From 3a3261ff99f660b8191f3e5366054566fb0a05de Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 15 May 2003 13:37:19 +1000 Subject: - markus@cvs.openbsd.org 2003/05/15 03:08:29 [cipher.c cipher-bf1.c cipher-aes.c cipher-3des1.c] split out custom EVP ciphers --- cipher-bf1.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 cipher-bf1.c (limited to 'cipher-bf1.c') diff --git a/cipher-bf1.c b/cipher-bf1.c new file mode 100644 index 000000000..64578bae8 --- /dev/null +++ b/cipher-bf1.c @@ -0,0 +1,97 @@ +/* + * Copyright (c) 2003 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" +RCSID("$OpenBSD: cipher-bf1.c,v 1.1 2003/05/15 03:08:29 markus Exp $"); + +#include +#include "xmalloc.h" +#include "log.h" +/* + * SSH1 uses a variation on Blowfish, all bytes must be swapped before + * and after encryption/decryption. Thus the swap_bytes stuff (yuk). + */ + +const EVP_CIPHER * evp_ssh1_bf(void); + +static void +swap_bytes(const u_char *src, u_char *dst, int n) +{ + u_char c[4]; + + /* Process 4 bytes every lap. */ + for (n = n / 4; n > 0; n--) { + c[3] = *src++; + c[2] = *src++; + c[1] = *src++; + c[0] = *src++; + + *dst++ = c[0]; + *dst++ = c[1]; + *dst++ = c[2]; + *dst++ = c[3]; + } +} + +#ifdef SSH_OLD_EVP +static void bf_ssh1_init (EVP_CIPHER_CTX * ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + if (iv != NULL) + memcpy (&(ctx->oiv[0]), iv, 8); + memcpy (&(ctx->iv[0]), &(ctx->oiv[0]), 8); + if (key != NULL) + BF_set_key (&(ctx->c.bf_ks), EVP_CIPHER_CTX_key_length (ctx), + key); +} +#endif + +static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL; + +static int +bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len) +{ + int ret; + + swap_bytes(in, out, len); + ret = (*orig_bf)(ctx, out, out, len); + swap_bytes(out, out, len); + return (ret); +} + +const EVP_CIPHER * +evp_ssh1_bf(void) +{ + static EVP_CIPHER ssh1_bf; + + memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER)); + orig_bf = ssh1_bf.do_cipher; + ssh1_bf.nid = NID_undef; +#ifdef SSH_OLD_EVP + ssh1_bf.init = bf_ssh1_init; +#endif + ssh1_bf.do_cipher = bf_ssh1_cipher; + ssh1_bf.key_len = 32; + return (&ssh1_bf); +} -- cgit v1.2.3 From e043e8e2211ee07e98f95fe975cca56959eb6c59 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 23 Sep 2003 19:24:21 +1000 Subject: - (djm) Fix SSH1 challenge kludge - (djm) Bug #671: Fix builds on OpenBSD - (djm) Bug #676: Fix PAM stack corruption - (djm) Fix bad free() in PAM code - (djm) Don't call pam_end before pam_init - (djm) Enable build with old OpenSSL again - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu --- ChangeLog | 10 ++++++- INSTALL | 19 +++---------- auth-chall.c | 2 +- auth-pam.c | 84 +++++++++++++++++++++++++++++++++++++--------------------- cipher-3des1.c | 4 +++ cipher-aes.c | 4 +++ cipher-bf1.c | 5 ++++ cipher-ctr.c | 6 +++++ cipher.c | 2 ++ configure.ac | 4 +-- log.c | 3 +++ servconf.c | 2 +- sftp-int.c | 1 + 13 files changed, 95 insertions(+), 51 deletions(-) (limited to 'cipher-bf1.c') diff --git a/ChangeLog b/ChangeLog index b49a8536e..9b34d4a6e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,14 @@ - markus@cvs.openbsd.org 2003/09/19 09:02:02 [packet.c] buffer_dump only if PACKET_DEBUG is defined; Jedi/Sector One; pr 3471 + - (djm) Fix SSH1 challenge kludge + - (djm) Bug #671: Fix builds on OpenBSD + - (djm) Bug #676: Fix PAM stack corruption + - (djm) Fix bad free() in PAM code + - (djm) Don't call pam_end before pam_init + - (djm) Enable build with old OpenSSL again + - (djm) Trim deprecated options from INSTALL. Mention UsePAM + - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 20030922 - (dtucker) [Makefile.in] Bug #644: Fix "make clean" for out-of-tree @@ -1178,4 +1186,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2994.2.31 2003/09/23 09:00:41 dtucker Exp $ +$Id: ChangeLog,v 1.2994.2.32 2003/09/23 09:24:21 djm Exp $ diff --git a/INSTALL b/INSTALL index 7b6f71d53..0df6fba10 100644 --- a/INSTALL +++ b/INSTALL @@ -101,11 +101,8 @@ name). There are a few other options to the configure script: ---with-pam enables PAM support. - ---enable-gnome-askpass will build the GNOME passphrase dialog. You -need a working installation of GNOME, including the development -headers, for this to work. +--with-pam enables PAM support. If PAM support is compiled in, it must +also be enabled in sshd_config (refer to the UsePAM directive). --with-prngd-socket=/some/file allows you to enable EGD or PRNGD support and to specify a PRNGd socket. Use this if your Unix lacks @@ -126,16 +123,6 @@ it if lastlog is installed in a different place. --with-osfsia, --without-osfsia will enable or disable OSF1's Security Integration Architecture. The default for OSF1 machines is enable. ---with-kerberos4=PATH will enable Kerberos IV support. You will need -to have the Kerberos libraries and header files installed for this -to work. Use the optional PATH argument to specify the root of your -Kerberos installation. - ---with-afs=PATH will enable AFS support. You will need to have the -Kerberos IV and the AFS libraries and header files installed for this -to work. Use the optional PATH argument to specify the root of your -AFS installation. AFS requires Kerberos support to be enabled. - --with-skey=PATH will enable S/Key one time password support. You will need the S/Key libraries and header files installed for this to work. @@ -211,4 +198,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.56.2.3 2003/09/22 03:29:00 dtucker Exp $ +$Id: INSTALL,v 1.56.2.4 2003/09/23 09:24:21 djm Exp $ diff --git a/auth-chall.c b/auth-chall.c index 6b7c8bd13..00d6e0ec5 100644 --- a/auth-chall.c +++ b/auth-chall.c @@ -92,7 +92,7 @@ verify_response(Authctxt *authctxt, const char *response) xfree(info); } /* if we received more prompts, we're screwed */ - res = (numprompts != 0); + res = (res == 0 && numprompts == 0) ? 0 : -1; } device->free_ctx(authctxt->kbdintctxt); authctxt->kbdintctxt = NULL; diff --git a/auth-pam.c b/auth-pam.c index 754cbf6df..2c8feb65d 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -31,7 +31,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.72.2.1 2003/09/16 06:00:52 djm Exp $"); +RCSID("$Id: auth-pam.c,v 1.72.2.2 2003/09/23 09:24:21 djm Exp $"); #ifdef USE_PAM #include @@ -111,12 +111,12 @@ pthread_join(sp_pthread_t thread, void **value __unused) #endif -static pam_handle_t *sshpam_handle; -static int sshpam_err; -static int sshpam_authenticated; -static int sshpam_new_authtok_reqd; -static int sshpam_session_open; -static int sshpam_cred_established; +static pam_handle_t *sshpam_handle = NULL; +static int sshpam_err = 0; +static int sshpam_authenticated = 0; +static int sshpam_new_authtok_reqd = 0; +static int sshpam_session_open = 0; +static int sshpam_cred_established = 0; struct pam_ctxt { sp_pthread_t pam_thread; @@ -136,42 +136,51 @@ sshpam_thread_conv(int n, const struct pam_message **msg, { Buffer buffer; struct pam_ctxt *ctxt; + struct pam_response *reply; int i; + *resp = NULL; + ctxt = data; if (n <= 0 || n > PAM_MAX_NUM_MSG) return (PAM_CONV_ERR); - *resp = xmalloc(n * sizeof **resp); + + if ((reply = malloc(n * sizeof(*reply))) == NULL) + return (PAM_CONV_ERR); + memset(reply, 0, n * sizeof(*reply)); + buffer_init(&buffer); for (i = 0; i < n; ++i) { - resp[i]->resp_retcode = 0; - resp[i]->resp = NULL; switch (PAM_MSG_MEMBER(msg, i, msg_style)) { case PAM_PROMPT_ECHO_OFF: - buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); + buffer_put_cstring(&buffer, + PAM_MSG_MEMBER(msg, i, msg)); ssh_msg_send(ctxt->pam_csock, PAM_MSG_MEMBER(msg, i, msg_style), &buffer); ssh_msg_recv(ctxt->pam_csock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; - resp[i]->resp = buffer_get_string(&buffer, NULL); + reply[i].resp = buffer_get_string(&buffer, NULL); break; case PAM_PROMPT_ECHO_ON: - buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); + buffer_put_cstring(&buffer, + PAM_MSG_MEMBER(msg, i, msg)); ssh_msg_send(ctxt->pam_csock, PAM_MSG_MEMBER(msg, i, msg_style), &buffer); ssh_msg_recv(ctxt->pam_csock, &buffer); if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; - resp[i]->resp = buffer_get_string(&buffer, NULL); + reply[i].resp = buffer_get_string(&buffer, NULL); break; case PAM_ERROR_MSG: - buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); + buffer_put_cstring(&buffer, + PAM_MSG_MEMBER(msg, i, msg)); ssh_msg_send(ctxt->pam_csock, PAM_MSG_MEMBER(msg, i, msg_style), &buffer); break; case PAM_TEXT_INFO: - buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); + buffer_put_cstring(&buffer, + PAM_MSG_MEMBER(msg, i, msg)); ssh_msg_send(ctxt->pam_csock, PAM_MSG_MEMBER(msg, i, msg_style), &buffer); break; @@ -181,12 +190,15 @@ sshpam_thread_conv(int n, const struct pam_message **msg, buffer_clear(&buffer); } buffer_free(&buffer); + *resp = reply; return (PAM_SUCCESS); + fail: - while (i) - xfree(resp[--i]); - xfree(*resp); - *resp = NULL; + for(i = 0; i < n; i++) { + if (reply[i].resp != NULL) + xfree(reply[i].resp); + } + xfree(reply); buffer_free(&buffer); return (PAM_CONV_ERR); } @@ -258,6 +270,8 @@ sshpam_cleanup(void *arg) { (void)arg; debug("PAM: cleanup"); + if (sshpam_handle == NULL) + return; pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv); if (sshpam_cred_established) { pam_setcred(sshpam_handle, PAM_DELETE_CRED); @@ -600,40 +614,50 @@ pam_chauthtok_conv(int n, const struct pam_message **msg, struct pam_response **resp, void *data) { char input[PAM_MAX_MSG_SIZE]; + struct pam_response *reply; int i; + *resp = NULL; + if (n <= 0 || n > PAM_MAX_NUM_MSG) return (PAM_CONV_ERR); - *resp = xmalloc(n * sizeof **resp); + + if ((reply = malloc(n * sizeof(*reply))) == NULL) + return (PAM_CONV_ERR); + memset(reply, 0, n * sizeof(*reply)); + for (i = 0; i < n; ++i) { switch (PAM_MSG_MEMBER(msg, i, msg_style)) { case PAM_PROMPT_ECHO_OFF: - resp[i]->resp = + reply[i].resp = read_passphrase(PAM_MSG_MEMBER(msg, i, msg), RP_ALLOW_STDIN); - resp[i]->resp_retcode = PAM_SUCCESS; + reply[i].resp_retcode = PAM_SUCCESS; break; case PAM_PROMPT_ECHO_ON: fputs(PAM_MSG_MEMBER(msg, i, msg), stderr); fgets(input, sizeof input, stdin); - resp[i]->resp = xstrdup(input); - resp[i]->resp_retcode = PAM_SUCCESS; + reply[i].resp = xstrdup(input); + reply[i].resp_retcode = PAM_SUCCESS; break; case PAM_ERROR_MSG: case PAM_TEXT_INFO: fputs(PAM_MSG_MEMBER(msg, i, msg), stderr); - resp[i]->resp_retcode = PAM_SUCCESS; + reply[i].resp_retcode = PAM_SUCCESS; break; default: goto fail; } } + *resp = reply; return (PAM_SUCCESS); + fail: - while (i) - xfree(resp[--i]); - xfree(*resp); - *resp = NULL; + for(i = 0; i < n; i++) { + if (reply[i].resp != NULL) + xfree(reply[i].resp); + } + xfree(reply); return (PAM_CONV_ERR); } diff --git a/cipher-3des1.c b/cipher-3des1.c index f9a352397..6f9f5dd6b 100644 --- a/cipher-3des1.c +++ b/cipher-3des1.c @@ -29,6 +29,10 @@ RCSID("$OpenBSD: cipher-3des1.c,v 1.1 2003/05/15 03:08:29 markus Exp $"); #include "xmalloc.h" #include "log.h" +#if OPENSSL_VERSION_NUMBER < 0x00906000L +#define SSH_OLD_EVP +#endif + /* * This is used by SSH1: * diff --git a/cipher-aes.c b/cipher-aes.c index c41def600..7ba950191 100644 --- a/cipher-aes.c +++ b/cipher-aes.c @@ -31,6 +31,10 @@ RCSID("$OpenBSD: cipher-aes.c,v 1.1 2003/05/15 03:08:29 markus Exp $"); #include "xmalloc.h" #include "log.h" +#if OPENSSL_VERSION_NUMBER < 0x00906000L +#define SSH_OLD_EVP +#endif + #define RIJNDAEL_BLOCKSIZE 16 struct ssh_rijndael_ctx { diff --git a/cipher-bf1.c b/cipher-bf1.c index 64578bae8..5af695c17 100644 --- a/cipher-bf1.c +++ b/cipher-bf1.c @@ -28,6 +28,11 @@ RCSID("$OpenBSD: cipher-bf1.c,v 1.1 2003/05/15 03:08:29 markus Exp $"); #include #include "xmalloc.h" #include "log.h" + +#if OPENSSL_VERSION_NUMBER < 0x00906000L +#define SSH_OLD_EVP +#endif + /* * SSH1 uses a variation on Blowfish, all bytes must be swapped before * and after encryption/decryption. Thus the swap_bytes stuff (yuk). diff --git a/cipher-ctr.c b/cipher-ctr.c index a2bab5c14..4f0814b22 100644 --- a/cipher-ctr.c +++ b/cipher-ctr.c @@ -21,6 +21,10 @@ RCSID("$OpenBSD: cipher-ctr.c,v 1.2 2003/06/17 18:14:23 markus Exp $"); #include "log.h" #include "xmalloc.h" +#if OPENSSL_VERSION_NUMBER < 0x00906000L +#define SSH_OLD_EVP +#endif + #if OPENSSL_VERSION_NUMBER < 0x00907000L #include "rijndael.h" #define AES_KEY rijndael_ctx @@ -135,7 +139,9 @@ evp_aes_128_ctr(void) aes_ctr.init = ssh_aes_ctr_init; aes_ctr.cleanup = ssh_aes_ctr_cleanup; aes_ctr.do_cipher = ssh_aes_ctr; +#ifndef SSH_OLD_EVP aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; +#endif return (&aes_ctr); } diff --git a/cipher.c b/cipher.c index e7c3c5411..ce533670b 100644 --- a/cipher.c +++ b/cipher.c @@ -87,9 +87,11 @@ struct Cipher { { "rijndael-cbc@lysator.liu.se", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, #endif +#if OPENSSL_VERSION_NUMBER >= 0x00906000L { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, +#endif { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL } }; diff --git a/configure.ac b/configure.ac index 716431080..916dc1075 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.154.2.10 2003/09/23 02:51:37 tim Exp $ +# $Id: configure.ac,v 1.154.2.11 2003/09/23 09:24:21 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -480,7 +480,7 @@ AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \ sys/cdefs.h sys/mman.h sys/pstat.h sys/select.h sys/stat.h \ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \ sys/un.h time.h tmpdir.h ttyent.h usersec.h \ - util.h utime.h utmp.h utmpx.h) + util.h utime.h utmp.h utmpx.h vis.h) # Checks for libraries. AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) diff --git a/log.c b/log.c index 58ce8e5dd..9bce2555b 100644 --- a/log.c +++ b/log.c @@ -40,6 +40,9 @@ RCSID("$OpenBSD: log.c,v 1.28 2003/05/24 09:02:22 djm Exp $"); #include "xmalloc.h" #include +#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) +# include +#endif static LogLevel log_level = SYSLOG_LEVEL_INFO; static int log_on_stderr = 1; diff --git a/servconf.c b/servconf.c index 71e28b3cb..58f49a2f4 100644 --- a/servconf.c +++ b/servconf.c @@ -110,7 +110,7 @@ fill_default_server_options(ServerOptions *options) { /* Portable-specific options */ if (options->use_pam == -1) - options->use_pam = 1; + options->use_pam = 0; /* Standard Options */ if (options->protocol == SSH_PROTO_UNKNOWN) diff --git a/sftp-int.c b/sftp-int.c index 94299aa43..c93eaabff 100644 --- a/sftp-int.c +++ b/sftp-int.c @@ -351,6 +351,7 @@ get_pathname(const char **cpp, char **path) for (i = j = 0; i <= strlen(cp); i++) { if (cp[i] == quot) { /* Found quote */ (*path)[j] = '\0'; + i++; break; } if (cp[i] == '\0') { /* End of string */ -- cgit v1.2.3