- OpenBSD CVS update

  - markus@cvs.openbsd.org
    [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
    [ssh.h sshconnect1.c sshconnect2.c sshd.8]
    - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
  - hugh@cvs.openbsd.org
    [ssh.1]
    - zap typo
    [ssh-keygen.1]
    - One last nit fix. (markus approved)
    [sshd.8]
    - some markus certified spelling adjustments
  - markus@cvs.openbsd.org
    [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
    [sshconnect2.c ]
    - bug compat w/ ssh-2.0.13 x11, split out bugs
    [nchan.c]
    - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
    [ssh-keygen.c]
    - handle escapes in real and original key format, ok millert@
    [version.h]
    - OpenSSH-2.1

ChangeLog

@@ -1,3 +1,28 @@
+20000509
+ - OpenBSD CVS update
+  - markus@cvs.openbsd.org
+    [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
+    [ssh.h sshconnect1.c sshconnect2.c sshd.8]
+    - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
+  - hugh@cvs.openbsd.org
+    [ssh.1]
+    - zap typo
+    [ssh-keygen.1]
+    - One last nit fix. (markus approved)
+    [sshd.8]
+    - some markus certified spelling adjustments
+  - markus@cvs.openbsd.org
+    [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
+    [sshconnect2.c ]
+    - bug compat w/ ssh-2.0.13 x11, split out bugs
+    [nchan.c]
+    - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
+    [ssh-keygen.c]
+    - handle escapes in real and original key format, ok millert@
+    [version.h]
+    - OpenSSH-2.1
+
+
 20000508
  - Makefile and RPM spec fixes
  - Generate DSA host keys during "make key" or RPM installs

auth2.c

@@ -27,7 +27,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.7 2000/05/06 17:45:36 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.8 2000/05/08 17:42:24 markus Exp $");
 
 #include <openssl/dsa.h>
 #include <openssl/rsa.h>
@@ -278,6 +278,10 @@ ssh2_auth_pubkey(struct passwd *pw, unsigned char *raw, unsigned int rlen)
 		debug("pubkey auth disabled");
 		return 0;
 	}
+	if (datafellows & SSH_BUG_PUBKEYAUTH) {
+		log("bug compatibility with ssh-2.0.13 pubkey not implemented");
+		return 0;
+	}
 	have_sig = packet_get_char();
 	pkalg = packet_get_string(&alen);
 	if (strcmp(pkalg, KEX_DSS) != 0) {

channels.c

@@ -17,7 +17,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: channels.c,v 1.29 2000/05/07 02:03:15 damien Exp $");
+RCSID("$Id: channels.c,v 1.30 2000/05/09 01:02:59 damien Exp $");
 
 #include "ssh.h"
 #include "packet.h"
@@ -505,7 +505,10 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset)
 	int ret = x11_open_helper(c);
 	if (ret == 1) {
 		c->type = SSH_CHANNEL_OPEN;
-		channel_pre_open_15(c, readset, writeset);
+		if (compat20)
+			channel_pre_open_20(c, readset, writeset);
+		else
+			channel_pre_open_15(c, readset, writeset);
 	} else if (ret == -1) {
 		debug("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate);
 		chan_read_failed(c);	/** force close? */
@@ -549,7 +552,11 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
 			packet_put_int(c->local_maxpacket);
 			/* originator host and port */
 			packet_put_cstring(remote_hostname);
-			packet_put_int(remote_port);
+			if (datafellows & SSH_BUG_X11FWD) {
+				debug("ssh2 x11 bug compat mode");
+			} else {
+				packet_put_int(remote_port);
+			}
 			packet_send();
 		} else {
 			packet_start(SSH_SMSG_X11_OPEN);

cipher.h

@@ -11,7 +11,7 @@
  *
  */
 
-/* RCSID("$Id: cipher.h,v 1.12 2000/04/16 02:31:50 damien Exp $"); */
+/* RCSID("$Id: cipher.h,v 1.13 2000/05/09 01:03:00 damien Exp $"); */
 
 #ifndef CIPHER_H
 #define CIPHER_H
@@ -23,6 +23,7 @@
 
 /* Cipher types.  New types can be added, but old types should not be removed
    for compatibility.  The maximum allowed value is 31. */
+#define SSH_CIPHER_ILLEGAL	-2	/* No valid cipher selected. */
 #define SSH_CIPHER_NOT_SET	-1	/* None selected (invalid number). */
 #define SSH_CIPHER_NONE		0	/* no encryption */
 #define SSH_CIPHER_IDEA		1	/* IDEA CFB */

clientloop.c

@@ -16,7 +16,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: clientloop.c,v 1.15 2000/05/08 03:44:53 damien Exp $");
+RCSID("$Id: clientloop.c,v 1.16 2000/05/09 01:03:00 damien Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -979,11 +979,11 @@ client_input_channel_open(int type, int plen)
 		char *originator;
 		int originator_port;
 		originator = packet_get_string(NULL);
-		if (packet_remaining() > 0) {
-			originator_port = packet_get_int();
-		} else {
+		if (datafellows & SSH_BUG_X11FWD) {
 			debug("buggy server: x11 request w/o originator_port");
 			originator_port = 0;
+		} else {
+			originator_port = packet_get_int();
 		}
 		packet_done();
 		/* XXX check permission */

compat.c

@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: compat.c,v 1.9 2000/04/29 13:57:10 damien Exp $");
+RCSID("$Id: compat.c,v 1.10 2000/05/09 01:03:00 damien Exp $");
 
 #include "ssh.h"
 #include "packet.h"
@@ -57,17 +57,20 @@ compat_datafellows(const char *version)
 {
 	int i;
 	size_t len;
-	static const char *check[] = {
-		"2.0.1",
-		"2.1.0",
-		NULL
+	struct {
+		char	*version;
+		int	bugs;
+	} check[] = {
+		{"2.1.0",	SSH_BUG_SIGBLOB|SSH_BUG_HMAC},
+		{"2.0.1",	SSH_BUG_SIGBLOB|SSH_BUG_HMAC|SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD},
+		{NULL,		0}
 	};
-	for (i = 0; check[i]; i++) {
-		len = strlen(check[i]);
+	for (i = 0; check[i].version; i++) {
+		len = strlen(check[i].version);
 		if (strlen(version) >= len &&
-		   (strncmp(version, check[i], len) == 0)) {
+		   (strncmp(version, check[i].version, len) == 0)) {
 			verbose("datafellows: %.200s", version);
-			datafellows = 1;
+			datafellows = check[i].bugs;
 			return;
 		}
 	}

compat.h

@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-/* RCSID("$Id: compat.h,v 1.5 2000/04/12 10:17:39 damien Exp $"); */
+/* RCSID("$Id: compat.h,v 1.6 2000/05/09 01:03:00 damien Exp $"); */
 
 #ifndef COMPAT_H
 #define COMPAT_H
@@ -36,6 +36,11 @@
 #define	SSH_PROTO_1_PREFERRED	0x02
 #define	SSH_PROTO_2		0x04
 
+#define SSH_BUG_SIGBLOB		0x01
+#define SSH_BUG_PUBKEYAUTH	0x02
+#define SSH_BUG_HMAC		0x04
+#define SSH_BUG_X11FWD		0x08
+
 void    enable_compat13(void);
 void    enable_compat20(void);
 void    compat_datafellows(const char *s);

contrib/redhat/openssh.spec

@@ -1,5 +1,5 @@
 # Version of OpenSSH
-%define oversion 2.0.0beta2
+%define oversion 2.1.0beta1
 
 # Version of ssh-askpass
 %define aversion 1.0

contrib/suse/openssh.spec

@@ -1,6 +1,6 @@
 Summary: OpenSSH, a free Secure Shell (SSH) implementation
 Name: openssh
-Version: 2.0.0beta2
+Version: 2.1.0beta1
 URL: http://www.openssh.com/
 Release: 1
 Source0: openssh-%{version}.tar.gz

dsa.c

@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: dsa.c,v 1.6 2000/05/04 22:37:59 markus Exp $");
+RCSID("$Id: dsa.c,v 1.7 2000/05/08 17:42:24 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -162,7 +162,7 @@ dsa_sign(
 	BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
 	DSA_SIG_free(sig);
 
-	if (datafellows) {
+	if (datafellows & SSH_BUG_SIGBLOB) {
 		debug("datafellows");
 		ret = xmalloc(SIGBLOB_LEN);
 		memcpy(ret, sigblob, SIGBLOB_LEN);
@@ -209,15 +209,20 @@ dsa_verify(
 		return -1;
 	}
 
-	if (datafellows && signaturelen != SIGBLOB_LEN) {
-		log("heh? datafellows ssh2 complies with ietf-drafts????");
-		datafellows = 0;
+	if (!(datafellows & SSH_BUG_SIGBLOB) &&
+	    signaturelen == SIGBLOB_LEN) {
+		datafellows |= ~SSH_BUG_SIGBLOB;
+		log("autodetect SSH_BUG_SIGBLOB");
+	} else if ((datafellows & SSH_BUG_SIGBLOB) &&
+	    signaturelen != SIGBLOB_LEN) {
+		log("autoremove SSH_BUG_SIGBLOB");
+		datafellows &= ~SSH_BUG_SIGBLOB;
 	}
 
 	debug("len %d datafellows %d", signaturelen, datafellows);
 
 	/* fetch signature */
-	if (datafellows) {
+	if (datafellows & SSH_BUG_SIGBLOB) {
 		sigblob = signature;
 		len = signaturelen;
 	} else {
@@ -242,7 +247,8 @@ dsa_verify(
 	sig->s = BN_new();
 	BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
 	BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
-	if (!datafellows) {
+
+	if (!(datafellows & SSH_BUG_SIGBLOB)) {
 		memset(sigblob, 0, len);
 		xfree(sigblob);
 	}

kex.c

@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: kex.c,v 1.7 2000/04/16 01:52:47 damien Exp $");
+RCSID("$Id: kex.c,v 1.8 2000/05/09 01:03:01 damien Exp $");
 
 #include "ssh.h"
 #include "ssh2.h"
@@ -314,7 +314,7 @@ choose_mac(Mac *mac, char *client, char *server)
 	}
 	mac->name = name;
 	mac->mac_len = mac->md->md_size;
-	mac->key_len = datafellows ? 16 : mac->mac_len;
+	mac->key_len = (datafellows & SSH_BUG_HMAC) ? 16 : mac->mac_len;
 	mac->key = NULL;
 	mac->enabled = 0;
 }

myproposal.h

@@ -1,6 +1,6 @@
 #define KEX_DEFAULT_KEX		"diffie-hellman-group1-sha1"
 #define	KEX_DEFAULT_PK_ALG	"ssh-dss"
-#define	KEX_DEFAULT_ENCRYPT	"blowfish-cbc,3des-cbc,arcfour,cast128-cbc"
+#define	KEX_DEFAULT_ENCRYPT	"3des-cbc,blowfish-cbc,arcfour,cast128-cbc"
 #define	KEX_DEFAULT_MAC		"hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com"
 #define	KEX_DEFAULT_COMP	"zlib,none"
 #define	KEX_DEFAULT_LANG	""

nchan.c

@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: nchan.c,v 1.9 2000/05/07 02:03:16 damien Exp $");
+RCSID("$Id: nchan.c,v 1.10 2000/05/09 01:03:01 damien Exp $");
 
 #include "ssh.h"
 
@@ -107,6 +107,10 @@ chan_read_failed_12(Channel *c)
 		debug("channel %d: input open -> drain", c->self);
 		chan_shutdown_read(c);
 		c->istate = CHAN_INPUT_WAIT_DRAIN;
+		if (buffer_len(&c->input) == 0) {
+			debug("channel %d: input: no drain shortcut", c->self);
+			chan_ibuf_empty(c);
+		}
 		break;
 	default:
 		error("channel %d: internal error: we do not read, but chan_read_failed for istate %d",

readconf.c

@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: readconf.c,v 1.13 2000/05/07 02:03:17 damien Exp $");
+RCSID("$Id: readconf.c,v 1.14 2000/05/09 01:03:01 damien Exp $");
 
 #include "ssh.h"
 #include "cipher.h"
@@ -475,7 +475,7 @@ process_config_line(Options *options, const char *host,
 	case oCiphers:
 		cp = strtok(NULL, WHITESPACE);
 		if (!ciphers_valid(cp))
-			fatal("%.200s line %d: Bad cipher spec '%s'.",
+			fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
 			      filename, linenum, cp ? cp : "<NONE>");
 		if (*activep && options->ciphers == NULL)
 			options->ciphers = xstrdup(cp);
@@ -745,6 +745,7 @@ fill_default_options(Options * options)
 	/* Selected in ssh_login(). */
 	if (options->cipher == -1)
 		options->cipher = SSH_CIPHER_NOT_SET;
+	/* options->ciphers, default set in myproposals.h */
 	if (options->protocol == SSH_PROTO_UNKNOWN)
 		options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED;
 	if (options->num_identity_files == 0) {

readconf.h

@@ -13,7 +13,7 @@
  *
  */
 
-/* RCSID("$Id: readconf.h,v 1.10 2000/05/07 02:03:17 damien Exp $"); */
+/* RCSID("$Id: readconf.h,v 1.11 2000/05/09 01:03:01 damien Exp $"); */
 
 #ifndef READCONF_H
 #define READCONF_H
@@ -65,7 +65,7 @@ typedef struct {
 	int     number_of_password_prompts;	/* Max number of password
 						 * prompts. */
 	int     cipher;		/* Cipher to use. */
-	char   *ciphers;	/* Ciphers in order of preference. */
+	char   *ciphers;	/* SSH2 ciphers in order of preference. */
 	int	protocol;	/* Protocol in order of preference. */
 	char   *hostname;	/* Real host to connect. */
 	char   *proxy_command;	/* Proxy command for connecting the host. */

servconf.c

@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: servconf.c,v 1.15 2000/05/07 02:03:18 damien Exp $");
+RCSID("$Id: servconf.c,v 1.16 2000/05/09 01:03:01 damien Exp $");
 
 #include "ssh.h"
 #include "servconf.h"
@@ -589,7 +589,7 @@ read_server_config(ServerOptions *options, const char *filename)
 		case sCiphers:
 			cp = strtok(NULL, WHITESPACE);
 			if (!ciphers_valid(cp))
-				fatal("%s line %d: Bad cipher spec '%s'.",
+				fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
 				    filename, linenum, cp ? cp : "<NONE>");
 			if (options->ciphers == NULL)
 				options->ciphers = xstrdup(cp);

ssh-keygen.1

@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 23:55:14 1995 ylo
 .\"
-.\" $Id: ssh-keygen.1,v 1.14 2000/05/07 02:03:18 damien Exp $
+.\" $Id: ssh-keygen.1,v 1.15 2000/05/09 01:03:02 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSH-KEYGEN 1
@@ -142,13 +142,13 @@ support is not functional, exits with code 1.  This flag will be
 removed once the RSA patent expires.
 .It Fl x
 This option will read a private
-OpenSSH DSA format file and prints to stdout a SSH2-compatible public key.
+OpenSSH DSA format file and print a SSH2-compatible public key to stdout.
 .It Fl X
 This option will read a
-SSH2-compatible public key file and print to stdout an OpenSSH DSA compatible public key.
+SSH2-compatible public key file and print an OpenSSH DSA compatible public key to stdout.
 .It Fl y
 This option will read a private
-OpenSSH DSA format file and prints to stdout an OpenSSH DSA public key.
+OpenSSH DSA format file and print an OpenSSH DSA public key to stdout.
 .El
 .Sh FILES
 .Bl -tag -width Ds