diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-29 00:32:56 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-29 00:32:56 +0000 |
commit | 60a4381f1a6ebc2f8eeeb2ba4e005ede91ac9af3 (patch) | |
tree | a58d24db658ee1036fc09a1363c27b1d2df386e3 | |
parent | 425fb02f20671c332af7b718d1c0e797ad0699eb (diff) |
- markus@cvs.openbsd.org 2001/03/27 10:57:00
[compat.c compat.h ssh-rsa.c]
some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
signatures in SSH protocol 2, ok djm@
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | compat.c | 16 | ||||
-rw-r--r-- | compat.h | 3 | ||||
-rw-r--r-- | ssh-rsa.c | 7 |
4 files changed, 21 insertions, 11 deletions
@@ -12,6 +12,10 @@ | |||
12 | - markus@cvs.openbsd.org 2001/03/27 10:34:08 | 12 | - markus@cvs.openbsd.org 2001/03/27 10:34:08 |
13 | [ssh-rsa.c sshd.c] | 13 | [ssh-rsa.c sshd.c] |
14 | use EVP_get_digestbynid, reorder some calls and fix missing free. | 14 | use EVP_get_digestbynid, reorder some calls and fix missing free. |
15 | - markus@cvs.openbsd.org 2001/03/27 10:57:00 | ||
16 | [compat.c compat.h ssh-rsa.c] | ||
17 | some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5 | ||
18 | signatures in SSH protocol 2, ok djm@ | ||
15 | 19 | ||
16 | 20010328 | 20 | 20010328 |
17 | - (djm) Reorder tests and library inclusion for Krb4/AFS to try to | 21 | - (djm) Reorder tests and library inclusion for Krb4/AFS to try to |
@@ -4750,4 +4754,4 @@ | |||
4750 | - Wrote replacements for strlcpy and mkdtemp | 4754 | - Wrote replacements for strlcpy and mkdtemp |
4751 | - Released 1.0pre1 | 4755 | - Released 1.0pre1 |
4752 | 4756 | ||
4753 | $Id: ChangeLog,v 1.1029 2001/03/29 00:31:20 mouring Exp $ | 4757 | $Id: ChangeLog,v 1.1030 2001/03/29 00:32:56 mouring Exp $ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: compat.c,v 1.40 2001/03/23 11:04:06 djm Exp $"); | 26 | RCSID("$OpenBSD: compat.c,v 1.41 2001/03/27 10:57:00 markus Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_LIBPCRE | 28 | #ifdef HAVE_LIBPCRE |
29 | # include <pcreposix.h> | 29 | # include <pcreposix.h> |
@@ -75,18 +75,22 @@ compat_datafellows(const char *version) | |||
75 | { "^OpenSSH", 0 }, | 75 | { "^OpenSSH", 0 }, |
76 | { "MindTerm", 0 }, | 76 | { "MindTerm", 0 }, |
77 | { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 77 | { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
78 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG }, | 78 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
79 | SSH_BUG_RSASIGMD5 }, | ||
79 | { "^2\\.1 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 80 | { "^2\\.1 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
80 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG }, | 81 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
82 | SSH_BUG_RSASIGMD5 }, | ||
81 | { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 83 | { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
82 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | 84 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
83 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | 85 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
84 | SSH_BUG_PKOK }, | 86 | SSH_BUG_PKOK|SSH_BUG_RSASIGMD5 }, |
85 | { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 87 | { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
86 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | 88 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
87 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | 89 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
88 | SSH_BUG_PKAUTH|SSH_BUG_PKOK }, | 90 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| |
89 | { "^2\\.[23]\\.0", SSH_BUG_HMAC }, | 91 | SSH_BUG_RSASIGMD5 }, |
92 | { "^2\\.[23]\\.0", SSH_BUG_HMAC|SSH_BUG_RSASIGMD5 }, | ||
93 | { "^2\\.3\\.", SSH_BUG_RSASIGMD5 }, | ||
90 | { "^2\\.[2-9]\\.", 0 }, | 94 | { "^2\\.[2-9]\\.", 0 }, |
91 | { "^2\\.4$", SSH_OLD_SESSIONID }, /* Van Dyke */ | 95 | { "^2\\.4$", SSH_OLD_SESSIONID }, /* Van Dyke */ |
92 | { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID }, | 96 | { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID }, |
@@ -21,7 +21,7 @@ | |||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | /* RCSID("$OpenBSD: compat.h,v 1.19 2001/03/23 11:04:06 djm Exp $"); */ | 24 | /* RCSID("$OpenBSD: compat.h,v 1.20 2001/03/27 10:57:00 markus Exp $"); */ |
25 | 25 | ||
26 | #ifndef COMPAT_H | 26 | #ifndef COMPAT_H |
27 | #define COMPAT_H | 27 | #define COMPAT_H |
@@ -44,6 +44,7 @@ | |||
44 | #define SSH_BUG_PASSWORDPAD 0x0400 | 44 | #define SSH_BUG_PASSWORDPAD 0x0400 |
45 | #define SSH_BUG_SCANNER 0x0800 | 45 | #define SSH_BUG_SCANNER 0x0800 |
46 | #define SSH_BUG_BIGENDIANAES 0x1000 | 46 | #define SSH_BUG_BIGENDIANAES 0x1000 |
47 | #define SSH_BUG_RSASIGMD5 0x2000 | ||
47 | 48 | ||
48 | void enable_compat13(void); | 49 | void enable_compat13(void); |
49 | void enable_compat20(void); | 50 | void enable_compat20(void); |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.7 2001/03/27 10:34:08 markus Exp $"); | 26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.8 2001/03/27 10:57:00 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
29 | #include <openssl/err.h> | 29 | #include <openssl/err.h> |
@@ -34,6 +34,7 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.7 2001/03/27 10:34:08 markus Exp $"); | |||
34 | #include "bufaux.h" | 34 | #include "bufaux.h" |
35 | #include "key.h" | 35 | #include "key.h" |
36 | #include "ssh-rsa.h" | 36 | #include "ssh-rsa.h" |
37 | #include "compat.h" | ||
37 | 38 | ||
38 | /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ | 39 | /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ |
39 | int | 40 | int |
@@ -53,7 +54,7 @@ ssh_rsa_sign( | |||
53 | error("ssh_rsa_sign: no RSA key"); | 54 | error("ssh_rsa_sign: no RSA key"); |
54 | return -1; | 55 | return -1; |
55 | } | 56 | } |
56 | nid = NID_sha1; | 57 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
57 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { | 58 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
58 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); | 59 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); |
59 | return -1; | 60 | return -1; |
@@ -147,7 +148,7 @@ ssh_rsa_verify( | |||
147 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); | 148 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); |
148 | return -1; | 149 | return -1; |
149 | } | 150 | } |
150 | nid = NID_sha1; | 151 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
151 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { | 152 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
152 | xfree(sigblob); | 153 | xfree(sigblob); |
153 | error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); | 154 | error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); |