mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-22 10:00:14 +00:00
- djm@cvs.openbsd.org 2001/03/23 11:04:07
[compat.c compat.h sshconnect2.c sshd.c] Compat for OpenSSH with broken Rijndael/AES. ok markus@
This commit is contained in:
parent
b94f8b2bcb
commit
c8530c7f5c
@ -1,5 +1,9 @@
|
||||
20010324
|
||||
- Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>.
|
||||
- OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2001/03/23 11:04:07
|
||||
[compat.c compat.h sshconnect2.c sshd.c]
|
||||
Compat for OpenSSH with broken Rijndael/AES. ok markus@
|
||||
|
||||
20010323
|
||||
- OpenBSD CVS Sync
|
||||
@ -4691,4 +4695,4 @@
|
||||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.1010 2001/03/24 00:20:56 mouring Exp $
|
||||
$Id: ChangeLog,v 1.1011 2001/03/24 00:35:19 mouring Exp $
|
||||
|
36
compat.c
36
compat.c
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: compat.c,v 1.39 2001/03/18 23:30:55 deraadt Exp $");
|
||||
RCSID("$OpenBSD: compat.c,v 1.40 2001/03/23 11:04:06 djm Exp $");
|
||||
|
||||
#ifdef HAVE_LIBPCRE
|
||||
# include <pcreposix.h>
|
||||
@ -69,7 +69,9 @@ compat_datafellows(const char *version)
|
||||
} check[] = {
|
||||
{ "^OpenSSH[-_]2\\.[012]",
|
||||
SSH_OLD_SESSIONID|SSH_BUG_BANNER },
|
||||
{ "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER },
|
||||
{ "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES },
|
||||
{ "^OpenSSH_2\\.5\\.[01]p1",
|
||||
SSH_BUG_BIGENDIANAES },
|
||||
{ "^OpenSSH", 0 },
|
||||
{ "MindTerm", 0 },
|
||||
{ "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
||||
@ -149,3 +151,33 @@ proto_spec(const char *spec)
|
||||
xfree(s);
|
||||
return ret;
|
||||
}
|
||||
|
||||
char *
|
||||
compat_cipher_proposal(char *cipher_prop)
|
||||
{
|
||||
char *orig_prop, *fix_ciphers;
|
||||
char *cp, *tmp;
|
||||
size_t len;
|
||||
|
||||
if (!(datafellows & SSH_BUG_BIGENDIANAES))
|
||||
return(cipher_prop);
|
||||
|
||||
len = strlen(cipher_prop) + 1;
|
||||
fix_ciphers = xmalloc(len);
|
||||
*fix_ciphers = '\0';
|
||||
tmp = orig_prop = xstrdup(cipher_prop);
|
||||
while((cp = strsep(&tmp, ",")) != NULL) {
|
||||
if (strncmp(cp, "aes", 3) && strncmp(cp, "rijndael", 8)) {
|
||||
if (*fix_ciphers)
|
||||
strlcat(fix_ciphers, ",", len);
|
||||
strlcat(fix_ciphers, cp, len);
|
||||
}
|
||||
}
|
||||
xfree(orig_prop);
|
||||
debug2("Original cipher proposal: %s", cipher_prop);
|
||||
debug2("Compat cipher proposal: %s", fix_ciphers);
|
||||
if (!*fix_ciphers)
|
||||
fatal("No available ciphers found.");
|
||||
|
||||
return(fix_ciphers);
|
||||
}
|
||||
|
4
compat.h
4
compat.h
@ -21,7 +21,7 @@
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
/* RCSID("$OpenBSD: compat.h,v 1.18 2001/03/18 23:30:55 deraadt Exp $"); */
|
||||
/* RCSID("$OpenBSD: compat.h,v 1.19 2001/03/23 11:04:06 djm Exp $"); */
|
||||
|
||||
#ifndef COMPAT_H
|
||||
#define COMPAT_H
|
||||
@ -43,11 +43,13 @@
|
||||
#define SSH_BUG_PKOK 0x0200
|
||||
#define SSH_BUG_PASSWORDPAD 0x0400
|
||||
#define SSH_BUG_SCANNER 0x0800
|
||||
#define SSH_BUG_BIGENDIANAES 0x1000
|
||||
|
||||
void enable_compat13(void);
|
||||
void enable_compat20(void);
|
||||
void compat_datafellows(const char *s);
|
||||
int proto_spec(const char *spec);
|
||||
char *compat_cipher_proposal(char *cipher_prop);
|
||||
extern int compat13;
|
||||
extern int compat20;
|
||||
extern int datafellows;
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.54 2001/03/12 22:02:02 markus Exp $");
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.55 2001/03/23 11:04:07 djm Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/md5.h>
|
||||
@ -96,6 +96,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
|
||||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
||||
}
|
||||
|
||||
myproposal[PROPOSAL_ENC_ALGS_STOC] =
|
||||
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
|
||||
|
||||
/* buffers with raw kexinit messages */
|
||||
server_kexinit = xmalloc(sizeof(*server_kexinit));
|
||||
buffer_init(server_kexinit);
|
||||
|
5
sshd.c
5
sshd.c
@ -40,7 +40,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshd.c,v 1.176 2001/03/22 20:22:55 deraadt Exp $");
|
||||
RCSID("$OpenBSD: sshd.c,v 1.177 2001/03/23 11:04:07 djm Exp $");
|
||||
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/bn.h>
|
||||
@ -1450,6 +1450,9 @@ do_ssh2_kex(void)
|
||||
}
|
||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
|
||||
|
||||
myproposal[PROPOSAL_ENC_ALGS_STOC] =
|
||||
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
|
||||
|
||||
server_kexinit = kex_init(myproposal);
|
||||
client_kexinit = xmalloc(sizeof(*client_kexinit));
|
||||
buffer_init(client_kexinit);
|
||||
|
Loading…
Reference in New Issue
Block a user