| version 1.99, 2016/05/24 02:31:57 |
version 1.100, 2017/02/03 23:01:19 |
|
|
| #include "compat.h" |
#include "compat.h" |
| #include "log.h" |
#include "log.h" |
| #include "match.h" |
#include "match.h" |
| |
#include "kex.h" |
| |
|
| int compat13 = 0; |
int compat13 = 0; |
| int compat20 = 0; |
int compat20 = 0; |
|
|
| return ret; |
return ret; |
| } |
} |
| |
|
| /* |
|
| * Filters a proposal string, excluding any algorithm matching the 'filter' |
|
| * pattern list. |
|
| */ |
|
| static char * |
|
| filter_proposal(char *proposal, const char *filter) |
|
| { |
|
| Buffer b; |
|
| char *orig_prop, *fix_prop; |
|
| char *cp, *tmp; |
|
| |
|
| buffer_init(&b); |
|
| tmp = orig_prop = xstrdup(proposal); |
|
| while ((cp = strsep(&tmp, ",")) != NULL) { |
|
| if (match_pattern_list(cp, filter, 0) != 1) { |
|
| if (buffer_len(&b) > 0) |
|
| buffer_append(&b, ",", 1); |
|
| buffer_append(&b, cp, strlen(cp)); |
|
| } else |
|
| debug2("Compat: skipping algorithm \"%s\"", cp); |
|
| } |
|
| buffer_append(&b, "\0", 1); |
|
| fix_prop = xstrdup((char *)buffer_ptr(&b)); |
|
| buffer_free(&b); |
|
| free(orig_prop); |
|
| |
|
| return fix_prop; |
|
| } |
|
| |
|
| char * |
char * |
| compat_cipher_proposal(char *cipher_prop) |
compat_cipher_proposal(char *cipher_prop) |
| { |
{ |
| if (!(datafellows & SSH_BUG_BIGENDIANAES)) |
if (!(datafellows & SSH_BUG_BIGENDIANAES)) |
| return cipher_prop; |
return cipher_prop; |
| debug2("%s: original cipher proposal: %s", __func__, cipher_prop); |
debug2("%s: original cipher proposal: %s", __func__, cipher_prop); |
| cipher_prop = filter_proposal(cipher_prop, "aes*"); |
if ((cipher_prop = match_filter_list(cipher_prop, "aes*")) == NULL) |
| |
fatal("match_filter_list failed"); |
| debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); |
debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); |
| if (*cipher_prop == '\0') |
if (*cipher_prop == '\0') |
| fatal("No supported ciphers found"); |
fatal("No supported ciphers found"); |
|
|
| if (!(datafellows & SSH_BUG_RSASIGMD5)) |
if (!(datafellows & SSH_BUG_RSASIGMD5)) |
| return pkalg_prop; |
return pkalg_prop; |
| debug2("%s: original public key proposal: %s", __func__, pkalg_prop); |
debug2("%s: original public key proposal: %s", __func__, pkalg_prop); |
| pkalg_prop = filter_proposal(pkalg_prop, "ssh-rsa"); |
if ((pkalg_prop = match_filter_list(pkalg_prop, "ssh-rsa")) == NULL) |
| |
fatal("match_filter_list failed"); |
| debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); |
debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); |
| if (*pkalg_prop == '\0') |
if (*pkalg_prop == '\0') |
| fatal("No supported PK algorithms found"); |
fatal("No supported PK algorithms found"); |
|
|
| return p; |
return p; |
| debug2("%s: original KEX proposal: %s", __func__, p); |
debug2("%s: original KEX proposal: %s", __func__, p); |
| if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) |
if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) |
| p = filter_proposal(p, "curve25519-sha256@libssh.org"); |
if ((p = match_filter_list(p, |
| |
"curve25519-sha256@libssh.org")) == NULL) |
| |
fatal("match_filter_list failed"); |
| if ((datafellows & SSH_OLD_DHGEX) != 0) { |
if ((datafellows & SSH_OLD_DHGEX) != 0) { |
| p = filter_proposal(p, "diffie-hellman-group-exchange-sha256"); |
if ((p = match_filter_list(p, |
| p = filter_proposal(p, "diffie-hellman-group-exchange-sha1"); |
"diffie-hellman-group-exchange-sha256," |
| |
"diffie-hellman-group-exchange-sha1")) == NULL) |
| |
fatal("match_filter_list failed"); |
| } |
} |
| debug2("%s: compat KEX proposal: %s", __func__, p); |
debug2("%s: compat KEX proposal: %s", __func__, p); |
| if (*p == '\0') |
if (*p == '\0') |
![[BACK]](/icons/back.gif){kind=icon}
Return to compat.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh