- markus@cvs.openbsd.org 2009/01/26 09:58:15

[cipher.c cipher.h packet.c] Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
author: Damien Miller <djm@mindrot.org> 2009-01-28 16:38:41 +1100
committer: Damien Miller <djm@mindrot.org> 2009-01-28 16:38:41 +1100
commit: 13ae44ce5865b720708aae9cb1d2e2f08a0d90cb (patch)
tree: b9acd30c2e1edfa1a4b7dcc26b8c11f8ea77b855 /cipher.c
parent: 9aa72ba57af907af8f7228f64fca8a474797898f (diff)
1 files changed, 28 insertions, 21 deletions
diff --git a/cipher.c b/cipher.c
index b264063c4..bb5c0ac3a 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.81 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: cipher.c,v 1.82 2009/01/26 09:58:15 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -63,31 +63,32 @@ struct Cipher {
        u_int   block_size;
        u_int   key_len;
        u_int   discard_len;
+        u_int   cbc_mode;
        const EVP_CIPHER        *(*evptype)(void);
 } ciphers[] = {
-        { "none",               SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null },
+        { "none",               SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
-        { "des",                SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc },
+        { "des",                SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
-        { "3des",               SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des },
+        { "3des",               SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
-        { "blowfish",           SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf },
+        { "blowfish",           SSH_CIPHER_BLOWFISH, 8, 32, 0, 1, evp_ssh1_bf },
-        { "3des-cbc",           SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc },
+        { "3des-cbc",           SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc },
-        { "blowfish-cbc",       SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc },
+        { "blowfish-cbc",       SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_bf_cbc },
-        { "cast128-cbc",        SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc },
+        { "cast128-cbc",        SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_cast5_cbc },
-        { "arcfour",            SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 },
+        { "arcfour",            SSH_CIPHER_SSH2, 8, 16, 0, 0, EVP_rc4 },
-        { "arcfour128",         SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 },
+        { "arcfour128",         SSH_CIPHER_SSH2, 8, 16, 1536, 0, EVP_rc4 },
-        { "arcfour256",         SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 },
+        { "arcfour256",         SSH_CIPHER_SSH2, 8, 32, 1536, 0, EVP_rc4 },
-        { "aes128-cbc",         SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc },
+        { "aes128-cbc",         SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc },
-        { "aes192-cbc",         SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc },
+        { "aes192-cbc",         SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc },
-        { "aes256-cbc",         SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
+        { "aes256-cbc",         SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
        { "rijndael-cbc@lysator.liu.se",
-                                SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
+                                SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
-        { "aes128-ctr",         SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },
+        { "aes128-ctr",         SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr },
-        { "aes192-ctr",         SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },
+        { "aes192-ctr",         SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr },
-        { "aes256-ctr",         SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },
+        { "aes256-ctr",         SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr },
 #ifdef USE_CIPHER_ACSS
-        { "acss@openssh.org",   SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss },
+        { "acss@openssh.org",   SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss },
 #endif
-        { NULL,                 SSH_CIPHER_INVALID, 0, 0, 0, NULL }
+        { NULL,                 SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL }
 };
 /*--*/
@@ -111,6 +112,12 @@ cipher_get_number(const Cipher *c)
 }
 u_int
+cipher_is_cbc(const Cipher *c)
+{
+        return (c->cbc_mode);
+}
+u_int
 cipher_mask_ssh1(int client)
 {
        u_int mask = 0;
author	Damien Miller <djm@mindrot.org>	2009-01-28 16:38:41 +1100
committer	Damien Miller <djm@mindrot.org>	2009-01-28 16:38:41 +1100
commit	13ae44ce5865b720708aae9cb1d2e2f08a0d90cb (patch)
tree	b9acd30c2e1edfa1a4b7dcc26b8c11f8ea77b855 /cipher.c
parent	9aa72ba57af907af8f7228f64fca8a474797898f (diff)

diff --git a/cipher.c b/cipher.c index b264063c4..bb5c0ac3a 100644 --- a/cipher.c +++ b/cipher.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: cipher.c,v 1.81 2006/08/03 03:34:42 deraadt Exp $ */	1	/* $OpenBSD: cipher.c,v 1.82 2009/01/26 09:58:15 markus Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -63,31 +63,32 @@ struct Cipher {
63	u_int block_size;	63	u_int block_size;
64	u_int key_len;	64	u_int key_len;
65	u_int discard_len;	65	u_int discard_len;
		66	u_int cbc_mode;
66	const EVP_CIPHER (evptype)(void);	67	const EVP_CIPHER (evptype)(void);
67	} ciphers[] = {	68	} ciphers[] = {
68	{ "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null },	69	{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
69	{ "des", SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc },	70	{ "des", SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
70	{ "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des },	71	{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
71	{ "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf },	72	{ "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 1, evp_ssh1_bf },
72		73
73	{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc },	74	{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc },
74	{ "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc },	75	{ "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_bf_cbc },
75	{ "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc },	76	{ "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_cast5_cbc },
76	{ "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 },	77	{ "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, EVP_rc4 },
77	{ "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 },	78	{ "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, 0, EVP_rc4 },
78	{ "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 },	79	{ "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, 0, EVP_rc4 },
79	{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc },	80	{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc },
80	{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc },	81	{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc },
81	{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },	82	{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
82	{ "rijndael-cbc@lysator.liu.se",	83	{ "rijndael-cbc@lysator.liu.se",
83	SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },	84	SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
84	{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },	85	{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr },
85	{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },	86	{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr },
86	{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },	87	{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr },
87	#ifdef USE_CIPHER_ACSS	88	#ifdef USE_CIPHER_ACSS
88	{ "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss },	89	{ "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss },
89	#endif	90	#endif
90	{ NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL }	91	{ NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL }
91	};	92	};
92		93
93	/--/	94	/--/
@@ -111,6 +112,12 @@ cipher_get_number(const Cipher *c)
111	}	112	}
112		113
113	u_int	114	u_int
		115	cipher_is_cbc(const Cipher *c)
		116	{
		117	return (c->cbc_mode);
		118	}
		119
		120	u_int
114	cipher_mask_ssh1(int client)	121	cipher_mask_ssh1(int client)
115	{	122	{
116	u_int mask = 0;	123	u_int mask = 0;