From eef7adcb4a58b714aac438c8b79401edeb6aaa1d Mon Sep 17 00:00:00 2001 From: mouring Date: Mon, 30 Apr 2001 23:06:57 +0000 Subject: [PATCH] - markus@cvs.openbsd.org 2001/04/30 15:50:46 [compat.c compat.h kex.c] allow interop with weaker key generation used by ssh-2.0.x, x < 10 --- ChangeLog | 3 +++ compat.c | 10 ++++++++-- compat.h | 3 ++- kex.c | 8 +++++--- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 86a953a2..6733f7d5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ - markus@cvs.openbsd.org 2001/04/30 11:18:52 [readconf.c readconf.h ssh.1 ssh.c sshconnect.c] implement 'ssh -b bind_address' like 'telnet -b' + - markus@cvs.openbsd.org 2001/04/30 15:50:46 + [compat.c compat.h kex.c] + allow interop with weaker key generation used by ssh-2.0.x, x < 10 - (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1 20010430 diff --git a/compat.c b/compat.c index 683da100..faf66fe4 100644 --- a/compat.c +++ b/compat.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.48 2001/04/29 19:16:52 markus Exp $"); +RCSID("$OpenBSD: compat.c,v 1.49 2001/04/30 15:50:46 markus Exp $"); #ifdef HAVE_LIBPCRE # include @@ -94,11 +94,17 @@ compat_datafellows(const char *version) SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE }, - { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| + { "^2\\.0\\.1[0-2]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| SSH_BUG_PKAUTH|SSH_BUG_PKOK| SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE }, + { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| + SSH_OLD_SESSIONID|SSH_BUG_DEBUG| + SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| + SSH_BUG_PKAUTH|SSH_BUG_PKOK| + SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| + SSH_BUG_DERIVEKEY }, { "^2\\.[23]\\.0", SSH_BUG_HMAC|SSH_BUG_RSASIGMD5 }, { "^2\\.3\\.", SSH_BUG_RSASIGMD5 }, { "^2\\.[2-9]\\.", 0 }, diff --git a/compat.h b/compat.h index fa509c24..0ccc1ed3 100644 --- a/compat.h +++ b/compat.h @@ -21,7 +21,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$OpenBSD: compat.h,v 1.24 2001/04/29 19:16:52 markus Exp $"); */ +/* RCSID("$OpenBSD: compat.h,v 1.25 2001/04/30 15:50:46 markus Exp $"); */ #ifndef COMPAT_H #define COMPAT_H @@ -49,6 +49,7 @@ #define SSH_BUG_NOREKEY 0x00008000 #define SSH_BUG_HBSERVICE 0x00010000 #define SSH_BUG_OPENFAILURE 0x00020000 +#define SSH_BUG_DERIVEKEY 0x00040000 void enable_compat13(void); void enable_compat20(void); diff --git a/kex.c b/kex.c index 69ba102e..6b68ba50 100644 --- a/kex.c +++ b/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.33 2001/04/05 10:42:50 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.34 2001/04/30 15:50:46 markus Exp $"); #include @@ -375,7 +375,8 @@ derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret) /* K1 = HASH(K || H || "A" || session_id) */ EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); + if (!(datafellows & SSH_BUG_DERIVEKEY)) + EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); EVP_DigestUpdate(&md, hash, mdsz); EVP_DigestUpdate(&md, &c, 1); EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len); @@ -388,7 +389,8 @@ derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret) */ for (have = mdsz; need > have; have += mdsz) { EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); + if (!(datafellows & SSH_BUG_DERIVEKEY)) + EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); EVP_DigestUpdate(&md, hash, mdsz); EVP_DigestUpdate(&md, digest, have); EVP_DigestFinal(&md, digest + have, NULL); -- 2.45.1