diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-04-13 02:04:08 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-04-13 14:37:20 +1000 |
| commit | 318be28cda1fd9108f2e6f2f86b0b7589ba2aed0 (patch) | |
| tree | 9651309f44099c3027441916c53622a58f34e1a5 /compat.c | |
| parent | d8f391caef62378463a0e6b36f940170dadfe605 (diff) | |
upstream commit
deprecate ancient, pre-RFC4419 and undocumented
SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems
reasonable" dtucker@
Diffstat (limited to 'compat.c')
| -rw-r--r-- | compat.c | 24 |
1 files changed, 15 insertions, 9 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: compat.c,v 1.89 2015/04/10 05:16:50 dtucker Exp $ */ | 1 | /* $OpenBSD: compat.c,v 1.90 2015/04/13 02:04:08 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -165,6 +165,7 @@ compat_datafellows(const char *version) | |||
| 165 | "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD }, | 165 | "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD }, |
| 166 | { "*SSH_Version_Mapper*", | 166 | { "*SSH_Version_Mapper*", |
| 167 | SSH_BUG_SCANNER }, | 167 | SSH_BUG_SCANNER }, |
| 168 | { "PuTTY*", SSH_OLD_DHGEX }, | ||
| 168 | { "Probe-*", | 169 | { "Probe-*", |
| 169 | SSH_BUG_PROBE }, | 170 | SSH_BUG_PROBE }, |
| 170 | { "TeraTerm SSH*," | 171 | { "TeraTerm SSH*," |
| @@ -284,15 +285,20 @@ compat_pkalg_proposal(char *pkalg_prop) | |||
| 284 | } | 285 | } |
| 285 | 286 | ||
| 286 | char * | 287 | char * |
| 287 | compat_kex_proposal(char *kex_prop) | 288 | compat_kex_proposal(char *p) |
| 288 | { | 289 | { |
| 289 | if (!(datafellows & SSH_BUG_CURVE25519PAD)) | 290 | if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) |
| 290 | return kex_prop; | 291 | return p; |
| 291 | debug2("%s: original KEX proposal: %s", __func__, kex_prop); | 292 | debug2("%s: original KEX proposal: %s", __func__, p); |
| 292 | kex_prop = filter_proposal(kex_prop, "curve25519-sha256@libssh.org"); | 293 | if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) |
| 293 | debug2("%s: compat KEX proposal: %s", __func__, kex_prop); | 294 | p = filter_proposal(p, "curve25519-sha256@libssh.org"); |
| 294 | if (*kex_prop == '\0') | 295 | if ((datafellows & SSH_OLD_DHGEX) != 0) { |
| 296 | p = filter_proposal(p, "diffie-hellman-group-exchange-sha256"); | ||
| 297 | p = filter_proposal(p, "diffie-hellman-group-exchange-sha1"); | ||
| 298 | } | ||
| 299 | debug2("%s: compat KEX proposal: %s", __func__, p); | ||
| 300 | if (*p == '\0') | ||
| 295 | fatal("No supported key exchange algorithms found"); | 301 | fatal("No supported key exchange algorithms found"); |
| 296 | return kex_prop; | 302 | return p; |
| 297 | } | 303 | } |
| 298 | 304 | ||