scmno****@osdn*****
scmno****@osdn*****
2017年 12月 18日 (月) 20:06:16 JST
Revision: 7008 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7008 Author: doda Date: 2017-12-18 20:06:16 +0900 (Mon, 18 Dec 2017) Log Message: ----------- AEAD 暗号使用時は MAC Negotiation の結果を無視するようにした #37750 併せて、AEAD 暗号使用時に About TTSSH ダイアログで MAC 方式を <implicit> と表示するようにした。 #37741 Ticket Links: ------------ http://sourceforge.jp/projects/ttssh2/tracker/detail/37750 http://sourceforge.jp/projects/ttssh2/tracker/detail/37741 Modified Paths: -------------- trunk/doc/en/html/about/history.html trunk/doc/ja/html/about/history.html trunk/ttssh2/ttxssh/ssh.c -------------- next part -------------- Modified: trunk/doc/en/html/about/history.html =================================================================== --- trunk/doc/en/html/about/history.html 2017-12-18 11:06:13 UTC (rev 7007) +++ trunk/doc/en/html/about/history.html 2017-12-18 11:06:16 UTC (rev 7008) @@ -33,6 +33,11 @@ <h3><a name="teraterm_4.98">2018.02.28 (Ver 4.98) not released</a></h3> <ul class="history"> + <li>Misc + <ul> + <li>upgraded TTSSH to <a href="#ttssh_2.84">2.84</a>.</li> + </ul> + </li> </ul> @@ -2968,7 +2973,9 @@ <li>Bug fixes <ul> <!--li>\x83o\x81[\x83W\x83\x87\x83\x93\x8F\xEE\x95\xF1\x83_\x83C\x83A\x83\x8D\x83O\x82̃T\x81[\x83o\x83z\x83X\x83g\x8C\xAE\x82̎w\x96\xE4\x82ɁA\x93\xAF\x88\xEA\x83T\x81[\x83o\x82Őڑ\xB1\x82Ɏg\x97p\x82\xB3\x82\xEA\x82Ă\xA2\x82Ȃ\xA2\x95\xFB\x8E\xAE\x82̌\xAE\x82\xAA\x95\\x8E\xA6\x82\xB3\x82\xEA\x82邱\x82Ƃ\xAA\x82\xA0\x82\xE9\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li--> - <!--li>\x83V\x83\x8A\x83A\x83\x8B\x83|\x81[\x83g\x90ڑ\xB1\x8E\x9E\x82\xC9 <li><a href="../menu/file.html">[File]</a> \x83\x81\x83j\x83\x85\x81[\x82\xCC [SSH SCP] \x82\xAA\x96\xB3\x8C\xF8\x82ɂȂ\xE7\x82Ȃ\xA2\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li--> + <!--li>\x83V\x83\x8A\x83A\x83\x8B\x83|\x81[\x83g\x90ڑ\xB1\x8E\x9E\x82\xC9 <a href="../menu/file.html">[File]</a> \x83\x81\x83j\x83\x85\x81[\x82\xCC [SSH SCP] \x82\xAA\x96\xB3\x8C\xF8\x82ɂȂ\xE7\x82Ȃ\xA2\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li--> + <li>When using aes12****@opens***** or aes25****@opens***** as symmetric cipher algorithm, connection is terminated if MAC algorithm cannot negotiate.</li> + <li>When using aes12****@opens***** or aes25****@opens***** as symmetric cipher algorithm, un-used MAC algorithm is displayed on "About TTSSH" dialog.</li> </ul> </li> </ul> Modified: trunk/doc/ja/html/about/history.html =================================================================== --- trunk/doc/ja/html/about/history.html 2017-12-18 11:06:13 UTC (rev 7007) +++ trunk/doc/ja/html/about/history.html 2017-12-18 11:06:16 UTC (rev 7008) @@ -33,6 +33,11 @@ <h3><a name="teraterm_4.98">2018.02.28 (Ver 4.98) not released</a></h3> <ul class="history"> + <li>\x82\xBB\x82̑\xBC + <ul> + <li><a href="#ttssh_2.84">TTSSH(2.84)</a>\x82֍\xB7\x82\xB5\x91ւ\xA6\x82\xBD\x81B</li> + </ul> + </li> </ul> @@ -2974,7 +2979,9 @@ <li>\x83o\x83O\x8FC\x90\xB3 <ul> <li>\x83o\x81[\x83W\x83\x87\x83\x93\x8F\xEE\x95\xF1\x83_\x83C\x83A\x83\x8D\x83O\x82̃T\x81[\x83o\x83z\x83X\x83g\x8C\xAE\x82̎w\x96\xE4\x82ɁA\x93\xAF\x88\xEA\x83T\x81[\x83o\x82Őڑ\xB1\x82Ɏg\x97p\x82\xB3\x82\xEA\x82Ă\xA2\x82Ȃ\xA2\x95\xFB\x8E\xAE\x82̌\xAE\x82\xAA\x95\\x8E\xA6\x82\xB3\x82\xEA\x82邱\x82Ƃ\xAA\x82\xA0\x82\xE9\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li> - <li>\x83V\x83\x8A\x83A\x83\x8B\x83|\x81[\x83g\x90ڑ\xB1\x8E\x9E\x82\xC9 <li><a href="../menu/file.html">[File]</a> \x83\x81\x83j\x83\x85\x81[\x82\xCC [SSH SCP] \x82\xAA\x96\xB3\x8C\xF8\x82ɂȂ\xE7\x82Ȃ\xA2\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li> + <li>\x83V\x83\x8A\x83A\x83\x8B\x83|\x81[\x83g\x90ڑ\xB1\x8E\x9E\x82\xC9 <a href="../menu/file.html">[File]</a> \x83\x81\x83j\x83\x85\x81[\x82\xCC [SSH SCP] \x82\xAA\x96\xB3\x8C\xF8\x82ɂȂ\xE7\x82Ȃ\xA2\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li> + <li>\x88Í\x86\x95\xFB\x8E\xAE\x82\xC5 aes12****@opens***** \x82܂\xBD\x82\xCD aes25****@opens***** \x82\xF0\x8Eg\x97p\x8E\x9E\x81AMAC \x95\xFB\x8E\xAE\x82̃l\x83S\x83V\x83G\x81[\x83V\x83\x87\x83\x93\x82\xAA\x8Ds\x82\xA6\x82Ȃ\xA9\x82\xC1\x82\xBD\x8E\x9E\x82ɐڑ\xB1\x82\xF0\x90\xE9\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li> + <li>\x88Í\x86\x95\xFB\x8E\xAE\x82\xC5 aes12****@opens***** \x82܂\xBD\x82\xCD aes25****@opens***** \x82\xF0\x8Eg\x97p\x8E\x9E\x81A"About TTSSH" \x83_\x83C\x83A\x83\x8D\x83O\x82Ŏg\x97p\x82\xB5\x82Ă\xA2\x82Ȃ\xA2 MAC \x95\xFB\x8E\xAE\x82\xF0\x95\\x8E\xA6\x82\xB7\x82\xE9\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li> </ul> </li> </ul> Modified: trunk/ttssh2/ttxssh/ssh.c =================================================================== --- trunk/ttssh2/ttxssh/ssh.c 2017-12-18 11:06:13 UTC (rev 7007) +++ trunk/ttssh2/ttxssh/ssh.c 2017-12-18 11:06:16 UTC (rev 7008) @@ -4980,15 +4980,20 @@ logprintf(LOG_LEVEL_VERBOSE, "server proposal: MAC algorithm client to server: %s", buf); - pvar->macs[MODE_OUT] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_CTOS]); - if (pvar->macs[MODE_OUT] == NULL) { // not match - strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE); - strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE); - msg = tmp; - goto error; + if (pvar->ciphers[MODE_OUT]->auth_len > 0) { + logputs(LOG_LEVEL_VERBOSE, "AEAD cipher is selected, ignoring MAC algorithms. (c2s)"); + pvar->macs[MODE_OUT] = get_ssh2_mac(HMAC_IMPLICIT); } + else { + pvar->macs[MODE_OUT] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_CTOS]); + if (pvar->macs[MODE_OUT] == NULL) { // not match + strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE); + strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE); + msg = tmp; + goto error; + } + } - size = get_payload_uint32(pvar, offset); offset += 4; for (i = 0; i < size; i++) { @@ -4999,15 +5004,20 @@ logprintf(LOG_LEVEL_VERBOSE, "server proposal: MAC algorithm server to client: %s", buf); - pvar->macs[MODE_IN] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_STOC]); - if (pvar->macs[MODE_IN] == NULL) { // not match - strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE); - strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE); - msg = tmp; - goto error; + if (pvar->ciphers[MODE_IN]->auth_len > 0) { + logputs(LOG_LEVEL_VERBOSE, "AEAD cipher is selected, ignoring MAC algorithms. (s2c)"); + pvar->macs[MODE_IN] = get_ssh2_mac(HMAC_IMPLICIT); } + else { + pvar->macs[MODE_IN] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_STOC]); + if (pvar->macs[MODE_IN] == NULL) { // not match + strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE); + strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE); + msg = tmp; + goto error; + } + } - // \x88\xB3\x8Fk\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82̌\x88\x92\xE8 // pvar->ssh_state.compressing = FALSE; \x82Ƃ\xB5\x82ĉ\xBA\x8BL\x83\x81\x83\x93\x83o\x82\xF0\x8Eg\x97p\x82\xB7\x82\xE9\x81B // (2005.7.9 yutaka)