diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-24 00:35:19 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-24 00:35:19 +0000 |
commit | c8530c7f5c6775443a1c4818f5edb8a74e59c0e6 (patch) | |
tree | 3ce46d0fc1f607164822bff616b0890a4b3758c8 | |
parent | b94f8b2bcb41e3ecb345bcbd710ff8725f5f0e1e (diff) |
- djm@cvs.openbsd.org 2001/03/23 11:04:07
[compat.c compat.h sshconnect2.c sshd.c]
Compat for OpenSSH with broken Rijndael/AES. ok markus@
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | compat.c | 36 | ||||
-rw-r--r-- | compat.h | 4 | ||||
-rw-r--r-- | sshconnect2.c | 5 | ||||
-rw-r--r-- | sshd.c | 5 |
5 files changed, 50 insertions, 6 deletions
@@ -1,5 +1,9 @@ | |||
1 | 20010324 | 1 | 20010324 |
2 | - Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>. | 2 | - Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>. |
3 | - OpenBSD CVS Sync | ||
4 | - djm@cvs.openbsd.org 2001/03/23 11:04:07 | ||
5 | [compat.c compat.h sshconnect2.c sshd.c] | ||
6 | Compat for OpenSSH with broken Rijndael/AES. ok markus@ | ||
3 | 7 | ||
4 | 20010323 | 8 | 20010323 |
5 | - OpenBSD CVS Sync | 9 | - OpenBSD CVS Sync |
@@ -4691,4 +4695,4 @@ | |||
4691 | - Wrote replacements for strlcpy and mkdtemp | 4695 | - Wrote replacements for strlcpy and mkdtemp |
4692 | - Released 1.0pre1 | 4696 | - Released 1.0pre1 |
4693 | 4697 | ||
4694 | $Id: ChangeLog,v 1.1010 2001/03/24 00:20:56 mouring Exp $ | 4698 | $Id: ChangeLog,v 1.1011 2001/03/24 00:35:19 mouring Exp $ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: compat.c,v 1.39 2001/03/18 23:30:55 deraadt Exp $"); | 26 | RCSID("$OpenBSD: compat.c,v 1.40 2001/03/23 11:04:06 djm Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_LIBPCRE | 28 | #ifdef HAVE_LIBPCRE |
29 | # include <pcreposix.h> | 29 | # include <pcreposix.h> |
@@ -69,7 +69,9 @@ compat_datafellows(const char *version) | |||
69 | } check[] = { | 69 | } check[] = { |
70 | { "^OpenSSH[-_]2\\.[012]", | 70 | { "^OpenSSH[-_]2\\.[012]", |
71 | SSH_OLD_SESSIONID|SSH_BUG_BANNER }, | 71 | SSH_OLD_SESSIONID|SSH_BUG_BANNER }, |
72 | { "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER }, | 72 | { "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES }, |
73 | { "^OpenSSH_2\\.5\\.[01]p1", | ||
74 | SSH_BUG_BIGENDIANAES }, | ||
73 | { "^OpenSSH", 0 }, | 75 | { "^OpenSSH", 0 }, |
74 | { "MindTerm", 0 }, | 76 | { "MindTerm", 0 }, |
75 | { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 77 | { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
@@ -149,3 +151,33 @@ proto_spec(const char *spec) | |||
149 | xfree(s); | 151 | xfree(s); |
150 | return ret; | 152 | return ret; |
151 | } | 153 | } |
154 | |||
155 | char * | ||
156 | compat_cipher_proposal(char *cipher_prop) | ||
157 | { | ||
158 | char *orig_prop, *fix_ciphers; | ||
159 | char *cp, *tmp; | ||
160 | size_t len; | ||
161 | |||
162 | if (!(datafellows & SSH_BUG_BIGENDIANAES)) | ||
163 | return(cipher_prop); | ||
164 | |||
165 | len = strlen(cipher_prop) + 1; | ||
166 | fix_ciphers = xmalloc(len); | ||
167 | *fix_ciphers = '\0'; | ||
168 | tmp = orig_prop = xstrdup(cipher_prop); | ||
169 | while((cp = strsep(&tmp, ",")) != NULL) { | ||
170 | if (strncmp(cp, "aes", 3) && strncmp(cp, "rijndael", 8)) { | ||
171 | if (*fix_ciphers) | ||
172 | strlcat(fix_ciphers, ",", len); | ||
173 | strlcat(fix_ciphers, cp, len); | ||
174 | } | ||
175 | } | ||
176 | xfree(orig_prop); | ||
177 | debug2("Original cipher proposal: %s", cipher_prop); | ||
178 | debug2("Compat cipher proposal: %s", fix_ciphers); | ||
179 | if (!*fix_ciphers) | ||
180 | fatal("No available ciphers found."); | ||
181 | |||
182 | return(fix_ciphers); | ||
183 | } | ||
@@ -21,7 +21,7 @@ | |||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | /* RCSID("$OpenBSD: compat.h,v 1.18 2001/03/18 23:30:55 deraadt Exp $"); */ | 24 | /* RCSID("$OpenBSD: compat.h,v 1.19 2001/03/23 11:04:06 djm Exp $"); */ |
25 | 25 | ||
26 | #ifndef COMPAT_H | 26 | #ifndef COMPAT_H |
27 | #define COMPAT_H | 27 | #define COMPAT_H |
@@ -43,11 +43,13 @@ | |||
43 | #define SSH_BUG_PKOK 0x0200 | 43 | #define SSH_BUG_PKOK 0x0200 |
44 | #define SSH_BUG_PASSWORDPAD 0x0400 | 44 | #define SSH_BUG_PASSWORDPAD 0x0400 |
45 | #define SSH_BUG_SCANNER 0x0800 | 45 | #define SSH_BUG_SCANNER 0x0800 |
46 | #define SSH_BUG_BIGENDIANAES 0x1000 | ||
46 | 47 | ||
47 | void enable_compat13(void); | 48 | void enable_compat13(void); |
48 | void enable_compat20(void); | 49 | void enable_compat20(void); |
49 | void compat_datafellows(const char *s); | 50 | void compat_datafellows(const char *s); |
50 | int proto_spec(const char *spec); | 51 | int proto_spec(const char *spec); |
52 | char *compat_cipher_proposal(char *cipher_prop); | ||
51 | extern int compat13; | 53 | extern int compat13; |
52 | extern int compat20; | 54 | extern int compat20; |
53 | extern int datafellows; | 55 | extern int datafellows; |
diff --git a/sshconnect2.c b/sshconnect2.c index 046d746a4..86f3bb9b2 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.54 2001/03/12 22:02:02 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.55 2001/03/23 11:04:07 djm Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/md5.h> | 29 | #include <openssl/md5.h> |
@@ -96,6 +96,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) | |||
96 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; | 96 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; |
97 | } | 97 | } |
98 | 98 | ||
99 | myproposal[PROPOSAL_ENC_ALGS_STOC] = | ||
100 | compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); | ||
101 | |||
99 | /* buffers with raw kexinit messages */ | 102 | /* buffers with raw kexinit messages */ |
100 | server_kexinit = xmalloc(sizeof(*server_kexinit)); | 103 | server_kexinit = xmalloc(sizeof(*server_kexinit)); |
101 | buffer_init(server_kexinit); | 104 | buffer_init(server_kexinit); |
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: sshd.c,v 1.176 2001/03/22 20:22:55 deraadt Exp $"); | 43 | RCSID("$OpenBSD: sshd.c,v 1.177 2001/03/23 11:04:07 djm Exp $"); |
44 | 44 | ||
45 | #include <openssl/dh.h> | 45 | #include <openssl/dh.h> |
46 | #include <openssl/bn.h> | 46 | #include <openssl/bn.h> |
@@ -1450,6 +1450,9 @@ do_ssh2_kex(void) | |||
1450 | } | 1450 | } |
1451 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); | 1451 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); |
1452 | 1452 | ||
1453 | myproposal[PROPOSAL_ENC_ALGS_STOC] = | ||
1454 | compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); | ||
1455 | |||
1453 | server_kexinit = kex_init(myproposal); | 1456 | server_kexinit = kex_init(myproposal); |
1454 | client_kexinit = xmalloc(sizeof(*client_kexinit)); | 1457 | client_kexinit = xmalloc(sizeof(*client_kexinit)); |
1455 | buffer_init(client_kexinit); | 1458 | buffer_init(client_kexinit); |