remove global variable used to stash compat flags and use the

purpose-built ssh->compat variable instead; feedback/ok markus@

diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c
index fe54850..06a3cc0 100644 (file)
--- a/usr.bin/ssh/channels.c
+++ b/usr.bin/ssh/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.403 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.404 2021/01/27 09:26:53 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2964,7 +2964,7 @@ channel_input_extended_data(int type, u_int32_t seq, struct ssh *ssh)
                return 0;
        }
        if (c->flags & CHAN_EOF_RCVD) {
-               if (datafellows & SSH_BUG_EXTEOF)
+               if (ssh->compat & SSH_BUG_EXTEOF)
                        debug("channel %d: accepting ext data after eof",
                            c->self);
                else
@@ -3227,7 +3227,7 @@ channel_fwd_bind_addr(struct ssh *ssh, const char *listen_addr, int *wildcardp,
                if (fwd_opts->gateway_ports)
                        wildcard = 1;
        } else if (fwd_opts->gateway_ports || is_client) {
-               if (((datafellows & SSH_OLD_FORWARD_ADDR) &&
+               if (((ssh->compat & SSH_OLD_FORWARD_ADDR) &&
                    strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) ||
                    *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 ||
                    (!is_client && fwd_opts->gateway_ports == 1)) {
@@ -3408,7 +3408,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type,
                c->host_port = fwd->connect_port;
                c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
                if (fwd->listen_port == 0 && allocated_listen_port != NULL &&
-                   !(datafellows & SSH_BUG_DYNAMIC_RPORT))
+                   !(ssh->compat & SSH_BUG_DYNAMIC_RPORT))
                        c->listening_port = *allocated_listen_port;
                else
                        c->listening_port = fwd->listen_port;
@@ -4046,7 +4046,7 @@ channel_update_permission(struct ssh *ssh, int idx, int newport)
                fwd_perm_clear(&pset->permitted_user[idx]);
        else {
                pset->permitted_user[idx].listen_port =
-                   (datafellows & SSH_BUG_DYNAMIC_RPORT) ? 0 : newport;
+                   (ssh->compat & SSH_BUG_DYNAMIC_RPORT) ? 0 : newport;
        }
 }
 

diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c
index dddbe34..c70c164 100644 (file)
--- a/usr.bin/ssh/clientloop.c
+++ b/usr.bin/ssh/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.356 2020/12/20 23:36:51 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.357 2021/01/27 09:26:54 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1016,7 +1016,7 @@ process_escapes(struct ssh *ssh, Channel *c,
                                continue;
 
                        case 'R':
-                               if (datafellows & SSH_BUG_NOREKEY)
+                               if (ssh->compat & SSH_BUG_NOREKEY)
                                        logit("Server does not "
                                            "support re-keying");
                                else

diff --git a/usr.bin/ssh/compat.c b/usr.bin/ssh/compat.c
index 95ee4eb..8514e0a 100644 (file)
--- a/usr.bin/ssh/compat.c
+++ b/usr.bin/ssh/compat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.116 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: compat.c,v 1.117 2021/01/27 09:26:54 djm Exp $ */
 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  *
@@ -36,11 +36,9 @@
 #include "match.h"
 #include "kex.h"
 
-int datafellows = 0;
-
-/* datafellows bug compatibility */
-u_int
-compat_datafellows(const char *version)
+/* determine bug flags from SSH protocol banner */
+void
+compat_banner(struct ssh *ssh, const char *version)
 {
        int i;
        static struct {
@@ -143,22 +141,22 @@ compat_datafellows(const char *version)
        };
 
        /* process table, return first match */
+       ssh->compat = 0;
        for (i = 0; check[i].pat; i++) {
                if (match_pattern_list(version, check[i].pat, 0) == 1) {
-                       debug("match: %s pat %s compat 0x%08x",
+                       debug_f("match: %s pat %s compat 0x%08x",
                            version, check[i].pat, check[i].bugs);
-                       datafellows = check[i].bugs;    /* XXX for now */
-                       return check[i].bugs;
+                       ssh->compat = check[i].bugs;
+                       return;
                }
        }
-       debug("no match: %s", version);
-       return 0;
+       debug_f("no match: %s", version);
 }
 
 char *
-compat_cipher_proposal(char *cipher_prop)
+compat_cipher_proposal(struct ssh *ssh, char *cipher_prop)
 {
-       if (!(datafellows & SSH_BUG_BIGENDIANAES))
+       if (!(ssh->compat & SSH_BUG_BIGENDIANAES))
                return cipher_prop;
        debug2_f("original cipher proposal: %s", cipher_prop);
        if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL)
@@ -170,9 +168,9 @@ compat_cipher_proposal(char *cipher_prop)
 }
 
 char *
-compat_pkalg_proposal(char *pkalg_prop)
+compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop)
 {
-       if (!(datafellows & SSH_BUG_RSASIGMD5))
+       if (!(ssh->compat & SSH_BUG_RSASIGMD5))
                return pkalg_prop;
        debug2_f("original public key proposal: %s", pkalg_prop);
        if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL)
@@ -184,16 +182,16 @@ compat_pkalg_proposal(char *pkalg_prop)
 }
 
 char *
-compat_kex_proposal(char *p)
+compat_kex_proposal(struct ssh *ssh, char *p)
 {
-       if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
+       if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
                return p;
        debug2_f("original KEX proposal: %s", p);
-       if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
+       if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0)
                if ((p = match_filter_denylist(p,
                    "curve25519-sha256@libssh.org")) == NULL)
                        fatal("match_filter_denylist failed");
-       if ((datafellows & SSH_OLD_DHGEX) != 0) {
+       if ((ssh->compat & SSH_OLD_DHGEX) != 0) {
                if ((p = match_filter_denylist(p,
                    "diffie-hellman-group-exchange-sha256,"
                    "diffie-hellman-group-exchange-sha1")) == NULL)

diff --git a/usr.bin/ssh/compat.h b/usr.bin/ssh/compat.h
index 66db42c..c197faf 100644 (file)
--- a/usr.bin/ssh/compat.h
+++ b/usr.bin/ssh/compat.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.h,v 1.55 2020/06/01 07:11:38 dtucker Exp $ */
+/* $OpenBSD: compat.h,v 1.56 2021/01/27 09:26:54 djm Exp $ */
 
 /*
  * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
@@ -58,10 +58,10 @@
 #define SSH_BUG_HOSTKEYS       0x20000000
 #define SSH_BUG_DHGEX_LARGE    0x40000000
 
-u_int    compat_datafellows(const char *);
-char   *compat_cipher_proposal(char *);
-char   *compat_pkalg_proposal(char *);
-char   *compat_kex_proposal(char *);
+struct ssh;
 
-extern int datafellows;
+void    compat_banner(struct ssh *, const char *);
+char   *compat_cipher_proposal(struct ssh *, char *);
+char   *compat_pkalg_proposal(struct ssh *, char *);
+char   *compat_kex_proposal(struct ssh *, char *);
 #endif

diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c
index 255fe8d..393330d 100644 (file)
--- a/usr.bin/ssh/kex.c
+++ b/usr.bin/ssh/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.163 2020/12/29 00:59:15 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.164 2021/01/27 09:26:54 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -1305,7 +1305,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
        }
        debug("Remote protocol version %d.%d, remote software version %.100s",
            remote_major, remote_minor, remote_version);
-       ssh->compat = compat_datafellows(remote_version);
+       compat_banner(ssh, remote_version);
 
        mismatch = 0;
        switch (remote_major) {

diff --git a/usr.bin/ssh/kexgexc.c b/usr.bin/ssh/kexgexc.c
index e8749ef..6e00904 100644 (file)
--- a/usr.bin/ssh/kexgexc.c
+++ b/usr.bin/ssh/kexgexc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexc.c,v 1.35 2019/11/25 00:51:37 djm Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.36 2021/01/27 09:26:54 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -61,7 +61,7 @@ kexgex_client(struct ssh *ssh)
        kex->min = DH_GRP_MIN;
        kex->max = DH_GRP_MAX;
        kex->nbits = nbits;
-       if (datafellows & SSH_BUG_DHGEX_LARGE)
+       if (ssh->compat & SSH_BUG_DHGEX_LARGE)
                kex->nbits = MINIMUM(kex->nbits, 4096);
        /* New GEX request */
        if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 ||

diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c
index 586f39a..5029f4f 100644 (file)
--- a/usr.bin/ssh/monitor.c
+++ b/usr.bin/ssh/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.221 2021/01/26 05:32:21 dtucker Exp $ */
+/* $OpenBSD: monitor.c,v 1.222 2021/01/27 09:26:54 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -926,7 +926,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
        if (key != NULL && authctxt->valid) {
                /* These should not make it past the privsep child */
                if (sshkey_type_plain(key->type) == KEY_RSA &&
-                   (datafellows & SSH_BUG_RSASIGMD5) != 0)
+                   (ssh->compat & SSH_BUG_RSASIGMD5) != 0)
                        fatal_f("passed a SSH_BUG_RSASIGMD5 key");
 
                switch (type) {
@@ -1003,7 +1003,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
 }
 
 static int
-monitor_valid_userblob(const u_char *data, u_int datalen)
+monitor_valid_userblob(struct ssh *ssh, const u_char *data, u_int datalen)
 {
        struct sshbuf *b;
        const u_char *p;
@@ -1015,7 +1015,7 @@ monitor_valid_userblob(const u_char *data, u_int datalen)
        if ((b = sshbuf_from(data, datalen)) == NULL)
                fatal_f("sshbuf_from");
 
-       if (datafellows & SSH_OLD_SESSIONID) {
+       if (ssh->compat & SSH_OLD_SESSIONID) {
                p = sshbuf_ptr(b);
                len = sshbuf_len(b);
                if ((session_id2 == NULL) ||
@@ -1169,7 +1169,7 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
 
        switch (key_blobtype) {
        case MM_USERKEY:
-               valid_data = monitor_valid_userblob(data, datalen);
+               valid_data = monitor_valid_userblob(ssh, data, datalen);
                auth_method = "publickey";
                break;
        case MM_HOSTKEY:

diff --git a/usr.bin/ssh/nchan.c b/usr.bin/ssh/nchan.c
index 9adf901..a775b71 100644 (file)
--- a/usr.bin/ssh/nchan.c
+++ b/usr.bin/ssh/nchan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: nchan.c,v 1.71 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: nchan.c,v 1.72 2021/01/27 09:26:54 djm Exp $ */
 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  *
@@ -231,7 +231,7 @@ chan_send_eow2(struct ssh *ssh, Channel *c)
                    c->self);
                return;
        }
-       if (!(datafellows & SSH_NEW_OPENSSH))
+       if (!(ssh->compat & SSH_NEW_OPENSSH))
                return;
        if (!c->have_remote_id)
                fatal_f("channel %d: no remote_id", c->self);
@@ -332,7 +332,7 @@ chan_is_dead(struct ssh *ssh, Channel *c, int do_send)
        }
        if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED)
                return 0;
-       if ((datafellows & SSH_BUG_EXTEOF) &&
+       if ((ssh->compat & SSH_BUG_EXTEOF) &&
            c->extended_usage == CHAN_EXTENDED_WRITE &&
            c->efd != -1 &&
            sshbuf_len(c->extended) > 0) {

diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c
index 4bd0bb2..bae2d58 100644 (file)
--- a/usr.bin/ssh/ssh-keyscan.c
+++ b/usr.bin/ssh/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.138 2020/12/29 00:59:15 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.139 2021/01/27 09:26:54 djm Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -504,11 +504,10 @@ congreet(int s)
                fatal("ssh_packet_set_connection failed");
        ssh_packet_set_timeout(c->c_ssh, timeout, 1);
        ssh_set_app_data(c->c_ssh, c);  /* back link */
+       c->c_ssh->compat = 0;
        if (sscanf(buf, "SSH-%d.%d-%[^\n]\n",
            &remote_major, &remote_minor, remote_version) == 3)
-               c->c_ssh->compat = compat_datafellows(remote_version);
-       else
-               c->c_ssh->compat = 0;
+               compat_banner(c->c_ssh, remote_version);
        if (!ssh2_capable(remote_major, remote_minor)) {
                debug("%s doesn't support ssh2", c->c_name);
                confree(s);

diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 253df18..c929995 100644 (file)
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.548 2021/01/26 05:32:22 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.549 2021/01/27 09:26:54 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2097,7 +2097,7 @@ ssh_session2(struct ssh *ssh, const struct ssh_conn_info *cinfo)
 
        /* If we don't expect to open a new session, then disallow it */
        if (options.control_master == SSHCTL_MASTER_NO &&
-           (datafellows & SSH_NEW_OPENSSH)) {
+           (ssh->compat & SSH_NEW_OPENSSH)) {
                debug("Requesting no-more-sessions@openssh.com");
                if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
                    (r = sshpkt_put_cstring(ssh,

diff --git a/usr.bin/ssh/ssh_api.c b/usr.bin/ssh/ssh_api.c
index 3a4792a..27b9c9e 100644 (file)
--- a/usr.bin/ssh/ssh_api.c
+++ b/usr.bin/ssh/ssh_api.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh_api.c,v 1.24 2020/12/29 00:59:15 djm Exp $ */
+/* $OpenBSD: ssh_api.c,v 1.25 2021/01/27 09:26:54 djm Exp $ */
 /*
  * Copyright (c) 2012 Markus Friedl.  All rights reserved.
  *
@@ -386,7 +386,7 @@ _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)
        debug("Remote protocol version %d.%d, remote software version %.100s",
            remote_major, remote_minor, remote_version);
 
-       ssh->compat = compat_datafellows(remote_version);
+       compat_banner(ssh, remote_version);
        if  (remote_major == 1 && remote_minor == 99) {
                remote_major = 2;
                remote_minor = 0;

diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 28837b4..29e71e9 100644 (file)
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.344 2021/01/26 05:32:22 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.345 2021/01/27 09:26:54 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -241,11 +241,11 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
 
        if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
                fatal_f("kex_names_cat");
-       myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
+       myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, s);
        myproposal[PROPOSAL_ENC_ALGS_CTOS] =
-           compat_cipher_proposal(options.ciphers);
+           compat_cipher_proposal(ssh, options.ciphers);
        myproposal[PROPOSAL_ENC_ALGS_STOC] =
-           compat_cipher_proposal(options.ciphers);
+           compat_cipher_proposal(ssh, options.ciphers);
        myproposal[PROPOSAL_COMP_ALGS_CTOS] =
            myproposal[PROPOSAL_COMP_ALGS_STOC] =
            (char *)compression_alg_list(options.compression);
@@ -254,12 +254,12 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
        if (use_known_hosts_order) {
                /* Query known_hosts and prefer algorithms that appear there */
                myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
-                   compat_pkalg_proposal(
+                   compat_pkalg_proposal(ssh,
                    order_hostkeyalgs(host, hostaddr, port, cinfo));
        } else {
                /* Use specified HostkeyAlgorithms exactly */
                myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
-                   compat_pkalg_proposal(options.hostkeyalgorithms);
+                   compat_pkalg_proposal(ssh, options.hostkeyalgorithms);
        }
 
        if (options.rekey_limit || options.rekey_interval)
@@ -287,7 +287,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
 
        /* remove ext-info from the KEX proposals for rekeying */
        myproposal[PROPOSAL_KEX_ALGS] =
-           compat_kex_proposal(options.kex_algorithms);
+           compat_kex_proposal(ssh, options.kex_algorithms);
        if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
                fatal_r(r, "kex_prop2buf");
 
@@ -1181,7 +1181,7 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key)
         */
        if (ssh == NULL || ssh->kex->server_sig_algs == NULL ||
            (key->type != KEY_RSA && key->type != KEY_RSA_CERT) ||
-           (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) {
+           (key->type == KEY_RSA_CERT && (ssh->compat & SSH_BUG_SIGTYPE))) {
                /* Filter base key signature alg against our configuration */
                return match_list(sshkey_ssh_name(key),
                    options.pubkey_accepted_algos, NULL);
@@ -1401,7 +1401,7 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id)
                sshbuf_free(b);
                if ((b = sshbuf_new()) == NULL)
                        fatal_f("sshbuf_new failed");
-               if (datafellows & SSH_OLD_SESSIONID) {
+               if (ssh->compat & SSH_OLD_SESSIONID) {
                        if ((r = sshbuf_put(b, session_id2,
                            session_id2_len)) != 0)
                                fatal_fr(r, "sshbuf_put");
@@ -1423,7 +1423,7 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id)
 
                /* generate signature */
                r = identity_sign(sign_id, &signature, &slen,
-                   sshbuf_ptr(b), sshbuf_len(b), datafellows, alg);
+                   sshbuf_ptr(b), sshbuf_len(b), ssh->compat, alg);
                if (r == 0)
                        break;
                else if (r == SSH_ERR_KEY_NOT_FOUND)
@@ -1801,12 +1801,12 @@ pubkey_reset(Authctxt *authctxt)
 }
 
 static int
-try_identity(Identity *id)
+try_identity(struct ssh *ssh, Identity *id)
 {
        if (!id->key)
                return (0);
        if (sshkey_type_plain(id->key->type) == KEY_RSA &&
-           (datafellows & SSH_BUG_RSASIGMD5) != 0) {
+           (ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
                debug("Skipped %s key %s for RSA/MD5 server",
                    sshkey_type(id->key), id->filename);
                return (0);
@@ -1834,7 +1834,7 @@ userauth_pubkey(struct ssh *ssh)
                 * private key instead
                 */
                if (id->key != NULL) {
-                       if (try_identity(id)) {
+                       if (try_identity(ssh, id)) {
                                ident = format_identity(id);
                                debug("Offering public key: %s", ident);
                                free(ident);
@@ -1844,7 +1844,7 @@ userauth_pubkey(struct ssh *ssh)
                        debug("Trying private key: %s", id->filename);
                        id->key = load_identity_file(id);
                        if (id->key != NULL) {
-                               if (try_identity(id)) {
+                               if (try_identity(ssh, id)) {
                                        id->isprivate = 1;
                                        sent = sign_and_send_pubkey(ssh, id);
                                }

diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 8b8c9d1..f063a0f 100644 (file)
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.567 2021/01/09 12:10:02 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.568 2021/01/27 09:26:54 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2173,11 +2173,11 @@ do_ssh2_kex(struct ssh *ssh)
        struct kex *kex;
        int r;
 
-       myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+       myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh,
            options.kex_algorithms);
-       myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
+       myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(ssh,
            options.ciphers);
-       myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(
+       myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(ssh,
            options.ciphers);
        myproposal[PROPOSAL_MAC_ALGS_CTOS] =
            myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
@@ -2192,7 +2192,7 @@ do_ssh2_kex(struct ssh *ssh)
                    options.rekey_interval);
 
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
-           list_hostkey_types());
+           ssh, list_hostkey_types());
 
        /* start key exchange */
        if ((r = kex_setup(ssh, myproposal)) != 0)

diff --git a/usr.bin/ssh/ttymodes.c b/usr.bin/ssh/ttymodes.c
index 46dc5ce..2796f17 100644 (file)
--- a/usr.bin/ssh/ttymodes.c
+++ b/usr.bin/ssh/ttymodes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ttymodes.c,v 1.35 2020/10/18 11:32:02 djm Exp $ */
+/* $OpenBSD: ttymodes.c,v 1.36 2021/01/27 09:26:54 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -287,7 +287,7 @@ ssh_tty_make_modes(struct ssh *ssh, int fd, struct termios *tiop)
 #define SSH_TTYMODE_IUTF8 42  /* for SSH_BUG_UTF8TTYMODE */
 
 #define TTYMODE(NAME, FIELD, OP) \
-       if (OP == SSH_TTYMODE_IUTF8 && (datafellows & SSH_BUG_UTF8TTYMODE)) { \
+       if (OP == SSH_TTYMODE_IUTF8 && (ssh->compat & SSH_BUG_UTF8TTYMODE)) { \
                debug3_f("SSH_BUG_UTF8TTYMODE"); \
        } else if ((r = sshbuf_put_u8(buf, OP)) != 0 || \
            (r = sshbuf_put_u32(buf, ((tio.FIELD & NAME) != 0))) != 0) \