| version 1.112, 2018/07/31 03:07:24 |
version 1.113, 2018/08/13 02:41:05 |
|
|
| } |
} |
| |
|
| char * |
char * |
| compat_cipher_proposal(char *cipher_prop, u_int compat) |
compat_cipher_proposal(char *cipher_prop) |
| { |
{ |
| char *cp; |
if (!(datafellows & SSH_BUG_BIGENDIANAES)) |
| |
|
| if (!(compat & SSH_BUG_BIGENDIANAES)) |
|
| return cipher_prop; |
return cipher_prop; |
| debug2("%s: original cipher proposal: %s", __func__, cipher_prop); |
debug2("%s: original cipher proposal: %s", __func__, cipher_prop); |
| if ((cp = match_filter_blacklist(cipher_prop, "aes*")) == NULL) |
if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL) |
| fatal("match_filter_blacklist failed"); |
fatal("match_filter_blacklist failed"); |
| free(cipher_prop); |
|
| cipher_prop = cp; |
|
| debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); |
debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); |
| if (*cipher_prop == '\0') |
if (*cipher_prop == '\0') |
| fatal("No supported ciphers found"); |
fatal("No supported ciphers found"); |
|
|
| } |
} |
| |
|
| char * |
char * |
| compat_pkalg_proposal(char *pkalg_prop, u_int compat) |
compat_pkalg_proposal(char *pkalg_prop) |
| { |
{ |
| char *cp; |
if (!(datafellows & SSH_BUG_RSASIGMD5)) |
| |
|
| if (!(compat & SSH_BUG_RSASIGMD5)) |
|
| return pkalg_prop; |
return pkalg_prop; |
| debug2("%s: original public key proposal: %s", __func__, pkalg_prop); |
debug2("%s: original public key proposal: %s", __func__, pkalg_prop); |
| if ((cp = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL) |
if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL) |
| fatal("match_filter_blacklist failed"); |
fatal("match_filter_blacklist failed"); |
| free(pkalg_prop); |
|
| pkalg_prop = cp; |
|
| debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); |
debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); |
| if (*pkalg_prop == '\0') |
if (*pkalg_prop == '\0') |
| fatal("No supported PK algorithms found"); |
fatal("No supported PK algorithms found"); |
|
|
| } |
} |
| |
|
| char * |
char * |
| compat_kex_proposal(char *kex_prop, u_int compat) |
compat_kex_proposal(char *p) |
| { |
{ |
| char *cp; |
if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) |
| |
return p; |
| if ((compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) |
debug2("%s: original KEX proposal: %s", __func__, p); |
| return kex_prop; |
if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) |
| debug2("%s: original KEX proposal: %s", __func__, kex_prop); |
if ((p = match_filter_blacklist(p, |
| if ((compat & SSH_BUG_CURVE25519PAD) != 0) { |
|
| if ((cp = match_filter_blacklist(kex_prop, |
|
| "curve25519-sha256@libssh.org")) == NULL) |
"curve25519-sha256@libssh.org")) == NULL) |
| fatal("match_filter_blacklist failed"); |
fatal("match_filter_blacklist failed"); |
| free(kex_prop); |
if ((datafellows & SSH_OLD_DHGEX) != 0) { |
| kex_prop = cp; |
if ((p = match_filter_blacklist(p, |
| } |
|
| if ((compat & SSH_OLD_DHGEX) != 0) { |
|
| if ((cp = match_filter_blacklist(kex_prop, |
|
| "diffie-hellman-group-exchange-sha256," |
"diffie-hellman-group-exchange-sha256," |
| "diffie-hellman-group-exchange-sha1")) == NULL) |
"diffie-hellman-group-exchange-sha1")) == NULL) |
| fatal("match_filter_blacklist failed"); |
fatal("match_filter_blacklist failed"); |
| free(kex_prop); |
|
| kex_prop = cp; |
|
| } |
} |
| debug2("%s: compat KEX proposal: %s", __func__, kex_prop); |
debug2("%s: compat KEX proposal: %s", __func__, p); |
| if (*kex_prop == '\0') |
if (*p == '\0') |
| fatal("No supported key exchange algorithms found"); |
fatal("No supported key exchange algorithms found"); |
| return kex_prop; |
return p; |
| } |
} |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to compat.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh