1d059297112922cabb0c674840589be8db821fd9aAdam Langley/* $OpenBSD: compat.c,v 1.87 2015/01/19 20:20:20 markus Exp $ */ 2bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* 3bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 4bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 5bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Redistribution and use in source and binary forms, with or without 6bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * modification, are permitted provided that the following conditions 7bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * are met: 8bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 1. Redistributions of source code must retain the above copyright 9bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * notice, this list of conditions and the following disclaimer. 10bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 2. Redistributions in binary form must reproduce the above copyright 11bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * notice, this list of conditions and the following disclaimer in the 12bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * documentation and/or other materials provided with the distribution. 13bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 14bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman */ 25bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 26bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "includes.h" 27bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 28bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <sys/types.h> 29bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 30bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <stdlib.h> 31bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <string.h> 32bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <stdarg.h> 33bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 34bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "xmalloc.h" 35bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "buffer.h" 36bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "packet.h" 37bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "compat.h" 38bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "log.h" 39bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "match.h" 40bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 41bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint compat13 = 0; 42bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint compat20 = 0; 43bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint datafellows = 0; 44bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 45bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid 46bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanenable_compat20(void) 47bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 48d059297112922cabb0c674840589be8db821fd9aAdam Langley if (compat20) 49d059297112922cabb0c674840589be8db821fd9aAdam Langley return; 50bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman debug("Enabling compatibility mode for protocol 2.0"); 51bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman compat20 = 1; 52bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 53bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid 54bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanenable_compat13(void) 55bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 56bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman debug("Enabling compatibility mode for protocol 1.3"); 57bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman compat13 = 1; 58bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 59bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* datafellows bug compatibility */ 60d059297112922cabb0c674840589be8db821fd9aAdam Langleyu_int 61bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmancompat_datafellows(const char *version) 62bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 63bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int i; 64bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman static struct { 65bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman char *pat; 66bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int bugs; 67bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } check[] = { 68bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "OpenSSH-2.0*," 69bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OpenSSH-2.1*," 70bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OpenSSH_2.1*," 71bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER| 72bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_OLD_DHGEX|SSH_BUG_NOREKEY| 73bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, 74bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| 75bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_OLD_DHGEX|SSH_BUG_NOREKEY| 76bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, 77bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| 78bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| 79bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_OLD_FORWARD_ADDR}, 80bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "OpenSSH_2.5.0p1*," 81bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OpenSSH_2.5.1p1*", 82bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| 83bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| 84bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_OLD_FORWARD_ADDR}, 85bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "OpenSSH_2.5.0*," 86bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OpenSSH_2.5.1*," 87bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY| 88bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, 89bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| 90bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_OLD_FORWARD_ADDR}, 91bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "OpenSSH_2.*," 92bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OpenSSH_3.0*," 93bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, 94bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR }, 95bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, 96bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "OpenSSH_4*", 0 }, 97d059297112922cabb0c674840589be8db821fd9aAdam Langley { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT}, 98d059297112922cabb0c674840589be8db821fd9aAdam Langley { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH}, 99d059297112922cabb0c674840589be8db821fd9aAdam Langley { "OpenSSH_6.5*," 100d059297112922cabb0c674840589be8db821fd9aAdam Langley "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD}, 101bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "OpenSSH*", SSH_NEW_OPENSSH }, 102bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "*MindTerm*", 0 }, 103bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 104bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 105bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| 106bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_FIRSTKEX }, 107bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 108bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 109bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| 110bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_FIRSTKEX }, 111bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "2.0.13*," 112bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "2.0.14*," 113bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "2.0.15*," 114bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "2.0.16*," 115bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "2.0.17*," 116bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "2.0.18*," 117bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "2.0.19*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 118bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 119bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| 120bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| 121bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE| 122bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, 123bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "2.0.11*," 124bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 125bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 126bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| 127bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_PKAUTH|SSH_BUG_PKOK| 128bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| 129bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, 130bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| 131bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_OLD_SESSIONID|SSH_BUG_DEBUG| 132bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| 133bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_PKAUTH|SSH_BUG_PKOK| 134bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| 135bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN| 136bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_FIRSTKEX }, 137bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "2.2.0*," 138bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG| 139bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX }, 140bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5| 141bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_FIRSTKEX }, 142bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */ 143bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX| 144bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_RFWD_ADDR }, 145bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "3.0.*", SSH_BUG_DEBUG }, 146bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, 147bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "1.7 SecureFX*", SSH_OLD_SESSIONID }, 148bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "1.2.18*," 149bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "1.2.19*," 150bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "1.2.20*," 151bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "1.2.21*," 152bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "1.2.22*", SSH_BUG_IGNOREMSG }, 153bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "1.3.2*", /* F-Secure */ 154bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_IGNOREMSG }, 155bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "*SSH Compatible Server*", /* Netscreen */ 156bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_PASSWORDPAD }, 157bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "*OSU_0*," 158bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OSU_1.0*," 159bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OSU_1.1*," 160bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OSU_1.2*," 161bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OSU_1.3*," 162bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OSU_1.4*," 163bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OSU_1.5alpha1*," 164bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OSU_1.5alpha2*," 165bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD }, 166bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "*SSH_Version_Mapper*", 167bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_SCANNER }, 168bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { "Probe-*", 169bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_BUG_PROBE }, 170bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman { NULL, 0 } 171bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman }; 172bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 173bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* process table, return first match */ 174bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman for (i = 0; check[i].pat; i++) { 175bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (match_pattern_list(version, check[i].pat, 176bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman strlen(check[i].pat), 0) == 1) { 177d059297112922cabb0c674840589be8db821fd9aAdam Langley debug("match: %s pat %s compat 0x%08x", 178d059297112922cabb0c674840589be8db821fd9aAdam Langley version, check[i].pat, check[i].bugs); 179d059297112922cabb0c674840589be8db821fd9aAdam Langley datafellows = check[i].bugs; /* XXX for now */ 180d059297112922cabb0c674840589be8db821fd9aAdam Langley return check[i].bugs; 181bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 182bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 183bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman debug("no match: %s", version); 184d059297112922cabb0c674840589be8db821fd9aAdam Langley return 0; 185bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 186bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 187bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#define SEP "," 188bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint 189bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanproto_spec(const char *spec) 190bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 191bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman char *s, *p, *q; 192bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int ret = SSH_PROTO_UNKNOWN; 193bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 194bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (spec == NULL) 195bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return ret; 196d059297112922cabb0c674840589be8db821fd9aAdam Langley q = s = strdup(spec); 197d059297112922cabb0c674840589be8db821fd9aAdam Langley if (s == NULL) 198d059297112922cabb0c674840589be8db821fd9aAdam Langley return ret; 199bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) { 200bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman switch (atoi(p)) { 201bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman case 1: 202bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (ret == SSH_PROTO_UNKNOWN) 203bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman ret |= SSH_PROTO_1_PREFERRED; 204bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman ret |= SSH_PROTO_1; 205bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman break; 206bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman case 2: 207bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman ret |= SSH_PROTO_2; 208bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman break; 209bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman default: 210bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman logit("ignoring bad proto spec: '%s'.", p); 211bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman break; 212bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 213bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 214d059297112922cabb0c674840589be8db821fd9aAdam Langley free(s); 215bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return ret; 216bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 217bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 218d059297112922cabb0c674840589be8db821fd9aAdam Langley/* 219d059297112922cabb0c674840589be8db821fd9aAdam Langley * Filters a proposal string, excluding any algorithm matching the 'filter' 220d059297112922cabb0c674840589be8db821fd9aAdam Langley * pattern list. 221d059297112922cabb0c674840589be8db821fd9aAdam Langley */ 222d059297112922cabb0c674840589be8db821fd9aAdam Langleystatic char * 223d059297112922cabb0c674840589be8db821fd9aAdam Langleyfilter_proposal(char *proposal, const char *filter) 224bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 225bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman Buffer b; 226d059297112922cabb0c674840589be8db821fd9aAdam Langley char *orig_prop, *fix_prop; 227bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman char *cp, *tmp; 228bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 229bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_init(&b); 230d059297112922cabb0c674840589be8db821fd9aAdam Langley tmp = orig_prop = xstrdup(proposal); 231bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman while ((cp = strsep(&tmp, ",")) != NULL) { 232d059297112922cabb0c674840589be8db821fd9aAdam Langley if (match_pattern_list(cp, filter, strlen(cp), 0) != 1) { 233bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (buffer_len(&b) > 0) 234bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_append(&b, ",", 1); 235bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_append(&b, cp, strlen(cp)); 236d059297112922cabb0c674840589be8db821fd9aAdam Langley } else 237d059297112922cabb0c674840589be8db821fd9aAdam Langley debug2("Compat: skipping algorithm \"%s\"", cp); 238bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 239bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_append(&b, "\0", 1); 240d059297112922cabb0c674840589be8db821fd9aAdam Langley fix_prop = xstrdup((char *)buffer_ptr(&b)); 241bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_free(&b); 242d059297112922cabb0c674840589be8db821fd9aAdam Langley free(orig_prop); 243d059297112922cabb0c674840589be8db821fd9aAdam Langley 244d059297112922cabb0c674840589be8db821fd9aAdam Langley return fix_prop; 245d059297112922cabb0c674840589be8db821fd9aAdam Langley} 246d059297112922cabb0c674840589be8db821fd9aAdam Langley 247d059297112922cabb0c674840589be8db821fd9aAdam Langleychar * 248d059297112922cabb0c674840589be8db821fd9aAdam Langleycompat_cipher_proposal(char *cipher_prop) 249d059297112922cabb0c674840589be8db821fd9aAdam Langley{ 250d059297112922cabb0c674840589be8db821fd9aAdam Langley if (!(datafellows & SSH_BUG_BIGENDIANAES)) 251d059297112922cabb0c674840589be8db821fd9aAdam Langley return cipher_prop; 252d059297112922cabb0c674840589be8db821fd9aAdam Langley debug2("%s: original cipher proposal: %s", __func__, cipher_prop); 253d059297112922cabb0c674840589be8db821fd9aAdam Langley cipher_prop = filter_proposal(cipher_prop, "aes*"); 254d059297112922cabb0c674840589be8db821fd9aAdam Langley debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); 255d059297112922cabb0c674840589be8db821fd9aAdam Langley if (*cipher_prop == '\0') 256d059297112922cabb0c674840589be8db821fd9aAdam Langley fatal("No supported ciphers found"); 257d059297112922cabb0c674840589be8db821fd9aAdam Langley return cipher_prop; 258d059297112922cabb0c674840589be8db821fd9aAdam Langley} 259d059297112922cabb0c674840589be8db821fd9aAdam Langley 260d059297112922cabb0c674840589be8db821fd9aAdam Langleychar * 261d059297112922cabb0c674840589be8db821fd9aAdam Langleycompat_pkalg_proposal(char *pkalg_prop) 262d059297112922cabb0c674840589be8db821fd9aAdam Langley{ 263d059297112922cabb0c674840589be8db821fd9aAdam Langley if (!(datafellows & SSH_BUG_RSASIGMD5)) 264d059297112922cabb0c674840589be8db821fd9aAdam Langley return pkalg_prop; 265d059297112922cabb0c674840589be8db821fd9aAdam Langley debug2("%s: original public key proposal: %s", __func__, pkalg_prop); 266d059297112922cabb0c674840589be8db821fd9aAdam Langley pkalg_prop = filter_proposal(pkalg_prop, "ssh-rsa"); 267d059297112922cabb0c674840589be8db821fd9aAdam Langley debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); 268d059297112922cabb0c674840589be8db821fd9aAdam Langley if (*pkalg_prop == '\0') 269d059297112922cabb0c674840589be8db821fd9aAdam Langley fatal("No supported PK algorithms found"); 270d059297112922cabb0c674840589be8db821fd9aAdam Langley return pkalg_prop; 271d059297112922cabb0c674840589be8db821fd9aAdam Langley} 272bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 273d059297112922cabb0c674840589be8db821fd9aAdam Langleychar * 274d059297112922cabb0c674840589be8db821fd9aAdam Langleycompat_kex_proposal(char *kex_prop) 275d059297112922cabb0c674840589be8db821fd9aAdam Langley{ 276d059297112922cabb0c674840589be8db821fd9aAdam Langley if (!(datafellows & SSH_BUG_CURVE25519PAD)) 277d059297112922cabb0c674840589be8db821fd9aAdam Langley return kex_prop; 278d059297112922cabb0c674840589be8db821fd9aAdam Langley debug2("%s: original KEX proposal: %s", __func__, kex_prop); 279d059297112922cabb0c674840589be8db821fd9aAdam Langley kex_prop = filter_proposal(kex_prop, "curve25519-sha256@libssh.org"); 280d059297112922cabb0c674840589be8db821fd9aAdam Langley debug2("%s: compat KEX proposal: %s", __func__, kex_prop); 281d059297112922cabb0c674840589be8db821fd9aAdam Langley if (*kex_prop == '\0') 282d059297112922cabb0c674840589be8db821fd9aAdam Langley fatal("No supported key exchange algorithms found"); 283d059297112922cabb0c674840589be8db821fd9aAdam Langley return kex_prop; 284bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 285d059297112922cabb0c674840589be8db821fd9aAdam Langley 286