openssh: apply patch for curve25519 KEX bugfix as suggested by Damien Miller.
See http://marc.info/?l=openssh-unix-dev&m=139797807804698
This commit is contained in:
Juan RP
parent
0b7c2e8564
commit
825323c3cb
|
|
@ -0,0 +1,173 @@
|
|||
[From Damien Miller]
|
||||
|
||||
Hi,
|
||||
|
||||
So I screwed up when writing the support for the curve25519 KEX method
|
||||
that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left
|
||||
leading zero bytes where they should have been skipped. The impact of
|
||||
this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a
|
||||
peer that implements curve25519-sha256@libssh.org properly about 0.2%
|
||||
of the time (one in every 512ish connections).
|
||||
|
||||
We've fixed this for OpenSSH 6.7 by avoiding the curve25519-sha256
|
||||
key exchange for previous versions, but I'd recommend distributors
|
||||
of OpenSSH apply this patch so the affected code doesn't become
|
||||
too entrenched in LTS releases.
|
||||
|
||||
The patch fixes the bug and makes OpenSSH identify itself as 6.6.1 so as
|
||||
to distinguish itself from the incorrect versions so the compatibility
|
||||
code to disable the affected KEX isn't activated.
|
||||
|
||||
I've committed this on the 6.6 branch too.
|
||||
|
||||
Apologies for the hassle.
|
||||
|
||||
-d
|
||||
|
||||
Index: version.h
|
||||
===================================================================
|
||||
RCS file: /var/cvs/openssh/version.h,v
|
||||
retrieving revision 1.82
|
||||
diff -u -p -r1.82 version.h
|
||||
--- version.h 27 Feb 2014 23:01:54 -0000 1.82
|
||||
+++ version.h 20 Apr 2014 03:35:15 -0000
|
||||
@@ -1,6 +1,6 @@
|
||||
/* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */
|
||||
|
||||
-#define SSH_VERSION "OpenSSH_6.6"
|
||||
+#define SSH_VERSION "OpenSSH_6.6.1"
|
||||
|
||||
#define SSH_PORTABLE "p1"
|
||||
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
|
||||
Index: compat.c
|
||||
===================================================================
|
||||
RCS file: /var/cvs/openssh/compat.c,v
|
||||
retrieving revision 1.82
|
||||
retrieving revision 1.85
|
||||
diff -u -p -r1.82 -r1.85
|
||||
--- compat.c 31 Dec 2013 01:25:41 -0000 1.82
|
||||
+++ compat.c 20 Apr 2014 03:33:59 -0000 1.85
|
||||
@@ -95,6 +95,9 @@ compat_datafellows(const char *version)
|
||||
{ "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
|
||||
{ "OpenSSH_4*", 0 },
|
||||
{ "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
|
||||
+ { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH},
|
||||
+ { "OpenSSH_6.5*,"
|
||||
+ "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
|
||||
{ "OpenSSH*", SSH_NEW_OPENSSH },
|
||||
{ "*MindTerm*", 0 },
|
||||
{ "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
||||
@@ -251,7 +254,6 @@ compat_cipher_proposal(char *cipher_prop
|
||||
return cipher_prop;
|
||||
}
|
||||
|
||||
-
|
||||
char *
|
||||
compat_pkalg_proposal(char *pkalg_prop)
|
||||
{
|
||||
@@ -263,5 +265,18 @@ compat_pkalg_proposal(char *pkalg_prop)
|
||||
if (*pkalg_prop == '\0')
|
||||
fatal("No supported PK algorithms found");
|
||||
return pkalg_prop;
|
||||
+}
|
||||
+
|
||||
+char *
|
||||
+compat_kex_proposal(char *kex_prop)
|
||||
+{
|
||||
+ if (!(datafellows & SSH_BUG_CURVE25519PAD))
|
||||
+ return kex_prop;
|
||||
+ debug2("%s: original KEX proposal: %s", __func__, kex_prop);
|
||||
+ kex_prop = filter_proposal(kex_prop, "curve25519-sha256@libssh.org");
|
||||
+ debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
|
||||
+ if (*kex_prop == '\0')
|
||||
+ fatal("No supported key exchange algorithms found");
|
||||
+ return kex_prop;
|
||||
}
|
||||
|
||||
Index: compat.h
|
||||
===================================================================
|
||||
RCS file: /var/cvs/openssh/compat.h,v
|
||||
retrieving revision 1.42
|
||||
retrieving revision 1.43
|
||||
diff -u -p -r1.42 -r1.43
|
||||
--- compat.h 31 Dec 2013 01:25:41 -0000 1.42
|
||||
+++ compat.h 20 Apr 2014 03:25:31 -0000 1.43
|
||||
@@ -59,6 +59,7 @@
|
||||
#define SSH_BUG_RFWD_ADDR 0x02000000
|
||||
#define SSH_NEW_OPENSSH 0x04000000
|
||||
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
|
||||
+#define SSH_BUG_CURVE25519PAD 0x10000000
|
||||
|
||||
void enable_compat13(void);
|
||||
void enable_compat20(void);
|
||||
@@ -66,6 +67,7 @@ void compat_datafellows(const char *
|
||||
int proto_spec(const char *);
|
||||
char *compat_cipher_proposal(char *);
|
||||
char *compat_pkalg_proposal(char *);
|
||||
+char *compat_kex_proposal(char *);
|
||||
|
||||
extern int compat13;
|
||||
extern int compat20;
|
||||
Index: sshd.c
|
||||
===================================================================
|
||||
RCS file: /var/cvs/openssh/sshd.c,v
|
||||
retrieving revision 1.448
|
||||
retrieving revision 1.453
|
||||
diff -u -p -r1.448 -r1.453
|
||||
--- sshd.c 26 Feb 2014 23:20:08 -0000 1.448
|
||||
+++ sshd.c 20 Apr 2014 03:28:41 -0000 1.453
|
||||
@@ -2462,6 +2438,9 @@ do_ssh2_kex(void)
|
||||
if (options.kex_algorithms != NULL)
|
||||
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
|
||||
|
||||
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
|
||||
+ myproposal[PROPOSAL_KEX_ALGS]);
|
||||
+
|
||||
if (options.rekey_limit || options.rekey_interval)
|
||||
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
|
||||
(time_t)options.rekey_interval);
|
||||
Index: sshconnect2.c
|
||||
===================================================================
|
||||
RCS file: /var/cvs/openssh/sshconnect2.c,v
|
||||
retrieving revision 1.197
|
||||
retrieving revision 1.199
|
||||
diff -u -p -r1.197 -r1.199
|
||||
--- sshconnect2.c 4 Feb 2014 00:20:16 -0000 1.197
|
||||
+++ sshconnect2.c 20 Apr 2014 03:25:31 -0000 1.199
|
||||
@@ -195,6 +196,8 @@ ssh_kex2(char *host, struct sockaddr *ho
|
||||
}
|
||||
if (options.kex_algorithms != NULL)
|
||||
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
|
||||
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
|
||||
+ myproposal[PROPOSAL_KEX_ALGS]);
|
||||
|
||||
if (options.rekey_limit || options.rekey_interval)
|
||||
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
|
||||
Index: bufaux.c
|
||||
===================================================================
|
||||
RCS file: /var/cvs/openssh/bufaux.c,v
|
||||
retrieving revision 1.62
|
||||
retrieving revision 1.63
|
||||
diff -u -p -r1.62 -r1.63
|
||||
--- bufaux.c 4 Feb 2014 00:20:15 -0000 1.62
|
||||
+++ bufaux.c 20 Apr 2014 03:24:50 -0000 1.63
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
|
||||
+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@@ -372,6 +372,9 @@ buffer_put_bignum2_from_string(Buffer *b
|
||||
|
||||
if (l > 8 * 1024)
|
||||
fatal("%s: length %u too long", __func__, l);
|
||||
+ /* Skip leading zero bytes */
|
||||
+ for (; l > 0 && *s == 0; l--, s++)
|
||||
+ ;
|
||||
p = buf = xmalloc(l + 1);
|
||||
/*
|
||||
* If most significant bit is set then prepend a zero byte to
|
||||
_______________________________________________
|
||||
openssh-unix-dev mailing list
|
||||
openssh-unix-dev@mindrot.org
|
||||
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|
||||
|
|
@ -3,7 +3,7 @@ _desc="The OpenSSH implementation of SSH protocol"
|
|||
|
||||
pkgname=openssh
|
||||
version=6.6p1
|
||||
revision=1
|
||||
revision=2
|
||||
build_style=gnu-configure
|
||||
configure_args="--without-tcp-wrappers --datadir=/usr/share/openssh
|
||||
--sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody
|
||||
|
|
|
|||
Loading…
Reference in New Issue