diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | compat.c | 36 | ||||
| -rw-r--r-- | compat.h | 4 | ||||
| -rw-r--r-- | sshconnect2.c | 5 | ||||
| -rw-r--r-- | sshd.c | 5 |
5 files changed, 50 insertions, 6 deletions
| @@ -1,5 +1,9 @@ | |||
| 1 | 20010324 | 1 | 20010324 |
| 2 | - Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>. | 2 | - Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>. |
| 3 | - OpenBSD CVS Sync | ||
| 4 | - djm@cvs.openbsd.org 2001/03/23 11:04:07 | ||
| 5 | [compat.c compat.h sshconnect2.c sshd.c] | ||
| 6 | Compat for OpenSSH with broken Rijndael/AES. ok markus@ | ||
| 3 | 7 | ||
| 4 | 20010323 | 8 | 20010323 |
| 5 | - OpenBSD CVS Sync | 9 | - OpenBSD CVS Sync |
| @@ -4691,4 +4695,4 @@ | |||
| 4691 | - Wrote replacements for strlcpy and mkdtemp | 4695 | - Wrote replacements for strlcpy and mkdtemp |
| 4692 | - Released 1.0pre1 | 4696 | - Released 1.0pre1 |
| 4693 | 4697 | ||
| 4694 | $Id: ChangeLog,v 1.1010 2001/03/24 00:20:56 mouring Exp $ | 4698 | $Id: ChangeLog,v 1.1011 2001/03/24 00:35:19 mouring Exp $ |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: compat.c,v 1.39 2001/03/18 23:30:55 deraadt Exp $"); | 26 | RCSID("$OpenBSD: compat.c,v 1.40 2001/03/23 11:04:06 djm Exp $"); |
| 27 | 27 | ||
| 28 | #ifdef HAVE_LIBPCRE | 28 | #ifdef HAVE_LIBPCRE |
| 29 | # include <pcreposix.h> | 29 | # include <pcreposix.h> |
| @@ -69,7 +69,9 @@ compat_datafellows(const char *version) | |||
| 69 | } check[] = { | 69 | } check[] = { |
| 70 | { "^OpenSSH[-_]2\\.[012]", | 70 | { "^OpenSSH[-_]2\\.[012]", |
| 71 | SSH_OLD_SESSIONID|SSH_BUG_BANNER }, | 71 | SSH_OLD_SESSIONID|SSH_BUG_BANNER }, |
| 72 | { "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER }, | 72 | { "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES }, |
| 73 | { "^OpenSSH_2\\.5\\.[01]p1", | ||
| 74 | SSH_BUG_BIGENDIANAES }, | ||
| 73 | { "^OpenSSH", 0 }, | 75 | { "^OpenSSH", 0 }, |
| 74 | { "MindTerm", 0 }, | 76 | { "MindTerm", 0 }, |
| 75 | { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| | 77 | { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| |
| @@ -149,3 +151,33 @@ proto_spec(const char *spec) | |||
| 149 | xfree(s); | 151 | xfree(s); |
| 150 | return ret; | 152 | return ret; |
| 151 | } | 153 | } |
| 154 | |||
| 155 | char * | ||
| 156 | compat_cipher_proposal(char *cipher_prop) | ||
| 157 | { | ||
| 158 | char *orig_prop, *fix_ciphers; | ||
| 159 | char *cp, *tmp; | ||
| 160 | size_t len; | ||
| 161 | |||
| 162 | if (!(datafellows & SSH_BUG_BIGENDIANAES)) | ||
| 163 | return(cipher_prop); | ||
| 164 | |||
| 165 | len = strlen(cipher_prop) + 1; | ||
| 166 | fix_ciphers = xmalloc(len); | ||
| 167 | *fix_ciphers = '\0'; | ||
| 168 | tmp = orig_prop = xstrdup(cipher_prop); | ||
| 169 | while((cp = strsep(&tmp, ",")) != NULL) { | ||
| 170 | if (strncmp(cp, "aes", 3) && strncmp(cp, "rijndael", 8)) { | ||
| 171 | if (*fix_ciphers) | ||
| 172 | strlcat(fix_ciphers, ",", len); | ||
| 173 | strlcat(fix_ciphers, cp, len); | ||
| 174 | } | ||
| 175 | } | ||
| 176 | xfree(orig_prop); | ||
| 177 | debug2("Original cipher proposal: %s", cipher_prop); | ||
| 178 | debug2("Compat cipher proposal: %s", fix_ciphers); | ||
| 179 | if (!*fix_ciphers) | ||
| 180 | fatal("No available ciphers found."); | ||
| 181 | |||
| 182 | return(fix_ciphers); | ||
| 183 | } | ||
| @@ -21,7 +21,7 @@ | |||
| 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 23 | */ | 23 | */ |
| 24 | /* RCSID("$OpenBSD: compat.h,v 1.18 2001/03/18 23:30:55 deraadt Exp $"); */ | 24 | /* RCSID("$OpenBSD: compat.h,v 1.19 2001/03/23 11:04:06 djm Exp $"); */ |
| 25 | 25 | ||
| 26 | #ifndef COMPAT_H | 26 | #ifndef COMPAT_H |
| 27 | #define COMPAT_H | 27 | #define COMPAT_H |
| @@ -43,11 +43,13 @@ | |||
| 43 | #define SSH_BUG_PKOK 0x0200 | 43 | #define SSH_BUG_PKOK 0x0200 |
| 44 | #define SSH_BUG_PASSWORDPAD 0x0400 | 44 | #define SSH_BUG_PASSWORDPAD 0x0400 |
| 45 | #define SSH_BUG_SCANNER 0x0800 | 45 | #define SSH_BUG_SCANNER 0x0800 |
| 46 | #define SSH_BUG_BIGENDIANAES 0x1000 | ||
| 46 | 47 | ||
| 47 | void enable_compat13(void); | 48 | void enable_compat13(void); |
| 48 | void enable_compat20(void); | 49 | void enable_compat20(void); |
| 49 | void compat_datafellows(const char *s); | 50 | void compat_datafellows(const char *s); |
| 50 | int proto_spec(const char *spec); | 51 | int proto_spec(const char *spec); |
| 52 | char *compat_cipher_proposal(char *cipher_prop); | ||
| 51 | extern int compat13; | 53 | extern int compat13; |
| 52 | extern int compat20; | 54 | extern int compat20; |
| 53 | extern int datafellows; | 55 | extern int datafellows; |
diff --git a/sshconnect2.c b/sshconnect2.c index 046d746a4..86f3bb9b2 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.54 2001/03/12 22:02:02 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.55 2001/03/23 11:04:07 djm Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
| 29 | #include <openssl/md5.h> | 29 | #include <openssl/md5.h> |
| @@ -96,6 +96,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) | |||
| 96 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; | 96 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; |
| 97 | } | 97 | } |
| 98 | 98 | ||
| 99 | myproposal[PROPOSAL_ENC_ALGS_STOC] = | ||
| 100 | compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); | ||
| 101 | |||
| 99 | /* buffers with raw kexinit messages */ | 102 | /* buffers with raw kexinit messages */ |
| 100 | server_kexinit = xmalloc(sizeof(*server_kexinit)); | 103 | server_kexinit = xmalloc(sizeof(*server_kexinit)); |
| 101 | buffer_init(server_kexinit); | 104 | buffer_init(server_kexinit); |
| @@ -40,7 +40,7 @@ | |||
| 40 | */ | 40 | */ |
| 41 | 41 | ||
| 42 | #include "includes.h" | 42 | #include "includes.h" |
| 43 | RCSID("$OpenBSD: sshd.c,v 1.176 2001/03/22 20:22:55 deraadt Exp $"); | 43 | RCSID("$OpenBSD: sshd.c,v 1.177 2001/03/23 11:04:07 djm Exp $"); |
| 44 | 44 | ||
| 45 | #include <openssl/dh.h> | 45 | #include <openssl/dh.h> |
| 46 | #include <openssl/bn.h> | 46 | #include <openssl/bn.h> |
| @@ -1450,6 +1450,9 @@ do_ssh2_kex(void) | |||
| 1450 | } | 1450 | } |
| 1451 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); | 1451 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); |
| 1452 | 1452 | ||
| 1453 | myproposal[PROPOSAL_ENC_ALGS_STOC] = | ||
| 1454 | compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); | ||
| 1455 | |||
| 1453 | server_kexinit = kex_init(myproposal); | 1456 | server_kexinit = kex_init(myproposal); |
| 1454 | client_kexinit = xmalloc(sizeof(*client_kexinit)); | 1457 | client_kexinit = xmalloc(sizeof(*client_kexinit)); |
| 1455 | buffer_init(client_kexinit); | 1458 | buffer_init(client_kexinit); |