updates.

diff --git a/CHANGES b/CHANGES
index d91e3eca79fb1a490cecef91e6e432a2d5b7e08b..f9a63bd706e8a3eaa8190131096fe16292ab6502 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,35 @@
+Thu Nov  8 22:21:09 EET 2001  Pekka Riikonen <priikone@silcnet.org>
+
+       * Call check_version SKE callback for initiator too.  Affected
+         file lib/silcske/silcske.c.
+
+       * Implemented fix for security hole found in the SKE that was
+         fixed in the specification few days back; the initiator's
+         public key is now added to the HASH value computation.
+         Added backwards support for the old way of doing it too, for
+         old clients and old servers.  Affected file is
+         lib/silcske/silcske.c.
+
+       * Enabled mutual authentication by default in SKE.  If initiator
+         is not providing mutual authentication the responder will
+         force it.  This will provide the proof of posession of the
+         private key for responder.  The affected files are
+         lib/silcclient/protocol.c and silcd/protocol.c.
+
+       * Do not cache anymore the server's public key during SKE.
+         We do mutual authentication so the proof of posession of
+         private key is done, and if the server is authenticated in
+         conn auth protocol with public key we must have the public
+         key already.  Affected file silcd/protocol.c.
+
+       * Added new global debug variable: silc_debug_hexdump.  If
+         it is set to TRUE SILC_LOG_HEXDUMP will be printed.  Affected
+         file lib/silcutil/silclog.[ch].
+
+       * Fixed compilation warning due to char * -> const char *.
+         Affected files lib/silcutil/silcnet.h, and
+         lib/silccore/silcauth.[ch].
+

 Wed Nov  7 20:43:03 EET 2001  Pekka Riikonen <priikone@silcnet.org>
 
        * Fixed CMODE command when new channel key was created.  If
 Wed Nov  7 20:43:03 EET 2001  Pekka Riikonen <priikone@silcnet.org>
 
        * Fixed CMODE command when new channel key was created.  If

diff --git a/TODO b/TODO
index f8506a6d64ec3313bb340015f3d488c99ad4e841..035446912190002358445d97af4d7081421380fe 100644 (file)
--- a/TODO
+++ b/TODO
@@ -38,10 +38,12 @@ TODO/bugs in Irssi SILC client
 TODO/bugs In SILC Client Library
 ================================
 
 TODO/bugs In SILC Client Library
 ================================
 

- o JOIN command's argument handling is buggy.  See the XXX in the code.
-

  o key agreement with itself causes the packet sequence numbers go grazy.
 
  o key agreement with itself causes the packet sequence numbers go grazy.
 

+ o WHOIS shows the formatted nickname wrong in some circumstances.
+
+ o JOIN command's argument handling is buggy.  See the XXX in the code.
+

 
 TODO/bugs In SILC Server
 ========================
 
 TODO/bugs In SILC Server
 ========================


@@ -193,4 +195,6 @@ TODO After 1.0
    nice as SSH is widely used all over the place.  SILC Protocol 
    supports SSH2 public keys.
 
    nice as SSH is widely used all over the place.  SILC Protocol 
    supports SSH2 public keys.
 

+ o OpenPGP certificate support.
+

  o Cipher optimizations (asm, that this) at least for i386 would be nice.
  o Cipher optimizations (asm, that this) at least for i386 would be nice.

diff --git a/apps/irssi/src/silc/core/silc-core.c b/apps/irssi/src/silc/core/silc-core.c
index ffc5e2a7f77368fb651e2f7b1df8392e8851d7f6..d66a059584766cd3979753c352d75c5578a65a8f 100644 (file)
--- a/apps/irssi/src/silc/core/silc-core.c
+++ b/apps/irssi/src/silc/core/silc-core.c
@@ -57,7 +57,8 @@ static int idletag;
 SilcClient silc_client = NULL;
 SilcClientConfig silc_config = NULL;
 extern SilcClientOperations ops;
 SilcClient silc_client = NULL;
 SilcClientConfig silc_config = NULL;
 extern SilcClientOperations ops;

-extern int silc_debug;
+extern bool silc_debug;
+extern bool silc_debug_hexdump;

 #ifdef SILC_SIM
 /* SIM (SILC Module) table */
 SilcSimContext **sims = NULL;
 #ifdef SILC_SIM
 /* SIM (SILC Module) table */
 SilcSimContext **sims = NULL;


@@ -270,6 +271,7 @@ void silc_core_init_finish(void)
 
   if (opt_debug) {
     silc_debug = TRUE;
 
   if (opt_debug) {
     silc_debug = TRUE;

+    silc_debug_hexdump = TRUE;

     silc_log_set_debug_string(opt_debug);
     silc_log_set_callbacks(silc_log_info, silc_log_warning,
                           silc_log_error, NULL);
     silc_log_set_debug_string(opt_debug);
     silc_log_set_callbacks(silc_log_info, silc_log_warning,
                           silc_log_error, NULL);

diff --git a/apps/silcd/protocol.c b/apps/silcd/protocol.c
index c78ff8e26a66992289613673aa1cd6fe2f6b85b7..061894bec98e8e521b451557971db92be8ab61ff 100644 (file)
--- a/apps/silcd/protocol.c
+++ b/apps/silcd/protocol.c
@@ -56,6 +56,13 @@ silc_verify_public_key_internal(SilcServer server, SilcSocketConnection sock,
     return TRUE;
   }
 
     return TRUE;
   }
 

+  /* XXX For now, accept server keys without verification too. We are
+     currently always doing mutual authentication so the proof of posession
+     of the private key is verified, and if server is authenticated in
+     conn auth protocol with public key we MUST have the key already. */
+  return TRUE;
+  /* Rest is unreachable code! */
+  

   memset(filename, 0, sizeof(filename));
   memset(file, 0, sizeof(file));
   snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname, 
   memset(filename, 0, sizeof(filename));
   memset(file, 0, sizeof(file));
   snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname, 


@@ -364,6 +371,10 @@ SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
   if (maj == 0 && min < 5)
     status = SILC_SKE_STATUS_BAD_VERSION;
 
   if (maj == 0 && min < 5)
     status = SILC_SKE_STATUS_BAD_VERSION;
 

+  /* XXX backward support for 0.6.1 */
+  if (maj == 0 && min == 6 && build < 2)
+    ske->backward_version = 1;
+

   return status;
 }
 
   return status;
 }
 


@@ -455,12 +466,12 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
           properties packet from initiator. */
        status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
                                          silc_version_string,
           properties packet from initiator. */
        status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
                                          silc_version_string,

-                                         ctx->packet->buffer, FALSE);
+                                         ctx->packet->buffer, TRUE);

       } else {
        SilcSKEStartPayload *start_payload;
 
        /* Assemble security properties. */
       } else {
        SilcSKEStartPayload *start_payload;
 
        /* Assemble security properties. */

-       silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE, 
+       silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_MUTUAL, 

                                              silc_version_string,
                                              &start_payload);
 
                                              silc_version_string,
                                              &start_payload);
 

diff --git a/apps/silcd/silcd.c b/apps/silcd/silcd.c
index 7b0122c448ffc6f276d05ed7ddb7aa0b4125cc70..a6f76db1cfad3a09b7d1e7e8c7bfc721f76802e4 100644 (file)
--- a/apps/silcd/silcd.c
+++ b/apps/silcd/silcd.c
@@ -70,7 +70,7 @@ Usage: silcd [options]\n\
 \n\
   Generic Options:\n\
   -f  --config-file=FILE        Alternate configuration file\n\
 \n\
   Generic Options:\n\
   -f  --config-file=FILE        Alternate configuration file\n\

-  -d  --debug                   Enable debugging (no daemon)\n\
+  -d  --debug=string            Enable debugging (no daemon)\n\

   -h  --help                    Display this message\n\
   -V  --version                 Display version\n\
 \n\
   -h  --help                    Display this message\n\
   -V  --version                 Display version\n\
 \n\


@@ -125,6 +125,7 @@ int main(int argc, char **argv)
          break;
        case 'd':
          silc_debug = TRUE;
          break;
        case 'd':
          silc_debug = TRUE;

+         silc_debug_hexdump = TRUE;

          silc_log_set_debug_string(optarg);
          break;
        case 'f':
          silc_log_set_debug_string(optarg);
          break;
        case 'f':

diff --git a/doc/draft-riikonen-silc-commands-02.nroff b/doc/draft-riikonen-silc-commands-02.nroff
index 3b3d7d5534b124c04d81144c4f0c8bc762a65d68..0d9dd30c2e389d239ef8fe9290e45fb077a16b1e 100644 (file)
--- a/doc/draft-riikonen-silc-commands-02.nroff
+++ b/doc/draft-riikonen-silc-commands-02.nroff
@@ -14,7 +14,7 @@
 .hy 0
 .in 0
 .nf
 .hy 0
 .in 0
 .nf

-Network Working Group                                      P. Riikonen
+Network Working Group                                        P. Riikonen

 Internet-Draft
 draft-riikonen-silc-commands-02.txt                     XXX
 Expires: XXX
 Internet-Draft
 draft-riikonen-silc-commands-02.txt                     XXX
 Expires: XXX

diff --git a/doc/draft-riikonen-silc-ke-auth-04.nroff b/doc/draft-riikonen-silc-ke-auth-04.nroff
index ff32d17bbd434643c6f4a8a359d5317aac416949..da93c6235e3ce28aef1109c4e2e90fd9a8fbc520 100644 (file)
--- a/doc/draft-riikonen-silc-ke-auth-04.nroff
+++ b/doc/draft-riikonen-silc-ke-auth-04.nroff
@@ -8,16 +8,16 @@
 .ds RF FORMFEED[Page %]
 .ds CF
 .ds LH Internet-Draft
 .ds RF FORMFEED[Page %]
 .ds CF
 .ds LH Internet-Draft

-.ds RH XXX
+.ds RH 13 November 2001

 .ds CH
 .na
 .hy 0
 .in 0
 .nf
 .ds CH
 .na
 .hy 0
 .in 0
 .nf

-Network Working Group                                      P. Riikonen
+Network Working Group                                        P. Riikonen

 Internet-Draft
 Internet-Draft

-draft-riikonen-silc-ke-auth-04.txt                      XXX
-Expires: XXX
+draft-riikonen-silc-ke-auth-04.txt                      13 November 2001
+Expires: 13 May 2002

 
 .in 3
 
 
 .in 3
 


@@ -87,13 +87,13 @@ Table of Contents
   2.5 Key Exchange Status Types ................................. 15
 3 SILC Connection Authentication Protocol ....................... 16
   3.1 Connection Auth Payload ................................... 18
   2.5 Key Exchange Status Types ................................. 15
 3 SILC Connection Authentication Protocol ....................... 16
   3.1 Connection Auth Payload ................................... 18

-  3.2 Connection Authentication Types ........................... 18
+  3.2 Connection Authentication Types ........................... 19

       3.2.1 Passphrase Authentication ........................... 19
       3.2.2 Public Key Authentication ........................... 19
       3.2.1 Passphrase Authentication ........................... 19
       3.2.2 Public Key Authentication ........................... 19

-  3.3 Connection Authentication Status Types .................... 19
+  3.3 Connection Authentication Status Types .................... 20

 4 Security Considerations ....................................... 20
 5 References .................................................... 20
 4 Security Considerations ....................................... 20
 5 References .................................................... 20

-6 Author's Address .............................................. 21
+6 Author's Address .............................................. 22

 
 
 .ti 0
 
 
 .ti 0


@@ -939,6 +939,8 @@ o Authentication Data (variable length) - The actual
 .in 3
 
 
 .in 3
 
 

+
+

 .ti 0
 3.2 Connection Authentication Types
 
 .ti 0
 3.2 Connection Authentication Types
 


@@ -987,14 +989,14 @@ which is then signed.
   auth_hash = hash(HASH | Key Exchange Start Payload);
   signature = sign(auth_hash);
 
   auth_hash = hash(HASH | Key Exchange Start Payload);
   signature = sign(auth_hash);
 

-The hash() function used to compute the value is the hash function negotiated
-in the SKE protocol.  The server MUST verify the data, thus it must keep
-the HASH and the Key Exchange Start Payload saved during SKE and
-authentication protocols.
+The hash() function used to compute the value is the hash function
+negotiated in the SKE protocol.  The server MUST verify the data, thus
+it must keep the HASH and the Key Exchange Start Payload saved during
+SKE and authentication protocols.

 
 If the verified signature matches the sent signature, the authentication
 
 If the verified signature matches the sent signature, the authentication

-were successful and SILC_PACKET_SUCCESS is sent.  If it failed the protocol
-execution is stopped and SILC_PACKET_FAILURE is sent.
+were successful and SILC_PACKET_SUCCESS is sent.  If it failed the
+protocol execution is stopped and SILC_PACKET_FAILURE is sent.

 
 This is REQUIRED authentication method to be supported by all SILC
 implementations.
 
 This is REQUIRED authentication method to be supported by all SILC
 implementations.


@@ -1109,4 +1111,4 @@ Finland
 
 EMail: priikone@silcnet.org
 
 
 EMail: priikone@silcnet.org
 

-This Internet-Draft expires XXX
+This Internet-Draft expires 13 May 2002

diff --git a/doc/draft-riikonen-silc-pp-04.nroff b/doc/draft-riikonen-silc-pp-04.nroff
index e16ee17ff208ed3ac595fa715b8e8900aa12067e..1b0666c44b984b922c0fdd8181b107aa605f969c 100644 (file)
--- a/doc/draft-riikonen-silc-pp-04.nroff
+++ b/doc/draft-riikonen-silc-pp-04.nroff
@@ -8,16 +8,16 @@
 .ds RF FORMFEED[Page %]
 .ds CF
 .ds LH Internet Draft
 .ds RF FORMFEED[Page %]
 .ds CF
 .ds LH Internet Draft

-.ds RH XXX
+.ds RH 13 November 2001

 .ds CH
 .na
 .hy 0
 .in 0
 .nf
 .ds CH
 .na
 .hy 0
 .in 0
 .nf

-Network Working Group                                      P. Riikonen
+Network Working Group                                        P. Riikonen

 Internet-Draft
 Internet-Draft

-draft-riikonen-silc-pp-04.txt                           XXX
-Expires: XXX
+draft-riikonen-silc-pp-04.txt                           13 November 2001
+Expires: 13 May 2002

 
 .in 3
 
 
 .in 3
 


@@ -2774,6 +2774,8 @@ security of this protocol.
 [RFC2119]    Bradner, S., "Key Words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.
 
 [RFC2119]    Bradner, S., "Key Words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.
 

+[SFTP]       Ylonen T., and Lehtinen S., "Secure Shell File Transfer
+             Protocol", Internet Draft, March 2001.

 
 .ti 0
 5 Author's Address
 
 .ti 0
 5 Author's Address


@@ -2786,4 +2788,4 @@ Finland
 
 EMail: priikone@silcnet.org
 
 
 EMail: priikone@silcnet.org
 

-This Internet-Draft expires XXX
+This Internet-Draft expires 13 May 2002

diff --git a/doc/draft-riikonen-silc-spec-04.nroff b/doc/draft-riikonen-silc-spec-04.nroff
index 3696f21d7796f4261daa988f50435188d2d68451..3ba65ff2a48ebb13f11c9b24c5af12573ca2fb6d 100644 (file)
--- a/doc/draft-riikonen-silc-spec-04.nroff
+++ b/doc/draft-riikonen-silc-spec-04.nroff
@@ -14,9 +14,9 @@
 .hy 0
 .in 0
 .nf
 .hy 0
 .in 0
 .nf

-Network Working Group                                      P. Riikonen
+Network Working Group                                        P. Riikonen

 Internet-Draft
 Internet-Draft

-draft-riikonen-silc-spec-04.txt                       13 November 2001
+draft-riikonen-silc-spec-04.txt                         13 November 2001

 Expires: 13 May 2002
 
 .in 3
 Expires: 13 May 2002
 
 .in 3

diff --git a/lib/silcclient/client_keyagr.c b/lib/silcclient/client_keyagr.c
index d584baeffc9d48be41932839682b9a2084441046..20bb4b347e417ab92a8ed31fb7b6e1176ee99325 100644 (file)
--- a/lib/silcclient/client_keyagr.c
+++ b/lib/silcclient/client_keyagr.c
@@ -318,12 +318,10 @@ void silc_client_send_key_agreement(SilcClient client,
   if (hostname) {
     ke = silc_calloc(1, sizeof(*ke));
     
   if (hostname) {
     ke = silc_calloc(1, sizeof(*ke));
     

-    if (bindhost) {
+    if (bindhost)

       ke->fd = silc_net_create_server(port, bindhost);
       ke->fd = silc_net_create_server(port, bindhost);

-    }
-    else {
-    ke->fd = silc_net_create_server(port, hostname);
-    }
+    else
+      ke->fd = silc_net_create_server(port, hostname);

 
     if (ke->fd < 0) {
       client->ops->say(client, conn, SILC_CLIENT_MESSAGE_ERROR, 
 
     if (ke->fd < 0) {
       client->ops->say(client, conn, SILC_CLIENT_MESSAGE_ERROR, 

diff --git a/lib/silcclient/protocol.c b/lib/silcclient/protocol.c
index 9721497fad89187c917f8f5ac6a73c19a972b03f..991d86537082ffdd47d4408506cef22b697aaf93 100644 (file)
--- a/lib/silcclient/protocol.c
+++ b/lib/silcclient/protocol.c
@@ -213,8 +213,10 @@ SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
 
   if (maj != maj2)
     status = SILC_SKE_STATUS_BAD_VERSION;
 
   if (maj != maj2)
     status = SILC_SKE_STATUS_BAD_VERSION;

-  if (min < min2)
-    status = SILC_SKE_STATUS_BAD_VERSION;
+
+  /* XXX backward support for 0.6.1 */
+  if (maj == 0 && min == 6 && build < 2)
+    ske->backward_version = 1;

 
   if (status != SILC_SKE_STATUS_OK)
     client->ops->say(client, conn, SILC_CLIENT_MESSAGE_AUDIT,
 
   if (status != SILC_SKE_STATUS_OK)
     client->ops->say(client, conn, SILC_CLIENT_MESSAGE_AUDIT,


@@ -328,7 +330,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_key_exchange)
        SilcSKEStartPayload *start_payload;
 
        /* Assemble security properties. */
        SilcSKEStartPayload *start_payload;
 
        /* Assemble security properties. */

-       silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE, 
+       silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_MUTUAL, 

                                              client->silc_client_version,
                                              &start_payload);
 
                                              client->silc_client_version,
                                              &start_payload);
 

diff --git a/lib/silccore/silcauth.c b/lib/silccore/silcauth.c
index 7ac372d360238a57017c15427504d25b398f8126..ef3512ecff1cb9e92fbac2deb5da58e93369990f 100644 (file)
--- a/lib/silccore/silcauth.c
+++ b/lib/silccore/silcauth.c
@@ -441,7 +441,7 @@ SilcKeyAgreementPayload silc_key_agreement_payload_parse(SilcBuffer buffer)
 
 /* Encodes the Key Agreement protocol and returns the encoded buffer */
 
 
 /* Encodes the Key Agreement protocol and returns the encoded buffer */
 

-SilcBuffer silc_key_agreement_payload_encode(char *hostname,
+SilcBuffer silc_key_agreement_payload_encode(const char *hostname,

                                             uint32 port)
 {
   SilcBuffer buffer;
                                             uint32 port)
 {
   SilcBuffer buffer;

diff --git a/lib/silccore/silcauth.h b/lib/silccore/silcauth.h
index 5f15f8a69244094c5d9f2a5536cac285410627e1..a42c60fc902462dd8a391d6a4a2dbbe255b5a3b4 100644 (file)
--- a/lib/silccore/silcauth.h
+++ b/lib/silccore/silcauth.h
@@ -314,7 +314,7 @@ SilcKeyAgreementPayload silc_key_agreement_payload_parse(SilcBuffer buffer);
  *    Encodes the Key Agreement protocol and returns the encoded buffer
  *
  ***/
  *    Encodes the Key Agreement protocol and returns the encoded buffer
  *
  ***/

-SilcBuffer silc_key_agreement_payload_encode(char *hostname,
+SilcBuffer silc_key_agreement_payload_encode(const char *hostname,

                                             uint32 port);
 
 /****f* silccore/SilcAuthAPI/silc_key_agreement_payload_free
                                             uint32 port);
 
 /****f* silccore/SilcAuthAPI/silc_key_agreement_payload_free

diff --git a/lib/silcske/silcske.c b/lib/silcske/silcske.c
index 1e25f5541d15f6889fa7f708819d406dbe195efe..a7747bba2e16ec078257c5c06b1ef5540423dffc 100644 (file)
--- a/lib/silcske/silcske.c
+++ b/lib/silcske/silcske.c
@@ -229,6 +229,18 @@ SilcSKEStatus silc_ske_initiator_phase_1(SilcSKE ske,
     return status;
   }
 
     return status;
   }
 

+  /* Check version string */
+  if (ske->callbacks->check_version) {
+    status = ske->callbacks->check_version(ske, payload->version, 
+                                          payload->version_len,
+                                          ske->callbacks->context);
+    if (status != SILC_SKE_STATUS_OK) {
+      ske->status = status;
+      silc_ske_payload_start_free(ske->start_payload);
+      return status;
+    }
+  }
+

   /* Free our KE Start Payload context, we don't need it anymore. */
   silc_ske_payload_start_free(ske->start_payload);
 
   /* Free our KE Start Payload context, we don't need it anymore. */
   silc_ske_payload_start_free(ske->start_payload);
 


@@ -720,7 +732,7 @@ SilcSKEStatus silc_ske_responder_phase_1(SilcSKE ske,
   /* Send the packet. */
   if (ske->callbacks->send_packet)
     (*ske->callbacks->send_packet)(ske, payload_buf, SILC_PACKET_KEY_EXCHANGE, 
   /* Send the packet. */
   if (ske->callbacks->send_packet)
     (*ske->callbacks->send_packet)(ske, payload_buf, SILC_PACKET_KEY_EXCHANGE, 

-                                 ske->callbacks->context);
+                                  ske->callbacks->context);

 
   silc_buffer_free(payload_buf);
 
 
   silc_buffer_free(payload_buf);
 


@@ -1573,22 +1585,64 @@ SilcSKEStatus silc_ske_make_hash(SilcSKE ske,
     f = silc_mp_mp2bin(&ske->ke2_payload->x, 0, &f_len);
     KEY = silc_mp_mp2bin(ske->KEY, 0, &KEY_len);
     
     f = silc_mp_mp2bin(&ske->ke2_payload->x, 0, &f_len);
     KEY = silc_mp_mp2bin(ske->KEY, 0, &KEY_len);
     

-    buf = silc_buffer_alloc(ske->start_payload_copy->len + 
-                           ske->ke2_payload->pk_len + e_len + 
-                           f_len + KEY_len);
-    silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
-

     /* Format the buffer used to compute the hash value */
     /* Format the buffer used to compute the hash value */

-    ret = 
-      silc_buffer_format(buf,
-                        SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
-                                             ske->start_payload_copy->len),
-                        SILC_STR_UI_XNSTRING(ske->ke2_payload->pk_data, 
-                                             ske->ke2_payload->pk_len),
-                        SILC_STR_UI_XNSTRING(e, e_len),
-                        SILC_STR_UI_XNSTRING(f, f_len),
-                        SILC_STR_UI_XNSTRING(KEY, KEY_len),
-                        SILC_STR_END);
+    /* XXX Backward support for 0.6.1 */
+    if (ske->backward_version == 1) {
+      SILC_LOG_DEBUG(("*********** Using old KE payload"));
+      buf = silc_buffer_alloc(ske->start_payload_copy->len + 
+                             ske->ke2_payload->pk_len + e_len + 
+                             f_len + KEY_len);
+      silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
+
+      ret = 
+       silc_buffer_format(buf,
+                          SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
+                                               ske->start_payload_copy->len),
+                          SILC_STR_UI_XNSTRING(ske->ke2_payload->pk_data, 
+                                               ske->ke2_payload->pk_len),
+                          SILC_STR_UI_XNSTRING(e, e_len),
+                          SILC_STR_UI_XNSTRING(f, f_len),
+                          SILC_STR_UI_XNSTRING(KEY, KEY_len),
+                          SILC_STR_END);
+    } else {
+      /* Initiator is not required to send its public key */
+      SILC_LOG_DEBUG(("*********** Using new KE payload"));
+      buf = silc_buffer_alloc(ske->start_payload_copy->len + 
+                             ske->ke2_payload->pk_len + 
+                             ske->ke1_payload->pk_len + 
+                             e_len + f_len + KEY_len);
+      silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
+
+      if (!ske->ke1_payload->pk_data) {
+       ret = 
+         silc_buffer_format(buf,
+                            SILC_STR_UI_XNSTRING(ske->start_payload_copy->
+                                                 data,
+                                                 ske->start_payload_copy->
+                                                 len),
+                            SILC_STR_UI_XNSTRING(ske->ke2_payload->pk_data, 
+                                                 ske->ke2_payload->pk_len),
+                            SILC_STR_UI_XNSTRING(e, e_len),
+                            SILC_STR_UI_XNSTRING(f, f_len),
+                            SILC_STR_UI_XNSTRING(KEY, KEY_len),
+                            SILC_STR_END);
+      } else {
+       ret = 
+         silc_buffer_format(buf,
+                            SILC_STR_UI_XNSTRING(ske->start_payload_copy->
+                                                 data,
+                                                 ske->start_payload_copy->
+                                                 len),
+                            SILC_STR_UI_XNSTRING(ske->ke2_payload->pk_data, 
+                                                 ske->ke2_payload->pk_len),
+                            SILC_STR_UI_XNSTRING(ske->ke1_payload->pk_data, 
+                                                 ske->ke1_payload->pk_len),
+                            SILC_STR_UI_XNSTRING(e, e_len),
+                            SILC_STR_UI_XNSTRING(f, f_len),
+                            SILC_STR_UI_XNSTRING(KEY, KEY_len),
+                            SILC_STR_END);
+      }
+    }

     if (ret == -1) {
       silc_buffer_free(buf);
       memset(e, 0, e_len);
     if (ret == -1) {
       silc_buffer_free(buf);
       memset(e, 0, e_len);

diff --git a/lib/silcutil/silclog.c b/lib/silcutil/silclog.c
index 3d3fc84b22a22653829930494915f00c25c53df4..0ffb369432c31a890c9a75dc6b15e61aad114776 100644 (file)
--- a/lib/silcutil/silclog.c
+++ b/lib/silcutil/silclog.c
@@ -22,7 +22,8 @@
 #include "silcincludes.h"
 
 /* Set TRUE/FALSE to enable/disable debugging */
 #include "silcincludes.h"
 
 /* Set TRUE/FALSE to enable/disable debugging */

-int silc_debug = FALSE;
+bool silc_debug = FALSE;
+bool silc_debug_hexdump = FALSE;

 char *silc_debug_string = NULL;
 
 /* SILC Log name strings. These strings are printed to the log file. */
 char *silc_debug_string = NULL;
 
 /* SILC Log name strings. These strings are printed to the log file. */


@@ -178,7 +179,7 @@ void silc_log_output_hexdump(char *file, char *function,
   int off, pos, count;
   unsigned char *data = (unsigned char *)data_in;
 
   int off, pos, count;
   unsigned char *data = (unsigned char *)data_in;
 

-  if (!silc_debug) {
+  if (!silc_debug_hexdump) {

     silc_free(string);
     return;
   }
     silc_free(string);
     return;
   }


@@ -315,5 +316,9 @@ void silc_log_reset_debug_callbacks()
 void silc_log_set_debug_string(const char *debug_string)
 {
   silc_free(silc_debug_string);
 void silc_log_set_debug_string(const char *debug_string)
 {
   silc_free(silc_debug_string);

-  silc_debug_string = silc_string_regexify(debug_string);
+  if (strchr(debug_string, '(') &&
+      strchr(debug_string, ')'))
+    silc_debug_string = strdup(debug_string);
+  else
+    silc_debug_string = silc_string_regexify(debug_string);

 }
 }

diff --git a/lib/silcutil/silclog.h b/lib/silcutil/silclog.h
index 97a870a3055b2501d78159b117f8e2432385fd8e..6dca78c689c55c43c2d9285ab8cfa0a70f49f481 100644 (file)
--- a/lib/silcutil/silclog.h
+++ b/lib/silcutil/silclog.h
@@ -22,7 +22,8 @@
 #define SILCLOG_H
 
 /* Set TRUE/FALSE to enable/disable debugging */
 #define SILCLOG_H
 
 /* Set TRUE/FALSE to enable/disable debugging */

-extern int silc_debug;
+extern bool silc_debug;
+extern bool silc_debug_hexdump;

 extern char *silc_debug_string;
 
 /* SILC Log types */
 extern char *silc_debug_string;
 
 /* SILC Log types */

diff --git a/lib/silcutil/silcnet.h b/lib/silcutil/silcnet.h
index 124fcbf782a3fbc344a7ed8f3697efab792ce949..8659cc54f0bf416a9ef7fc740d26d04bdcaf48be 100644 (file)
--- a/lib/silcutil/silcnet.h
+++ b/lib/silcutil/silcnet.h
@@ -53,7 +53,7 @@
  *    the created socket or -1 on error.
  *
  ***/
  *    the created socket or -1 on error.
  *
  ***/

-int silc_net_create_server(int port, char *ip_addr);
+int silc_net_create_server(int port, const char *ip_addr);

 
 /****f* silcutil/SilcNetAPI/silc_net_close_server
  *
 
 /****f* silcutil/SilcNetAPI/silc_net_close_server
  *

diff --git a/lib/silcutil/unix/silcunixnet.c b/lib/silcutil/unix/silcunixnet.c
index cc8a26b63ff38a8f89af9d65739a88b7dcaef98f..12b28b771b4b7f836c6d52ae042f16463ad20198 100644 (file)
--- a/lib/silcutil/unix/silcunixnet.c
+++ b/lib/silcutil/unix/silcunixnet.c
@@ -28,7 +28,7 @@
    If argument `ip_addr' is NULL `any' address will be used. Returns 
    the created socket or -1 on error. */
 
    If argument `ip_addr' is NULL `any' address will be used. Returns 
    the created socket or -1 on error. */
 

-int silc_net_create_server(int port, char *ip_addr)
+int silc_net_create_server(int port, const char *ip_addr)

 {
   int sock, rval;
   struct sockaddr_in server;
 {
   int sock, rval;
   struct sockaddr_in server;

diff --git a/lib/silcutil/win32/silcwin32net.c b/lib/silcutil/win32/silcwin32net.c
index e8fcc26a2195ae834fb08658c390468e094f31b1..0ff72b33d7cd8ee1917d40135aca819de0ae5dad 100644 (file)
--- a/lib/silcutil/win32/silcwin32net.c
+++ b/lib/silcutil/win32/silcwin32net.c
@@ -28,7 +28,7 @@
    If argument `ip_addr' is NULL `any' address will be used. Returns 
    the created socket or -1 on error. */
 
    If argument `ip_addr' is NULL `any' address will be used. Returns 
    the created socket or -1 on error. */
 

-int silc_net_create_server(int port, char *ip_addr)
+int silc_net_create_server(int port, const char *ip_addr)

 {
   SOCKET sock;
   int rval;
 {
   SOCKET sock;
   int rval;