[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: master has no DES encryption cipher policy

Subject: Re: master has no DES encryption cipher policy
From: Dmitriy Kuznetsov <dk@xxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Thu, 6 Sep 2012 11:30:14 +0400
To: libssh@xxxxxxxxxx

Oh, excuse me please. You are absolutely right. It really was one of
our patches, about which I knew nothing.
You're not likely to agree to include the DES support for SSH1?

2012/9/5 Aris Adamantiadis <aris@xxxxxxxxxxxx>:
> Hi Dmitry,
>
> Are you sure this is not one of your personnal patches ? I do not
> remember having ever added DES support on libssh nor having seen this
> commit ...
>
> Aris
> Le 5/09/12 17:13, Dmitriy Kuznetsov a écrit :
>> Sorry for the lack of detail, I can not connect to some legacy device, log are:
>> ---
>> : libssh 0.6.0 (c) 2003-2010 Aris Adamantiadis (aris@xxxxxxxxxxxx)
>> Distributed under the LGPL, please refer to COPYING file for
>> information about your rights, using threading threads_noop
>> : host 10.111.115.86 matches an IP address
>> : Nonblocking connection socket: 1868
>> : Socket connecting, now waiting for the callbacks to work
>> : ssh_connect: Actual timeout : 60000
>> : Received POLLOUT in connecting state
>> : Socket connection callback: 1 (0)
>> : Received banner: SSH-1.5-OpenSSH_3.7.1p3
>> : SSH server banner: SSH-1.5-OpenSSH_3.7.1p3
>> : Analyzing banner: SSH-1.5-OpenSSH_3.7.1p3
>> : We are talking to an OpenSSH client version: 3.7 (30700)
>> : Enabling POLLOUT for socket
>> : Reading a 271 bytes packet
>> : 1 bytes padding
>> : The packet is valid
>> : Dispatching handler for packet type 2
>> : Got a SSH_SMSG_PUBLIC_KEY
>> : Server bits: 768; Host bits: 1024; Protocol flags: 00000002; Cipher
>> mask: 00000004; Auth mask: 0000002c
>> ssh_packet_publickey1: Error: Remote server doesn't accept 3DES
>> : ssh_connect: Actual state : 9
>> ---
>>
>> function 'ssh_packet_publickey1' no support DES now, only 3DES:
>>
>> --- ssh_packet_publickey1-from-kex.c-0.5.2    Wed Sep  5 19:11:38 2012
>> +++ ssh_packet_publickey1-from-kex1.c-0.5.9   Wed Sep  5 19:11:49 2012
>> @@ -15,8 +15,6 @@
>>    ssh_string enc_session = NULL;
>>    uint16_t bits;
>>    int ko;
>> -  uint32_t have3Des;
>> -  uint32_t haveDes;
>>    enter_function();
>>    (void)type;
>>    (void)user;
>> @@ -25,7 +23,7 @@
>>      ssh_set_error(session,SSH_FATAL,"SSH_KEXINIT received in wrong state");
>>      goto error;
>>    }
>> -  if (buffer_get_data(packet, session->server_kex.cookie, 8) != 8) {
>> +  if (buffer_get_data(packet,
>> session->next_crypto->server_kex.cookie, 8) != 8) {
>>      ssh_set_error(session, SSH_FATAL, "Can't get cookie in buffer");
>>      goto error;
>>    }
>> @@ -102,10 +100,7 @@
>>
>>    /* now, we must choose an encryption algo */
>>    /* hardcode 3des */
>> -  //
>> -  have3Des = (supported_ciphers_mask & (1<<SSH_CIPHER_3DES));
>> -  haveDes = (supported_ciphers_mask & (1<<SSH_CIPHER_DES));
>> -  if(!have3Des && ! haveDes){
>> +  if (!(supported_ciphers_mask & (1 << SSH_CIPHER_3DES))) {
>>      ssh_set_error(session, SSH_FATAL, "Remote server doesn't accept 3DES");
>>      goto error;
>>    }
>> @@ -114,12 +109,10 @@
>>     if (buffer_add_u8(session->out_buffer, SSH_CMSG_SESSION_KEY) < 0) {
>>       goto error;
>>     }
>> -
>> -   if (buffer_add_u8(session->out_buffer,have3Des?SSH_CIPHER_3DES:SSH_CIPHER_DES)
>> < 0) {
>> +   if (buffer_add_u8(session->out_buffer, SSH_CIPHER_3DES) < 0) {
>>       goto error;
>>     }
>> -
>> -   if (buffer_add_data(session->out_buffer,
>> session->server_kex.cookie, 8) < 0) {
>> +   if (buffer_add_data(session->out_buffer,
>> session->next_crypto->server_kex.cookie, 8) < 0) {
>>       goto error;
>>     }
>>
>> @@ -150,8 +143,8 @@
>>     }
>>
>>     /* we can set encryption */
>> -   if(crypt_set_algorithms(session, have3Des?0:1)){
>> -      goto error;
>> +   if (crypt_set_algorithms(session)) {
>> +     goto error;
>>     }
>>
>>     session->current_crypto = session->next_crypto;
>>
>>
>>
>>
>> 2012/9/5 Andreas Schneider <asn@xxxxxxxxxxxxxx>:
>>> On Wednesday 05 September 2012 17:46:59 you wrote:
>>>> Why DES was removed from master ? There are 3DES only.
>>>> There are many legacy devices that supports DES only.
>>>> 0.5.2 branch support DES & 3DES, Can support of DES be restored in master ?
>>>
>>> What do you mean exactly? Please give more details.
>>>
>>> We didn't remove any DES support.
>>>
>>>
>>>
>>>         -- andreas
>>>
>>> --
>>> Andreas Schneider                   GPG-ID: F33E3FC6
>>> www.cryptomilk.org                asn@xxxxxxxxxxxxxx
>>>
>>>
>>
>
>

Follow-Ups:
Re: master has no DES encryption cipher policy	Dmitriy Kuznetsov <dk@xxxxxxxxx>

References:
master has no DES encryption cipher policy	Dmitriy Kuznetsov <dk@xxxxxxxxx>
Re: master has no DES encryption cipher policy	Andreas Schneider <asn@xxxxxxxxxxxxxx>
Re: master has no DES encryption cipher policy	Dmitriy Kuznetsov <dk@xxxxxxxxx>
Re: master has no DES encryption cipher policy	Aris Adamantiadis <aris@xxxxxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org