xref: /freebsd/crypto/openssh/compat.c (revision 47dd1d1b619cc035b82b49a91a25544309ff95ae) 
1*47dd1d1bSDag-Erling Smørgrav /* $OpenBSD: compat.c,v 1.106 2018/02/16 04:43:11 dtucker Exp $ */
2511b41d2SMark Murray /*
3af12a3e7SDag-Erling Smørgrav  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
4511b41d2SMark Murray  *
5511b41d2SMark Murray  * Redistribution and use in source and binary forms, with or without
6511b41d2SMark Murray  * modification, are permitted provided that the following conditions
7511b41d2SMark Murray  * are met:
8511b41d2SMark Murray  * 1. Redistributions of source code must retain the above copyright
9511b41d2SMark Murray  *    notice, this list of conditions and the following disclaimer.
10511b41d2SMark Murray  * 2. Redistributions in binary form must reproduce the above copyright
11511b41d2SMark Murray  *    notice, this list of conditions and the following disclaimer in the
12511b41d2SMark Murray  *    documentation and/or other materials provided with the distribution.
13511b41d2SMark Murray  *
14511b41d2SMark Murray  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15511b41d2SMark Murray  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16511b41d2SMark Murray  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17511b41d2SMark Murray  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18511b41d2SMark Murray  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19511b41d2SMark Murray  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20511b41d2SMark Murray  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21511b41d2SMark Murray  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22511b41d2SMark Murray  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23511b41d2SMark Murray  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24511b41d2SMark Murray  */
25511b41d2SMark Murray 
26511b41d2SMark Murray #include "includes.h"
27511b41d2SMark Murray 
28333ee039SDag-Erling Smørgrav #include <sys/types.h>
29333ee039SDag-Erling Smørgrav 
30333ee039SDag-Erling Smørgrav #include <stdlib.h>
31333ee039SDag-Erling Smørgrav #include <string.h>
32333ee039SDag-Erling Smørgrav #include <stdarg.h>
33333ee039SDag-Erling Smørgrav 
34333ee039SDag-Erling Smørgrav #include "xmalloc.h"
35af12a3e7SDag-Erling Smørgrav #include "buffer.h"
36a04a10f8SKris Kennaway #include "packet.h"
37a04a10f8SKris Kennaway #include "compat.h"
38ca3176e7SBrian Feldman #include "log.h"
39af12a3e7SDag-Erling Smørgrav #include "match.h"
40d93a896eSDag-Erling Smørgrav #include "kex.h"
41511b41d2SMark Murray 
42a04a10f8SKris Kennaway int datafellows = 0;
43511b41d2SMark Murray 
44a04a10f8SKris Kennaway /* datafellows bug compatibility */
45bc5531deSDag-Erling Smørgrav u_int
46a04a10f8SKris Kennaway compat_datafellows(const char *version)
47a04a10f8SKris Kennaway {
48af12a3e7SDag-Erling Smørgrav 	int i;
495b9b2fafSBrian Feldman 	static struct {
505b9b2fafSBrian Feldman 		char	*pat;
51a04a10f8SKris Kennaway 		int	bugs;
52a04a10f8SKris Kennaway 	} check[] = {
5380628bacSDag-Erling Smørgrav 		{ "OpenSSH_2.*,"
5480628bacSDag-Erling Smørgrav 		  "OpenSSH_3.0*,"
55aa49c926SDag-Erling Smørgrav 		  "OpenSSH_3.1*",	SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
56aa49c926SDag-Erling Smørgrav 		{ "OpenSSH_3.*",	SSH_OLD_FORWARD_ADDR },
5780628bacSDag-Erling Smørgrav 		{ "Sun_SSH_1.0*",	SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
58*47dd1d1bSDag-Erling Smørgrav 		{ "OpenSSH_2*,"
59*47dd1d1bSDag-Erling Smørgrav 		  "OpenSSH_3*,"
60*47dd1d1bSDag-Erling Smørgrav 		  "OpenSSH_4*",		0 },
61462c32cbSDag-Erling Smørgrav 		{ "OpenSSH_5*",		SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
6230a03439SDag-Erling Smørgrav 		{ "OpenSSH_6.6.1*",	SSH_NEW_OPENSSH},
6330a03439SDag-Erling Smørgrav 		{ "OpenSSH_6.5*,"
6430a03439SDag-Erling Smørgrav 		  "OpenSSH_6.6*",	SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
65cce7d346SDag-Erling Smørgrav 		{ "OpenSSH*",		SSH_NEW_OPENSSH },
66af12a3e7SDag-Erling Smørgrav 		{ "*MindTerm*",		0 },
67af12a3e7SDag-Erling Smørgrav 		{ "3.0.*",		SSH_BUG_DEBUG },
68af12a3e7SDag-Erling Smørgrav 		{ "3.0 SecureCRT*",	SSH_OLD_SESSIONID },
69af12a3e7SDag-Erling Smørgrav 		{ "1.7 SecureFX*",	SSH_OLD_SESSIONID },
70af12a3e7SDag-Erling Smørgrav 		{ "1.2.18*,"
71af12a3e7SDag-Erling Smørgrav 		  "1.2.19*,"
72af12a3e7SDag-Erling Smørgrav 		  "1.2.20*,"
73af12a3e7SDag-Erling Smørgrav 		  "1.2.21*,"
74cf2b5f3bSDag-Erling Smørgrav 		  "1.2.22*",		SSH_BUG_IGNOREMSG },
7580628bacSDag-Erling Smørgrav 		{ "1.3.2*",		/* F-Secure */
76cf2b5f3bSDag-Erling Smørgrav 					SSH_BUG_IGNOREMSG },
77eccfee6eSDag-Erling Smørgrav 		{ "Cisco-1.*",		SSH_BUG_DHGEX_LARGE|
78eccfee6eSDag-Erling Smørgrav 					SSH_BUG_HOSTKEYS },
79af12a3e7SDag-Erling Smørgrav 		{ "*SSH Compatible Server*",			/* Netscreen */
80ca3176e7SBrian Feldman 					SSH_BUG_PASSWORDPAD },
81af12a3e7SDag-Erling Smørgrav 		{ "*OSU_0*,"
82af12a3e7SDag-Erling Smørgrav 		  "OSU_1.0*,"
83af12a3e7SDag-Erling Smørgrav 		  "OSU_1.1*,"
84af12a3e7SDag-Erling Smørgrav 		  "OSU_1.2*,"
85af12a3e7SDag-Erling Smørgrav 		  "OSU_1.3*,"
86af12a3e7SDag-Erling Smørgrav 		  "OSU_1.4*,"
87af12a3e7SDag-Erling Smørgrav 		  "OSU_1.5alpha1*,"
88af12a3e7SDag-Erling Smørgrav 		  "OSU_1.5alpha2*,"
89af12a3e7SDag-Erling Smørgrav 		  "OSU_1.5alpha3*",	SSH_BUG_PASSWORDPAD },
90af12a3e7SDag-Erling Smørgrav 		{ "*SSH_Version_Mapper*",
91ca3176e7SBrian Feldman 					SSH_BUG_SCANNER },
92eccfee6eSDag-Erling Smørgrav 		{ "PuTTY_Local:*,"	/* dev versions < Sep 2014 */
93eccfee6eSDag-Erling Smørgrav 		  "PuTTY-Release-0.5*," /* 0.50-0.57, DH-GEX in >=0.52 */
94557f75e5SDag-Erling Smørgrav 		  "PuTTY_Release_0.5*,"	/* 0.58-0.59 */
95557f75e5SDag-Erling Smørgrav 		  "PuTTY_Release_0.60*,"
96557f75e5SDag-Erling Smørgrav 		  "PuTTY_Release_0.61*,"
97557f75e5SDag-Erling Smørgrav 		  "PuTTY_Release_0.62*,"
98557f75e5SDag-Erling Smørgrav 		  "PuTTY_Release_0.63*,"
99557f75e5SDag-Erling Smørgrav 		  "PuTTY_Release_0.64*",
100557f75e5SDag-Erling Smørgrav 					SSH_OLD_DHGEX },
101fc1ba28aSDag-Erling Smørgrav 		{ "FuTTY*",		SSH_OLD_DHGEX }, /* Putty Fork */
102f388f5efSDag-Erling Smørgrav 		{ "Probe-*",
103f388f5efSDag-Erling Smørgrav 					SSH_BUG_PROBE },
104557f75e5SDag-Erling Smørgrav 		{ "TeraTerm SSH*,"
105557f75e5SDag-Erling Smørgrav 		  "TTSSH/1.5.*,"
106557f75e5SDag-Erling Smørgrav 		  "TTSSH/2.1*,"
107557f75e5SDag-Erling Smørgrav 		  "TTSSH/2.2*,"
108557f75e5SDag-Erling Smørgrav 		  "TTSSH/2.3*,"
109557f75e5SDag-Erling Smørgrav 		  "TTSSH/2.4*,"
110557f75e5SDag-Erling Smørgrav 		  "TTSSH/2.5*,"
111557f75e5SDag-Erling Smørgrav 		  "TTSSH/2.6*,"
112557f75e5SDag-Erling Smørgrav 		  "TTSSH/2.70*,"
113557f75e5SDag-Erling Smørgrav 		  "TTSSH/2.71*,"
114557f75e5SDag-Erling Smørgrav 		  "TTSSH/2.72*",	SSH_BUG_HOSTKEYS },
115fc1ba28aSDag-Erling Smørgrav 		{ "WinSCP_release_4*,"
116fc1ba28aSDag-Erling Smørgrav 		  "WinSCP_release_5.0*,"
1174f52dfbbSDag-Erling Smørgrav 		  "WinSCP_release_5.1,"
1184f52dfbbSDag-Erling Smørgrav 		  "WinSCP_release_5.1.*,"
1194f52dfbbSDag-Erling Smørgrav 		  "WinSCP_release_5.5,"
1204f52dfbbSDag-Erling Smørgrav 		  "WinSCP_release_5.5.*,"
1214f52dfbbSDag-Erling Smørgrav 		  "WinSCP_release_5.6,"
1224f52dfbbSDag-Erling Smørgrav 		  "WinSCP_release_5.6.*,"
123fc1ba28aSDag-Erling Smørgrav 		  "WinSCP_release_5.7,"
124fc1ba28aSDag-Erling Smørgrav 		  "WinSCP_release_5.7.1,"
125fc1ba28aSDag-Erling Smørgrav 		  "WinSCP_release_5.7.2,"
126fc1ba28aSDag-Erling Smørgrav 		  "WinSCP_release_5.7.3,"
127fc1ba28aSDag-Erling Smørgrav 		  "WinSCP_release_5.7.4",
128fc1ba28aSDag-Erling Smørgrav 					SSH_OLD_DHGEX },
129*47dd1d1bSDag-Erling Smørgrav 		{ "ConfD-*",
130*47dd1d1bSDag-Erling Smørgrav 					SSH_BUG_UTF8TTYMODE },
131a04a10f8SKris Kennaway 		{ NULL,			0 }
132a04a10f8SKris Kennaway 	};
133af12a3e7SDag-Erling Smørgrav 
134b66f2d16SKris Kennaway 	/* process table, return first match */
1355b9b2fafSBrian Feldman 	for (i = 0; check[i].pat; i++) {
136557f75e5SDag-Erling Smørgrav 		if (match_pattern_list(version, check[i].pat, 0) == 1) {
137f7167e0eSDag-Erling Smørgrav 			debug("match: %s pat %s compat 0x%08x",
138bc5531deSDag-Erling Smørgrav 			    version, check[i].pat, check[i].bugs);
139bc5531deSDag-Erling Smørgrav 			datafellows = check[i].bugs;	/* XXX for now */
140bc5531deSDag-Erling Smørgrav 			return check[i].bugs;
141a04a10f8SKris Kennaway 		}
142a04a10f8SKris Kennaway 	}
1435b9b2fafSBrian Feldman 	debug("no match: %s", version);
144bc5531deSDag-Erling Smørgrav 	return 0;
145a04a10f8SKris Kennaway }
146a04a10f8SKris Kennaway 
147a04a10f8SKris Kennaway #define	SEP	","
148a04a10f8SKris Kennaway int
149a04a10f8SKris Kennaway proto_spec(const char *spec)
150a04a10f8SKris Kennaway {
151b66f2d16SKris Kennaway 	char *s, *p, *q;
152a04a10f8SKris Kennaway 	int ret = SSH_PROTO_UNKNOWN;
153a04a10f8SKris Kennaway 
1542632b0c8SKris Kennaway 	if (spec == NULL)
1552632b0c8SKris Kennaway 		return ret;
156bc5531deSDag-Erling Smørgrav 	q = s = strdup(spec);
157bc5531deSDag-Erling Smørgrav 	if (s == NULL)
158bc5531deSDag-Erling Smørgrav 		return ret;
159b66f2d16SKris Kennaway 	for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) {
160a04a10f8SKris Kennaway 		switch (atoi(p)) {
161a04a10f8SKris Kennaway 		case 2:
162a04a10f8SKris Kennaway 			ret |= SSH_PROTO_2;
163a04a10f8SKris Kennaway 			break;
164a04a10f8SKris Kennaway 		default:
165cf2b5f3bSDag-Erling Smørgrav 			logit("ignoring bad proto spec: '%s'.", p);
166a04a10f8SKris Kennaway 			break;
167a04a10f8SKris Kennaway 		}
168a04a10f8SKris Kennaway 	}
169e4a9863fSDag-Erling Smørgrav 	free(s);
170a04a10f8SKris Kennaway 	return ret;
171a04a10f8SKris Kennaway }
172ca3176e7SBrian Feldman 
173f7167e0eSDag-Erling Smørgrav char *
174f7167e0eSDag-Erling Smørgrav compat_cipher_proposal(char *cipher_prop)
175f7167e0eSDag-Erling Smørgrav {
176f7167e0eSDag-Erling Smørgrav 	if (!(datafellows & SSH_BUG_BIGENDIANAES))
177f7167e0eSDag-Erling Smørgrav 		return cipher_prop;
178f7167e0eSDag-Erling Smørgrav 	debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
179d93a896eSDag-Erling Smørgrav 	if ((cipher_prop = match_filter_list(cipher_prop, "aes*")) == NULL)
180d93a896eSDag-Erling Smørgrav 		fatal("match_filter_list failed");
181f7167e0eSDag-Erling Smørgrav 	debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
182f7167e0eSDag-Erling Smørgrav 	if (*cipher_prop == '\0')
183f7167e0eSDag-Erling Smørgrav 		fatal("No supported ciphers found");
184f7167e0eSDag-Erling Smørgrav 	return cipher_prop;
185f7167e0eSDag-Erling Smørgrav }
186f7167e0eSDag-Erling Smørgrav 
187f7167e0eSDag-Erling Smørgrav char *
188f7167e0eSDag-Erling Smørgrav compat_pkalg_proposal(char *pkalg_prop)
189f7167e0eSDag-Erling Smørgrav {
190f7167e0eSDag-Erling Smørgrav 	if (!(datafellows & SSH_BUG_RSASIGMD5))
191f7167e0eSDag-Erling Smørgrav 		return pkalg_prop;
192f7167e0eSDag-Erling Smørgrav 	debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
193d93a896eSDag-Erling Smørgrav 	if ((pkalg_prop = match_filter_list(pkalg_prop, "ssh-rsa")) == NULL)
194d93a896eSDag-Erling Smørgrav 		fatal("match_filter_list failed");
195f7167e0eSDag-Erling Smørgrav 	debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
196f7167e0eSDag-Erling Smørgrav 	if (*pkalg_prop == '\0')
197f7167e0eSDag-Erling Smørgrav 		fatal("No supported PK algorithms found");
198f7167e0eSDag-Erling Smørgrav 	return pkalg_prop;
199f7167e0eSDag-Erling Smørgrav }
200f7167e0eSDag-Erling Smørgrav 
20130a03439SDag-Erling Smørgrav char *
202557f75e5SDag-Erling Smørgrav compat_kex_proposal(char *p)
20330a03439SDag-Erling Smørgrav {
204557f75e5SDag-Erling Smørgrav 	if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
205557f75e5SDag-Erling Smørgrav 		return p;
206557f75e5SDag-Erling Smørgrav 	debug2("%s: original KEX proposal: %s", __func__, p);
207557f75e5SDag-Erling Smørgrav 	if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
208d93a896eSDag-Erling Smørgrav 		if ((p = match_filter_list(p,
209d93a896eSDag-Erling Smørgrav 		    "curve25519-sha256@libssh.org")) == NULL)
210d93a896eSDag-Erling Smørgrav 			fatal("match_filter_list failed");
211557f75e5SDag-Erling Smørgrav 	if ((datafellows & SSH_OLD_DHGEX) != 0) {
212d93a896eSDag-Erling Smørgrav 		if ((p = match_filter_list(p,
213d93a896eSDag-Erling Smørgrav 		    "diffie-hellman-group-exchange-sha256,"
214d93a896eSDag-Erling Smørgrav 		    "diffie-hellman-group-exchange-sha1")) == NULL)
215d93a896eSDag-Erling Smørgrav 			fatal("match_filter_list failed");
216557f75e5SDag-Erling Smørgrav 	}
217557f75e5SDag-Erling Smørgrav 	debug2("%s: compat KEX proposal: %s", __func__, p);
218557f75e5SDag-Erling Smørgrav 	if (*p == '\0')
21930a03439SDag-Erling Smørgrav 		fatal("No supported key exchange algorithms found");
220557f75e5SDag-Erling Smørgrav 	return p;
22130a03439SDag-Erling Smørgrav }
22230a03439SDag-Erling Smørgrav 
223