Changeset View
Changeset View
Standalone View
Standalone View
compat.c
/* $OpenBSD: compat.c,v 1.113 2018/08/13 02:41:05 djm Exp $ */ | /* $OpenBSD: compat.c,v 1.115 2020/07/05 23:59:45 djm Exp $ */ | ||||
/* | /* | ||||
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. | ||||
* | * | ||||
* Redistribution and use in source and binary forms, with or without | * Redistribution and use in source and binary forms, with or without | ||||
* modification, are permitted provided that the following conditions | * modification, are permitted provided that the following conditions | ||||
* are met: | * are met: | ||||
* 1. Redistributions of source code must retain the above copyright | * 1. Redistributions of source code must retain the above copyright | ||||
* notice, this list of conditions and the following disclaimer. | * notice, this list of conditions and the following disclaimer. | ||||
▲ Show 20 Lines • Show All 142 Lines • ▼ Show 20 Lines | if (match_pattern_list(version, check[i].pat, 0) == 1) { | ||||
datafellows = check[i].bugs; /* XXX for now */ | datafellows = check[i].bugs; /* XXX for now */ | ||||
return check[i].bugs; | return check[i].bugs; | ||||
} | } | ||||
} | } | ||||
debug("no match: %s", version); | debug("no match: %s", version); | ||||
return 0; | return 0; | ||||
} | } | ||||
#define SEP "," | |||||
int | |||||
proto_spec(const char *spec) | |||||
{ | |||||
char *s, *p, *q; | |||||
int ret = SSH_PROTO_UNKNOWN; | |||||
if (spec == NULL) | |||||
return ret; | |||||
q = s = strdup(spec); | |||||
if (s == NULL) | |||||
return ret; | |||||
for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) { | |||||
switch (atoi(p)) { | |||||
case 2: | |||||
ret |= SSH_PROTO_2; | |||||
break; | |||||
default: | |||||
logit("ignoring bad proto spec: '%s'.", p); | |||||
break; | |||||
} | |||||
} | |||||
free(s); | |||||
return ret; | |||||
} | |||||
char * | char * | ||||
compat_cipher_proposal(char *cipher_prop) | compat_cipher_proposal(char *cipher_prop) | ||||
{ | { | ||||
if (!(datafellows & SSH_BUG_BIGENDIANAES)) | if (!(datafellows & SSH_BUG_BIGENDIANAES)) | ||||
return cipher_prop; | return cipher_prop; | ||||
debug2("%s: original cipher proposal: %s", __func__, cipher_prop); | debug2("%s: original cipher proposal: %s", __func__, cipher_prop); | ||||
if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL) | if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL) | ||||
fatal("match_filter_blacklist failed"); | fatal("match_filter_denylist failed"); | ||||
debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); | debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); | ||||
if (*cipher_prop == '\0') | if (*cipher_prop == '\0') | ||||
fatal("No supported ciphers found"); | fatal("No supported ciphers found"); | ||||
return cipher_prop; | return cipher_prop; | ||||
} | } | ||||
char * | char * | ||||
compat_pkalg_proposal(char *pkalg_prop) | compat_pkalg_proposal(char *pkalg_prop) | ||||
{ | { | ||||
if (!(datafellows & SSH_BUG_RSASIGMD5)) | if (!(datafellows & SSH_BUG_RSASIGMD5)) | ||||
return pkalg_prop; | return pkalg_prop; | ||||
debug2("%s: original public key proposal: %s", __func__, pkalg_prop); | debug2("%s: original public key proposal: %s", __func__, pkalg_prop); | ||||
if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL) | if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL) | ||||
fatal("match_filter_blacklist failed"); | fatal("match_filter_denylist failed"); | ||||
debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); | debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); | ||||
if (*pkalg_prop == '\0') | if (*pkalg_prop == '\0') | ||||
fatal("No supported PK algorithms found"); | fatal("No supported PK algorithms found"); | ||||
return pkalg_prop; | return pkalg_prop; | ||||
} | } | ||||
char * | char * | ||||
compat_kex_proposal(char *p) | compat_kex_proposal(char *p) | ||||
{ | { | ||||
if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) | if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) | ||||
return p; | return p; | ||||
debug2("%s: original KEX proposal: %s", __func__, p); | debug2("%s: original KEX proposal: %s", __func__, p); | ||||
if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) | if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) | ||||
if ((p = match_filter_blacklist(p, | if ((p = match_filter_denylist(p, | ||||
"curve25519-sha256@libssh.org")) == NULL) | "curve25519-sha256@libssh.org")) == NULL) | ||||
fatal("match_filter_blacklist failed"); | fatal("match_filter_denylist failed"); | ||||
if ((datafellows & SSH_OLD_DHGEX) != 0) { | if ((datafellows & SSH_OLD_DHGEX) != 0) { | ||||
if ((p = match_filter_blacklist(p, | if ((p = match_filter_denylist(p, | ||||
"diffie-hellman-group-exchange-sha256," | "diffie-hellman-group-exchange-sha256," | ||||
"diffie-hellman-group-exchange-sha1")) == NULL) | "diffie-hellman-group-exchange-sha1")) == NULL) | ||||
fatal("match_filter_blacklist failed"); | fatal("match_filter_denylist failed"); | ||||
} | } | ||||
debug2("%s: compat KEX proposal: %s", __func__, p); | debug2("%s: compat KEX proposal: %s", __func__, p); | ||||
if (*p == '\0') | if (*p == '\0') | ||||
fatal("No supported key exchange algorithms found"); | fatal("No supported key exchange algorithms found"); | ||||
return p; | return p; | ||||
} | } | ||||