@ -1550,11 +1550,11 @@ kex->server = 1; kex->hostkey_type = buffer_get_int(m); kex->kex_type = buffer_get_int(m); - blob = buffer_get_string(m, &bloblen); + blob = buffer_get_binary(m, &bloblen); buffer_init(&kex->my); buffer_append(&kex->my, blob, bloblen); xfree(blob); - blob = buffer_get_string(m, &bloblen); + blob...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |