diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | compat.c | 10 | ||||
| -rw-r--r-- | compat.h | 3 | ||||
| -rw-r--r-- | kex.c | 8 |
4 files changed, 19 insertions, 7 deletions
| @@ -3,6 +3,9 @@ | |||
| 3 | - markus@cvs.openbsd.org 2001/04/30 11:18:52 | 3 | - markus@cvs.openbsd.org 2001/04/30 11:18:52 |
| 4 | [readconf.c readconf.h ssh.1 ssh.c sshconnect.c] | 4 | [readconf.c readconf.h ssh.1 ssh.c sshconnect.c] |
| 5 | implement 'ssh -b bind_address' like 'telnet -b' | 5 | implement 'ssh -b bind_address' like 'telnet -b' |
| 6 | - markus@cvs.openbsd.org 2001/04/30 15:50:46 | ||
| 7 | [compat.c compat.h kex.c] | ||
| 8 | allow interop with weaker key generation used by ssh-2.0.x, x < 10 | ||
| 6 | - (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1 | 9 | - (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1 |
| 7 | 10 | ||
| 8 | 20010430 | 11 | 20010430 |
| @@ -5289,4 +5292,4 @@ | |||
| 5289 | - Wrote replacements for strlcpy and mkdtemp | 5292 | - Wrote replacements for strlcpy and mkdtemp |
| 5290 | - Released 1.0pre1 | 5293 | - Released 1.0pre1 |
| 5291 | 5294 | ||
| 5292 | $Id: ChangeLog,v 1.1186 2001/04/30 18:00:11 tim Exp $ | 5295 | $Id: ChangeLog,v 1.1187 2001/04/30 23:06:57 mouring Exp $ |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: compat.c,v 1.48 2001/04/29 19:16:52 markus Exp $"); | 26 | RCSID("$OpenBSD: compat.c,v 1.49 2001/04/30 15:50:46 markus Exp $"); |
| 27 | 27 | ||
| 28 | #ifdef HAVE_LIBPCRE | 28 | #ifdef HAVE_LIBPCRE |
| 29 | # include <pcreposix.h> | 29 | # include <pcreposix.h> |
| @@ -94,11 +94,17 @@ compat_datafellows(const char *version) | |||
| 94 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | 94 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
| 95 | SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| | 95 | SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| |
| 96 | SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE }, | 96 | SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE }, |
| 97 | { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 97 | { "^2\\.0\\.1[0-2]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
| 98 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | 98 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
| 99 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | 99 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
| 100 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| | 100 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| |
| 101 | SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE }, | 101 | SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE }, |
| 102 | { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | ||
| 103 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | ||
| 104 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | ||
| 105 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| | ||
| 106 | SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| | ||
| 107 | SSH_BUG_DERIVEKEY }, | ||
| 102 | { "^2\\.[23]\\.0", SSH_BUG_HMAC|SSH_BUG_RSASIGMD5 }, | 108 | { "^2\\.[23]\\.0", SSH_BUG_HMAC|SSH_BUG_RSASIGMD5 }, |
| 103 | { "^2\\.3\\.", SSH_BUG_RSASIGMD5 }, | 109 | { "^2\\.3\\.", SSH_BUG_RSASIGMD5 }, |
| 104 | { "^2\\.[2-9]\\.", 0 }, | 110 | { "^2\\.[2-9]\\.", 0 }, |
| @@ -21,7 +21,7 @@ | |||
| 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 23 | */ | 23 | */ |
| 24 | /* RCSID("$OpenBSD: compat.h,v 1.24 2001/04/29 19:16:52 markus Exp $"); */ | 24 | /* RCSID("$OpenBSD: compat.h,v 1.25 2001/04/30 15:50:46 markus Exp $"); */ |
| 25 | 25 | ||
| 26 | #ifndef COMPAT_H | 26 | #ifndef COMPAT_H |
| 27 | #define COMPAT_H | 27 | #define COMPAT_H |
| @@ -49,6 +49,7 @@ | |||
| 49 | #define SSH_BUG_NOREKEY 0x00008000 | 49 | #define SSH_BUG_NOREKEY 0x00008000 |
| 50 | #define SSH_BUG_HBSERVICE 0x00010000 | 50 | #define SSH_BUG_HBSERVICE 0x00010000 |
| 51 | #define SSH_BUG_OPENFAILURE 0x00020000 | 51 | #define SSH_BUG_OPENFAILURE 0x00020000 |
| 52 | #define SSH_BUG_DERIVEKEY 0x00040000 | ||
| 52 | 53 | ||
| 53 | void enable_compat13(void); | 54 | void enable_compat13(void); |
| 54 | void enable_compat20(void); | 55 | void enable_compat20(void); |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: kex.c,v 1.33 2001/04/05 10:42:50 markus Exp $"); | 26 | RCSID("$OpenBSD: kex.c,v 1.34 2001/04/30 15:50:46 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/crypto.h> | 28 | #include <openssl/crypto.h> |
| 29 | 29 | ||
| @@ -375,7 +375,8 @@ derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret) | |||
| 375 | 375 | ||
| 376 | /* K1 = HASH(K || H || "A" || session_id) */ | 376 | /* K1 = HASH(K || H || "A" || session_id) */ |
| 377 | EVP_DigestInit(&md, evp_md); | 377 | EVP_DigestInit(&md, evp_md); |
| 378 | EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); | 378 | if (!(datafellows & SSH_BUG_DERIVEKEY)) |
| 379 | EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); | ||
| 379 | EVP_DigestUpdate(&md, hash, mdsz); | 380 | EVP_DigestUpdate(&md, hash, mdsz); |
| 380 | EVP_DigestUpdate(&md, &c, 1); | 381 | EVP_DigestUpdate(&md, &c, 1); |
| 381 | EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len); | 382 | EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len); |
| @@ -388,7 +389,8 @@ derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret) | |||
| 388 | */ | 389 | */ |
| 389 | for (have = mdsz; need > have; have += mdsz) { | 390 | for (have = mdsz; need > have; have += mdsz) { |
| 390 | EVP_DigestInit(&md, evp_md); | 391 | EVP_DigestInit(&md, evp_md); |
| 391 | EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); | 392 | if (!(datafellows & SSH_BUG_DERIVEKEY)) |
| 393 | EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); | ||
| 392 | EVP_DigestUpdate(&md, hash, mdsz); | 394 | EVP_DigestUpdate(&md, hash, mdsz); |
| 393 | EVP_DigestUpdate(&md, digest, have); | 395 | EVP_DigestUpdate(&md, digest, have); |
| 394 | EVP_DigestFinal(&md, digest + have, NULL); | 396 | EVP_DigestFinal(&md, digest + have, NULL); |