1 From c71eccaac0cba458050a78e850522761c45e424f Mon Sep 17 00:00:00 2001
   2 From: Alex Wilson <alex.wilson@joyent.com>
   3 Date: Fri, 4 Sep 2015 10:38:28 -0700
   4 Subject: [PATCH 31/36] Compatibility for SunSSH_1.5* should include old DH KEx
   5  algos
   6 
   7 We use the kex compat mechanism here to recognise old SunSSH
   8 versions and present a kex proposal that always includes the
   9 dh-group14 and -group1 algorithms.
  10 
  11 Without this, an old SunSSH client cannot connect to our
  12 new daemon.
  13 ---
  14  compat.c | 31 ++++++++++++++++++++++++++++++-
  15  1 file changed, 30 insertions(+), 1 deletion(-)
  16 
  17 diff --git a/compat.c b/compat.c
  18 index 5583804..e2bebee 100644
  19 --- a/compat.c
  20 +++ b/compat.c
  21 @@ -92,7 +92,9 @@ compat_datafellows(const char *version)
  22                   "OpenSSH_3.0*,"
  23                   "OpenSSH_3.1*",       SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
  24                 { "OpenSSH_3.*",        SSH_OLD_FORWARD_ADDR },
  25 -               { "Sun_SSH_1.0*",       SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
  26 +               { "Sun_SSH_1.0*",       SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
  27 +                                       SSH_OLD_DHGEX},
  28 +               { "Sun_SSH_1.5*",       SSH_OLD_DHGEX},
  29                 { "OpenSSH_4*",         0 },
  30                 { "OpenSSH_5*",         SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
  31                 { "OpenSSH_6.6.1*",     SSH_NEW_OPENSSH},
  32 @@ -279,6 +281,31 @@ filter_proposal(char *proposal, const char *filter)
  33         return fix_prop;
  34  }
  35  
  36 +/*
  37 + * Adds an algorithm to the end of a proposal list, only if the algorithm is
  38 + * not already present.
  39 + */
  40 +static char *
  41 +append_proposal(char *proposal, const char *append)
  42 +{
  43 +       Buffer b;
  44 +       char *fix_prop;
  45 +
  46 +       if (strstr(proposal, append) != NULL)
  47 +               return proposal;
  48 +
  49 +       buffer_init(&b);
  50 +       buffer_append(&b, proposal, strlen(proposal));
  51 +       if (buffer_len(&b) > 0)
  52 +               buffer_append(&b, ",", 1);
  53 +       buffer_append(&b, append, strlen(append));
  54 +       buffer_append(&b, "\0", 1);
  55 +       fix_prop = xstrdup((char *)buffer_ptr(&b));
  56 +       buffer_free(&b);
  57 +
  58 +       return fix_prop;
  59 +}
  60 +
  61  char *
  62  compat_cipher_proposal(char *cipher_prop)
  63  {
  64 @@ -316,6 +343,8 @@ compat_kex_proposal(char *p)
  65         if ((datafellows & SSH_OLD_DHGEX) != 0) {
  66                 p = filter_proposal(p, "diffie-hellman-group-exchange-sha256");
  67                 p = filter_proposal(p, "diffie-hellman-group-exchange-sha1");
  68 +               p = append_proposal(p, "diffie-hellman-group14-sha1");
  69 +               p = append_proposal(p, "diffie-hellman-group1-sha1");
  70         }
  71         debug2("%s: compat KEX proposal: %s", __func__, p);
  72         if (*p == '\0')
  73 -- 
  74 2.5.4 (Apple Git-61)
  75