src - OpenBSD base system

diff options


context:
space:
mode:

author	Markus Friedl <markus@cvs.openbsd.org>	2001-04-30 15:50:47 +0000
committer	Markus Friedl <markus@cvs.openbsd.org>	2001-04-30 15:50:47 +0000
commit	74fc48398ee58bae79d348e2d4d977d12db465b1 (patch)
tree	64a3ab33de2fc8d36ce3f920b2111e9d758d93f8 /usr.bin
parent	1db48a9208f0d37a25b12250f2193ddbfef5b32d (diff)

allow interop with weaker key generation used by ssh-2.0.x, x < 10

Diffstat (limited to 'usr.bin')

-rw-r--r--

usr.bin/ssh/compat.c

-rw-r--r--

usr.bin/ssh/compat.h

-rw-r--r--

usr.bin/ssh/kex.c

3 files changed, 15 insertions, 6 deletions

diff --git a/usr.bin/ssh/compat.c b/usr.bin/ssh/compat.c
index b9a518d2f90..44d65c80a30 100644
--- a/usr.bin/ssh/compat.c
+++ b/usr.bin/ssh/compat.c

@@ -23,7 +23,7 @@

#include "includes.h"

-RCSID("$OpenBSD: compat.c,v 1.48 2001/04/29 19:16:52 markus Exp $");

+RCSID("$OpenBSD: compat.c,v 1.49 2001/04/30 15:50:46 markus Exp $");

#include <regex.h>

@@ -86,11 +86,17 @@ compat_datafellows(const char *version)

SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|

SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|

SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE },

- { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|

+ { "^2\\.0\\.1[0-2]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|

SSH_OLD_SESSIONID|SSH_BUG_DEBUG|

SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|

SSH_BUG_PKAUTH|SSH_BUG_PKOK|

SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE },

+ { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|

+ SSH_OLD_SESSIONID|SSH_BUG_DEBUG|

+ SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|

+ SSH_BUG_PKAUTH|SSH_BUG_PKOK|

+ SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|

+ SSH_BUG_DERIVEKEY },

{ "^2\\.[23]\\.0", SSH_BUG_HMAC|SSH_BUG_RSASIGMD5 },

{ "^2\\.3\\.", SSH_BUG_RSASIGMD5 },

{ "^2\\.[2-9]\\.", 0 },

diff --git a/usr.bin/ssh/compat.h b/usr.bin/ssh/compat.h
index fa509c247f4..0ccc1ed375f 100644
--- a/usr.bin/ssh/compat.h
+++ b/usr.bin/ssh/compat.h

@@ -21,7 +21,7 @@

* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF

* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-/* RCSID("$OpenBSD: compat.h,v 1.24 2001/04/29 19:16:52 markus Exp $"); */

+/* RCSID("$OpenBSD: compat.h,v 1.25 2001/04/30 15:50:46 markus Exp $"); */

#ifndef COMPAT_H

#define COMPAT_H

@@ -49,6 +49,7 @@

#define SSH_BUG_NOREKEY 0x00008000

#define SSH_BUG_HBSERVICE 0x00010000

#define SSH_BUG_OPENFAILURE 0x00020000

+#define SSH_BUG_DERIVEKEY 0x00040000

void enable_compat13(void);

void enable_compat20(void);

diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c
index 69ba102e169..6b68ba5046d 100644
--- a/usr.bin/ssh/kex.c
+++ b/usr.bin/ssh/kex.c

@@ -23,7 +23,7 @@

#include "includes.h"

-RCSID("$OpenBSD: kex.c,v 1.33 2001/04/05 10:42:50 markus Exp $");

+RCSID("$OpenBSD: kex.c,v 1.34 2001/04/30 15:50:46 markus Exp $");

#include <openssl/crypto.h>

@@ -375,7 +375,8 @@ derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)

/* K1 = HASH(K || H || "A" || session_id) */

EVP_DigestInit(&md, evp_md);

- EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));

+ if (!(datafellows & SSH_BUG_DERIVEKEY))

+ EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));

EVP_DigestUpdate(&md, hash, mdsz);

EVP_DigestUpdate(&md, &c, 1);

EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len);

@@ -388,7 +389,8 @@ derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)

for (have = mdsz; need > have; have += mdsz) {

EVP_DigestInit(&md, evp_md);

- EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));

+ if (!(datafellows & SSH_BUG_DERIVEKEY))

+ EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));

EVP_DigestUpdate(&md, hash, mdsz);

EVP_DigestUpdate(&md, digest, have);

EVP_DigestFinal(&md, digest + have, NULL);