lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-07-31 00:03:08 +03:00
Code Activity

delete old gex (SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) build option (#872)

Browse Source 
libssh2 supports an "old" style KEX message
`SSH2_MSG_KEX_DH_GEX_REQUEST_OLD`, as an off-by-default build option.

OpenSSH deprecated/disabled this feature in v6.9 (2015-07-01):
https://www.openssh.com/releasenotes.html#6.9

This patch deletes this obsolete feature from libssh2, with no option
to enable it.

Added to libssh2 in: cf8ca63ea0 (2004-12-31)
RFC: https://datatracker.ietf.org/doc/html/rfc4419 (2006-03)
This commit is contained in:
Viktor Szakats
2023-03-27 11:28:51 +02:00
committed by GitHub
parent 4f28eec947
commit 38177f18dd
9 changed files with 2 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
configure.ac
View File

@ -165,13 +165,6 @@ AC_ARG_ENABLE(mac-none,
AC_HELP_STRING([--enable-mac-none],[Permit "none" MAC -- NOT RECOMMENDED]), AC_HELP_STRING([--enable-mac-none],[Permit "none" MAC -- NOT RECOMMENDED]),
[AC_DEFINE(LIBSSH2_MAC_NONE, 1, [Enable "none" MAC -- NOT RECOMMENDED])]) [AC_DEFINE(LIBSSH2_MAC_NONE, 1, [Enable "none" MAC -- NOT RECOMMENDED])])
AC_ARG_ENABLE(gex-new,
AC_HELP_STRING([--disable-gex-new],[Disable "new" diffie-hellman-group-exchange-sha1 method]),
[GEX_NEW=$enableval])
if test "$GEX_NEW" != "no"; then
AC_DEFINE(LIBSSH2_DH_GEX_NEW, 1, [Enable newer diffie-hellman-group-exchange-sha1 syntax])
fi
AC_ARG_ENABLE(clear-memory, AC_ARG_ENABLE(clear-memory,
AC_HELP_STRING([--disable-clear-memory],[Disable clearing of memory before being freed]), AC_HELP_STRING([--disable-clear-memory],[Disable clearing of memory before being freed]),
[CLEAR_MEMORY=$enableval]) [CLEAR_MEMORY=$enableval])

14
docs/INSTALL_AUTOTOOLS
View File

@ -280,20 +280,6 @@ Some ./configure options deserve additional comments:
method be advertized by the remote end and that no method be advertized by the remote end and that no
more-preferable methods are available. more-preferable methods are available.
* --disable-gex-new
The diffie-hellman-group-exchange-sha1 (dh-gex) key
exchange method originally defined an exchange
negotiation using packet type 30 to request a
generation pair based on a single target value. Later
refinement of dh-gex provided for range and target
values. By default libssh2 will use the newer range
method.
If you experience trouble connecting to an old SSH
server using dh-gex, try this option to fallback on
the older more reliable method.
* --with-libgcrypt * --with-libgcrypt
* --without-libgcrypt * --without-libgcrypt
* --with-libgcrypt-prefix=DIR * --with-libgcrypt-prefix=DIR

12
docs/INSTALL_CMAKE.md
View File

@ -96,18 +96,6 @@ The following options are available:
however it still requires that the method be advertized by the however it still requires that the method be advertized by the
remote end and that no more-preferable methods are available. remote end and that no more-preferable methods are available.
* `ENABLE_GEX_NEW=ON`
The diffie-hellman-group-exchange-sha1 (dh-gex) key exchange
method originally defined an exchange negotiation using packet
type 30 to request a generation pair based on a single target
value. Later refinement of dh-gex provided for range and target
values. By default libssh2 will use the newer range method.
If you experience trouble connecting to an old SSH server using
dh-gex, try this option to fallback on the older more reliable
method.
* `ENABLE_DEBUG_LOGGING=ON` in Debug, `=OFF` in Release * `ENABLE_DEBUG_LOGGING=ON` in Debug, `=OFF` in Release
Will enable the libssh2_trace() function for showing debug traces. Will enable the libssh2_trace() function for showing debug traces.

1
nw/GNUmakefile
View File

@ -424,7 +424,6 @@ endif
ifdef OLD_NOVELLSDK ifdef OLD_NOVELLSDK
@echo $(DL)#define socklen_t int$(DL) >> $@ @echo $(DL)#define socklen_t int$(DL) >> $@
endif endif
@echo $(DL)#define LIBSSH2_DH_GEX_NEW 1$(DL) >> $@
ifeq ($(DB),DEBUG) ifeq ($(DB),DEBUG)
@echo $(DL)#define LIBSSH2_DEBUG_CONNECTION 1$(DL) >> $@ @echo $(DL)#define LIBSSH2_DEBUG_CONNECTION 1$(DL) >> $@
@echo $(DL)#define LIBSSH2_DEBUG_ERRORS 1$(DL) >> $@ @echo $(DL)#define LIBSSH2_DEBUG_ERRORS 1$(DL) >> $@

3
os400/libssh2_config.h
View File

@ -146,9 +146,6 @@
/* Enable "none" cipher -- NOT RECOMMENDED */ /* Enable "none" cipher -- NOT RECOMMENDED */
#undef LIBSSH2_CRYPT_NONE #undef LIBSSH2_CRYPT_NONE
/* Enable newer diffie-hellman-group-exchange-sha1 syntax */
#define LIBSSH2_DH_GEX_NEW 1
/* Compile in zlib support */ /* Compile in zlib support */
/* #undef LIBSSH2_HAVE_ZLIB */ /* #undef LIBSSH2_HAVE_ZLIB */

8
src/CMakeLists.txt
View File

@ -222,14 +222,6 @@ if(ENABLE_MAC_NONE)
list(APPEND libssh2_DEFINITIONS LIBSSH2_MAC_NONE=1) list(APPEND libssh2_DEFINITIONS LIBSSH2_MAC_NONE=1)
endif() endif()
option(ENABLE_GEX_NEW
"Enable diffie-hellman-group-exchange-sha1 method" ON)
add_feature_info("diffie-hellman-group-exchange-sha1" ENABLE_GEX_NEW
"\"new\" diffie-hellman-group-exchange-sha1 method")
if(ENABLE_GEX_NEW)
list(APPEND libssh2_DEFINITIONS LIBSSH2_DH_GEX_NEW=1)
endif()
# Enable debugging logging by default if the user configured a debug build # Enable debugging logging by default if the user configured a debug build
if(CMAKE_BUILD_TYPE STREQUAL "Debug") if(CMAKE_BUILD_TYPE STREQUAL "Debug")
set(DEBUG_LOGGING_DEFAULT ON) set(DEBUG_LOGGING_DEFAULT ON)

31
src/kex.c
View File

@ -583,7 +583,6 @@ static int diffie_hellman_sha_algo(LIBSSH2_SESSION *session,
if(packet_type_init == SSH_MSG_KEX_DH_GEX_INIT) { if(packet_type_init == SSH_MSG_KEX_DH_GEX_INIT) {
/* diffie-hellman-group-exchange hashes additional fields */ /* diffie-hellman-group-exchange hashes additional fields */
#ifdef LIBSSH2_DH_GEX_NEW
_libssh2_htonu32(exchange_state->h_sig_comp, _libssh2_htonu32(exchange_state->h_sig_comp,
LIBSSH2_DH_GEX_MINGROUP); LIBSSH2_DH_GEX_MINGROUP);
_libssh2_htonu32(exchange_state->h_sig_comp + 4, _libssh2_htonu32(exchange_state->h_sig_comp + 4,
@ -592,12 +591,6 @@ static int diffie_hellman_sha_algo(LIBSSH2_SESSION *session,
LIBSSH2_DH_GEX_MAXGROUP); LIBSSH2_DH_GEX_MAXGROUP);
_libssh2_sha_algo_ctx_update(sha_algo_value, exchange_hash_ctx, _libssh2_sha_algo_ctx_update(sha_algo_value, exchange_hash_ctx,
exchange_state->h_sig_comp, 12); exchange_state->h_sig_comp, 12);
#else
_libssh2_htonu32(exchange_state->h_sig_comp,
LIBSSH2_DH_GEX_OPTGROUP);
_libssh2_sha_algo_ctx_update(sha_algo_value, exchange_hash_ctx,
exchange_state->h_sig_comp, 4);
#endif
} }
if(midhash) { if(midhash) {
@ -1342,23 +1335,13 @@ kex_method_diffie_hellman_group_exchange_sha1_key_exchange
key_state->p = _libssh2_bn_init_from_bin(); key_state->p = _libssh2_bn_init_from_bin();
key_state->g = _libssh2_bn_init_from_bin(); key_state->g = _libssh2_bn_init_from_bin();
/* Ask for a P and G pair */ /* Ask for a P and G pair */
#ifdef LIBSSH2_DH_GEX_NEW
key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST; key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST;
_libssh2_htonu32(key_state->request + 1, LIBSSH2_DH_GEX_MINGROUP); _libssh2_htonu32(key_state->request + 1, LIBSSH2_DH_GEX_MINGROUP);
_libssh2_htonu32(key_state->request + 5, LIBSSH2_DH_GEX_OPTGROUP); _libssh2_htonu32(key_state->request + 5, LIBSSH2_DH_GEX_OPTGROUP);
_libssh2_htonu32(key_state->request + 9, LIBSSH2_DH_GEX_MAXGROUP); _libssh2_htonu32(key_state->request + 9, LIBSSH2_DH_GEX_MAXGROUP);
key_state->request_len = 13; key_state->request_len = 13;
_libssh2_debug((session, LIBSSH2_TRACE_KEX, _libssh2_debug((session, LIBSSH2_TRACE_KEX,
"Initiating Diffie-Hellman Group-Exchange " "Initiating Diffie-Hellman Group-Exchange SHA1"));
"(New Method)"));
#else
key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST_OLD;
_libssh2_htonu32(key_state->request + 1, LIBSSH2_DH_GEX_OPTGROUP);
key_state->request_len = 5;
_libssh2_debug((session, LIBSSH2_TRACE_KEX,
"Initiating Diffie-Hellman Group-Exchange "
"(Old Method)"));
#endif
key_state->state = libssh2_NB_state_created; key_state->state = libssh2_NB_state_created;
} }
@ -1469,23 +1452,13 @@ kex_method_diffie_hellman_group_exchange_sha256_key_exchange
key_state->p = _libssh2_bn_init(); key_state->p = _libssh2_bn_init();
key_state->g = _libssh2_bn_init(); key_state->g = _libssh2_bn_init();
/* Ask for a P and G pair */ /* Ask for a P and G pair */
#ifdef LIBSSH2_DH_GEX_NEW
key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST; key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST;
_libssh2_htonu32(key_state->request + 1, LIBSSH2_DH_GEX_MINGROUP); _libssh2_htonu32(key_state->request + 1, LIBSSH2_DH_GEX_MINGROUP);
_libssh2_htonu32(key_state->request + 5, LIBSSH2_DH_GEX_OPTGROUP); _libssh2_htonu32(key_state->request + 5, LIBSSH2_DH_GEX_OPTGROUP);
_libssh2_htonu32(key_state->request + 9, LIBSSH2_DH_GEX_MAXGROUP); _libssh2_htonu32(key_state->request + 9, LIBSSH2_DH_GEX_MAXGROUP);
key_state->request_len = 13; key_state->request_len = 13;
_libssh2_debug((session, LIBSSH2_TRACE_KEX, _libssh2_debug((session, LIBSSH2_TRACE_KEX,
"Initiating Diffie-Hellman Group-Exchange " "Initiating Diffie-Hellman Group-Exchange SHA256"));
"(New Method SHA256)"));
#else
key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST_OLD;
_libssh2_htonu32(key_state->request + 1, LIBSSH2_DH_GEX_OPTGROUP);
key_state->request_len = 5;
_libssh2_debug((session, LIBSSH2_TRACE_KEX,
"Initiating Diffie-Hellman Group-Exchange "
"(Old Method SHA256)"));
#endif
key_state->state = libssh2_NB_state_created; key_state->state = libssh2_NB_state_created;
} }

4
vms/libssh2_config.h
View File

@ -81,9 +81,5 @@ typedef unsigned int socklen_t; /* missing in headers on VMS */
#define LIBSSH2_HAVE_ZLIB #define LIBSSH2_HAVE_ZLIB
/* Enable newer diffie-hellman-group-exchange-sha1 syntax */
#define LIBSSH2_DH_GEX_NEW 1
#endif /* __VMS */ #endif /* __VMS */
#endif /* LIBSSH2_CONFIG_H */ #endif /* LIBSSH2_CONFIG_H */

3
win32/libssh2_config.h
View File

@ -34,7 +34,4 @@
# endif # endif
#endif #endif
/* Enable newer diffie-hellman-group-exchange-sha1 syntax */
#define LIBSSH2_DH_GEX_NEW 1
#endif /* LIBSSH2_CONFIG_H */ #endif /* LIBSSH2_CONFIG_H */