#define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4
#define BUG_CHOKES_ON_RSA 8
#define BUG_SSH2_RSA_PADDING 16
+#define BUG_SSH2_DERIVEKEY 32
static int ssh_pkt_ctx = 0;
if (pktin.type == SSH1_MSG_DEBUG) {
/* log debug message */
- char buf[80];
+ char buf[512];
int stringlen = GET_32BIT(pktin.body);
- strcpy(buf, "Remote: ");
- if (stringlen > 70)
- stringlen = 70;
+ strcpy(buf, "Remote debug message: ");
+ if (stringlen > 480)
+ stringlen = 480;
memcpy(buf + 8, pktin.body + 4, stringlen);
buf[8 + stringlen] = '\0';
logevent(buf);
logevent("We believe remote version has SSH2 HMAC bug");
}
+ if (!strncmp(imp, "2.0.", 4)) {
+ /*
+ * These versions have the key-derivation bug (failing to
+ * include the literal shared secret in the hashes that
+ * generate the keys).
+ */
+ ssh_remote_bugs |= BUG_SSH2_DERIVEKEY;
+ logevent("We believe remote version has SSH2 key-derivation bug");
+ }
+
if ((!strncmp(imp, "OpenSSH_2.", 10) && imp[10]>='5' && imp[10]<='9') ||
(!strncmp(imp, "OpenSSH_3.", 10) && imp[10]>='0' && imp[10]<='2')) {
/*
SHA_State s;
/* First 20 bytes. */
SHA_Init(&s);
- sha_mpint(&s, K);
+ if (!(ssh_remote_bugs & BUG_SSH2_DERIVEKEY))
+ sha_mpint(&s, K);
SHA_Bytes(&s, H, 20);
SHA_Bytes(&s, &chr, 1);
SHA_Bytes(&s, sessid, 20);
SHA_Final(&s, keyspace);
/* Next 20 bytes. */
SHA_Init(&s);
- sha_mpint(&s, K);
+ if (!(ssh_remote_bugs & BUG_SSH2_DERIVEKEY))
+ sha_mpint(&s, K);
SHA_Bytes(&s, H, 20);
SHA_Bytes(&s, keyspace, 20);
SHA_Final(&s, keyspace + 20);