what does bug_ssh2_hmac do?

21/07/2007, 17h00

I'm trying to figure out what BUG_SSH2_HMAC does in PuTTy's SSH.c
and... well, I can't. All that I seem to be able to find is this:

/*
* Be prepared to work around the buggy MAC problem.
*/
if (ssh->remote_bugs & BUG_SSH2_HMAC)
s->maclist = buggymacs, s->nmacs = lenof(buggymacs);
else
s->maclist = macs, s->nmacs = lenof(macs);

Doing a search for buggymacs reveals this:

const static struct ssh_mac *macs[] = {
&ssh_sha1, &ssh_md5, &ssh_mac_none
};
const static struct ssh_mac *buggymacs[] = {
&ssh_sha1_buggy, &ssh_md5, &ssh_mac_none
};

Beyond that, there don't appear to be any references of importance to
ssh_sha1_buggy, buggymacs, or BUG_SSH2_MACs. As such, I'm not really
sure what the buggy SSH2 HMAC thing is supposed to do... any ideas?

21/07/2007, 17h36

yawnmoth <terra1024@yahoo.com> wrote:
> I'm trying to figure out what BUG_SSH2_HMAC does in PuTTy's SSH.c
> and... well, I can't.
[...]
> const static struct ssh_mac *macs[] = {
> &ssh_sha1, &ssh_md5, &ssh_mac_none
> };
> const static struct ssh_mac *buggymacs[] = {
> &ssh_sha1_buggy, &ssh_md5, &ssh_mac_none
> };

`macs' is the usual list of MAC algorithms supported by PuTTY, and
offered to the server in the KEXINIT list.

`buggymacs' is a replacement for it, used on particular servers
which mis-implement hmac-sha1 and hmac-sha1-96. If you look in
sshsha.c, you'll find that the buggy versions are exactly the same
as the normal hmac-sha1 algorithms, but call sha1_key_buggy instead
of sha1_key, which uses only 16 bytes of key material.
--
Simon Tatham "The voices in my head are trying to ignore me.
<anakin@pobox.com> But if I keep talking, I can drive them insane."

26/07/2007, 05h03

On Jul 21, 11:36 am, Simon Tatham <ana...@pobox.com> wrote:
> yawnmoth <terra1...@yahoo.com> wrote:
> > I'm trying to figure out what BUG_SSH2_HMAC does in PuTTy's SSH.c
> > and... well, I can't.
> [...]
> > const static struct ssh_mac *macs[] = {
> > &ssh_sha1, &ssh_md5, &ssh_mac_none
> > };
> > const static struct ssh_mac *buggymacs[] = {
> > &ssh_sha1_buggy, &ssh_md5, &ssh_mac_none
> > };
>
> `macs' is the usual list of MAC algorithms supported by PuTTY, and
> offered to the server in the KEXINIT list.
>
> `buggymacs' is a replacement for it, used on particular servers
> which mis-implement hmac-sha1 and hmac-sha1-96. If you look in
> sshsha.c, you'll find that the buggy versions are exactly the same
> as the normal hmac-sha1 algorithms, but call sha1_key_buggy instead
> of sha1_key, which uses only 16 bytes of key material.

Thanks!

21/07/2007, 17h00	#1
yawnmoth Messages: n/a Hébergeur:	what does BUG_SSH2_HMAC do? I'm trying to figure out what BUG_SSH2_HMAC does in PuTTy's SSH.c and... well, I can't. All that I seem to be able to find is this: /* * Be prepared to work around the buggy MAC problem. / if (ssh->remote_bugs & BUG_SSH2_HMAC) s->maclist = buggymacs, s->nmacs = lenof(buggymacs); else s->maclist = macs, s->nmacs = lenof(macs); Doing a search for buggymacs reveals this: const static struct ssh_mac macs[] = { &ssh_sha1, &ssh_md5, &ssh_mac_none }; const static struct ssh_mac *buggymacs[] = { &ssh_sha1_buggy, &ssh_md5, &ssh_mac_none }; Beyond that, there don't appear to be any references of importance to ssh_sha1_buggy, buggymacs, or BUG_SSH2_MACs. As such, I'm not really sure what the buggy SSH2 HMAC thing is supposed to do... any ideas?

21/07/2007, 17h36	#2
Simon Tatham Messages: n/a Hébergeur:	Re: what does BUG_SSH2_HMAC do? yawnmoth <terra1024@yahoo.com> wrote: > I'm trying to figure out what BUG_SSH2_HMAC does in PuTTy's SSH.c > and... well, I can't. [...] > const static struct ssh_mac macs[] = { > &ssh_sha1, &ssh_md5, &ssh_mac_none > }; > const static struct ssh_mac buggymacs[] = { > &ssh_sha1_buggy, &ssh_md5, &ssh_mac_none > }; `macs' is the usual list of MAC algorithms supported by PuTTY, and offered to the server in the KEXINIT list. `buggymacs' is a replacement for it, used on particular servers which mis-implement hmac-sha1 and hmac-sha1-96. If you look in sshsha.c, you'll find that the buggy versions are exactly the same as the normal hmac-sha1 algorithms, but call sha1_key_buggy instead of sha1_key, which uses only 16 bytes of key material. -- Simon Tatham "The voices in my head are trying to ignore me. <anakin@pobox.com> But if I keep talking, I can drive them insane."

26/07/2007, 05h03	#3
yawnmoth Messages: n/a Hébergeur:	what does bug_ssh2_hmac do? On Jul 21, 11:36 am, Simon Tatham <ana...@pobox.com> wrote: > yawnmoth <terra1...@yahoo.com> wrote: > > I'm trying to figure out what BUG_SSH2_HMAC does in PuTTy's SSH.c > > and... well, I can't. > [...] > > const static struct ssh_mac macs[] = { > > &ssh_sha1, &ssh_md5, &ssh_mac_none > > }; > > const static struct ssh_mac buggymacs[] = { > > &ssh_sha1_buggy, &ssh_md5, &ssh_mac_none > > }; > > `macs' is the usual list of MAC algorithms supported by PuTTY, and > offered to the server in the KEXINIT list. > > `buggymacs' is a replacement for it, used on particular servers > which mis-implement hmac-sha1 and hmac-sha1-96. If you look in > sshsha.c, you'll find that the buggy versions are exactly the same > as the normal hmac-sha1 algorithms, but call sha1_key_buggy instead > of sha1_key, which uses only 16 bytes of key material. Thanks!

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email