- djm@cvs.openbsd.org 2014/01/09 23:26:48

[sshconnect.c sshd.c] ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient, deranged and might make some attacks on KEX easier; ok markus@
author: Damien Miller <djm@mindrot.org> 2014-01-10 10:59:24 +1100
committer: Damien Miller <djm@mindrot.org> 2014-01-10 10:59:24 +1100
commit: 58cd63bc63038acddfb4051ed14e11179d8f4941 (patch)
tree: eb65dbe7f28e207756131ad75ec746310ff5eaa2
parent: b3051d01e505c9c2dc00faab472a0d06fa6b0e65 (diff)
3 files changed, 15 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index a1d37bc25..be7d868bf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,10 @@
     rather than calling OpenSSL EVP_Digest* directly. Will make it easier
     to build a reduced-feature OpenSSH without OpenSSL in future;
     feedback, ok markus@
+   - djm@cvs.openbsd.org 2014/01/09 23:26:48
+     [sshconnect.c sshd.c]
+     ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
+     deranged and might make some attacks on KEX easier; ok markus@
 20140108
 - (djm) [regress/.cvsignore] Ignore regress test droppings; ok dtucker@
diff --git a/sshconnect.c b/sshconnect.c
index 791b31c12..d21781ea4 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.243 2013/12/30 23:52:27 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.244 2014/01/09 23:26:48 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -662,6 +662,9 @@ ssh_exchange_identification(int timeout_ms)
                fatal("Protocol major versions differ: %d vs. %d",
                    (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
                    remote_major);
+        if ((datafellows & SSH_BUG_DERIVEKEY) != 0)
+                fatal("Server version \"%.100s\" uses unsafe key agreement; "
+                    "refusing connection", remote_version);
        if ((datafellows & SSH_BUG_RSASIGMD5) != 0)
                logit("Server version \"%.100s\" uses unsafe RSA signature "
                    "scheme; disabling use of RSA keys", remote_version);
diff --git a/sshd.c b/sshd.c
index 87795bea5..60b416e30 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.413 2013/12/30 23:52:28 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.414 2014/01/09 23:26:48 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -502,9 +502,14 @@ sshd_exchange_identification(int sock_in, int sock_out)
                    get_remote_ipaddr(), client_version_string);
                cleanup_exit(255);
        }
-        if ((datafellows & SSH_BUG_RSASIGMD5) != 0)
+        if ((datafellows & SSH_BUG_RSASIGMD5) != 0) {
                logit("Client version \"%.100s\" uses unsafe RSA signature "
                    "scheme; disabling use of RSA keys", remote_version);
+        }
+        if ((datafellows & SSH_BUG_DERIVEKEY) != 0) {
+                fatal("Client version \"%.100s\" uses unsafe key agreement; "
+                    "refusing connection", remote_version);
+        }
        mismatch = 0;
        switch (remote_major) {
author	Damien Miller <djm@mindrot.org>	2014-01-10 10:59:24 +1100
committer	Damien Miller <djm@mindrot.org>	2014-01-10 10:59:24 +1100
commit	58cd63bc63038acddfb4051ed14e11179d8f4941 (patch)
tree	eb65dbe7f28e207756131ad75ec746310ff5eaa2
parent	b3051d01e505c9c2dc00faab472a0d06fa6b0e65 (diff)