зеркало из https://github.com/Azure/sonic-openssh.git
- djm@cvs.openbsd.org 2001/03/23 11:04:07
[compat.c compat.h sshconnect2.c sshd.c]
Compat for OpenSSH with broken Rijndael/AES. ok markus@
This commit is contained in:
Ben Lindstrom
Родитель
b94f8b2bcb
Коммит
c8530c7f5c
|
|
@ -1,5 +1,9 @@
|
||||||
20010324
|
20010324
|
||||||
- Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>.
|
- Fixed permissions ssh-keyscan. Thanks to Christopher Linn <celinn@mtu.edu>.
|
||||||
|
- OpenBSD CVS Sync
|
||||||
|
- djm@cvs.openbsd.org 2001/03/23 11:04:07
|
||||||
|
[compat.c compat.h sshconnect2.c sshd.c]
|
||||||
|
Compat for OpenSSH with broken Rijndael/AES. ok markus@
|
||||||
|
|
||||||
20010323
|
20010323
|
||||||
- OpenBSD CVS Sync
|
- OpenBSD CVS Sync
|
||||||
|
|
@ -4691,4 +4695,4 @@
|
||||||
- Wrote replacements for strlcpy and mkdtemp
|
- Wrote replacements for strlcpy and mkdtemp
|
||||||
- Released 1.0pre1
|
- Released 1.0pre1
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.1010 2001/03/24 00:20:56 mouring Exp $
|
$Id: ChangeLog,v 1.1011 2001/03/24 00:35:19 mouring Exp $
|
||||||
|
|
|
||||||
36
compat.c
36
compat.c
|
|
@ -23,7 +23,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: compat.c,v 1.39 2001/03/18 23:30:55 deraadt Exp $");
|
RCSID("$OpenBSD: compat.c,v 1.40 2001/03/23 11:04:06 djm Exp $");
|
||||||
|
|
||||||
#ifdef HAVE_LIBPCRE
|
#ifdef HAVE_LIBPCRE
|
||||||
# include <pcreposix.h>
|
# include <pcreposix.h>
|
||||||
|
|
@ -69,7 +69,9 @@ compat_datafellows(const char *version)
|
||||||
} check[] = {
|
} check[] = {
|
||||||
{ "^OpenSSH[-_]2\\.[012]",
|
{ "^OpenSSH[-_]2\\.[012]",
|
||||||
SSH_OLD_SESSIONID|SSH_BUG_BANNER },
|
SSH_OLD_SESSIONID|SSH_BUG_BANNER },
|
||||||
{ "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER },
|
{ "^OpenSSH_2\\.3\\.0", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES },
|
||||||
|
{ "^OpenSSH_2\\.5\\.[01]p1",
|
||||||
|
SSH_BUG_BIGENDIANAES },
|
||||||
{ "^OpenSSH", 0 },
|
{ "^OpenSSH", 0 },
|
||||||
{ "MindTerm", 0 },
|
{ "MindTerm", 0 },
|
||||||
{ "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
{ "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
||||||
|
|
@ -149,3 +151,33 @@ proto_spec(const char *spec)
|
||||||
xfree(s);
|
xfree(s);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
char *
|
||||||
|
compat_cipher_proposal(char *cipher_prop)
|
||||||
|
{
|
||||||
|
char *orig_prop, *fix_ciphers;
|
||||||
|
char *cp, *tmp;
|
||||||
|
size_t len;
|
||||||
|
|
||||||
|
if (!(datafellows & SSH_BUG_BIGENDIANAES))
|
||||||
|
return(cipher_prop);
|
||||||
|
|
||||||
|
len = strlen(cipher_prop) + 1;
|
||||||
|
fix_ciphers = xmalloc(len);
|
||||||
|
*fix_ciphers = '\0';
|
||||||
|
tmp = orig_prop = xstrdup(cipher_prop);
|
||||||
|
while((cp = strsep(&tmp, ",")) != NULL) {
|
||||||
|
if (strncmp(cp, "aes", 3) && strncmp(cp, "rijndael", 8)) {
|
||||||
|
if (*fix_ciphers)
|
||||||
|
strlcat(fix_ciphers, ",", len);
|
||||||
|
strlcat(fix_ciphers, cp, len);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
xfree(orig_prop);
|
||||||
|
debug2("Original cipher proposal: %s", cipher_prop);
|
||||||
|
debug2("Compat cipher proposal: %s", fix_ciphers);
|
||||||
|
if (!*fix_ciphers)
|
||||||
|
fatal("No available ciphers found.");
|
||||||
|
|
||||||
|
return(fix_ciphers);
|
||||||
|
}
|
||||||
|
|
|
||||||
4
compat.h
4
compat.h
|
|
@ -21,7 +21,7 @@
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
/* RCSID("$OpenBSD: compat.h,v 1.18 2001/03/18 23:30:55 deraadt Exp $"); */
|
/* RCSID("$OpenBSD: compat.h,v 1.19 2001/03/23 11:04:06 djm Exp $"); */
|
||||||
|
|
||||||
#ifndef COMPAT_H
|
#ifndef COMPAT_H
|
||||||
#define COMPAT_H
|
#define COMPAT_H
|
||||||
|
|
@ -43,11 +43,13 @@
|
||||||
#define SSH_BUG_PKOK 0x0200
|
#define SSH_BUG_PKOK 0x0200
|
||||||
#define SSH_BUG_PASSWORDPAD 0x0400
|
#define SSH_BUG_PASSWORDPAD 0x0400
|
||||||
#define SSH_BUG_SCANNER 0x0800
|
#define SSH_BUG_SCANNER 0x0800
|
||||||
|
#define SSH_BUG_BIGENDIANAES 0x1000
|
||||||
|
|
||||||
void enable_compat13(void);
|
void enable_compat13(void);
|
||||||
void enable_compat20(void);
|
void enable_compat20(void);
|
||||||
void compat_datafellows(const char *s);
|
void compat_datafellows(const char *s);
|
||||||
int proto_spec(const char *spec);
|
int proto_spec(const char *spec);
|
||||||
|
char *compat_cipher_proposal(char *cipher_prop);
|
||||||
extern int compat13;
|
extern int compat13;
|
||||||
extern int compat20;
|
extern int compat20;
|
||||||
extern int datafellows;
|
extern int datafellows;
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: sshconnect2.c,v 1.54 2001/03/12 22:02:02 markus Exp $");
|
RCSID("$OpenBSD: sshconnect2.c,v 1.55 2001/03/23 11:04:07 djm Exp $");
|
||||||
|
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include <openssl/md5.h>
|
#include <openssl/md5.h>
|
||||||
|
|
@ -96,6 +96,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
|
||||||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
myproposal[PROPOSAL_ENC_ALGS_STOC] =
|
||||||
|
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
|
||||||
|
|
||||||
/* buffers with raw kexinit messages */
|
/* buffers with raw kexinit messages */
|
||||||
server_kexinit = xmalloc(sizeof(*server_kexinit));
|
server_kexinit = xmalloc(sizeof(*server_kexinit));
|
||||||
buffer_init(server_kexinit);
|
buffer_init(server_kexinit);
|
||||||
|
|
|
||||||
5
sshd.c
5
sshd.c
|
|
@ -40,7 +40,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: sshd.c,v 1.176 2001/03/22 20:22:55 deraadt Exp $");
|
RCSID("$OpenBSD: sshd.c,v 1.177 2001/03/23 11:04:07 djm Exp $");
|
||||||
|
|
||||||
#include <openssl/dh.h>
|
#include <openssl/dh.h>
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
|
|
@ -1450,6 +1450,9 @@ do_ssh2_kex(void)
|
||||||
}
|
}
|
||||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
|
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
|
||||||
|
|
||||||
|
myproposal[PROPOSAL_ENC_ALGS_STOC] =
|
||||||
|
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
|
||||||
|
|
||||||
server_kexinit = kex_init(myproposal);
|
server_kexinit = kex_init(myproposal);
|
||||||
client_kexinit = xmalloc(sizeof(*client_kexinit));
|
client_kexinit = xmalloc(sizeof(*client_kexinit));
|
||||||
buffer_init(client_kexinit);
|
buffer_init(client_kexinit);
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче