diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | compat.c | 16 | ||||
| -rw-r--r-- | compat.h | 3 | ||||
| -rw-r--r-- | ssh-rsa.c | 7 |
4 files changed, 21 insertions, 11 deletions
| @@ -12,6 +12,10 @@ | |||
| 12 | - markus@cvs.openbsd.org 2001/03/27 10:34:08 | 12 | - markus@cvs.openbsd.org 2001/03/27 10:34:08 |
| 13 | [ssh-rsa.c sshd.c] | 13 | [ssh-rsa.c sshd.c] |
| 14 | use EVP_get_digestbynid, reorder some calls and fix missing free. | 14 | use EVP_get_digestbynid, reorder some calls and fix missing free. |
| 15 | - markus@cvs.openbsd.org 2001/03/27 10:57:00 | ||
| 16 | [compat.c compat.h ssh-rsa.c] | ||
| 17 | some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5 | ||
| 18 | signatures in SSH protocol 2, ok djm@ | ||
| 15 | 19 | ||
| 16 | 20010328 | 20 | 20010328 |
| 17 | - (djm) Reorder tests and library inclusion for Krb4/AFS to try to | 21 | - (djm) Reorder tests and library inclusion for Krb4/AFS to try to |
| @@ -4750,4 +4754,4 @@ | |||
| 4750 | - Wrote replacements for strlcpy and mkdtemp | 4754 | - Wrote replacements for strlcpy and mkdtemp |
| 4751 | - Released 1.0pre1 | 4755 | - Released 1.0pre1 |
| 4752 | 4756 | ||
| 4753 | $Id: ChangeLog,v 1.1029 2001/03/29 00:31:20 mouring Exp $ | 4757 | $Id: ChangeLog,v 1.1030 2001/03/29 00:32:56 mouring Exp $ |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: compat.c,v 1.40 2001/03/23 11:04:06 djm Exp $"); | 26 | RCSID("$OpenBSD: compat.c,v 1.41 2001/03/27 10:57:00 markus Exp $"); |
| 27 | 27 | ||
| 28 | #ifdef HAVE_LIBPCRE | 28 | #ifdef HAVE_LIBPCRE |
| 29 | # include <pcreposix.h> | 29 | # include <pcreposix.h> |
| @@ -75,18 +75,22 @@ compat_datafellows(const char *version) | |||
| 75 | { "^OpenSSH", 0 }, | 75 | { "^OpenSSH", 0 }, |
| 76 | { "MindTerm", 0 }, | 76 | { "MindTerm", 0 }, |
| 77 | { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 77 | { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
| 78 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG }, | 78 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
| 79 | SSH_BUG_RSASIGMD5 }, | ||
| 79 | { "^2\\.1 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 80 | { "^2\\.1 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
| 80 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG }, | 81 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
| 82 | SSH_BUG_RSASIGMD5 }, | ||
| 81 | { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 83 | { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
| 82 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | 84 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
| 83 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | 85 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
| 84 | SSH_BUG_PKOK }, | 86 | SSH_BUG_PKOK|SSH_BUG_RSASIGMD5 }, |
| 85 | { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 87 | { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
| 86 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| | 88 | SSH_OLD_SESSIONID|SSH_BUG_DEBUG| |
| 87 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| | 89 | SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| |
| 88 | SSH_BUG_PKAUTH|SSH_BUG_PKOK }, | 90 | SSH_BUG_PKAUTH|SSH_BUG_PKOK| |
| 89 | { "^2\\.[23]\\.0", SSH_BUG_HMAC }, | 91 | SSH_BUG_RSASIGMD5 }, |
| 92 | { "^2\\.[23]\\.0", SSH_BUG_HMAC|SSH_BUG_RSASIGMD5 }, | ||
| 93 | { "^2\\.3\\.", SSH_BUG_RSASIGMD5 }, | ||
| 90 | { "^2\\.[2-9]\\.", 0 }, | 94 | { "^2\\.[2-9]\\.", 0 }, |
| 91 | { "^2\\.4$", SSH_OLD_SESSIONID }, /* Van Dyke */ | 95 | { "^2\\.4$", SSH_OLD_SESSIONID }, /* Van Dyke */ |
| 92 | { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID }, | 96 | { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID }, |
| @@ -21,7 +21,7 @@ | |||
| 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 23 | */ | 23 | */ |
| 24 | /* RCSID("$OpenBSD: compat.h,v 1.19 2001/03/23 11:04:06 djm Exp $"); */ | 24 | /* RCSID("$OpenBSD: compat.h,v 1.20 2001/03/27 10:57:00 markus Exp $"); */ |
| 25 | 25 | ||
| 26 | #ifndef COMPAT_H | 26 | #ifndef COMPAT_H |
| 27 | #define COMPAT_H | 27 | #define COMPAT_H |
| @@ -44,6 +44,7 @@ | |||
| 44 | #define SSH_BUG_PASSWORDPAD 0x0400 | 44 | #define SSH_BUG_PASSWORDPAD 0x0400 |
| 45 | #define SSH_BUG_SCANNER 0x0800 | 45 | #define SSH_BUG_SCANNER 0x0800 |
| 46 | #define SSH_BUG_BIGENDIANAES 0x1000 | 46 | #define SSH_BUG_BIGENDIANAES 0x1000 |
| 47 | #define SSH_BUG_RSASIGMD5 0x2000 | ||
| 47 | 48 | ||
| 48 | void enable_compat13(void); | 49 | void enable_compat13(void); |
| 49 | void enable_compat20(void); | 50 | void enable_compat20(void); |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.7 2001/03/27 10:34:08 markus Exp $"); | 26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.8 2001/03/27 10:57:00 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
| 29 | #include <openssl/err.h> | 29 | #include <openssl/err.h> |
| @@ -34,6 +34,7 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.7 2001/03/27 10:34:08 markus Exp $"); | |||
| 34 | #include "bufaux.h" | 34 | #include "bufaux.h" |
| 35 | #include "key.h" | 35 | #include "key.h" |
| 36 | #include "ssh-rsa.h" | 36 | #include "ssh-rsa.h" |
| 37 | #include "compat.h" | ||
| 37 | 38 | ||
| 38 | /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ | 39 | /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ |
| 39 | int | 40 | int |
| @@ -53,7 +54,7 @@ ssh_rsa_sign( | |||
| 53 | error("ssh_rsa_sign: no RSA key"); | 54 | error("ssh_rsa_sign: no RSA key"); |
| 54 | return -1; | 55 | return -1; |
| 55 | } | 56 | } |
| 56 | nid = NID_sha1; | 57 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
| 57 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { | 58 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
| 58 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); | 59 | error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); |
| 59 | return -1; | 60 | return -1; |
| @@ -147,7 +148,7 @@ ssh_rsa_verify( | |||
| 147 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); | 148 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); |
| 148 | return -1; | 149 | return -1; |
| 149 | } | 150 | } |
| 150 | nid = NID_sha1; | 151 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
| 151 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { | 152 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
| 152 | xfree(sigblob); | 153 | xfree(sigblob); |
| 153 | error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); | 154 | error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); |