- djm@cvs.openbsd.org 2001/03/23 11:04:07

[compat.c compat.h sshconnect2.c sshd.c] Compat for OpenSSH with broken Rijndael/AES. ok markus@
author: Ben Lindstrom <mouring@eviladmin.org> 2001-03-24 00:35:19 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2001-03-24 00:35:19 +0000
commit: c8530c7f5c6775443a1c4818f5edb8a74e59c0e6 (patch)
tree: 3ce46d0fc1f607164822bff616b0890a4b3758c8 /compat.c
parent: b94f8b2bcb41e3ecb345bcbd710ff8725f5f0e1e (diff)
1 files changed, 34 insertions, 2 deletions
diff --git a/compat.c b/compat.c
index 4fb2b441a..705121c3a 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.39 2001/03/18 23:30:55 deraadt Exp $");
+RCSID("$OpenBSD: compat.c,v 1.40 2001/03/23 11:04:06 djm Exp $");
 #ifdef HAVE_LIBPCRE
 #  include <pcreposix.h>
@@ -69,7 +69,9 @@ compat_datafellows(const char *version)
        } check[] = {
                { "^OpenSSH[-_]2\\.[012]",
                                        SSH_OLD_SESSIONID|SSH_BUG_BANNER },
-                { "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER },
+                { "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES },
+                { "^OpenSSH_2\\.5\\.[01]p1",
+                                        SSH_BUG_BIGENDIANAES },
                { "^OpenSSH",           0 },
                { "MindTerm",           0 },
                { "^2\\.1\\.0",         SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
@@ -149,3 +151,33 @@ proto_spec(const char *spec)
        xfree(s);
        return ret;
 }
+char *
+compat_cipher_proposal(char *cipher_prop)
+{
+        char *orig_prop, *fix_ciphers;
+        char *cp, *tmp;
+        size_t len;
+        if (!(datafellows & SSH_BUG_BIGENDIANAES))
+                return(cipher_prop);
+        len = strlen(cipher_prop) + 1;
+        fix_ciphers = xmalloc(len);
+        *fix_ciphers = '\0';
+        tmp = orig_prop = xstrdup(cipher_prop);
+        while((cp = strsep(&tmp, ",")) != NULL) {
+                if (strncmp(cp, "aes", 3) && strncmp(cp, "rijndael", 8)) {
+                        if (*fix_ciphers)
+                                strlcat(fix_ciphers, ",", len);
+                        strlcat(fix_ciphers, cp, len);
+                }
+        }
+        xfree(orig_prop);
+        debug2("Original cipher proposal: %s", cipher_prop);
+        debug2("Compat cipher proposal: %s", fix_ciphers);
+        if (!*fix_ciphers)
+                fatal("No available ciphers found.");
+        return(fix_ciphers);
+}
author	Ben Lindstrom <mouring@eviladmin.org>	2001-03-24 00:35:19 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2001-03-24 00:35:19 +0000
commit	c8530c7f5c6775443a1c4818f5edb8a74e59c0e6 (patch)
tree	3ce46d0fc1f607164822bff616b0890a4b3758c8 /compat.c
parent	b94f8b2bcb41e3ecb345bcbd710ff8725f5f0e1e (diff)

diff --git a/compat.c b/compat.c index 4fb2b441a..705121c3a 100644 --- a/compat.c +++ b/compat.c
@@ -23,7 +23,7 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: compat.c,v 1.39 2001/03/18 23:30:55 deraadt Exp $");	26	RCSID("$OpenBSD: compat.c,v 1.40 2001/03/23 11:04:06 djm Exp $");
27		27
28	#ifdef HAVE_LIBPCRE	28	#ifdef HAVE_LIBPCRE
29	# include <pcreposix.h>	29	# include <pcreposix.h>
@@ -69,7 +69,9 @@ compat_datafellows(const char *version)
69	} check[] = {	69	} check[] = {
70	{ "^OpenSSH[-_]2\\.[012]",	70	{ "^OpenSSH[-_]2\\.[012]",
71	SSH_OLD_SESSIONID\|SSH_BUG_BANNER },	71	SSH_OLD_SESSIONID\|SSH_BUG_BANNER },
72	{ "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER },	72	{ "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER\|SSH_BUG_BIGENDIANAES },
		73	{ "^OpenSSH_2\\.5\\.[01]p1",
		74	SSH_BUG_BIGENDIANAES },
73	{ "^OpenSSH", 0 },	75	{ "^OpenSSH", 0 },
74	{ "MindTerm", 0 },	76	{ "MindTerm", 0 },
75	{ "^2\\.1\\.0", SSH_BUG_SIGBLOB\|SSH_BUG_HMAC\|	77	{ "^2\\.1\\.0", SSH_BUG_SIGBLOB\|SSH_BUG_HMAC\|
@@ -149,3 +151,33 @@ proto_spec(const char *spec)
149	xfree(s);	151	xfree(s);
150	return ret;	152	return ret;
151	}	153	}
		154
		155	char *
		156	compat_cipher_proposal(char *cipher_prop)
		157	{
		158	char orig_prop, fix_ciphers;
		159	char cp, tmp;
		160	size_t len;
		161
		162	if (!(datafellows & SSH_BUG_BIGENDIANAES))
		163	return(cipher_prop);
		164
		165	len = strlen(cipher_prop) + 1;
		166	fix_ciphers = xmalloc(len);
		167	*fix_ciphers = '\0';
		168	tmp = orig_prop = xstrdup(cipher_prop);
		169	while((cp = strsep(&tmp, ",")) != NULL) {
		170	if (strncmp(cp, "aes", 3) && strncmp(cp, "rijndael", 8)) {
		171	if (*fix_ciphers)
		172	strlcat(fix_ciphers, ",", len);
		173	strlcat(fix_ciphers, cp, len);
		174	}
		175	}
		176	xfree(orig_prop);
		177	debug2("Original cipher proposal: %s", cipher_prop);
		178	debug2("Compat cipher proposal: %s", fix_ciphers);
		179	if (!*fix_ciphers)
		180	fatal("No available ciphers found.");
		181
		182	return(fix_ciphers);
		183	}