1 files changed, 37 insertions, 19 deletions
diff --git a/sshd.c b/sshd.c
index fd7f182a4..23e8c2de0 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.404 2013/07/19 07:37:48 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.414 2014/01/09 23:26:48 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -319,6 +319,7 @@ static void
 sighup_restart(void)
 {
        logit("Received SIGHUP; restarting.");
+        platform_pre_restart();
        close_listen_socks();
        close_startup_pipes();
        alarm(0);  /* alarm timer persists across exec */
@@ -375,7 +376,7 @@ grace_alarm_handler(int sig)
         */
        if (getpgid(0) == getpid()) {
                signal(SIGTERM, SIG_IGN);
-                killpg(0, SIGTERM);
+                kill(0, SIGTERM);
        }
        /* Log error and exit. */
@@ -401,7 +402,6 @@ generate_ephemeral_server_key(void)
        verbose("RSA key generation complete.");
        arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
-        arc4random_stir();
 }
 /*ARGSUSED*/
@@ -485,10 +485,11 @@ sshd_exchange_identification(int sock_in, int sock_out)
            &remote_major, &remote_minor, remote_version) != 3) {
                s = "Protocol mismatch.\n";
                (void) atomicio(vwrite, sock_out, s, strlen(s));
+                logit("Bad protocol version identification '%.100s' "
+                    "from %s port %d", client_version_string,
+                    get_remote_ipaddr(), get_remote_port());
                close(sock_in);
                close(sock_out);
-                logit("Bad protocol version identification '%.100s' from %s",
-                    client_version_string, get_remote_ipaddr());
                cleanup_exit(255);
        }
        debug("Client protocol version %d.%d; client software version %.100s",
@@ -496,17 +497,24 @@ sshd_exchange_identification(int sock_in, int sock_out)
        compat_datafellows(remote_version);
-        if (datafellows & SSH_BUG_PROBE) {
+        if ((datafellows & SSH_BUG_PROBE) != 0) {
                logit("probed from %s with %s.  Don't panic.",
                    get_remote_ipaddr(), client_version_string);
                cleanup_exit(255);
        }
+        if ((datafellows & SSH_BUG_SCANNER) != 0) {
-        if (datafellows & SSH_BUG_SCANNER) {
                logit("scanned from %s with %s.  Don't panic.",
                    get_remote_ipaddr(), client_version_string);
                cleanup_exit(255);
        }
+        if ((datafellows & SSH_BUG_RSASIGMD5) != 0) {
+                logit("Client version \"%.100s\" uses unsafe RSA signature "
+                    "scheme; disabling use of RSA keys", remote_version);
+        }
+        if ((datafellows & SSH_BUG_DERIVEKEY) != 0) {
+                fatal("Client version \"%.100s\" uses unsafe key agreement; "
+                    "refusing connection", remote_version);
+        }
        mismatch = 0;
        switch (remote_major) {
@@ -618,6 +626,7 @@ privsep_preauth_child(void)
        arc4random_stir();
        arc4random_buf(rnd, sizeof(rnd));
        RAND_seed(rnd, sizeof(rnd));
+        bzero(rnd, sizeof(rnd));
        /* Demote the private keys to public keys. */
        demote_sensitive_data();
@@ -656,7 +665,7 @@ privsep_preauth(Authctxt *authctxt)
        pmonitor->m_pkex = &xxx_kex;
        if (use_privsep == PRIVSEP_ON)
-                box = ssh_sandbox_init();
+                box = ssh_sandbox_init(pmonitor);
        pid = fork();
        if (pid == -1) {
                fatal("fork of unprivileged child failed");
@@ -752,6 +761,7 @@ privsep_postauth(Authctxt *authctxt)
        arc4random_stir();
        arc4random_buf(rnd, sizeof(rnd));
        RAND_seed(rnd, sizeof(rnd));
+        bzero(rnd, sizeof(rnd));
        /* Drop privileges */
        do_setusercontext(authctxt->pw, authctxt->role);
@@ -787,6 +797,7 @@ list_hostkey_types(void)
                case KEY_RSA:
                case KEY_DSA:
                case KEY_ECDSA:
+                case KEY_ED25519:
                        if (buffer_len(&b) > 0)
                                buffer_append(&b, ",", 1);
                        p = key_ssh_name(key);
@@ -803,6 +814,7 @@ list_hostkey_types(void)
                case KEY_RSA_CERT:
                case KEY_DSA_CERT:
                case KEY_ECDSA_CERT:
+                case KEY_ED25519_CERT:
                        if (buffer_len(&b) > 0)
                                buffer_append(&b, ",", 1);
                        p = key_ssh_name(key);
@@ -830,6 +842,7 @@ get_hostkey_by_type(int type, int need_private)
                case KEY_RSA_CERT:
                case KEY_DSA_CERT:
                case KEY_ECDSA_CERT:
+                case KEY_ED25519_CERT:
                        key = sensitive_data.host_certificates[i];
                        break;
                default:
@@ -1144,6 +1157,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
        struct sockaddr_storage from;
        socklen_t fromlen;
        pid_t pid;
+        u_char rnd[256];
        /* setup fd set for accept */
        fdset = NULL;
@@ -1344,6 +1358,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
                         * from that of the child
                         */
                        arc4random_stir();
+                        arc4random_buf(rnd, sizeof(rnd));
+                        RAND_seed(rnd, sizeof(rnd));
+                        bzero(rnd, sizeof(rnd));
                }
                /* child process check (or debug mode) */
@@ -1698,6 +1715,7 @@ main(int ac, char **av)
                case KEY_RSA:
                case KEY_DSA:
                case KEY_ECDSA:
+                case KEY_ED25519:
                        sensitive_data.have_ssh2_key = 1;
                        break;
                }
@@ -1867,9 +1885,6 @@ main(int ac, char **av)
        /* Reinitialize the log (because of the fork above). */
        log_init(__progname, options.log_level, options.log_facility, log_stderr);
-        /* Initialize the random number generator. */
-        arc4random_stir();
        /* Chdir to the root directory so that the current disk can be
           unmounted if desired. */
        if (chdir("/") == -1)
@@ -1945,13 +1960,14 @@ main(int ac, char **av)
                dup2(STDIN_FILENO, STDOUT_FILENO);
                if (startup_pipe == -1)
                        close(REEXEC_STARTUP_PIPE_FD);
-                else
+                else if (startup_pipe != REEXEC_STARTUP_PIPE_FD) {
                        dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD);
+                        close(startup_pipe);
+                        startup_pipe = REEXEC_STARTUP_PIPE_FD;
+                }
                dup2(config_s[1], REEXEC_CONFIG_PASS_FD);
                close(config_s[1]);
-                if (startup_pipe != -1)
-                        close(startup_pipe);
                execv(rexec_argv[0], rexec_argv);
@@ -1962,8 +1978,6 @@ main(int ac, char **av)
                    options.log_facility, log_stderr);
                /* Clean up fds */
-                startup_pipe = REEXEC_STARTUP_PIPE_FD;
-                close(config_s[1]);
                close(REEXEC_CONFIG_PASS_FD);
                newsock = sock_out = sock_in = dup(STDIN_FILENO);
                if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
@@ -2045,7 +2059,9 @@ main(int ac, char **av)
 #endif /* LIBWRAP */
        /* Log the connection. */
-        verbose("Connection from %.500s port %d", remote_ip, remote_port);
+        verbose("Connection from %s port %d on %s port %d",
+            remote_ip, remote_port,
+            get_local_ipaddr(sock_in), get_local_port());
 #ifdef USE_SECURITY_SESSION_API
        /*
@@ -2503,7 +2519,8 @@ do_ssh2_kex(void)
                packet_set_rekey_limits((u_int32_t)options.rekey_limit,
                    (time_t)options.rekey_interval);
-        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
+        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
+            list_hostkey_types());
 #ifdef GSSAPI
        {
@@ -2554,6 +2571,7 @@ do_ssh2_kex(void)
        kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
        kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
        kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+        kex->kex[KEX_C25519_SHA256] = kexc25519_server;
 #ifdef GSSAPI
        if (options.gss_keyex) {
                kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;

diff --git a/sshd.c b/sshd.c index fd7f182a4..23e8c2de0 100644 --- a/sshd.c +++ b/sshd.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshd.c,v 1.404 2013/07/19 07:37:48 markus Exp $ */	1	/* $OpenBSD: sshd.c,v 1.414 2014/01/09 23:26:48 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -319,6 +319,7 @@ static void
319	sighup_restart(void)	319	sighup_restart(void)
320	{	320	{
321	logit("Received SIGHUP; restarting.");	321	logit("Received SIGHUP; restarting.");
		322	platform_pre_restart();
322	close_listen_socks();	323	close_listen_socks();
323	close_startup_pipes();	324	close_startup_pipes();
324	alarm(0); /* alarm timer persists across exec */	325	alarm(0); /* alarm timer persists across exec */
@@ -375,7 +376,7 @@ grace_alarm_handler(int sig)
375	*/	376	*/
376	if (getpgid(0) == getpid()) {	377	if (getpgid(0) == getpid()) {
377	signal(SIGTERM, SIG_IGN);	378	signal(SIGTERM, SIG_IGN);
378	killpg(0, SIGTERM);	379	kill(0, SIGTERM);
379	}	380	}
380		381
381	/* Log error and exit. */	382	/* Log error and exit. */
@@ -401,7 +402,6 @@ generate_ephemeral_server_key(void)
401	verbose("RSA key generation complete.");	402	verbose("RSA key generation complete.");
402		403
403	arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);	404	arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
404	arc4random_stir();
405	}	405	}
406		406
407	/ARGSUSED/	407	/ARGSUSED/
@@ -485,10 +485,11 @@ sshd_exchange_identification(int sock_in, int sock_out)
485	&remote_major, &remote_minor, remote_version) != 3) {	485	&remote_major, &remote_minor, remote_version) != 3) {
486	s = "Protocol mismatch.\n";	486	s = "Protocol mismatch.\n";
487	(void) atomicio(vwrite, sock_out, s, strlen(s));	487	(void) atomicio(vwrite, sock_out, s, strlen(s));
		488	logit("Bad protocol version identification '%.100s' "
		489	"from %s port %d", client_version_string,
		490	get_remote_ipaddr(), get_remote_port());
488	close(sock_in);	491	close(sock_in);
489	close(sock_out);	492	close(sock_out);
490	logit("Bad protocol version identification '%.100s' from %s",
491	client_version_string, get_remote_ipaddr());
492	cleanup_exit(255);	493	cleanup_exit(255);
493	}	494	}
494	debug("Client protocol version %d.%d; client software version %.100s",	495	debug("Client protocol version %d.%d; client software version %.100s",
@@ -496,17 +497,24 @@ sshd_exchange_identification(int sock_in, int sock_out)
496		497
497	compat_datafellows(remote_version);	498	compat_datafellows(remote_version);
498		499
499	if (datafellows & SSH_BUG_PROBE) {	500	if ((datafellows & SSH_BUG_PROBE) != 0) {
500	logit("probed from %s with %s. Don't panic.",	501	logit("probed from %s with %s. Don't panic.",
501	get_remote_ipaddr(), client_version_string);	502	get_remote_ipaddr(), client_version_string);
502	cleanup_exit(255);	503	cleanup_exit(255);
503	}	504	}
504		505	if ((datafellows & SSH_BUG_SCANNER) != 0) {
505	if (datafellows & SSH_BUG_SCANNER) {
506	logit("scanned from %s with %s. Don't panic.",	506	logit("scanned from %s with %s. Don't panic.",
507	get_remote_ipaddr(), client_version_string);	507	get_remote_ipaddr(), client_version_string);
508	cleanup_exit(255);	508	cleanup_exit(255);
509	}	509	}
		510	if ((datafellows & SSH_BUG_RSASIGMD5) != 0) {
		511	logit("Client version \"%.100s\" uses unsafe RSA signature "
		512	"scheme; disabling use of RSA keys", remote_version);
		513	}
		514	if ((datafellows & SSH_BUG_DERIVEKEY) != 0) {
		515	fatal("Client version \"%.100s\" uses unsafe key agreement; "
		516	"refusing connection", remote_version);
		517	}
510		518
511	mismatch = 0;	519	mismatch = 0;
512	switch (remote_major) {	520	switch (remote_major) {
@@ -618,6 +626,7 @@ privsep_preauth_child(void)
618	arc4random_stir();	626	arc4random_stir();
619	arc4random_buf(rnd, sizeof(rnd));	627	arc4random_buf(rnd, sizeof(rnd));
620	RAND_seed(rnd, sizeof(rnd));	628	RAND_seed(rnd, sizeof(rnd));
		629	bzero(rnd, sizeof(rnd));
621		630
622	/* Demote the private keys to public keys. */	631	/* Demote the private keys to public keys. */
623	demote_sensitive_data();	632	demote_sensitive_data();
@@ -656,7 +665,7 @@ privsep_preauth(Authctxt *authctxt)
656	pmonitor->m_pkex = &xxx_kex;	665	pmonitor->m_pkex = &xxx_kex;
657		666
658	if (use_privsep == PRIVSEP_ON)	667	if (use_privsep == PRIVSEP_ON)
659	box = ssh_sandbox_init();	668	box = ssh_sandbox_init(pmonitor);
660	pid = fork();	669	pid = fork();
661	if (pid == -1) {	670	if (pid == -1) {
662	fatal("fork of unprivileged child failed");	671	fatal("fork of unprivileged child failed");
@@ -752,6 +761,7 @@ privsep_postauth(Authctxt *authctxt)
752	arc4random_stir();	761	arc4random_stir();
753	arc4random_buf(rnd, sizeof(rnd));	762	arc4random_buf(rnd, sizeof(rnd));
754	RAND_seed(rnd, sizeof(rnd));	763	RAND_seed(rnd, sizeof(rnd));
		764	bzero(rnd, sizeof(rnd));
755		765
756	/* Drop privileges */	766	/* Drop privileges */
757	do_setusercontext(authctxt->pw, authctxt->role);	767	do_setusercontext(authctxt->pw, authctxt->role);
@@ -787,6 +797,7 @@ list_hostkey_types(void)
787	case KEY_RSA:	797	case KEY_RSA:
788	case KEY_DSA:	798	case KEY_DSA:
789	case KEY_ECDSA:	799	case KEY_ECDSA:
		800	case KEY_ED25519:
790	if (buffer_len(&b) > 0)	801	if (buffer_len(&b) > 0)
791	buffer_append(&b, ",", 1);	802	buffer_append(&b, ",", 1);
792	p = key_ssh_name(key);	803	p = key_ssh_name(key);
@@ -803,6 +814,7 @@ list_hostkey_types(void)
803	case KEY_RSA_CERT:	814	case KEY_RSA_CERT:
804	case KEY_DSA_CERT:	815	case KEY_DSA_CERT:
805	case KEY_ECDSA_CERT:	816	case KEY_ECDSA_CERT:
		817	case KEY_ED25519_CERT:
806	if (buffer_len(&b) > 0)	818	if (buffer_len(&b) > 0)
807	buffer_append(&b, ",", 1);	819	buffer_append(&b, ",", 1);
808	p = key_ssh_name(key);	820	p = key_ssh_name(key);
@@ -830,6 +842,7 @@ get_hostkey_by_type(int type, int need_private)
830	case KEY_RSA_CERT:	842	case KEY_RSA_CERT:
831	case KEY_DSA_CERT:	843	case KEY_DSA_CERT:
832	case KEY_ECDSA_CERT:	844	case KEY_ECDSA_CERT:
		845	case KEY_ED25519_CERT:
833	key = sensitive_data.host_certificates[i];	846	key = sensitive_data.host_certificates[i];
834	break;	847	break;
835	default:	848	default:
@@ -1144,6 +1157,7 @@ server_accept_loop(int sock_in, int sock_out, int newsock, int config_s)
1144	struct sockaddr_storage from;	1157	struct sockaddr_storage from;
1145	socklen_t fromlen;	1158	socklen_t fromlen;
1146	pid_t pid;	1159	pid_t pid;
		1160	u_char rnd[256];
1147		1161
1148	/* setup fd set for accept */	1162	/* setup fd set for accept */
1149	fdset = NULL;	1163	fdset = NULL;
@@ -1344,6 +1358,9 @@ server_accept_loop(int sock_in, int sock_out, int newsock, int config_s)
1344	* from that of the child	1358	* from that of the child
1345	*/	1359	*/
1346	arc4random_stir();	1360	arc4random_stir();
		1361	arc4random_buf(rnd, sizeof(rnd));
		1362	RAND_seed(rnd, sizeof(rnd));
		1363	bzero(rnd, sizeof(rnd));
1347	}	1364	}
1348		1365
1349	/* child process check (or debug mode) */	1366	/* child process check (or debug mode) */
@@ -1698,6 +1715,7 @@ main(int ac, char **av)
1698	case KEY_RSA:	1715	case KEY_RSA:
1699	case KEY_DSA:	1716	case KEY_DSA:
1700	case KEY_ECDSA:	1717	case KEY_ECDSA:
		1718	case KEY_ED25519:
1701	sensitive_data.have_ssh2_key = 1;	1719	sensitive_data.have_ssh2_key = 1;
1702	break;	1720	break;
1703	}	1721	}
@@ -1867,9 +1885,6 @@ main(int ac, char **av)
1867	/* Reinitialize the log (because of the fork above). */	1885	/* Reinitialize the log (because of the fork above). */
1868	log_init(__progname, options.log_level, options.log_facility, log_stderr);	1886	log_init(__progname, options.log_level, options.log_facility, log_stderr);
1869		1887
1870	/* Initialize the random number generator. */
1871	arc4random_stir();
1872
1873	/* Chdir to the root directory so that the current disk can be	1888	/* Chdir to the root directory so that the current disk can be
1874	unmounted if desired. */	1889	unmounted if desired. */
1875	if (chdir("/") == -1)	1890	if (chdir("/") == -1)
@@ -1945,13 +1960,14 @@ main(int ac, char **av)
1945	dup2(STDIN_FILENO, STDOUT_FILENO);	1960	dup2(STDIN_FILENO, STDOUT_FILENO);
1946	if (startup_pipe == -1)	1961	if (startup_pipe == -1)
1947	close(REEXEC_STARTUP_PIPE_FD);	1962	close(REEXEC_STARTUP_PIPE_FD);
1948	else	1963	else if (startup_pipe != REEXEC_STARTUP_PIPE_FD) {
1949	dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD);	1964	dup2(startup_pipe, REEXEC_STARTUP_PIPE_FD);
		1965	close(startup_pipe);
		1966	startup_pipe = REEXEC_STARTUP_PIPE_FD;
		1967	}
1950		1968
1951	dup2(config_s[1], REEXEC_CONFIG_PASS_FD);	1969	dup2(config_s[1], REEXEC_CONFIG_PASS_FD);
1952	close(config_s[1]);	1970	close(config_s[1]);
1953	if (startup_pipe != -1)
1954	close(startup_pipe);
1955		1971
1956	execv(rexec_argv[0], rexec_argv);	1972	execv(rexec_argv[0], rexec_argv);
1957		1973
@@ -1962,8 +1978,6 @@ main(int ac, char **av)
1962	options.log_facility, log_stderr);	1978	options.log_facility, log_stderr);
1963		1979
1964	/* Clean up fds */	1980	/* Clean up fds */
1965	startup_pipe = REEXEC_STARTUP_PIPE_FD;
1966	close(config_s[1]);
1967	close(REEXEC_CONFIG_PASS_FD);	1981	close(REEXEC_CONFIG_PASS_FD);
1968	newsock = sock_out = sock_in = dup(STDIN_FILENO);	1982	newsock = sock_out = sock_in = dup(STDIN_FILENO);
1969	if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {	1983	if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
@@ -2045,7 +2059,9 @@ main(int ac, char **av)
2045	#endif /* LIBWRAP */	2059	#endif /* LIBWRAP */
2046		2060
2047	/* Log the connection. */	2061	/* Log the connection. */
2048	verbose("Connection from %.500s port %d", remote_ip, remote_port);	2062	verbose("Connection from %s port %d on %s port %d",
		2063	remote_ip, remote_port,
		2064	get_local_ipaddr(sock_in), get_local_port());
2049		2065
2050	#ifdef USE_SECURITY_SESSION_API	2066	#ifdef USE_SECURITY_SESSION_API
2051	/*	2067	/*
@@ -2503,7 +2519,8 @@ do_ssh2_kex(void)
2503	packet_set_rekey_limits((u_int32_t)options.rekey_limit,	2519	packet_set_rekey_limits((u_int32_t)options.rekey_limit,
2504	(time_t)options.rekey_interval);	2520	(time_t)options.rekey_interval);
2505		2521
2506	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();	2522	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
		2523	list_hostkey_types());
2507		2524
2508	#ifdef GSSAPI	2525	#ifdef GSSAPI
2509	{	2526	{
@@ -2554,6 +2571,7 @@ do_ssh2_kex(void)
2554	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;	2571	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
2555	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;	2572	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
2556	kex->kex[KEX_ECDH_SHA2] = kexecdh_server;	2573	kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
		2574	kex->kex[KEX_C25519_SHA256] = kexc25519_server;
2557	#ifdef GSSAPI	2575	#ifdef GSSAPI
2558	if (options.gss_keyex) {	2576	if (options.gss_keyex) {
2559	kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;	2577	kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;