[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: master has no DES encryption cipher policy

Subject: Re: master has no DES encryption cipher policy
From: Dmitriy Kuznetsov <dk@xxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Thu, 6 Sep 2012 18:20:05 +0400
To: libssh@xxxxxxxxxx

Could you take a patch for DES for SSH1 ?

2012/9/6 Dmitriy Kuznetsov <dk@xxxxxxxxx>:
> Oh, excuse me please. You are absolutely right. It really was one of
> our patches, about which I knew nothing.
> You're not likely to agree to include the DES support for SSH1?
>
> 2012/9/5 Aris Adamantiadis <aris@xxxxxxxxxxxx>:
>> Hi Dmitry,
>>
>> Are you sure this is not one of your personnal patches ? I do not
>> remember having ever added DES support on libssh nor having seen this
>> commit ...
>>
>> Aris
>> Le 5/09/12 17:13, Dmitriy Kuznetsov a écrit :
>>> Sorry for the lack of detail, I can not connect to some legacy device, log are:
>>> ---
>>> : libssh 0.6.0 (c) 2003-2010 Aris Adamantiadis (aris@xxxxxxxxxxxx)
>>> Distributed under the LGPL, please refer to COPYING file for
>>> information about your rights, using threading threads_noop
>>> : host 10.111.115.86 matches an IP address
>>> : Nonblocking connection socket: 1868
>>> : Socket connecting, now waiting for the callbacks to work
>>> : ssh_connect: Actual timeout : 60000
>>> : Received POLLOUT in connecting state
>>> : Socket connection callback: 1 (0)
>>> : Received banner: SSH-1.5-OpenSSH_3.7.1p3
>>> : SSH server banner: SSH-1.5-OpenSSH_3.7.1p3
>>> : Analyzing banner: SSH-1.5-OpenSSH_3.7.1p3
>>> : We are talking to an OpenSSH client version: 3.7 (30700)
>>> : Enabling POLLOUT for socket
>>> : Reading a 271 bytes packet
>>> : 1 bytes padding
>>> : The packet is valid
>>> : Dispatching handler for packet type 2
>>> : Got a SSH_SMSG_PUBLIC_KEY
>>> : Server bits: 768; Host bits: 1024; Protocol flags: 00000002; Cipher
>>> mask: 00000004; Auth mask: 0000002c
>>> ssh_packet_publickey1: Error: Remote server doesn't accept 3DES
>>> : ssh_connect: Actual state : 9
>>> ---
>>>
>>> function 'ssh_packet_publickey1' no support DES now, only 3DES:
>>>
>>> --- ssh_packet_publickey1-from-kex.c-0.5.2    Wed Sep  5 19:11:38 2012
>>> +++ ssh_packet_publickey1-from-kex1.c-0.5.9   Wed Sep  5 19:11:49 2012
>>> @@ -15,8 +15,6 @@
>>>    ssh_string enc_session = NULL;
>>>    uint16_t bits;
>>>    int ko;
>>> -  uint32_t have3Des;
>>> -  uint32_t haveDes;
>>>    enter_function();
>>>    (void)type;
>>>    (void)user;
>>> @@ -25,7 +23,7 @@
>>>      ssh_set_error(session,SSH_FATAL,"SSH_KEXINIT received in wrong state");
>>>      goto error;
>>>    }
>>> -  if (buffer_get_data(packet, session->server_kex.cookie, 8) != 8) {
>>> +  if (buffer_get_data(packet,
>>> session->next_crypto->server_kex.cookie, 8) != 8) {
>>>      ssh_set_error(session, SSH_FATAL, "Can't get cookie in buffer");
>>>      goto error;
>>>    }
>>> @@ -102,10 +100,7 @@
>>>
>>>    /* now, we must choose an encryption algo */
>>>    /* hardcode 3des */
>>> -  //
>>> -  have3Des = (supported_ciphers_mask & (1<<SSH_CIPHER_3DES));
>>> -  haveDes = (supported_ciphers_mask & (1<<SSH_CIPHER_DES));
>>> -  if(!have3Des && ! haveDes){
>>> +  if (!(supported_ciphers_mask & (1 << SSH_CIPHER_3DES))) {
>>>      ssh_set_error(session, SSH_FATAL, "Remote server doesn't accept 3DES");
>>>      goto error;
>>>    }
>>> @@ -114,12 +109,10 @@
>>>     if (buffer_add_u8(session->out_buffer, SSH_CMSG_SESSION_KEY) < 0) {
>>>       goto error;
>>>     }
>>> -
>>> -   if (buffer_add_u8(session->out_buffer,have3Des?SSH_CIPHER_3DES:SSH_CIPHER_DES)
>>> < 0) {
>>> +   if (buffer_add_u8(session->out_buffer, SSH_CIPHER_3DES) < 0) {
>>>       goto error;
>>>     }
>>> -
>>> -   if (buffer_add_data(session->out_buffer,
>>> session->server_kex.cookie, 8) < 0) {
>>> +   if (buffer_add_data(session->out_buffer,
>>> session->next_crypto->server_kex.cookie, 8) < 0) {
>>>       goto error;
>>>     }
>>>
>>> @@ -150,8 +143,8 @@
>>>     }
>>>
>>>     /* we can set encryption */
>>> -   if(crypt_set_algorithms(session, have3Des?0:1)){
>>> -      goto error;
>>> +   if (crypt_set_algorithms(session)) {
>>> +     goto error;
>>>     }
>>>
>>>     session->current_crypto = session->next_crypto;
>>>
>>>
>>>
>>>
>>> 2012/9/5 Andreas Schneider <asn@xxxxxxxxxxxxxx>:
>>>> On Wednesday 05 September 2012 17:46:59 you wrote:
>>>>> Why DES was removed from master ? There are 3DES only.
>>>>> There are many legacy devices that supports DES only.
>>>>> 0.5.2 branch support DES & 3DES, Can support of DES be restored in master ?
>>>>
>>>> What do you mean exactly? Please give more details.
>>>>
>>>> We didn't remove any DES support.
>>>>
>>>>
>>>>
>>>>         -- andreas
>>>>
>>>> --
>>>> Andreas Schneider                   GPG-ID: F33E3FC6
>>>> www.cryptomilk.org                asn@xxxxxxxxxxxxxx
>>>>
>>>>
>>>
>>
>>

Follow-Ups:
Re: master has no DES encryption cipher policy	Andreas Schneider <asn@xxxxxxxxxxxxxx>

References:
master has no DES encryption cipher policy	Dmitriy Kuznetsov <dk@xxxxxxxxx>
Re: master has no DES encryption cipher policy	Andreas Schneider <asn@xxxxxxxxxxxxxx>
Re: master has no DES encryption cipher policy	Dmitriy Kuznetsov <dk@xxxxxxxxx>
Re: master has no DES encryption cipher policy	Aris Adamantiadis <aris@xxxxxxxxxxxx>
Re: master has no DES encryption cipher policy	Dmitriy Kuznetsov <dk@xxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org