Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/monitor.c,v rcsdiff: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/monitor.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.1.1.2 retrieving revision 1.1.1.3 diff -u -p -r1.1.1.2 -r1.1.1.3 --- src/crypto/external/bsd/openssh/dist/monitor.c 2009/12/27 01:06:58 1.1.1.2 +++ src/crypto/external/bsd/openssh/dist/monitor.c 2010/11/21 17:05:48 1.1.1.3 @@ -1,5 +1,5 @@ -/* $NetBSD: monitor.c,v 1.1.1.2 2009/12/27 01:06:58 christos Exp $ */ -/* $OpenBSD: monitor.c,v 1.104 2009/06/12 20:43:22 andreas Exp $ */ +/* $NetBSD: monitor.c,v 1.1.1.3 2010/11/21 17:05:48 adam Exp $ */ +/* $OpenBSD: monitor.c,v 1.108 2010/07/13 23:13:16 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -434,7 +434,7 @@ monitor_allowed_key(u_char *blob, u_int { /* make sure key is allowed */ if (key_blob == NULL || key_bloblen != bloblen || - memcmp(key_blob, blob, key_bloblen)) + timingsafe_bcmp(key_blob, blob, key_bloblen)) return (0); return (1); } @@ -724,18 +724,6 @@ mm_answer_bsdauthrespond(int sock, Buffe return (authok != 0); } - -static void -mm_append_debug(Buffer *m) -{ - if (auth_debug_init && buffer_len(&auth_debug)) { - debug3("%s: Appending debug messages for child", __func__); - buffer_append(m, buffer_ptr(&auth_debug), - buffer_len(&auth_debug)); - buffer_clear(&auth_debug); - } -} - int mm_answer_keyallowed(int sock, Buffer *m) { @@ -818,8 +806,6 @@ mm_answer_keyallowed(int sock, Buffer *m buffer_put_int(m, allowed); buffer_put_int(m, forced_command != NULL); - mm_append_debug(m); - mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); if (type == MM_RSAHOSTKEY) @@ -844,14 +830,14 @@ monitor_valid_userblob(u_char *data, u_i len = buffer_len(&b); if ((session_id2 == NULL) || (len < session_id2_len) || - (memcmp(p, session_id2, session_id2_len) != 0)) + (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) fail++; buffer_consume(&b, session_id2_len); } else { p = buffer_get_string(&b, &len); if ((session_id2 == NULL) || (len != session_id2_len) || - (memcmp(p, session_id2, session_id2_len) != 0)) + (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) fail++; xfree(p); } @@ -899,7 +885,7 @@ monitor_valid_hostbasedblob(u_char *data p = buffer_get_string(&b, &len); if ((session_id2 == NULL) || (len != session_id2_len) || - (memcmp(p, session_id2, session_id2_len) != 0)) + (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) fail++; xfree(p); @@ -1203,8 +1189,6 @@ mm_answer_rsa_keyallowed(int sock, Buffe if (key != NULL) key_free(key); - mm_append_debug(m); - mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m); monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); @@ -1378,9 +1362,9 @@ mm_get_kex(Buffer *m) kex = xcalloc(1, sizeof(*kex)); kex->session_id = buffer_get_string(m, &kex->session_id_len); - if ((session_id2 == NULL) || - (kex->session_id_len != session_id2_len) || - (memcmp(kex->session_id, session_id2, session_id2_len) != 0)) + if (session_id2 == NULL || + kex->session_id_len != session_id2_len || + timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0) fatal("mm_get_get: internal error: bad session id"); kex->we_need = buffer_get_int(m); kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; @@ -1402,7 +1386,8 @@ mm_get_kex(Buffer *m) kex->flags = buffer_get_int(m); kex->client_version_string = buffer_get_string(m, NULL); kex->server_version_string = buffer_get_string(m, NULL); - kex->load_host_key=&get_hostkey_by_type; + kex->load_host_public_key=&get_hostkey_public_by_type; + kex->load_host_private_key=&get_hostkey_private_by_type; kex->host_key_index=&get_hostkey_index; return (kex);