From 60a4381f1a6ebc2f8eeeb2ba4e005ede91ac9af3 Mon Sep 17 00:00:00 2001
From: Ben Lindstrom <mouring@eviladmin.org>
Date: Thu, 29 Mar 2001 00:32:56 +0000
Subject:    - markus@cvs.openbsd.org 2001/03/27 10:57:00      [compat.c
 compat.h ssh-rsa.c]      some older systems use NID_md5 instead of NID_sha1
 for RSASSA-PKCS1-v1_5      signatures in SSH protocol 2, ok djm@

---
 ChangeLog |  6 +++++-
 compat.c  | 16 ++++++++++------
 compat.h  |  3 ++-
 ssh-rsa.c |  7 ++++---
 4 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 5954eeaa..c892bd0d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,10 @@
    - markus@cvs.openbsd.org 2001/03/27 10:34:08
      [ssh-rsa.c sshd.c]
      use EVP_get_digestbynid, reorder some calls and fix missing free.
+   - markus@cvs.openbsd.org 2001/03/27 10:57:00
+     [compat.c compat.h ssh-rsa.c]
+     some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
+     signatures in SSH protocol 2, ok djm@
 
 20010328
  - (djm) Reorder tests and library inclusion for Krb4/AFS to try to 
@@ -4750,4 +4754,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1029 2001/03/29 00:31:20 mouring Exp $
+$Id: ChangeLog,v 1.1030 2001/03/29 00:32:56 mouring Exp $
diff --git a/compat.c b/compat.c
index 705121c3..98372e20 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.40 2001/03/23 11:04:06 djm Exp $");
+RCSID("$OpenBSD: compat.c,v 1.41 2001/03/27 10:57:00 markus Exp $");
 
 #ifdef HAVE_LIBPCRE
 #  include <pcreposix.h>
@@ -75,18 +75,22 @@ compat_datafellows(const char *version)
 		{ "^OpenSSH",		0 },
 		{ "MindTerm",		0 },
 		{ "^2\\.1\\.0",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
-					SSH_OLD_SESSIONID|SSH_BUG_DEBUG },
+					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
+					SSH_BUG_RSASIGMD5 },
 		{ "^2\\.1 ",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
-					SSH_OLD_SESSIONID|SSH_BUG_DEBUG },
+					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
+					SSH_BUG_RSASIGMD5 },
 		{ "^2\\.0\\.1[3-9]",	SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
 					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
 					SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
-					SSH_BUG_PKOK },
+					SSH_BUG_PKOK|SSH_BUG_RSASIGMD5 },
 		{ "^2\\.0\\.",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
 					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
 					SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
-					SSH_BUG_PKAUTH|SSH_BUG_PKOK },
-		{ "^2\\.[23]\\.0",	SSH_BUG_HMAC },
+					SSH_BUG_PKAUTH|SSH_BUG_PKOK|
+					SSH_BUG_RSASIGMD5 },
+		{ "^2\\.[23]\\.0",	SSH_BUG_HMAC|SSH_BUG_RSASIGMD5 },
+		{ "^2\\.3\\.",		SSH_BUG_RSASIGMD5 },
 		{ "^2\\.[2-9]\\.",	0 },
 		{ "^2\\.4$",		SSH_OLD_SESSIONID },	/* Van Dyke */
 		{ "^3\\.0 SecureCRT",	SSH_OLD_SESSIONID },
diff --git a/compat.h b/compat.h
index 707726fa..03f23611 100644
--- a/compat.h
+++ b/compat.h
@@ -21,7 +21,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-/* RCSID("$OpenBSD: compat.h,v 1.19 2001/03/23 11:04:06 djm Exp $"); */
+/* RCSID("$OpenBSD: compat.h,v 1.20 2001/03/27 10:57:00 markus Exp $"); */
 
 #ifndef COMPAT_H
 #define COMPAT_H
@@ -44,6 +44,7 @@
 #define SSH_BUG_PASSWORDPAD	0x0400
 #define SSH_BUG_SCANNER		0x0800
 #define SSH_BUG_BIGENDIANAES	0x1000
+#define SSH_BUG_RSASIGMD5	0x2000
 
 void    enable_compat13(void);
 void    enable_compat20(void);
diff --git a/ssh-rsa.c b/ssh-rsa.c
index a2153bd1..b502ddb6 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.7 2001/03/27 10:34:08 markus Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.8 2001/03/27 10:57:00 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -34,6 +34,7 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.7 2001/03/27 10:34:08 markus Exp $");
 #include "bufaux.h"
 #include "key.h"
 #include "ssh-rsa.h"
+#include "compat.h"
 
 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
 int
@@ -53,7 +54,7 @@ ssh_rsa_sign(
 		error("ssh_rsa_sign: no RSA key");
 		return -1;
 	}
-	nid = NID_sha1;
+	nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
 	if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
 		error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid);
 		return -1;
@@ -147,7 +148,7 @@ ssh_rsa_verify(
 		error("ssh_rsa_verify: remaining bytes in signature %d", rlen);
 		return -1;
 	}
-	nid = NID_sha1;
+	nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
 	if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
 		xfree(sigblob);
 		error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
-- 
cgit v1.2.3