upstream commit

Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.

ok markus@

OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 8112cfa..8996f7e 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.32 2017/12/18 02:25:15 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.33 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -62,7 +62,7 @@
 	Authctxt *authctxt = ssh->authctxt;
 	struct sshbuf *b;
 	struct sshkey *key = NULL;
-	char *pkalg, *cuser, *chost, *service;
+	char *pkalg, *cuser, *chost;
 	u_char *pkblob, *sig;
 	size_t alen, blen, slen;
 	int r, pktype, authenticated = 0;
@@ -118,15 +118,13 @@
 		goto done;
 	}
 
-	service = ssh->compat & SSH_BUG_HBSERVICE ? "ssh-userauth" :
-	    authctxt->service;
 	if ((b = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
 	/* reconstruct packet */
 	if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
 	    (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
 	    (r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
-	    (r = sshbuf_put_cstring(b, service)) != 0 ||
+	    (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
 	    (r = sshbuf_put_cstring(b, "hostbased")) != 0 ||
 	    (r = sshbuf_put_string(b, pkalg, alen)) != 0 ||
 	    (r = sshbuf_put_string(b, pkblob, blen)) != 0 ||
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 0713a9d..e649822 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.74 2017/12/21 00:00:28 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.75 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -100,26 +100,10 @@
 		debug2("%s: disabled because of invalid user", __func__);
 		return 0;
 	}
-	if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0)
-		fatal("%s: sshpkt_get_u8 failed: %s", __func__, ssh_err(r));
-	if (ssh->compat & SSH_BUG_PKAUTH) {
-		debug2("%s: SSH_BUG_PKAUTH", __func__);
-		if ((b = sshbuf_new()) == NULL)
-			fatal("%s: sshbuf_new failed", __func__);
-		/* no explicit pkalg given */
-		/* so we have to extract the pkalg from the pkblob */
-		/* XXX use sshbuf_from() */
-		if ((r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 ||
-		    (r = sshbuf_put(b, pkblob, blen)) != 0 ||
-		    (r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0)
-			fatal("%s: failed: %s", __func__, ssh_err(r));
-		sshbuf_free(b);
-	} else {
-		if ((r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
-		    (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
-			fatal("%s: sshpkt_get_cstring failed: %s",
-			    __func__, ssh_err(r));
-	}
+	if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
+	    (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
+	    (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
+		fatal("%s: parse request failed: %s", __func__, ssh_err(r));
 	pktype = sshkey_type_from_name(pkalg);
 	if (pktype == KEY_UNSPEC) {
 		/* this is perfectly legal */
@@ -188,22 +172,11 @@
 		    authctxt->style ? authctxt->style : "");
 		if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
 		    (r = sshbuf_put_cstring(b, userstyle)) != 0 ||
-		    (r = sshbuf_put_cstring(b, ssh->compat & SSH_BUG_PKSERVICE ?
-		    "ssh-userauth" : authctxt->service)) != 0)
-			fatal("%s: build packet failed: %s",
-			    __func__, ssh_err(r));
-		if (ssh->compat & SSH_BUG_PKAUTH) {
-			if ((r = sshbuf_put_u8(b, have_sig)) != 0)
-				fatal("%s: build packet failed: %s",
-				    __func__, ssh_err(r));
-		} else {
-			if ((r = sshbuf_put_cstring(b, "publickey")) != 0 ||
-			    (r = sshbuf_put_u8(b, have_sig)) != 0 ||
-			    (r = sshbuf_put_cstring(b, pkalg) != 0))
-				fatal("%s: build packet failed: %s",
-				    __func__, ssh_err(r));
-		}
-		if ((r = sshbuf_put_string(b, pkblob, blen)) != 0)
+		    (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
+		    (r = sshbuf_put_cstring(b, "publickey")) != 0 ||
+		    (r = sshbuf_put_u8(b, have_sig)) != 0 ||
+		    (r = sshbuf_put_cstring(b, pkalg) != 0) ||
+		    (r = sshbuf_put_string(b, pkblob, blen)) != 0)
 			fatal("%s: build packet failed: %s",
 			    __func__, ssh_err(r));
 #ifdef DEBUG_PK
diff --git a/auth2.c b/auth2.c
index 862e099..4f5b481 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.143 2017/06/24 06:34:38 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.144 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -153,7 +153,7 @@
 {
 	char *banner = NULL;
 
-	if (options.banner == NULL || (datafellows & SSH_BUG_BANNER) != 0)
+	if (options.banner == NULL)
 		return;
 
 	if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
diff --git a/authfd.c b/authfd.c
index a460fa3..ac635df 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.105 2017/07/01 13:50:45 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.106 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -353,8 +353,6 @@
 
 	if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE)
 		return SSH_ERR_INVALID_ARGUMENT;
-	if (compat & SSH_BUG_SIGBLOB)
-		flags |= SSH_AGENT_OLD_SIGNATURE;
 	if ((msg = sshbuf_new()) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
 	if ((r = sshkey_to_blob(key, &blob, &blen)) != 0)
diff --git a/channels.c b/channels.c
index c2706ac..1c381e0 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.377 2017/12/05 01:30:19 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.378 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1582,13 +1582,8 @@
 	    SSH_CHANNEL_OPENING, newsock, newsock, -1,
 	    c->local_window_max, c->local_maxpacket, 0, buf, 1);
 	open_preamble(ssh, __func__, nc, "x11");
-	if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0) {
-		fatal("%s: channel %i: reply %s", __func__,
-		    c->self, ssh_err(r));
-	}
-	if ((datafellows & SSH_BUG_X11FWD) != 0)
-		debug2("channel %d: ssh2 x11 bug compat mode", nc->self);
-	else if ((r = sshpkt_put_u32(ssh, remote_port)) != 0) {
+	if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0 ||
+	    (r = sshpkt_put_u32(ssh, remote_port)) != 0) {
 		fatal("%s: channel %i: reply %s", __func__,
 		    c->self, ssh_err(r));
 	}
@@ -1824,15 +1819,13 @@
 			if ((r = sshpkt_start(ssh,
 			    SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 ||
 			    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
-			    (r = sshpkt_put_u32(ssh, SSH2_OPEN_CONNECT_FAILED))
-			    != 0)
+			    (r = sshpkt_put_u32(ssh,
+			    SSH2_OPEN_CONNECT_FAILED)) != 0 ||
+			    (r = sshpkt_put_cstring(ssh, strerror(err))) != 0 ||
+			    (r = sshpkt_put_cstring(ssh, "")) != 0) {
 				fatal("%s: channel %i: failure: %s", __func__,
 				    c->self, ssh_err(r));
-			if ((datafellows & SSH_BUG_OPENFAILURE) == 0 &&
-			    ((r = sshpkt_put_cstring(ssh, strerror(err))) != 0 ||
-			    (r = sshpkt_put_cstring(ssh, "")) != 0))
-				fatal("%s: channel %i: failure: %s", __func__,
-				    c->self, ssh_err(r));
+			}
 			if ((r = sshpkt_send(ssh)) != 0)
 				fatal("%s: channel %i: %s", __func__, c->self,
 				    ssh_err(r));
@@ -3110,13 +3103,11 @@
 		error("%s: reason: %s", __func__, ssh_err(r));
 		packet_disconnect("Invalid open failure message");
 	}
-	if ((datafellows & SSH_BUG_OPENFAILURE) == 0) {
-		/* skip language */
-		if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 ||
-		    (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0) {
-			error("%s: message/lang: %s", __func__, ssh_err(r));
-			packet_disconnect("Invalid open failure message");
-		}
+	/* skip language */
+	if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 ||
+	    (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0) {
+		error("%s: message/lang: %s", __func__, ssh_err(r));
+		packet_disconnect("Invalid open failure message");
 	}
 	ssh_packet_check_eom(ssh);
 	logit("channel %d: open failed: %s%s%s", c->self,
@@ -3664,15 +3655,9 @@
 channel_rfwd_bind_host(const char *listen_host)
 {
 	if (listen_host == NULL) {
-		if (datafellows & SSH_BUG_RFWD_ADDR)
-			return "127.0.0.1";
-		else
-			return "localhost";
+		return "localhost";
 	} else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) {
-		if (datafellows & SSH_BUG_RFWD_ADDR)
-			return "0.0.0.0";
-		else
-			return "";
+		return "";
 	} else
 		return listen_host;
 }
diff --git a/clientloop.c b/clientloop.c
index c187ae5..ed9bebd 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.309 2017/12/18 23:16:23 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.310 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1541,12 +1541,7 @@
 		return NULL;
 	}
 	originator = packet_get_string(NULL);
-	if (datafellows & SSH_BUG_X11FWD) {
-		debug2("buggy server: x11 request w/o originator_port");
-		originator_port = 0;
-	} else {
-		originator_port = packet_get_int();
-	}
+	originator_port = packet_get_int();
 	packet_check_eom();
 	/* XXX check permission */
 	debug("client_request_x11: request from %s %d", originator,
@@ -1678,10 +1673,8 @@
 		packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
 		packet_put_int(rchan);
 		packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED);
-		if (!(datafellows & SSH_BUG_OPENFAILURE)) {
-			packet_put_cstring("open failed");
-			packet_put_cstring("");
-		}
+		packet_put_cstring("open failed");
+		packet_put_cstring("");
 		packet_send();
 	}
 	free(ctype);
diff --git a/compat.c b/compat.c
index d82135e..89b302c 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.104 2017/07/25 09:22:25 dtucker Exp $ */
+/* $OpenBSD: compat.c,v 1.105 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  *
@@ -50,83 +50,20 @@
 		char	*pat;
 		int	bugs;
 	} check[] = {
-		{ "OpenSSH-2.0*,"
-		  "OpenSSH-2.1*,"
-		  "OpenSSH_2.1*,"
-		  "OpenSSH_2.2*",	SSH_OLD_SESSIONID|SSH_BUG_BANNER|
-					SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
-					SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
-		{ "OpenSSH_2.3.0*",	SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES|
-					SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
-					SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
-		{ "OpenSSH_2.3.*",	SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX|
-					SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
-					SSH_OLD_FORWARD_ADDR},
-		{ "OpenSSH_2.5.0p1*,"
-		  "OpenSSH_2.5.1p1*",
-					SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX|
-					SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
-					SSH_OLD_FORWARD_ADDR},
-		{ "OpenSSH_2.5.0*,"
-		  "OpenSSH_2.5.1*,"
-		  "OpenSSH_2.5.2*",	SSH_OLD_DHGEX|SSH_BUG_NOREKEY|
-					SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
-		{ "OpenSSH_2.5.3*",	SSH_BUG_NOREKEY|SSH_BUG_EXTEOF|
-					SSH_OLD_FORWARD_ADDR},
 		{ "OpenSSH_2.*,"
 		  "OpenSSH_3.0*,"
 		  "OpenSSH_3.1*",	SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
 		{ "OpenSSH_3.*",	SSH_OLD_FORWARD_ADDR },
 		{ "Sun_SSH_1.0*",	SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
-		{ "OpenSSH_4*",		0 },
+		{ "OpenSSH_2*,"
+		  "OpenSSH_3*,"
+		  "OpenSSH_4*",		0 },
 		{ "OpenSSH_5*",		SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
 		{ "OpenSSH_6.6.1*",	SSH_NEW_OPENSSH},
 		{ "OpenSSH_6.5*,"
 		  "OpenSSH_6.6*",	SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
 		{ "OpenSSH*",		SSH_NEW_OPENSSH },
 		{ "*MindTerm*",		0 },
-		{ "2.1.0*",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
-					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
-					SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
-					SSH_BUG_FIRSTKEX },
-		{ "2.1 *",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
-					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
-					SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
-					SSH_BUG_FIRSTKEX },
-		{ "2.0.13*,"
-		  "2.0.14*,"
-		  "2.0.15*,"
-		  "2.0.16*,"
-		  "2.0.17*,"
-		  "2.0.18*,"
-		  "2.0.19*",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
-					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
-					SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
-					SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
-					SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE|
-					SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
-		{ "2.0.11*,"
-		  "2.0.12*",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
-					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
-					SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
-					SSH_BUG_PKAUTH|SSH_BUG_PKOK|
-					SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
-					SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
-		{ "2.0.*",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
-					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
-					SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
-					SSH_BUG_PKAUTH|SSH_BUG_PKOK|
-					SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
-					SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN|
-					SSH_BUG_FIRSTKEX },
-		{ "2.2.0*,"
-		  "2.3.0*",		SSH_BUG_HMAC|SSH_BUG_DEBUG|
-					SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX },
-		{ "2.3.*",		SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
-					SSH_BUG_FIRSTKEX },
-		{ "2.4",		SSH_OLD_SESSIONID },	/* Van Dyke */
-		{ "2.*",		SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX|
-					SSH_BUG_RFWD_ADDR },
 		{ "3.0.*",		SSH_BUG_DEBUG },
 		{ "3.0 SecureCRT*",	SSH_OLD_SESSIONID },
 		{ "1.7 SecureFX*",	SSH_OLD_SESSIONID },
diff --git a/compat.h b/compat.h
index 2e7830f..246e6ee 100644
--- a/compat.h
+++ b/compat.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.h,v 1.49 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: compat.h,v 1.50 2018/01/23 05:27:21 djm Exp $ */
 
 /*
  * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
@@ -32,31 +32,31 @@
 #define	SSH_PROTO_1_PREFERRED	0x02
 #define	SSH_PROTO_2		0x04
 
-#define SSH_BUG_SIGBLOB		0x00000001
-#define SSH_BUG_PKSERVICE	0x00000002
-#define SSH_BUG_HMAC		0x00000004
-#define SSH_BUG_X11FWD		0x00000008
+/* #define unused		0x00000001 */
+/* #define unused		0x00000002 */
+/* #define unused		0x00000004 */
+/* #define unused		0x00000008 */
 #define SSH_OLD_SESSIONID	0x00000010
-#define SSH_BUG_PKAUTH		0x00000020
+/* #define unused		0x00000020 */
 #define SSH_BUG_DEBUG		0x00000040
-#define SSH_BUG_BANNER		0x00000080
+/* #define unused		0x00000080 */
 #define SSH_BUG_IGNOREMSG	0x00000100
-#define SSH_BUG_PKOK		0x00000200
+/* #define unused		0x00000200 */
 #define SSH_BUG_PASSWORDPAD	0x00000400
 #define SSH_BUG_SCANNER		0x00000800
 #define SSH_BUG_BIGENDIANAES	0x00001000
 #define SSH_BUG_RSASIGMD5	0x00002000
 #define SSH_OLD_DHGEX		0x00004000
 #define SSH_BUG_NOREKEY		0x00008000
-#define SSH_BUG_HBSERVICE	0x00010000
-#define SSH_BUG_OPENFAILURE	0x00020000
-#define SSH_BUG_DERIVEKEY	0x00040000
-#define SSH_BUG_DUMMYCHAN	0x00100000
+/* #define unused		0x00010000 */
+/* #define unused		0x00020000 */
+/* #define unused		0x00040000 */
+/* #define unused		0x00100000 */
 #define SSH_BUG_EXTEOF		0x00200000
 #define SSH_BUG_PROBE		0x00400000
-#define SSH_BUG_FIRSTKEX	0x00800000
+/* #define unused		0x00800000 */
 #define SSH_OLD_FORWARD_ADDR	0x01000000
-#define SSH_BUG_RFWD_ADDR	0x02000000
+/* #define unused		0x02000000 */
 #define SSH_NEW_OPENSSH		0x04000000
 #define SSH_BUG_DYNAMIC_RPORT	0x08000000
 #define SSH_BUG_CURVE25519PAD	0x10000000
diff --git a/kex.c b/kex.c
index d5d5a9d..83c6199 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.134 2017/06/13 12:13:59 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.135 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -675,9 +675,6 @@
 		free(name);
 		return SSH_ERR_INTERNAL_ERROR;
 	}
-	/* truncate the key */
-	if (ssh->compat & SSH_BUG_HMAC)
-		mac->key_len = 16;
 	mac->name = name;
 	mac->key = NULL;
 	mac->enabled = 0;
@@ -866,8 +863,7 @@
 	kex->dh_need = dh_need;
 
 	/* ignore the next message if the proposals do not match */
-	if (first_kex_follows && !proposals_match(my, peer) &&
-	    !(ssh->compat & SSH_BUG_FIRSTKEX))
+	if (first_kex_follows && !proposals_match(my, peer))
 		ssh->dispatch_skip_packets = 1;
 	r = 0;
  out:
diff --git a/monitor.c b/monitor.c
index b0227ee..89c8c95 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.177 2017/12/21 00:00:28 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.178 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1255,18 +1255,13 @@
 	free(userstyle);
 	free(cp);
 	buffer_skip_string(&b);
-	if (datafellows & SSH_BUG_PKAUTH) {
-		if (!buffer_get_char(&b))
-			fail++;
-	} else {
-		cp = buffer_get_cstring(&b, NULL);
-		if (strcmp("publickey", cp) != 0)
-			fail++;
-		free(cp);
-		if (!buffer_get_char(&b))
-			fail++;
-		buffer_skip_string(&b);
-	}
+	cp = buffer_get_cstring(&b, NULL);
+	if (strcmp("publickey", cp) != 0)
+		fail++;
+	free(cp);
+	if (!buffer_get_char(&b))
+		fail++;
+	buffer_skip_string(&b);
 	buffer_skip_string(&b);
 	if (buffer_len(&b) != 0)
 		fail++;
diff --git a/serverloop.c b/serverloop.c
index 615921c..feaf35c 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.202 2017/12/18 23:16:24 djm Exp $ */
+/* $OpenBSD: serverloop.c,v 1.203 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -655,10 +655,8 @@
 		packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
 		packet_put_int(rchan);
 		packet_put_int(reason);
-		if (!(datafellows & SSH_BUG_OPENFAILURE)) {
-			packet_put_cstring(errmsg ? errmsg : "open failed");
-			packet_put_cstring("");
-		}
+		packet_put_cstring(errmsg ? errmsg : "open failed");
+		packet_put_cstring("");
 		packet_send();
 	}
 	free(ctype);
diff --git a/ssh-agent.c b/ssh-agent.c
index 8cb00f6..39888a7 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.226 2017/11/15 02:10:16 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.227 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -292,8 +292,6 @@
 		goto send;
 	}
 
-	if (flags & SSH_AGENT_OLD_SIGNATURE)
-		compat = SSH_BUG_SIGBLOB;
 	if ((id = lookup_identity(key)) == NULL) {
 		verbose("%s: %s key not found", __func__, sshkey_type(key));
 		goto send;
diff --git a/ssh-dss.c b/ssh-dss.c
index 7af59fa..cda498a 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */
+/* $OpenBSD: ssh-dss.c,v 1.36 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -86,38 +86,25 @@
 	BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
 	BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen);
 
-	if (compat & SSH_BUG_SIGBLOB) {
-		if (sigp != NULL) {
-			if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) {
-				ret = SSH_ERR_ALLOC_FAIL;
-				goto out;
-			}
-			memcpy(*sigp, sigblob, SIGBLOB_LEN);
-		}
-		if (lenp != NULL)
-			*lenp = SIGBLOB_LEN;
-		ret = 0;
-	} else {
-		/* ietf-drafts */
-		if ((b = sshbuf_new()) == NULL) {
+	if ((b = sshbuf_new()) == NULL) {
+		ret = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 ||
+	    (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
+		goto out;
+
+	len = sshbuf_len(b);
+	if (sigp != NULL) {
+		if ((*sigp = malloc(len)) == NULL) {
 			ret = SSH_ERR_ALLOC_FAIL;
 			goto out;
 		}
-		if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 ||
-		    (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
-			goto out;
-		len = sshbuf_len(b);
-		if (sigp != NULL) {
-			if ((*sigp = malloc(len)) == NULL) {
-				ret = SSH_ERR_ALLOC_FAIL;
-				goto out;
-			}
-			memcpy(*sigp, sshbuf_ptr(b), len);
-		}
-		if (lenp != NULL)
-			*lenp = len;
-		ret = 0;
+		memcpy(*sigp, sshbuf_ptr(b), len);
 	}
+	if (lenp != NULL)
+		*lenp = len;
+	ret = 0;
  out:
 	explicit_bzero(digest, sizeof(digest));
 	if (sig != NULL)
@@ -146,28 +133,20 @@
 		return SSH_ERR_INTERNAL_ERROR;
 
 	/* fetch signature */
-	if (compat & SSH_BUG_SIGBLOB) {
-		if ((sigblob = malloc(signaturelen)) == NULL)
-			return SSH_ERR_ALLOC_FAIL;
-		memcpy(sigblob, signature, signaturelen);
-		len = signaturelen;
-	} else {
-		/* ietf-drafts */
-		if ((b = sshbuf_from(signature, signaturelen)) == NULL)
-			return SSH_ERR_ALLOC_FAIL;
-		if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
-		    sshbuf_get_string(b, &sigblob, &len) != 0) {
-			ret = SSH_ERR_INVALID_FORMAT;
-			goto out;
-		}
-		if (strcmp("ssh-dss", ktype) != 0) {
-			ret = SSH_ERR_KEY_TYPE_MISMATCH;
-			goto out;
-		}
-		if (sshbuf_len(b) != 0) {
-			ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
-			goto out;
-		}
+	if ((b = sshbuf_from(signature, signaturelen)) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
+	    sshbuf_get_string(b, &sigblob, &len) != 0) {
+		ret = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
+	if (strcmp("ssh-dss", ktype) != 0) {
+		ret = SSH_ERR_KEY_TYPE_MISMATCH;
+		goto out;
+	}
+	if (sshbuf_len(b) != 0) {
+		ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
+		goto out;
 	}
 
 	if (len != SIGBLOB_LEN) {
diff --git a/ssh.c b/ssh.c
index ac85b2b..af4597f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.470 2018/01/23 05:06:25 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.471 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1931,7 +1931,7 @@
 	if (options.control_persist && muxserver_sock == -1)
 		ssh_init_stdio_forwarding(ssh);
 
-	if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN))
+	if (!no_shell_flag)
 		id = ssh_session2_open(ssh);
 	else {
 		packet_set_interactive(
diff --git a/sshconnect.c b/sshconnect.c
index c25e192..0e195a3 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.290 2018/01/23 05:17:04 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.291 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -617,9 +617,6 @@
 	if (mismatch)
 		fatal("Protocol major versions differ: %d vs. %d",
 		    PROTOCOL_MAJOR_2, remote_major);
-	if ((datafellows & SSH_BUG_DERIVEKEY) != 0)
-		fatal("Server version \"%.100s\" uses unsafe key agreement; "
-		    "refusing connection", remote_version);
 	if ((datafellows & SSH_BUG_RSASIGMD5) != 0)
 		logit("Server version \"%.100s\" uses unsafe RSA signature "
 		    "scheme; disabling use of RSA keys", remote_version);
diff --git a/sshconnect2.c b/sshconnect2.c
index be9397e..870c3d2 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.266 2017/08/27 00:38:41 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.267 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -578,7 +578,6 @@
 	Authctxt *authctxt = ssh->authctxt;
 	struct sshkey *key = NULL;
 	Identity *id = NULL;
-	Buffer b;
 	int pktype, sent = 0;
 	u_int alen, blen;
 	char *pkalg, *fp;
@@ -586,18 +585,9 @@
 
 	if (authctxt == NULL)
 		fatal("input_userauth_pk_ok: no authentication context");
-	if (datafellows & SSH_BUG_PKOK) {
-		/* this is similar to SSH_BUG_PKAUTH */
-		debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
-		pkblob = packet_get_string(&blen);
-		buffer_init(&b);
-		buffer_append(&b, pkblob, blen);
-		pkalg = buffer_get_string(&b, &alen);
-		buffer_free(&b);
-	} else {
-		pkalg = packet_get_string(&alen);
-		pkblob = packet_get_string(&blen);
-	}
+
+	pkalg = packet_get_string(&alen);
+	pkblob = packet_get_string(&blen);
 	packet_check_eom();
 
 	debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
@@ -1100,17 +1090,10 @@
 	}
 	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
 	buffer_put_cstring(&b, authctxt->server_user);
-	buffer_put_cstring(&b,
-	    datafellows & SSH_BUG_PKSERVICE ?
-	    "ssh-userauth" :
-	    authctxt->service);
-	if (datafellows & SSH_BUG_PKAUTH) {
-		buffer_put_char(&b, have_sig);
-	} else {
-		buffer_put_cstring(&b, authctxt->method->name);
-		buffer_put_char(&b, have_sig);
-		buffer_put_cstring(&b, key_sign_encode(id->key));
-	}
+	buffer_put_cstring(&b, authctxt->service);
+	buffer_put_cstring(&b, authctxt->method->name);
+	buffer_put_char(&b, have_sig);
+	buffer_put_cstring(&b, key_sign_encode(id->key));
 	buffer_put_string(&b, blob, bloblen);
 
 	/*
@@ -1170,19 +1153,6 @@
 #ifdef DEBUG_PK
 	buffer_dump(&b);
 #endif
-	if (datafellows & SSH_BUG_PKSERVICE) {
-		buffer_clear(&b);
-		buffer_append(&b, session_id2, session_id2_len);
-		skip = session_id2_len;
-		buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
-		buffer_put_cstring(&b, authctxt->server_user);
-		buffer_put_cstring(&b, authctxt->service);
-		buffer_put_cstring(&b, authctxt->method->name);
-		buffer_put_char(&b, have_sig);
-		if (!(datafellows & SSH_BUG_PKAUTH))
-			buffer_put_cstring(&b, key_ssh_name(id->key));
-		buffer_put_string(&b, blob, bloblen);
-	}
 	free(blob);
 
 	/* append signature */
@@ -1224,8 +1194,7 @@
 	packet_put_cstring(authctxt->service);
 	packet_put_cstring(authctxt->method->name);
 	packet_put_char(have_sig);
-	if (!(datafellows & SSH_BUG_PKAUTH))
-		packet_put_cstring(key_sign_encode(id->key));
+	packet_put_cstring(key_sign_encode(id->key));
 	packet_put_string(blob, bloblen);
 	free(blob);
 	packet_send();
@@ -1741,7 +1710,6 @@
 	struct ssh *ssh = active_state;
 	struct sshkey *private = NULL;
 	struct sshbuf *b = NULL;
-	const char *service;
 	u_char *sig = NULL, *keyblob = NULL;
 	char *fp = NULL, *chost = NULL, *lname = NULL;
 	size_t siglen = 0, keylen = 0;
@@ -1812,9 +1780,6 @@
 	xasprintf(&chost, "%s.", lname);
 	debug2("%s: chost %s", __func__, chost);
 
-	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
-	    authctxt->service;
-
 	/* construct data */
 	if ((b = sshbuf_new()) == NULL) {
 		error("%s: sshbuf_new failed", __func__);
@@ -1827,7 +1792,7 @@
 	if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
 	    (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
 	    (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 ||
-	    (r = sshbuf_put_cstring(b, service)) != 0 ||
+	    (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
 	    (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 ||
 	    (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 ||
 	    (r = sshbuf_put_string(b, keyblob, keylen)) != 0 ||
diff --git a/sshd.c b/sshd.c
index 6133135..e7e3c99 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.501 2018/01/23 05:12:12 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.502 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -446,10 +446,6 @@
 		logit("Client version \"%.100s\" uses unsafe RSA signature "
 		    "scheme; disabling use of RSA keys", remote_version);
 	}
-	if ((ssh->compat & SSH_BUG_DERIVEKEY) != 0) {
-		fatal("Client version \"%.100s\" uses unsafe key agreement; "
-		    "refusing connection", remote_version);
-	}
 
 	chop(server_version_string);
 	debug("Local version string %.200s", server_version_string);