upstream commit

include the peer's offer when logging a failure to
 negotiate a mutual set of algorithms (kex, pubkey, ciphers, etc.) ok markus@

Upstream-ID: bbb8caabf5c01790bb845f5ce135565248d7c796

kex.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.106 2015/04/17 13:25:52 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.107 2015/07/29 04:43:06 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -448,6 +448,7 @@ kex_free(struct kex *kex)
 	free(kex->session_id);
 	free(kex->client_version_string);
 	free(kex->server_version_string);
+	free(kex->failed_choice);
 	free(kex);
 }
 
@@ -626,17 +627,26 @@ kex_choose_conf(struct ssh *ssh)
 		nmac  = ctos ? PROPOSAL_MAC_ALGS_CTOS  : PROPOSAL_MAC_ALGS_STOC;
 		ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC;
 		if ((r = choose_enc(&newkeys->enc, cprop[nenc],
-		    sprop[nenc])) != 0)
+		    sprop[nenc])) != 0) {
+			kex->failed_choice = peer[nenc];
+			peer[nenc] = NULL;
 			goto out;
+		}
 		authlen = cipher_authlen(newkeys->enc.cipher);
 		/* ignore mac for authenticated encryption */
 		if (authlen == 0 &&
 		    (r = choose_mac(ssh, &newkeys->mac, cprop[nmac],
-		    sprop[nmac])) != 0)
+		    sprop[nmac])) != 0) {
+			kex->failed_choice = peer[nmac];
+			peer[nmac] = NULL;
 			goto out;
+		}
 		if ((r = choose_comp(&newkeys->comp, cprop[ncomp],
-		    sprop[ncomp])) != 0)
+		    sprop[ncomp])) != 0) {
+			kex->failed_choice = peer[ncomp];
+			peer[ncomp] = NULL;
 			goto out;
+		}
 		debug("kex: %s %s %s %s",
 		    ctos ? "client->server" : "server->client",
 		    newkeys->enc.name,
@@ -644,10 +654,17 @@ kex_choose_conf(struct ssh *ssh)
 		    newkeys->comp.name);
 	}
 	if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS],
-	    sprop[PROPOSAL_KEX_ALGS])) != 0 ||
+	    sprop[PROPOSAL_KEX_ALGS])) != 0) {
-	    (r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
+		kex->failed_choice = peer[PROPOSAL_KEX_ALGS];
-	    sprop[PROPOSAL_SERVER_HOST_KEY_ALGS])) != 0)
+		peer[PROPOSAL_KEX_ALGS] = NULL;
 		goto out;
+	}
+	if ((r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
+	    sprop[PROPOSAL_SERVER_HOST_KEY_ALGS])) != 0) {
+		kex->failed_choice = cprop[PROPOSAL_SERVER_HOST_KEY_ALGS];
+		cprop[PROPOSAL_SERVER_HOST_KEY_ALGS] = NULL;
+		goto out;
+	}
 	need = dh_need = 0;
 	for (mode = 0; mode < MODE_MAX; mode++) {
 		newkeys = kex->newkeys[mode];

kex.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.71 2015/02/16 22:13:32 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.72 2015/07/29 04:43:06 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -141,6 +141,7 @@ struct kex {
 	int	ec_nid;
 	char	*client_version_string;
 	char	*server_version_string;
+	char	*failed_choice;
 	int	(*verify_host_key)(struct sshkey *, struct ssh *);
 	struct sshkey *(*load_host_public_key)(int, int, struct ssh *);
 	struct sshkey *(*load_host_private_key)(int, int, struct ssh *);

packet.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.212 2015/05/01 07:10:01 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.213 2015/07/29 04:43:06 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1933,6 +1933,17 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
 			cleanup_exit(255);
 		}
 		/* FALLTHROUGH */
+	case SSH_ERR_NO_CIPHER_ALG_MATCH:
+	case SSH_ERR_NO_MAC_ALG_MATCH:
+	case SSH_ERR_NO_COMPRESS_ALG_MATCH:
+	case SSH_ERR_NO_KEX_ALG_MATCH:
+	case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
+		if (ssh && ssh->kex && ssh->kex->failed_choice) {
+			fatal("Unable to negotiate with %.200s: %s. "
+			    "Their offer: %s", ssh_remote_ipaddr(ssh),
+			    ssh_err(r), ssh->kex->failed_choice);
+		}
+		/* FALLTHROUGH */
 	default:
 		fatal("%s%sConnection to %.200s: %s",
 		    tag != NULL ? tag : "", tag != NULL ? ": " : "",