tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2001/03/23 11:04:07 

[compat.c compat.h sshconnect2.c sshd.c]
     Compat for OpenSSH with broken Rijndael/AES. ok markus@
This commit is contained in:
Ben Lindstrom 2001-03-24 00:35:19 +00:00
parent b94f8b2bcb
commit c8530c7f5c
5 changed files with 50 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,5 +1,9 @@
20010324 20010324
- Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>. - Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>.
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2001/03/23 11:04:07
[compat.c compat.h sshconnect2.c sshd.c]
Compat for OpenSSH with broken Rijndael/AES. ok markus@
20010323 20010323
- OpenBSD CVS Sync - OpenBSD CVS Sync
@ -4691,4 +4695,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.1010 2001/03/24 00:20:56 mouring Exp $ $Id: ChangeLog,v 1.1011 2001/03/24 00:35:19 mouring Exp $

36
compat.c
View File

@ -23,7 +23,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: compat.c,v 1.39 2001/03/18 23:30:55 deraadt Exp $"); RCSID("$OpenBSD: compat.c,v 1.40 2001/03/23 11:04:06 djm Exp $");
#ifdef HAVE_LIBPCRE #ifdef HAVE_LIBPCRE
# include <pcreposix.h> # include <pcreposix.h>
@ -69,7 +69,9 @@ compat_datafellows(const char *version)
} check[] = { } check[] = {
{ "^OpenSSH[-_]2\\.[012]", { "^OpenSSH[-_]2\\.[012]",
SSH_OLD_SESSIONID|SSH_BUG_BANNER }, SSH_OLD_SESSIONID|SSH_BUG_BANNER },
{ "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER }, { "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES },
{ "^OpenSSH_2\\.5\\.[01]p1",
SSH_BUG_BIGENDIANAES },
{ "^OpenSSH", 0 }, { "^OpenSSH", 0 },
{ "MindTerm", 0 }, { "MindTerm", 0 },
{ "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
@ -149,3 +151,33 @@ proto_spec(const char *spec)
xfree(s); xfree(s);
return ret; return ret;
} }
char *
compat_cipher_proposal(char *cipher_prop)
{
char *orig_prop, *fix_ciphers;
char *cp, *tmp;
size_t len;
if (!(datafellows & SSH_BUG_BIGENDIANAES))
return(cipher_prop);
len = strlen(cipher_prop) + 1;
fix_ciphers = xmalloc(len);
*fix_ciphers = '\0';
tmp = orig_prop = xstrdup(cipher_prop);
while((cp = strsep(&tmp, ",")) != NULL) {
if (strncmp(cp, "aes", 3) && strncmp(cp, "rijndael", 8)) {
if (*fix_ciphers)
strlcat(fix_ciphers, ",", len);
strlcat(fix_ciphers, cp, len);
}
}
xfree(orig_prop);
debug2("Original cipher proposal: %s", cipher_prop);
debug2("Compat cipher proposal: %s", fix_ciphers);
if (!*fix_ciphers)
fatal("No available ciphers found.");
return(fix_ciphers);
}

4
compat.h
View File

@ -21,7 +21,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/ */
/* RCSID("$OpenBSD: compat.h,v 1.18 2001/03/18 23:30:55 deraadt Exp $"); */ /* RCSID("$OpenBSD: compat.h,v 1.19 2001/03/23 11:04:06 djm Exp $"); */
#ifndef COMPAT_H #ifndef COMPAT_H
#define COMPAT_H #define COMPAT_H
@ -43,11 +43,13 @@
#define SSH_BUG_PKOK 0x0200 #define SSH_BUG_PKOK 0x0200
#define SSH_BUG_PASSWORDPAD 0x0400 #define SSH_BUG_PASSWORDPAD 0x0400
#define SSH_BUG_SCANNER 0x0800 #define SSH_BUG_SCANNER 0x0800
#define SSH_BUG_BIGENDIANAES 0x1000
void enable_compat13(void); void enable_compat13(void);
void enable_compat20(void); void enable_compat20(void);
void compat_datafellows(const char *s); void compat_datafellows(const char *s);
int proto_spec(const char *spec); int proto_spec(const char *spec);
char *compat_cipher_proposal(char *cipher_prop);
extern int compat13; extern int compat13;
extern int compat20; extern int compat20;
extern int datafellows; extern int datafellows;

5
sshconnect2.c
View File

@ -23,7 +23,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: sshconnect2.c,v 1.54 2001/03/12 22:02:02 markus Exp $"); RCSID("$OpenBSD: sshconnect2.c,v 1.55 2001/03/23 11:04:07 djm Exp $");
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/md5.h> #include <openssl/md5.h>
@ -96,6 +96,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
} }
myproposal[PROPOSAL_ENC_ALGS_STOC] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
/* buffers with raw kexinit messages */ /* buffers with raw kexinit messages */
server_kexinit = xmalloc(sizeof(*server_kexinit)); server_kexinit = xmalloc(sizeof(*server_kexinit));
buffer_init(server_kexinit); buffer_init(server_kexinit);

5
sshd.c
View File

@ -40,7 +40,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: sshd.c,v 1.176 2001/03/22 20:22:55 deraadt Exp $"); RCSID("$OpenBSD: sshd.c,v 1.177 2001/03/23 11:04:07 djm Exp $");
#include <openssl/dh.h> #include <openssl/dh.h>
#include <openssl/bn.h> #include <openssl/bn.h>
@ -1450,6 +1450,9 @@ do_ssh2_kex(void)
} }
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
myproposal[PROPOSAL_ENC_ALGS_STOC] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
server_kexinit = kex_init(myproposal); server_kexinit = kex_init(myproposal);
client_kexinit = xmalloc(sizeof(*client_kexinit)); client_kexinit = xmalloc(sizeof(*client_kexinit));
buffer_init(client_kexinit); buffer_init(client_kexinit);