From 672fe979a97fd7692fe5dc383491eee200cc82a4 Mon Sep 17 00:00:00 2001 From: djm Date: Tue, 23 Jan 2018 05:27:21 +0000 Subject: [PATCH] Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@ --- usr.bin/ssh/auth2-hostbased.c | 8 ++-- usr.bin/ssh/auth2-pubkey.c | 47 +++++--------------- usr.bin/ssh/auth2.c | 4 +- usr.bin/ssh/authfd.c | 4 +- usr.bin/ssh/channels.c | 45 +++++++------------ usr.bin/ssh/clientloop.c | 15 ++----- usr.bin/ssh/compat.c | 71 ++---------------------------- usr.bin/ssh/compat.h | 28 ++++++------ usr.bin/ssh/kex.c | 8 +--- usr.bin/ssh/monitor.c | 21 ++++----- usr.bin/ssh/serverloop.c | 8 ++-- usr.bin/ssh/ssh-agent.c | 4 +- usr.bin/ssh/ssh-dss.c | 81 +++++++++++++---------------------- usr.bin/ssh/ssh.c | 4 +- usr.bin/ssh/sshconnect.c | 5 +-- usr.bin/ssh/sshconnect2.c | 55 +++++------------------- usr.bin/ssh/sshd.c | 6 +-- 17 files changed, 111 insertions(+), 303 deletions(-) diff --git a/usr.bin/ssh/auth2-hostbased.c b/usr.bin/ssh/auth2-hostbased.c index 70c31772db7..d6431296781 100644 --- a/usr.bin/ssh/auth2-hostbased.c +++ b/usr.bin/ssh/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.32 2017/12/18 02:25:15 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.33 2018/01/23 05:27:21 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -61,7 +61,7 @@ userauth_hostbased(struct ssh *ssh) Authctxt *authctxt = ssh->authctxt; struct sshbuf *b; struct sshkey *key = NULL; - char *pkalg, *cuser, *chost, *service; + char *pkalg, *cuser, *chost; u_char *pkblob, *sig; size_t alen, blen, slen; int r, pktype, authenticated = 0; @@ -117,15 +117,13 @@ userauth_hostbased(struct ssh *ssh) goto done; } - service = ssh->compat & SSH_BUG_HBSERVICE ? "ssh-userauth" : - authctxt->service; if ((b = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); /* reconstruct packet */ if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || (r = sshbuf_put_cstring(b, authctxt->user)) != 0 || - (r = sshbuf_put_cstring(b, service)) != 0 || + (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || (r = sshbuf_put_cstring(b, "hostbased")) != 0 || (r = sshbuf_put_string(b, pkalg, alen)) != 0 || (r = sshbuf_put_string(b, pkblob, blen)) != 0 || diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c index da0aa4f88ed..4b974a11647 100644 --- a/usr.bin/ssh/auth2-pubkey.c +++ b/usr.bin/ssh/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.74 2017/12/21 00:00:28 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.75 2018/01/23 05:27:21 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -97,26 +97,10 @@ userauth_pubkey(struct ssh *ssh) debug2("%s: disabled because of invalid user", __func__); return 0; } - if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0) - fatal("%s: sshpkt_get_u8 failed: %s", __func__, ssh_err(r)); - if (ssh->compat & SSH_BUG_PKAUTH) { - debug2("%s: SSH_BUG_PKAUTH", __func__); - if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); - /* no explicit pkalg given */ - /* so we have to extract the pkalg from the pkblob */ - /* XXX use sshbuf_from() */ - if ((r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 || - (r = sshbuf_put(b, pkblob, blen)) != 0 || - (r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0) - fatal("%s: failed: %s", __func__, ssh_err(r)); - sshbuf_free(b); - } else { - if ((r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || - (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) - fatal("%s: sshpkt_get_cstring failed: %s", - __func__, ssh_err(r)); - } + if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 || + (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || + (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) + fatal("%s: parse request failed: %s", __func__, ssh_err(r)); pktype = sshkey_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { /* this is perfectly legal */ @@ -185,22 +169,11 @@ userauth_pubkey(struct ssh *ssh) authctxt->style ? authctxt->style : ""); if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || (r = sshbuf_put_cstring(b, userstyle)) != 0 || - (r = sshbuf_put_cstring(b, ssh->compat & SSH_BUG_PKSERVICE ? - "ssh-userauth" : authctxt->service)) != 0) - fatal("%s: build packet failed: %s", - __func__, ssh_err(r)); - if (ssh->compat & SSH_BUG_PKAUTH) { - if ((r = sshbuf_put_u8(b, have_sig)) != 0) - fatal("%s: build packet failed: %s", - __func__, ssh_err(r)); - } else { - if ((r = sshbuf_put_cstring(b, "publickey")) != 0 || - (r = sshbuf_put_u8(b, have_sig)) != 0 || - (r = sshbuf_put_cstring(b, pkalg) != 0)) - fatal("%s: build packet failed: %s", - __func__, ssh_err(r)); - } - if ((r = sshbuf_put_string(b, pkblob, blen)) != 0) + (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || + (r = sshbuf_put_cstring(b, "publickey")) != 0 || + (r = sshbuf_put_u8(b, have_sig)) != 0 || + (r = sshbuf_put_cstring(b, pkalg) != 0) || + (r = sshbuf_put_string(b, pkblob, blen)) != 0) fatal("%s: build packet failed: %s", __func__, ssh_err(r)); #ifdef DEBUG_PK diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index 68aca4d5c90..aba32447fe8 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.143 2017/06/24 06:34:38 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.144 2018/01/23 05:27:21 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -136,7 +136,7 @@ userauth_banner(void) { char *banner = NULL; - if (options.banner == NULL || (datafellows & SSH_BUG_BANNER) != 0) + if (options.banner == NULL) return; if ((banner = PRIVSEP(auth2_read_banner())) == NULL) diff --git a/usr.bin/ssh/authfd.c b/usr.bin/ssh/authfd.c index ebb0d591f22..e173304c62f 100644 --- a/usr.bin/ssh/authfd.c +++ b/usr.bin/ssh/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.105 2017/07/01 13:50:45 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.106 2018/01/23 05:27:21 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -351,8 +351,6 @@ ssh_agent_sign(int sock, const struct sshkey *key, if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) return SSH_ERR_INVALID_ARGUMENT; - if (compat & SSH_BUG_SIGBLOB) - flags |= SSH_AGENT_OLD_SIGNATURE; if ((msg = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index b8b3bb759ec..f10702daca4 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.377 2017/12/05 01:30:19 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.378 2018/01/23 05:27:21 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1572,13 +1572,8 @@ channel_post_x11_listener(struct ssh *ssh, Channel *c, SSH_CHANNEL_OPENING, newsock, newsock, -1, c->local_window_max, c->local_maxpacket, 0, buf, 1); open_preamble(ssh, __func__, nc, "x11"); - if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0) { - fatal("%s: channel %i: reply %s", __func__, - c->self, ssh_err(r)); - } - if ((datafellows & SSH_BUG_X11FWD) != 0) - debug2("channel %d: ssh2 x11 bug compat mode", nc->self); - else if ((r = sshpkt_put_u32(ssh, remote_port)) != 0) { + if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0 || + (r = sshpkt_put_u32(ssh, remote_port)) != 0) { fatal("%s: channel %i: reply %s", __func__, c->self, ssh_err(r)); } @@ -1814,15 +1809,13 @@ channel_post_connecting(struct ssh *ssh, Channel *c, if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 || (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || - (r = sshpkt_put_u32(ssh, SSH2_OPEN_CONNECT_FAILED)) - != 0) - fatal("%s: channel %i: failure: %s", __func__, - c->self, ssh_err(r)); - if ((datafellows & SSH_BUG_OPENFAILURE) == 0 && - ((r = sshpkt_put_cstring(ssh, strerror(err))) != 0 || - (r = sshpkt_put_cstring(ssh, "")) != 0)) + (r = sshpkt_put_u32(ssh, + SSH2_OPEN_CONNECT_FAILED)) != 0 || + (r = sshpkt_put_cstring(ssh, strerror(err))) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0) { fatal("%s: channel %i: failure: %s", __func__, c->self, ssh_err(r)); + } if ((r = sshpkt_send(ssh)) != 0) fatal("%s: channel %i: %s", __func__, c->self, ssh_err(r)); @@ -3079,13 +3072,11 @@ channel_input_open_failure(int type, u_int32_t seq, struct ssh *ssh) error("%s: reason: %s", __func__, ssh_err(r)); packet_disconnect("Invalid open failure message"); } - if ((datafellows & SSH_BUG_OPENFAILURE) == 0) { - /* skip language */ - if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 || - (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0) { - error("%s: message/lang: %s", __func__, ssh_err(r)); - packet_disconnect("Invalid open failure message"); - } + /* skip language */ + if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 || + (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0) { + error("%s: message/lang: %s", __func__, ssh_err(r)); + packet_disconnect("Invalid open failure message"); } ssh_packet_check_eom(ssh); logit("channel %d: open failed: %s%s%s", c->self, @@ -3625,15 +3616,9 @@ static const char * channel_rfwd_bind_host(const char *listen_host) { if (listen_host == NULL) { - if (datafellows & SSH_BUG_RFWD_ADDR) - return "127.0.0.1"; - else - return "localhost"; + return "localhost"; } else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) { - if (datafellows & SSH_BUG_RFWD_ADDR) - return "0.0.0.0"; - else - return ""; + return ""; } else return listen_host; } diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index a4c056077a0..8cf79a26cc0 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.309 2017/12/18 23:16:23 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.310 2018/01/23 05:27:21 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1532,12 +1532,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan) return NULL; } originator = packet_get_string(NULL); - if (datafellows & SSH_BUG_X11FWD) { - debug2("buggy server: x11 request w/o originator_port"); - originator_port = 0; - } else { - originator_port = packet_get_int(); - } + originator_port = packet_get_int(); packet_check_eom(); /* XXX check permission */ debug("client_request_x11: request from %s %d", originator, @@ -1663,10 +1658,8 @@ client_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(rchan); packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED); - if (!(datafellows & SSH_BUG_OPENFAILURE)) { - packet_put_cstring("open failed"); - packet_put_cstring(""); - } + packet_put_cstring("open failed"); + packet_put_cstring(""); packet_send(); } free(ctype); diff --git a/usr.bin/ssh/compat.c b/usr.bin/ssh/compat.c index 73952db1d2f..eea0741ad8d 100644 --- a/usr.bin/ssh/compat.c +++ b/usr.bin/ssh/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.104 2017/07/25 09:22:25 dtucker Exp $ */ +/* $OpenBSD: compat.c,v 1.105 2018/01/23 05:27:21 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -48,83 +48,20 @@ compat_datafellows(const char *version) char *pat; int bugs; } check[] = { - { "OpenSSH-2.0*," - "OpenSSH-2.1*," - "OpenSSH_2.1*," - "OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER| - SSH_OLD_DHGEX|SSH_BUG_NOREKEY| - SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, - { "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| - SSH_OLD_DHGEX|SSH_BUG_NOREKEY| - SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, - { "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| - SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| - SSH_OLD_FORWARD_ADDR}, - { "OpenSSH_2.5.0p1*," - "OpenSSH_2.5.1p1*", - SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| - SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| - SSH_OLD_FORWARD_ADDR}, - { "OpenSSH_2.5.0*," - "OpenSSH_2.5.1*," - "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY| - SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, - { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| - SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.*," "OpenSSH_3.0*," "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR }, { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, - { "OpenSSH_4*", 0 }, + { "OpenSSH_2*," + "OpenSSH_3*," + "OpenSSH_4*", 0 }, { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT}, { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH}, { "OpenSSH_6.5*," "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD}, { "OpenSSH*", SSH_NEW_OPENSSH }, { "*MindTerm*", 0 }, - { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| - SSH_OLD_SESSIONID|SSH_BUG_DEBUG| - SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| - SSH_BUG_FIRSTKEX }, - { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| - SSH_OLD_SESSIONID|SSH_BUG_DEBUG| - SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| - SSH_BUG_FIRSTKEX }, - { "2.0.13*," - "2.0.14*," - "2.0.15*," - "2.0.16*," - "2.0.17*," - "2.0.18*," - "2.0.19*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| - SSH_OLD_SESSIONID|SSH_BUG_DEBUG| - SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| - SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| - SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE| - SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, - { "2.0.11*," - "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| - SSH_OLD_SESSIONID|SSH_BUG_DEBUG| - SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| - SSH_BUG_PKAUTH|SSH_BUG_PKOK| - SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| - SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, - { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| - SSH_OLD_SESSIONID|SSH_BUG_DEBUG| - SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| - SSH_BUG_PKAUTH|SSH_BUG_PKOK| - SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| - SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN| - SSH_BUG_FIRSTKEX }, - { "2.2.0*," - "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG| - SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX }, - { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5| - SSH_BUG_FIRSTKEX }, - { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */ - { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX| - SSH_BUG_RFWD_ADDR }, { "3.0.*", SSH_BUG_DEBUG }, { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, { "1.7 SecureFX*", SSH_OLD_SESSIONID }, diff --git a/usr.bin/ssh/compat.h b/usr.bin/ssh/compat.h index 2e7830f1bc8..246e6ee4c20 100644 --- a/usr.bin/ssh/compat.h +++ b/usr.bin/ssh/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.49 2017/04/30 23:13:25 djm Exp $ */ +/* $OpenBSD: compat.h,v 1.50 2018/01/23 05:27:21 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -32,31 +32,31 @@ #define SSH_PROTO_1_PREFERRED 0x02 #define SSH_PROTO_2 0x04 -#define SSH_BUG_SIGBLOB 0x00000001 -#define SSH_BUG_PKSERVICE 0x00000002 -#define SSH_BUG_HMAC 0x00000004 -#define SSH_BUG_X11FWD 0x00000008 +/* #define unused 0x00000001 */ +/* #define unused 0x00000002 */ +/* #define unused 0x00000004 */ +/* #define unused 0x00000008 */ #define SSH_OLD_SESSIONID 0x00000010 -#define SSH_BUG_PKAUTH 0x00000020 +/* #define unused 0x00000020 */ #define SSH_BUG_DEBUG 0x00000040 -#define SSH_BUG_BANNER 0x00000080 +/* #define unused 0x00000080 */ #define SSH_BUG_IGNOREMSG 0x00000100 -#define SSH_BUG_PKOK 0x00000200 +/* #define unused 0x00000200 */ #define SSH_BUG_PASSWORDPAD 0x00000400 #define SSH_BUG_SCANNER 0x00000800 #define SSH_BUG_BIGENDIANAES 0x00001000 #define SSH_BUG_RSASIGMD5 0x00002000 #define SSH_OLD_DHGEX 0x00004000 #define SSH_BUG_NOREKEY 0x00008000 -#define SSH_BUG_HBSERVICE 0x00010000 -#define SSH_BUG_OPENFAILURE 0x00020000 -#define SSH_BUG_DERIVEKEY 0x00040000 -#define SSH_BUG_DUMMYCHAN 0x00100000 +/* #define unused 0x00010000 */ +/* #define unused 0x00020000 */ +/* #define unused 0x00040000 */ +/* #define unused 0x00100000 */ #define SSH_BUG_EXTEOF 0x00200000 #define SSH_BUG_PROBE 0x00400000 -#define SSH_BUG_FIRSTKEX 0x00800000 +/* #define unused 0x00800000 */ #define SSH_OLD_FORWARD_ADDR 0x01000000 -#define SSH_BUG_RFWD_ADDR 0x02000000 +/* #define unused 0x02000000 */ #define SSH_NEW_OPENSSH 0x04000000 #define SSH_BUG_DYNAMIC_RPORT 0x08000000 #define SSH_BUG_CURVE25519PAD 0x10000000 diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 5082ebd5cff..f88fefcd2c3 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.134 2017/06/13 12:13:59 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.135 2018/01/23 05:27:21 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -661,9 +661,6 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server) free(name); return SSH_ERR_INTERNAL_ERROR; } - /* truncate the key */ - if (ssh->compat & SSH_BUG_HMAC) - mac->key_len = 16; mac->name = name; mac->key = NULL; mac->enabled = 0; @@ -852,8 +849,7 @@ kex_choose_conf(struct ssh *ssh) kex->dh_need = dh_need; /* ignore the next message if the proposals do not match */ - if (first_kex_follows && !proposals_match(my, peer) && - !(ssh->compat & SSH_BUG_FIRSTKEX)) + if (first_kex_follows && !proposals_match(my, peer)) ssh->dispatch_skip_packets = 1; r = 0; out: diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index d3396b8ac7e..a64d614a8c5 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.177 2017/12/21 00:00:28 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.178 2018/01/23 05:27:21 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -964,18 +964,13 @@ monitor_valid_userblob(u_char *data, u_int datalen) free(userstyle); free(cp); buffer_skip_string(&b); - if (datafellows & SSH_BUG_PKAUTH) { - if (!buffer_get_char(&b)) - fail++; - } else { - cp = buffer_get_cstring(&b, NULL); - if (strcmp("publickey", cp) != 0) - fail++; - free(cp); - if (!buffer_get_char(&b)) - fail++; - buffer_skip_string(&b); - } + cp = buffer_get_cstring(&b, NULL); + if (strcmp("publickey", cp) != 0) + fail++; + free(cp); + if (!buffer_get_char(&b)) + fail++; + buffer_skip_string(&b); buffer_skip_string(&b); if (buffer_len(&b) != 0) fail++; diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 887ffaee312..dd213cd4237 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.202 2017/12/18 23:16:24 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.203 2018/01/23 05:27:21 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -644,10 +644,8 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(rchan); packet_put_int(reason); - if (!(datafellows & SSH_BUG_OPENFAILURE)) { - packet_put_cstring(errmsg ? errmsg : "open failed"); - packet_put_cstring(""); - } + packet_put_cstring(errmsg ? errmsg : "open failed"); + packet_put_cstring(""); packet_send(); } free(ctype); diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 3a1a0b97b3b..267f126b2e6 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.226 2017/11/15 02:10:16 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.227 2018/01/23 05:27:21 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -277,8 +277,6 @@ process_sign_request2(SocketEntry *e) goto send; } - if (flags & SSH_AGENT_OLD_SIGNATURE) - compat = SSH_BUG_SIGBLOB; if ((id = lookup_identity(key)) == NULL) { verbose("%s: %s key not found", __func__, sshkey_type(key)); goto send; diff --git a/usr.bin/ssh/ssh-dss.c b/usr.bin/ssh/ssh-dss.c index b45e698481d..6c9604b3d9e 100644 --- a/usr.bin/ssh/ssh-dss.c +++ b/usr.bin/ssh/ssh-dss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */ +/* $OpenBSD: ssh-dss.c,v 1.36 2018/01/23 05:27:21 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -80,38 +80,25 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen); - if (compat & SSH_BUG_SIGBLOB) { - if (sigp != NULL) { - if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(*sigp, sigblob, SIGBLOB_LEN); - } - if (lenp != NULL) - *lenp = SIGBLOB_LEN; - ret = 0; - } else { - /* ietf-drafts */ - if ((b = sshbuf_new()) == NULL) { + if ((b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 || + (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0) + goto out; + + len = sshbuf_len(b); + if (sigp != NULL) { + if ((*sigp = malloc(len)) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } - if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 || - (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0) - goto out; - len = sshbuf_len(b); - if (sigp != NULL) { - if ((*sigp = malloc(len)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(*sigp, sshbuf_ptr(b), len); - } - if (lenp != NULL) - *lenp = len; - ret = 0; + memcpy(*sigp, sshbuf_ptr(b), len); } + if (lenp != NULL) + *lenp = len; + ret = 0; out: explicit_bzero(digest, sizeof(digest)); if (sig != NULL) @@ -140,28 +127,20 @@ ssh_dss_verify(const struct sshkey *key, return SSH_ERR_INTERNAL_ERROR; /* fetch signature */ - if (compat & SSH_BUG_SIGBLOB) { - if ((sigblob = malloc(signaturelen)) == NULL) - return SSH_ERR_ALLOC_FAIL; - memcpy(sigblob, signature, signaturelen); - len = signaturelen; - } else { - /* ietf-drafts */ - if ((b = sshbuf_from(signature, signaturelen)) == NULL) - return SSH_ERR_ALLOC_FAIL; - if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || - sshbuf_get_string(b, &sigblob, &len) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (strcmp("ssh-dss", ktype) != 0) { - ret = SSH_ERR_KEY_TYPE_MISMATCH; - goto out; - } - if (sshbuf_len(b) != 0) { - ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; - goto out; - } + if ((b = sshbuf_from(signature, signaturelen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || + sshbuf_get_string(b, &sigblob, &len) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (strcmp("ssh-dss", ktype) != 0) { + ret = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (sshbuf_len(b) != 0) { + ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; } if (len != SIGBLOB_LEN) { diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 0c15c1978e9..c382fe9f445 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.470 2018/01/23 05:06:25 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.471 2018/01/23 05:27:21 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1881,7 +1881,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw) if (options.control_persist && muxserver_sock == -1) ssh_init_stdio_forwarding(ssh); - if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) + if (!no_shell_flag) id = ssh_session2_open(ssh); else { packet_set_interactive( diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 8f24fd980d4..28f49065110 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.290 2018/01/23 05:17:04 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.291 2018/01/23 05:27:21 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -605,9 +605,6 @@ ssh_exchange_identification(int timeout_ms) if (mismatch) fatal("Protocol major versions differ: %d vs. %d", PROTOCOL_MAJOR_2, remote_major); - if ((datafellows & SSH_BUG_DERIVEKEY) != 0) - fatal("Server version \"%.100s\" uses unsafe key agreement; " - "refusing connection", remote_version); if ((datafellows & SSH_BUG_RSASIGMD5) != 0) logit("Server version \"%.100s\" uses unsafe RSA signature " "scheme; disabling use of RSA keys", remote_version); diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 884d37d39ef..e23fd302d75 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.266 2017/08/27 00:38:41 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.267 2018/01/23 05:27:21 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -570,7 +570,6 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) Authctxt *authctxt = ssh->authctxt; struct sshkey *key = NULL; Identity *id = NULL; - Buffer b; int pktype, sent = 0; u_int alen, blen; char *pkalg, *fp; @@ -578,18 +577,9 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) if (authctxt == NULL) fatal("input_userauth_pk_ok: no authentication context"); - if (datafellows & SSH_BUG_PKOK) { - /* this is similar to SSH_BUG_PKAUTH */ - debug2("input_userauth_pk_ok: SSH_BUG_PKOK"); - pkblob = packet_get_string(&blen); - buffer_init(&b); - buffer_append(&b, pkblob, blen); - pkalg = buffer_get_string(&b, &alen); - buffer_free(&b); - } else { - pkalg = packet_get_string(&alen); - pkblob = packet_get_string(&blen); - } + + pkalg = packet_get_string(&alen); + pkblob = packet_get_string(&blen); packet_check_eom(); debug("Server accepts key: pkalg %s blen %u", pkalg, blen); @@ -1092,17 +1082,10 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) } buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); buffer_put_cstring(&b, authctxt->server_user); - buffer_put_cstring(&b, - datafellows & SSH_BUG_PKSERVICE ? - "ssh-userauth" : - authctxt->service); - if (datafellows & SSH_BUG_PKAUTH) { - buffer_put_char(&b, have_sig); - } else { - buffer_put_cstring(&b, authctxt->method->name); - buffer_put_char(&b, have_sig); - buffer_put_cstring(&b, key_sign_encode(id->key)); - } + buffer_put_cstring(&b, authctxt->service); + buffer_put_cstring(&b, authctxt->method->name); + buffer_put_char(&b, have_sig); + buffer_put_cstring(&b, key_sign_encode(id->key)); buffer_put_string(&b, blob, bloblen); /* @@ -1162,19 +1145,6 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) #ifdef DEBUG_PK buffer_dump(&b); #endif - if (datafellows & SSH_BUG_PKSERVICE) { - buffer_clear(&b); - buffer_append(&b, session_id2, session_id2_len); - skip = session_id2_len; - buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); - buffer_put_cstring(&b, authctxt->server_user); - buffer_put_cstring(&b, authctxt->service); - buffer_put_cstring(&b, authctxt->method->name); - buffer_put_char(&b, have_sig); - if (!(datafellows & SSH_BUG_PKAUTH)) - buffer_put_cstring(&b, key_ssh_name(id->key)); - buffer_put_string(&b, blob, bloblen); - } free(blob); /* append signature */ @@ -1216,8 +1186,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) packet_put_cstring(authctxt->service); packet_put_cstring(authctxt->method->name); packet_put_char(have_sig); - if (!(datafellows & SSH_BUG_PKAUTH)) - packet_put_cstring(key_sign_encode(id->key)); + packet_put_cstring(key_sign_encode(id->key)); packet_put_string(blob, bloblen); free(blob); packet_send(); @@ -1733,7 +1702,6 @@ userauth_hostbased(Authctxt *authctxt) struct ssh *ssh = active_state; struct sshkey *private = NULL; struct sshbuf *b = NULL; - const char *service; u_char *sig = NULL, *keyblob = NULL; char *fp = NULL, *chost = NULL, *lname = NULL; size_t siglen = 0, keylen = 0; @@ -1804,9 +1772,6 @@ userauth_hostbased(Authctxt *authctxt) xasprintf(&chost, "%s.", lname); debug2("%s: chost %s", __func__, chost); - service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : - authctxt->service; - /* construct data */ if ((b = sshbuf_new()) == NULL) { error("%s: sshbuf_new failed", __func__); @@ -1819,7 +1784,7 @@ userauth_hostbased(Authctxt *authctxt) if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 || - (r = sshbuf_put_cstring(b, service)) != 0 || + (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 || (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 || (r = sshbuf_put_string(b, keyblob, keylen)) != 0 || diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index c93e0887a67..3af4108eaff 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.501 2018/01/23 05:12:12 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.502 2018/01/23 05:27:21 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -422,10 +422,6 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) logit("Client version \"%.100s\" uses unsafe RSA signature " "scheme; disabling use of RSA keys", remote_version); } - if ((ssh->compat & SSH_BUG_DERIVEKEY) != 0) { - fatal("Client version \"%.100s\" uses unsafe key agreement; " - "refusing connection", remote_version); - } chop(server_version_string); debug("Local version string %.200s", server_version_string); -- 2.20.1