src - FreeBSD source tree

diff options


context:
space:
mode:

author	Ed Maste <emaste@FreeBSD.org>	2020-02-14 19:47:15 +0000
committer	Ed Maste <emaste@FreeBSD.org>	2020-02-14 19:47:15 +0000
commit	f02e39982452024dafcf0ea6e536ebff586ffce4 (patch)
tree	78cdaad953cc879dc7d97272436a4d84b228d94c /ssh-keyscan.c
parent	dc9e8d9c8401178683a1f53bc816389a1160dc41 (diff)

Vendor import of OpenSSH 8.0p1.vendor/openssh/8.0p1

Notes

Notes: svn path=/vendor-crypto/openssh/dist/; revision=357933 svn path=/vendor-crypto/openssh/8.0p1/; revision=357934; tag=vendor/openssh/8.0p1

Diffstat (limited to 'ssh-keyscan.c')

-rw-r--r--

ssh-keyscan.c

1 files changed, 14 insertions, 11 deletions

diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 38b1c548be3e..2ed041559958 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssh-keyscan.c,v 1.120 2018/06/06 18:29:18 markus Exp $ */

+/* $OpenBSD: ssh-keyscan.c,v 1.126 2019/01/26 22:35:01 djm Exp $ */

@@ -70,6 +70,8 @@ int hash_hosts = 0; /* Hash hostname on output */

int print_sshfp = 0; /* Print SSHFP records instead of known_hosts */

+int found_one = 0; /* Successfully found a key */

#define MAXMAXFD 256

/* The number of seconds after which to give up on a TCP connection */

@@ -83,8 +85,6 @@ fd_set *read_wait;

size_t read_wait_nfdset;

int ncon;

-struct ssh *active_state = NULL; /* XXX needed for linking */

* Keep a connection structure for each file descriptor. The state

* associated with file descriptor n is held in fdcon[n].

@@ -262,18 +262,19 @@ keygrab_ssh2(con *c)

exit(1);

}

#ifdef WITH_OPENSSL

- c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;

- c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;

- c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;

- c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;

- c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;

+ c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;

+ c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;

+ c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;

+ c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;

+ c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;

c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;

c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;

# ifdef OPENSSL_HAS_ECC

- c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;

+ c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;

# endif

#endif

- c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;

+ c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;

+ c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;

ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);

* do the key-exchange until an error occurs or until

@@ -288,6 +289,8 @@ keyprint_one(const char *host, struct sshkey *key)

char *hostport;

const char *known_host, *hashed;

+ found_one = 1;

if (print_sshfp) {

export_dns_rr(host, key, stdout, 0);

return;

@@ -803,5 +806,5 @@ main(int argc, char **argv)

while (ncon > 0)

conloop();

- return (0);

+ return found_one ? 0 : 1;

}