From e9d148002645cf940f00f302cb4b8cd9c8931a72 Mon Sep 17 00:00:00 2001 From: djm Date: Wed, 27 Jan 2021 09:26:53 +0000 Subject: [PATCH] remove global variable used to stash compat flags and use the purpose-built ssh->compat variable instead; feedback/ok markus@ --- usr.bin/ssh/channels.c | 10 +++++----- usr.bin/ssh/clientloop.c | 4 ++-- usr.bin/ssh/compat.c | 36 +++++++++++++++++------------------- usr.bin/ssh/compat.h | 12 ++++++------ usr.bin/ssh/kex.c | 4 ++-- usr.bin/ssh/kexgexc.c | 4 ++-- usr.bin/ssh/monitor.c | 10 +++++----- usr.bin/ssh/nchan.c | 6 +++--- usr.bin/ssh/ssh-keyscan.c | 7 +++---- usr.bin/ssh/ssh.c | 4 ++-- usr.bin/ssh/ssh_api.c | 4 ++-- usr.bin/ssh/sshconnect2.c | 28 ++++++++++++++-------------- usr.bin/ssh/sshd.c | 10 +++++----- usr.bin/ssh/ttymodes.c | 4 ++-- 14 files changed, 70 insertions(+), 73 deletions(-) diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index fe548503927..06a3cc0da33 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.403 2020/10/18 11:32:01 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.404 2021/01/27 09:26:53 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2964,7 +2964,7 @@ channel_input_extended_data(int type, u_int32_t seq, struct ssh *ssh) return 0; } if (c->flags & CHAN_EOF_RCVD) { - if (datafellows & SSH_BUG_EXTEOF) + if (ssh->compat & SSH_BUG_EXTEOF) debug("channel %d: accepting ext data after eof", c->self); else @@ -3227,7 +3227,7 @@ channel_fwd_bind_addr(struct ssh *ssh, const char *listen_addr, int *wildcardp, if (fwd_opts->gateway_ports) wildcard = 1; } else if (fwd_opts->gateway_ports || is_client) { - if (((datafellows & SSH_OLD_FORWARD_ADDR) && + if (((ssh->compat & SSH_OLD_FORWARD_ADDR) && strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) || *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 || (!is_client && fwd_opts->gateway_ports == 1)) { @@ -3408,7 +3408,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, c->host_port = fwd->connect_port; c->listening_addr = addr == NULL ? NULL : xstrdup(addr); if (fwd->listen_port == 0 && allocated_listen_port != NULL && - !(datafellows & SSH_BUG_DYNAMIC_RPORT)) + !(ssh->compat & SSH_BUG_DYNAMIC_RPORT)) c->listening_port = *allocated_listen_port; else c->listening_port = fwd->listen_port; @@ -4046,7 +4046,7 @@ channel_update_permission(struct ssh *ssh, int idx, int newport) fwd_perm_clear(&pset->permitted_user[idx]); else { pset->permitted_user[idx].listen_port = - (datafellows & SSH_BUG_DYNAMIC_RPORT) ? 0 : newport; + (ssh->compat & SSH_BUG_DYNAMIC_RPORT) ? 0 : newport; } } diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index dddbe34e0b0..c70c16428a5 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.356 2020/12/20 23:36:51 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.357 2021/01/27 09:26:54 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1016,7 +1016,7 @@ process_escapes(struct ssh *ssh, Channel *c, continue; case 'R': - if (datafellows & SSH_BUG_NOREKEY) + if (ssh->compat & SSH_BUG_NOREKEY) logit("Server does not " "support re-keying"); else diff --git a/usr.bin/ssh/compat.c b/usr.bin/ssh/compat.c index 95ee4eb7f70..8514e0a0775 100644 --- a/usr.bin/ssh/compat.c +++ b/usr.bin/ssh/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.116 2020/10/18 11:32:01 djm Exp $ */ +/* $OpenBSD: compat.c,v 1.117 2021/01/27 09:26:54 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -36,11 +36,9 @@ #include "match.h" #include "kex.h" -int datafellows = 0; - -/* datafellows bug compatibility */ -u_int -compat_datafellows(const char *version) +/* determine bug flags from SSH protocol banner */ +void +compat_banner(struct ssh *ssh, const char *version) { int i; static struct { @@ -143,22 +141,22 @@ compat_datafellows(const char *version) }; /* process table, return first match */ + ssh->compat = 0; for (i = 0; check[i].pat; i++) { if (match_pattern_list(version, check[i].pat, 0) == 1) { - debug("match: %s pat %s compat 0x%08x", + debug_f("match: %s pat %s compat 0x%08x", version, check[i].pat, check[i].bugs); - datafellows = check[i].bugs; /* XXX for now */ - return check[i].bugs; + ssh->compat = check[i].bugs; + return; } } - debug("no match: %s", version); - return 0; + debug_f("no match: %s", version); } char * -compat_cipher_proposal(char *cipher_prop) +compat_cipher_proposal(struct ssh *ssh, char *cipher_prop) { - if (!(datafellows & SSH_BUG_BIGENDIANAES)) + if (!(ssh->compat & SSH_BUG_BIGENDIANAES)) return cipher_prop; debug2_f("original cipher proposal: %s", cipher_prop); if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL) @@ -170,9 +168,9 @@ compat_cipher_proposal(char *cipher_prop) } char * -compat_pkalg_proposal(char *pkalg_prop) +compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop) { - if (!(datafellows & SSH_BUG_RSASIGMD5)) + if (!(ssh->compat & SSH_BUG_RSASIGMD5)) return pkalg_prop; debug2_f("original public key proposal: %s", pkalg_prop); if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL) @@ -184,16 +182,16 @@ compat_pkalg_proposal(char *pkalg_prop) } char * -compat_kex_proposal(char *p) +compat_kex_proposal(struct ssh *ssh, char *p) { - if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) + if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) return p; debug2_f("original KEX proposal: %s", p); - if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) + if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0) if ((p = match_filter_denylist(p, "curve25519-sha256@libssh.org")) == NULL) fatal("match_filter_denylist failed"); - if ((datafellows & SSH_OLD_DHGEX) != 0) { + if ((ssh->compat & SSH_OLD_DHGEX) != 0) { if ((p = match_filter_denylist(p, "diffie-hellman-group-exchange-sha256," "diffie-hellman-group-exchange-sha1")) == NULL) diff --git a/usr.bin/ssh/compat.h b/usr.bin/ssh/compat.h index 66db42cc032..c197fafc539 100644 --- a/usr.bin/ssh/compat.h +++ b/usr.bin/ssh/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.55 2020/06/01 07:11:38 dtucker Exp $ */ +/* $OpenBSD: compat.h,v 1.56 2021/01/27 09:26:54 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -58,10 +58,10 @@ #define SSH_BUG_HOSTKEYS 0x20000000 #define SSH_BUG_DHGEX_LARGE 0x40000000 -u_int compat_datafellows(const char *); -char *compat_cipher_proposal(char *); -char *compat_pkalg_proposal(char *); -char *compat_kex_proposal(char *); +struct ssh; -extern int datafellows; +void compat_banner(struct ssh *, const char *); +char *compat_cipher_proposal(struct ssh *, char *); +char *compat_pkalg_proposal(struct ssh *, char *); +char *compat_kex_proposal(struct ssh *, char *); #endif diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 255fe8d5018..393330d21a2 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.163 2020/12/29 00:59:15 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.164 2021/01/27 09:26:54 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -1305,7 +1305,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, } debug("Remote protocol version %d.%d, remote software version %.100s", remote_major, remote_minor, remote_version); - ssh->compat = compat_datafellows(remote_version); + compat_banner(ssh, remote_version); mismatch = 0; switch (remote_major) { diff --git a/usr.bin/ssh/kexgexc.c b/usr.bin/ssh/kexgexc.c index e8749ef6894..6e00904e58c 100644 --- a/usr.bin/ssh/kexgexc.c +++ b/usr.bin/ssh/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.35 2019/11/25 00:51:37 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.36 2021/01/27 09:26:54 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -61,7 +61,7 @@ kexgex_client(struct ssh *ssh) kex->min = DH_GRP_MIN; kex->max = DH_GRP_MAX; kex->nbits = nbits; - if (datafellows & SSH_BUG_DHGEX_LARGE) + if (ssh->compat & SSH_BUG_DHGEX_LARGE) kex->nbits = MINIMUM(kex->nbits, 4096); /* New GEX request */ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 || diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 586f39a47d8..5029f4f9a06 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.221 2021/01/26 05:32:21 dtucker Exp $ */ +/* $OpenBSD: monitor.c,v 1.222 2021/01/27 09:26:54 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -926,7 +926,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m) if (key != NULL && authctxt->valid) { /* These should not make it past the privsep child */ if (sshkey_type_plain(key->type) == KEY_RSA && - (datafellows & SSH_BUG_RSASIGMD5) != 0) + (ssh->compat & SSH_BUG_RSASIGMD5) != 0) fatal_f("passed a SSH_BUG_RSASIGMD5 key"); switch (type) { @@ -1003,7 +1003,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m) } static int -monitor_valid_userblob(const u_char *data, u_int datalen) +monitor_valid_userblob(struct ssh *ssh, const u_char *data, u_int datalen) { struct sshbuf *b; const u_char *p; @@ -1015,7 +1015,7 @@ monitor_valid_userblob(const u_char *data, u_int datalen) if ((b = sshbuf_from(data, datalen)) == NULL) fatal_f("sshbuf_from"); - if (datafellows & SSH_OLD_SESSIONID) { + if (ssh->compat & SSH_OLD_SESSIONID) { p = sshbuf_ptr(b); len = sshbuf_len(b); if ((session_id2 == NULL) || @@ -1169,7 +1169,7 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) switch (key_blobtype) { case MM_USERKEY: - valid_data = monitor_valid_userblob(data, datalen); + valid_data = monitor_valid_userblob(ssh, data, datalen); auth_method = "publickey"; break; case MM_HOSTKEY: diff --git a/usr.bin/ssh/nchan.c b/usr.bin/ssh/nchan.c index 9adf901124f..a775b71a5fe 100644 --- a/usr.bin/ssh/nchan.c +++ b/usr.bin/ssh/nchan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nchan.c,v 1.71 2020/10/18 11:32:01 djm Exp $ */ +/* $OpenBSD: nchan.c,v 1.72 2021/01/27 09:26:54 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -231,7 +231,7 @@ chan_send_eow2(struct ssh *ssh, Channel *c) c->self); return; } - if (!(datafellows & SSH_NEW_OPENSSH)) + if (!(ssh->compat & SSH_NEW_OPENSSH)) return; if (!c->have_remote_id) fatal_f("channel %d: no remote_id", c->self); @@ -332,7 +332,7 @@ chan_is_dead(struct ssh *ssh, Channel *c, int do_send) } if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED) return 0; - if ((datafellows & SSH_BUG_EXTEOF) && + if ((ssh->compat & SSH_BUG_EXTEOF) && c->extended_usage == CHAN_EXTENDED_WRITE && c->efd != -1 && sshbuf_len(c->extended) > 0) { diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c index 4bd0bb2c001..bae2d58f4e9 100644 --- a/usr.bin/ssh/ssh-keyscan.c +++ b/usr.bin/ssh/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.138 2020/12/29 00:59:15 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.139 2021/01/27 09:26:54 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -504,11 +504,10 @@ congreet(int s) fatal("ssh_packet_set_connection failed"); ssh_packet_set_timeout(c->c_ssh, timeout, 1); ssh_set_app_data(c->c_ssh, c); /* back link */ + c->c_ssh->compat = 0; if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor, remote_version) == 3) - c->c_ssh->compat = compat_datafellows(remote_version); - else - c->c_ssh->compat = 0; + compat_banner(c->c_ssh, remote_version); if (!ssh2_capable(remote_major, remote_minor)) { debug("%s doesn't support ssh2", c->c_name); confree(s); diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 253df182726..c9299958c6c 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.548 2021/01/26 05:32:22 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.549 2021/01/27 09:26:54 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2097,7 +2097,7 @@ ssh_session2(struct ssh *ssh, const struct ssh_conn_info *cinfo) /* If we don't expect to open a new session, then disallow it */ if (options.control_master == SSHCTL_MASTER_NO && - (datafellows & SSH_NEW_OPENSSH)) { + (ssh->compat & SSH_NEW_OPENSSH)) { debug("Requesting no-more-sessions@openssh.com"); if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || (r = sshpkt_put_cstring(ssh, diff --git a/usr.bin/ssh/ssh_api.c b/usr.bin/ssh/ssh_api.c index 3a4792a4ed7..27b9c9e2410 100644 --- a/usr.bin/ssh/ssh_api.c +++ b/usr.bin/ssh/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.24 2020/12/29 00:59:15 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.25 2021/01/27 09:26:54 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -386,7 +386,7 @@ _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner) debug("Remote protocol version %d.%d, remote software version %.100s", remote_major, remote_minor, remote_version); - ssh->compat = compat_datafellows(remote_version); + compat_banner(ssh, remote_version); if (remote_major == 1 && remote_minor == 99) { remote_major = 2; remote_minor = 0; diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 28837b446f4..29e71e9da52 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.344 2021/01/26 05:32:22 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.345 2021/01/27 09:26:54 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -241,11 +241,11 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) fatal_f("kex_names_cat"); - myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, s); myproposal[PROPOSAL_ENC_ALGS_CTOS] = - compat_cipher_proposal(options.ciphers); + compat_cipher_proposal(ssh, options.ciphers); myproposal[PROPOSAL_ENC_ALGS_STOC] = - compat_cipher_proposal(options.ciphers); + compat_cipher_proposal(ssh, options.ciphers); myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = (char *)compression_alg_list(options.compression); @@ -254,12 +254,12 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, if (use_known_hosts_order) { /* Query known_hosts and prefer algorithms that appear there */ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = - compat_pkalg_proposal( + compat_pkalg_proposal(ssh, order_hostkeyalgs(host, hostaddr, port, cinfo)); } else { /* Use specified HostkeyAlgorithms exactly */ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = - compat_pkalg_proposal(options.hostkeyalgorithms); + compat_pkalg_proposal(ssh, options.hostkeyalgorithms); } if (options.rekey_limit || options.rekey_interval) @@ -287,7 +287,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, /* remove ext-info from the KEX proposals for rekeying */ myproposal[PROPOSAL_KEX_ALGS] = - compat_kex_proposal(options.kex_algorithms); + compat_kex_proposal(ssh, options.kex_algorithms); if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) fatal_r(r, "kex_prop2buf"); @@ -1181,7 +1181,7 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) */ if (ssh == NULL || ssh->kex->server_sig_algs == NULL || (key->type != KEY_RSA && key->type != KEY_RSA_CERT) || - (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) { + (key->type == KEY_RSA_CERT && (ssh->compat & SSH_BUG_SIGTYPE))) { /* Filter base key signature alg against our configuration */ return match_list(sshkey_ssh_name(key), options.pubkey_accepted_algos, NULL); @@ -1401,7 +1401,7 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id) sshbuf_free(b); if ((b = sshbuf_new()) == NULL) fatal_f("sshbuf_new failed"); - if (datafellows & SSH_OLD_SESSIONID) { + if (ssh->compat & SSH_OLD_SESSIONID) { if ((r = sshbuf_put(b, session_id2, session_id2_len)) != 0) fatal_fr(r, "sshbuf_put"); @@ -1423,7 +1423,7 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id) /* generate signature */ r = identity_sign(sign_id, &signature, &slen, - sshbuf_ptr(b), sshbuf_len(b), datafellows, alg); + sshbuf_ptr(b), sshbuf_len(b), ssh->compat, alg); if (r == 0) break; else if (r == SSH_ERR_KEY_NOT_FOUND) @@ -1801,12 +1801,12 @@ pubkey_reset(Authctxt *authctxt) } static int -try_identity(Identity *id) +try_identity(struct ssh *ssh, Identity *id) { if (!id->key) return (0); if (sshkey_type_plain(id->key->type) == KEY_RSA && - (datafellows & SSH_BUG_RSASIGMD5) != 0) { + (ssh->compat & SSH_BUG_RSASIGMD5) != 0) { debug("Skipped %s key %s for RSA/MD5 server", sshkey_type(id->key), id->filename); return (0); @@ -1834,7 +1834,7 @@ userauth_pubkey(struct ssh *ssh) * private key instead */ if (id->key != NULL) { - if (try_identity(id)) { + if (try_identity(ssh, id)) { ident = format_identity(id); debug("Offering public key: %s", ident); free(ident); @@ -1844,7 +1844,7 @@ userauth_pubkey(struct ssh *ssh) debug("Trying private key: %s", id->filename); id->key = load_identity_file(id); if (id->key != NULL) { - if (try_identity(id)) { + if (try_identity(ssh, id)) { id->isprivate = 1; sent = sign_and_send_pubkey(ssh, id); } diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 8b8c9d1158f..f063a0f2e2e 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.567 2021/01/09 12:10:02 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.568 2021/01/27 09:26:54 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2173,11 +2173,11 @@ do_ssh2_kex(struct ssh *ssh) struct kex *kex; int r; - myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, options.kex_algorithms); - myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal( + myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(ssh, options.ciphers); - myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal( + myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(ssh, options.ciphers); myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; @@ -2192,7 +2192,7 @@ do_ssh2_kex(struct ssh *ssh) options.rekey_interval); myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( - list_hostkey_types()); + ssh, list_hostkey_types()); /* start key exchange */ if ((r = kex_setup(ssh, myproposal)) != 0) diff --git a/usr.bin/ssh/ttymodes.c b/usr.bin/ssh/ttymodes.c index 46dc5ce5bcc..2796f178700 100644 --- a/usr.bin/ssh/ttymodes.c +++ b/usr.bin/ssh/ttymodes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ttymodes.c,v 1.35 2020/10/18 11:32:02 djm Exp $ */ +/* $OpenBSD: ttymodes.c,v 1.36 2021/01/27 09:26:54 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -287,7 +287,7 @@ ssh_tty_make_modes(struct ssh *ssh, int fd, struct termios *tiop) #define SSH_TTYMODE_IUTF8 42 /* for SSH_BUG_UTF8TTYMODE */ #define TTYMODE(NAME, FIELD, OP) \ - if (OP == SSH_TTYMODE_IUTF8 && (datafellows & SSH_BUG_UTF8TTYMODE)) { \ + if (OP == SSH_TTYMODE_IUTF8 && (ssh->compat & SSH_BUG_UTF8TTYMODE)) { \ debug3_f("SSH_BUG_UTF8TTYMODE"); \ } else if ((r = sshbuf_put_u8(buf, OP)) != 0 || \ (r = sshbuf_put_u32(buf, ((tio.FIELD & NAME) != 0))) != 0) \ -- 2.20.1