- markus@cvs.openbsd.org 2001/04/30 11:18:52
[readconf.c readconf.h ssh.1 ssh.c sshconnect.c]
implement 'ssh -b bind_address' like 'telnet -b'
+ - markus@cvs.openbsd.org 2001/04/30 15:50:46
+ [compat.c compat.h kex.c]
+ allow interop with weaker key generation used by ssh-2.0.x, x < 10
- (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1
20010430
*/
#include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.48 2001/04/29 19:16:52 markus Exp $");
+RCSID("$OpenBSD: compat.c,v 1.49 2001/04/30 15:50:46 markus Exp $");
#ifdef HAVE_LIBPCRE
# include <pcreposix.h>
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE },
- { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+ { "^2\\.0\\.1[0-2]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKAUTH|SSH_BUG_PKOK|
SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE },
+ { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+ SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
+ SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
+ SSH_BUG_PKAUTH|SSH_BUG_PKOK|
+ SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
+ SSH_BUG_DERIVEKEY },
{ "^2\\.[23]\\.0", SSH_BUG_HMAC|SSH_BUG_RSASIGMD5 },
{ "^2\\.3\\.", SSH_BUG_RSASIGMD5 },
{ "^2\\.[2-9]\\.", 0 },
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$OpenBSD: compat.h,v 1.24 2001/04/29 19:16:52 markus Exp $"); */
+/* RCSID("$OpenBSD: compat.h,v 1.25 2001/04/30 15:50:46 markus Exp $"); */
#ifndef COMPAT_H
#define COMPAT_H
#define SSH_BUG_NOREKEY 0x00008000
#define SSH_BUG_HBSERVICE 0x00010000
#define SSH_BUG_OPENFAILURE 0x00020000
+#define SSH_BUG_DERIVEKEY 0x00040000
void enable_compat13(void);
void enable_compat20(void);
*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.33 2001/04/05 10:42:50 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.34 2001/04/30 15:50:46 markus Exp $");
#include <openssl/crypto.h>
/* K1 = HASH(K || H || "A" || session_id) */
EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
+ if (!(datafellows & SSH_BUG_DERIVEKEY))
+ EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
EVP_DigestUpdate(&md, hash, mdsz);
EVP_DigestUpdate(&md, &c, 1);
EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len);
*/
for (have = mdsz; need > have; have += mdsz) {
EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
+ if (!(datafellows & SSH_BUG_DERIVEKEY))
+ EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
EVP_DigestUpdate(&md, hash, mdsz);
EVP_DigestUpdate(&md, digest, have);
EVP_DigestFinal(&md, digest + have, NULL);