diff options
Diffstat (limited to 'compat.c')
-rw-r--r-- | compat.c | 44 |
1 files changed, 9 insertions, 35 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: compat.c,v 1.113 2018/08/13 02:41:05 djm Exp $ */ | 1 | /* $OpenBSD: compat.c,v 1.115 2020/07/05 23:59:45 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -157,40 +157,14 @@ compat_datafellows(const char *version) | |||
157 | return 0; | 157 | return 0; |
158 | } | 158 | } |
159 | 159 | ||
160 | #define SEP "," | ||
161 | int | ||
162 | proto_spec(const char *spec) | ||
163 | { | ||
164 | char *s, *p, *q; | ||
165 | int ret = SSH_PROTO_UNKNOWN; | ||
166 | |||
167 | if (spec == NULL) | ||
168 | return ret; | ||
169 | q = s = strdup(spec); | ||
170 | if (s == NULL) | ||
171 | return ret; | ||
172 | for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) { | ||
173 | switch (atoi(p)) { | ||
174 | case 2: | ||
175 | ret |= SSH_PROTO_2; | ||
176 | break; | ||
177 | default: | ||
178 | logit("ignoring bad proto spec: '%s'.", p); | ||
179 | break; | ||
180 | } | ||
181 | } | ||
182 | free(s); | ||
183 | return ret; | ||
184 | } | ||
185 | |||
186 | char * | 160 | char * |
187 | compat_cipher_proposal(char *cipher_prop) | 161 | compat_cipher_proposal(char *cipher_prop) |
188 | { | 162 | { |
189 | if (!(datafellows & SSH_BUG_BIGENDIANAES)) | 163 | if (!(datafellows & SSH_BUG_BIGENDIANAES)) |
190 | return cipher_prop; | 164 | return cipher_prop; |
191 | debug2("%s: original cipher proposal: %s", __func__, cipher_prop); | 165 | debug2("%s: original cipher proposal: %s", __func__, cipher_prop); |
192 | if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL) | 166 | if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL) |
193 | fatal("match_filter_blacklist failed"); | 167 | fatal("match_filter_denylist failed"); |
194 | debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); | 168 | debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); |
195 | if (*cipher_prop == '\0') | 169 | if (*cipher_prop == '\0') |
196 | fatal("No supported ciphers found"); | 170 | fatal("No supported ciphers found"); |
@@ -203,8 +177,8 @@ compat_pkalg_proposal(char *pkalg_prop) | |||
203 | if (!(datafellows & SSH_BUG_RSASIGMD5)) | 177 | if (!(datafellows & SSH_BUG_RSASIGMD5)) |
204 | return pkalg_prop; | 178 | return pkalg_prop; |
205 | debug2("%s: original public key proposal: %s", __func__, pkalg_prop); | 179 | debug2("%s: original public key proposal: %s", __func__, pkalg_prop); |
206 | if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL) | 180 | if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL) |
207 | fatal("match_filter_blacklist failed"); | 181 | fatal("match_filter_denylist failed"); |
208 | debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); | 182 | debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); |
209 | if (*pkalg_prop == '\0') | 183 | if (*pkalg_prop == '\0') |
210 | fatal("No supported PK algorithms found"); | 184 | fatal("No supported PK algorithms found"); |
@@ -218,14 +192,14 @@ compat_kex_proposal(char *p) | |||
218 | return p; | 192 | return p; |
219 | debug2("%s: original KEX proposal: %s", __func__, p); | 193 | debug2("%s: original KEX proposal: %s", __func__, p); |
220 | if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) | 194 | if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) |
221 | if ((p = match_filter_blacklist(p, | 195 | if ((p = match_filter_denylist(p, |
222 | "curve25519-sha256@libssh.org")) == NULL) | 196 | "curve25519-sha256@libssh.org")) == NULL) |
223 | fatal("match_filter_blacklist failed"); | 197 | fatal("match_filter_denylist failed"); |
224 | if ((datafellows & SSH_OLD_DHGEX) != 0) { | 198 | if ((datafellows & SSH_OLD_DHGEX) != 0) { |
225 | if ((p = match_filter_blacklist(p, | 199 | if ((p = match_filter_denylist(p, |
226 | "diffie-hellman-group-exchange-sha256," | 200 | "diffie-hellman-group-exchange-sha256," |
227 | "diffie-hellman-group-exchange-sha1")) == NULL) | 201 | "diffie-hellman-group-exchange-sha1")) == NULL) |
228 | fatal("match_filter_blacklist failed"); | 202 | fatal("match_filter_denylist failed"); |
229 | } | 203 | } |
230 | debug2("%s: compat KEX proposal: %s", __func__, p); | 204 | debug2("%s: compat KEX proposal: %s", __func__, p); |
231 | if (*p == '\0') | 205 | if (*p == '\0') |