nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00
Code Issues Projects Releases Wiki Activity

Don't try to agree a MAC we'll never use.

Browse Source 
If we've chosen the ChaCha20-Poly1305 option for a cipher, then that
forces the use of its associated MAC. In that situation, we should
avoid even _trying_ to figure out a MAC by examining the MAC string
from the server's KEXINIT, because we won't use the MAC selected by
that method anyway, so there's no point imposing the requirement on
servers to present a MAC we believe in just so we know it's there.

This was breaking interoperation with tinysshd, and is in violation of
OpenSSH's spec for the "chacha20-poly1305@openssh.com" cipher.
This commit is contained in:
Simon Tatham 2015-09-24 11:41:43 +01:00
parent 43be90e287
commit 5f6e443b55
1 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
ssh.c
View File

@ -6568,6 +6568,24 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
bombout(("KEXINIT packet was incomplete"));
crStopV;
}
/* If we've already selected a cipher which requires a
* particular MAC, then just select that, and don't even
* bother looking through the server's KEXINIT string for
* MACs. */
if (i == KEXLIST_CSMAC && s->cscipher_tobe &&
s->cscipher_tobe->required_mac) {
s->csmac_tobe = s->cscipher_tobe->required_mac;
s->csmac_etm_tobe = !!(s->csmac_tobe->etm_name);
goto matched;
}
if (i == KEXLIST_SCMAC && s->sccipher_tobe &&
s->sccipher_tobe->required_mac) {
s->scmac_tobe = s->sccipher_tobe->required_mac;
s->scmac_etm_tobe = !!(s->scmac_tobe->etm_name);
goto matched;
}
for (j = 0; j < MAXKEXLIST; j++) {
struct kexinit_algorithm *alg = &s->kexlists[i][j];
if (alg->name == NULL) break;
@ -6613,16 +6631,6 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
matched:;
}
/* If the cipher over-rides the mac, then pick it */
if (s->cscipher_tobe && s->cscipher_tobe->required_mac) {
s->csmac_tobe = s->cscipher_tobe->required_mac;
s->csmac_etm_tobe = !!(s->csmac_tobe->etm_name);
}
if (s->sccipher_tobe && s->sccipher_tobe->required_mac) {
s->scmac_tobe = s->sccipher_tobe->required_mac;
s->scmac_etm_tobe = !!(s->scmac_tobe->etm_name);
}
if (s->pending_compression) {
logevent("Server supports delayed compression; "
"will try this later");