diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-29 00:32:56 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-29 00:32:56 +0000 |
| commit | 60a4381f1a6ebc2f8eeeb2ba4e005ede91ac9af3 (patch) | |
| tree | a58d24db658ee1036fc09a1363c27b1d2df386e3 | |
| parent | 425fb02f20671c332af7b718d1c0e797ad0699eb (diff) | |
| download | openssh-git-60a4381f1a6ebc2f8eeeb2ba4e005ede91ac9af3.tar.gz | |
- markus@cvs.openbsd.org 2001/03/27 10:57:00
[compat.c compat.h ssh-rsa.c]
some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
signatures in SSH protocol 2, ok djm@
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | compat.c | 16 | ||||
| -rw-r--r-- | compat.h | 3 | ||||
| -rw-r--r-- | ssh-rsa.c | 7 |
4 files changed, 21 insertions, 11 deletions
@@ -12,6 +12,10 @@ - markus@cvs.openbsd.org 2001/03/27 10:34:08 [ssh-rsa.c sshd.c] use EVP_get_digestbynid, reorder some calls and fix missing free. + - markus@cvs.openbsd.org 2001/03/27 10:57:00 + [compat.c compat.h ssh-rsa.c] + some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5 + signatures in SSH protocol 2, ok djm@ 20010328 - (djm) Reorder tests and library inclusion for Krb4/AFS to try to @@ -4750,4 +4754,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1029 2001/03/29 00:31:20 mouring Exp $ +$Id: ChangeLog,v 1.1030 2001/03/29 00:32:56 mouring Exp $ @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.40 2001/03/23 11:04:06 djm Exp $"); +RCSID("$OpenBSD: compat.c,v 1.41 2001/03/27 10:57:00 markus Exp $"); #ifdef HAVE_LIBPCRE # include <pcreposix.h> @@ -75,18 +75,22 @@ compat_datafellows(const char *version) { "^OpenSSH", 0 }, { "MindTerm", 0 }, { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| - SSH_OLD_SESSIONID|SSH_BUG_DEBUG }, + SSH_OLD_SESSIONID|SSH_BUG_DEBUG| + SSH_BUG_RSASIGMD5 }, { "^2\\.1 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| - SSH_OLD_SESSIONID|SSH_BUG_DEBUG }, + SSH_OLD_SESSIONID|SSH_BUG_DEBUG| + SSH_BUG_RSASIGMD5 }, { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| - SSH_BUG_PKOK }, + SSH_BUG_PKOK|SSH_BUG_RSASIGMD5 }, { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| - SSH_BUG_PKAUTH|SSH_BUG_PKOK }, - { "^2\\.[23]\\.0", SSH_BUG_HMAC }, + SSH_BUG_PKAUTH|SSH_BUG_PKOK| + SSH_BUG_RSASIGMD5 }, + { "^2\\.[23]\\.0", SSH_BUG_HMAC|SSH_BUG_RSASIGMD5 }, + { "^2\\.3\\.", SSH_BUG_RSASIGMD5 }, { "^2\\.[2-9]\\.", 0 }, { "^2\\.4$", SSH_OLD_SESSIONID }, /* Van Dyke */ { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID }, @@ -21,7 +21,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$OpenBSD: compat.h,v 1.19 2001/03/23 11:04:06 djm Exp $"); */ +/* RCSID("$OpenBSD: compat.h,v 1.20 2001/03/27 10:57:00 markus Exp $"); */ #ifndef COMPAT_H #define COMPAT_H @@ -44,6 +44,7 @@ #define SSH_BUG_PASSWORDPAD 0x0400 #define SSH_BUG_SCANNER 0x0800 #define SSH_BUG_BIGENDIANAES 0x1000 +#define SSH_BUG_RSASIGMD5 0x2000 void enable_compat13(void); void enable_compat20(void); @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.7 2001/03/27 10:34:08 markus Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.8 2001/03/27 10:57:00 markus Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -34,6 +34,7 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.7 2001/03/27 10:34:08 markus Exp $"); #include "bufaux.h" #include "key.h" #include "ssh-rsa.h" +#include "compat.h" /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ int @@ -53,7 +54,7 @@ ssh_rsa_sign( error("ssh_rsa_sign: no RSA key"); return -1; } - nid = NID_sha1; + nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); return -1; @@ -147,7 +148,7 @@ ssh_rsa_verify( error("ssh_rsa_verify: remaining bytes in signature %d", rlen); return -1; } - nid = NID_sha1; + nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { xfree(sigblob); error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); |