From 4ba0d54794814ec0de1ec87987d0c3b89379b436 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 3 Jul 2018 11:39:54 +0000 Subject: upstream: Improve strictness and control over RSA-SHA2 signature In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@ OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde --- kex.c | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) (limited to 'kex.c') diff --git a/kex.c b/kex.c index 15ea28b07..d0a5f1b66 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.136 2018/02/07 02:06:50 jsing Exp $ */ +/* $OpenBSD: kex.c,v 1.137 2018/07/03 11:39:54 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -342,6 +342,7 @@ kex_send_ext_info(struct ssh *ssh) if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL) return SSH_ERR_ALLOC_FAIL; + /* XXX filter algs list by allowed pubkey/hostbased types */ if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || (r = sshpkt_put_u32(ssh, 1)) != 0 || (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 || @@ -378,7 +379,7 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) { struct kex *kex = ssh->kex; u_int32_t i, ninfo; - char *name, *found; + char *name; u_char *val; size_t vlen; int r; @@ -401,16 +402,8 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) return SSH_ERR_INVALID_FORMAT; } debug("%s: %s=<%s>", __func__, name, val); - found = match_list("rsa-sha2-256", val, NULL); - if (found) { - kex->rsa_sha2 = 256; - free(found); - } - found = match_list("rsa-sha2-512", val, NULL); - if (found) { - kex->rsa_sha2 = 512; - free(found); - } + kex->server_sig_algs = val; + val = NULL; } else debug("%s: %s (unrecognised)", __func__, name); free(name); -- cgit v1.2.3 From 312d2f2861a2598ed08587cb6c45c0e98a85408f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 4 Jul 2018 13:49:31 +0000 Subject: upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA signature work - returns ability to add/remove/specify algorithms by wildcard. Algorithm lists are now fully expanded when the server/client configs are finalised, so errors are reported early and the config dumps (e.g. "ssh -G ...") now list the actual algorithms selected. Clarify that, while wildcards are accepted in algorithm lists, they aren't full pattern-lists that support negation. (lots of) feedback, ok markus@ OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207 --- compat.c | 18 +++++------ kex.c | 95 ++++++++++++++++++++++++++++++++++++++++++++++++----------- kex.h | 4 +-- match.c | 36 ++++++++++++++++++---- match.h | 5 ++-- readconf.c | 38 +++++++++++++++++------- servconf.c | 32 ++++++++++++++------ ssh_config.5 | 8 ++--- sshconnect2.c | 10 ++++--- sshd_config.5 | 8 ++--- 10 files changed, 187 insertions(+), 67 deletions(-) (limited to 'kex.c') diff --git a/compat.c b/compat.c index 8335f2a94..d8fd6eaf8 100644 --- a/compat.c +++ b/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.109 2018/07/03 11:42:12 djm Exp $ */ +/* $OpenBSD: compat.c,v 1.110 2018/07/04 13:49:31 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -190,8 +190,8 @@ compat_cipher_proposal(char *cipher_prop) if (!(datafellows & SSH_BUG_BIGENDIANAES)) return cipher_prop; debug2("%s: original cipher proposal: %s", __func__, cipher_prop); - if ((cipher_prop = match_filter_list(cipher_prop, "aes*")) == NULL) - fatal("match_filter_list failed"); + if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL) + fatal("match_filter_blacklist failed"); debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); if (*cipher_prop == '\0') fatal("No supported ciphers found"); @@ -204,8 +204,8 @@ compat_pkalg_proposal(char *pkalg_prop) if (!(datafellows & SSH_BUG_RSASIGMD5)) return pkalg_prop; debug2("%s: original public key proposal: %s", __func__, pkalg_prop); - if ((pkalg_prop = match_filter_list(pkalg_prop, "ssh-rsa")) == NULL) - fatal("match_filter_list failed"); + if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL) + fatal("match_filter_blacklist failed"); debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); if (*pkalg_prop == '\0') fatal("No supported PK algorithms found"); @@ -219,14 +219,14 @@ compat_kex_proposal(char *p) return p; debug2("%s: original KEX proposal: %s", __func__, p); if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) - if ((p = match_filter_list(p, + if ((p = match_filter_blacklist(p, "curve25519-sha256@libssh.org")) == NULL) - fatal("match_filter_list failed"); + fatal("match_filter_blacklist failed"); if ((datafellows & SSH_OLD_DHGEX) != 0) { - if ((p = match_filter_list(p, + if ((p = match_filter_blacklist(p, "diffie-hellman-group-exchange-sha256," "diffie-hellman-group-exchange-sha1")) == NULL) - fatal("match_filter_list failed"); + fatal("match_filter_blacklist failed"); } debug2("%s: compat KEX proposal: %s", __func__, p); if (*p == '\0') diff --git a/kex.c b/kex.c index d0a5f1b66..2fd052e96 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.137 2018/07/03 11:39:54 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.138 2018/07/04 13:49:31 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -174,7 +174,7 @@ kex_names_cat(const char *a, const char *b) size_t len; if (a == NULL || *a == '\0') - return NULL; + return strdup(b); if (b == NULL || *b == '\0') return strdup(a); if (strlen(b) > 1024*1024) @@ -209,27 +209,88 @@ kex_names_cat(const char *a, const char *b) * specified names should be removed. */ int -kex_assemble_names(const char *def, char **list) +kex_assemble_names(char **listp, const char *def, const char *all) { - char *ret; + char *cp, *tmp, *patterns; + char *list = NULL, *ret = NULL, *matching = NULL, *opatterns = NULL; + int r = SSH_ERR_INTERNAL_ERROR; - if (list == NULL || *list == NULL || **list == '\0') { - *list = strdup(def); + if (listp == NULL || *listp == NULL || **listp == '\0') { + if ((*listp = strdup(def)) == NULL) + return SSH_ERR_ALLOC_FAIL; return 0; } - if (**list == '+') { - if ((ret = kex_names_cat(def, *list + 1)) == NULL) - return SSH_ERR_ALLOC_FAIL; - free(*list); - *list = ret; - } else if (**list == '-') { - if ((ret = match_filter_list(def, *list + 1)) == NULL) - return SSH_ERR_ALLOC_FAIL; - free(*list); - *list = ret; + + list = *listp; + *listp = NULL; + if (*list == '+') { + /* Append names to default list */ + if ((tmp = kex_names_cat(def, list + 1)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto fail; + } + free(list); + list = tmp; + } else if (*list == '-') { + /* Remove names from default list */ + if ((*listp = match_filter_blacklist(def, list + 1)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto fail; + } + free(list); + /* filtering has already been done */ + return 0; + } else { + /* Explicit list, overrides default - just use "list" as is */ } - return 0; + /* + * The supplied names may be a pattern-list. For the -list case, + * the patterns are applied above. For the +list and explicit list + * cases we need to do it now. + */ + ret = NULL; + if ((patterns = opatterns = strdup(list)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto fail; + } + /* Apply positive (i.e. non-negated) patterns from the list */ + while ((cp = strsep(&patterns, ",")) != NULL) { + if (*cp == '!') { + /* negated matches are not supported here */ + r = SSH_ERR_INVALID_ARGUMENT; + goto fail; + } + free(matching); + if ((matching = match_filter_whitelist(all, cp)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto fail; + } + if ((tmp = kex_names_cat(ret, matching)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto fail; + } + free(ret); + ret = tmp; + } + if (ret == NULL || *ret == '\0') { + /* An empty name-list is an error */ + /* XXX better error code? */ + r = SSH_ERR_INVALID_ARGUMENT; + goto fail; + } + + /* success */ + *listp = ret; + ret = NULL; + r = 0; + + fail: + free(matching); + free(opatterns); + free(list); + free(ret); + return r; } /* put algorithm proposal into buffer */ diff --git a/kex.h b/kex.h index 6210630df..3ffae2df0 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.84 2018/07/03 11:39:54 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.85 2018/07/04 13:49:31 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -169,7 +169,7 @@ struct kex { int kex_names_valid(const char *); char *kex_alg_list(char); char *kex_names_cat(const char *, const char *); -int kex_assemble_names(const char *, char **); +int kex_assemble_names(char **, const char *, const char *); int kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **); int kex_setup(struct ssh *, char *[PROPOSAL_MAX]); diff --git a/match.c b/match.c index 3cf40306b..bb3e95f67 100644 --- a/match.c +++ b/match.c @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.37 2017/03/10 04:24:55 djm Exp $ */ +/* $OpenBSD: match.c,v 1.38 2018/07/04 13:49:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -294,16 +294,20 @@ match_list(const char *client, const char *server, u_int *next) } /* - * Filters a comma-separated list of strings, excluding any entry matching - * the 'filter' pattern list. Caller must free returned string. + * Filter proposal using pattern-list filter. + * "blacklist" determines sense of filter: + * non-zero indicates that items matching filter should be excluded. + * zero indicates that only items matching filter should be included. + * returns NULL on allocation error, otherwise caller must free result. */ -char * -match_filter_list(const char *proposal, const char *filter) +static char * +filter_list(const char *proposal, const char *filter, int blacklist) { size_t len = strlen(proposal) + 1; char *fix_prop = malloc(len); char *orig_prop = strdup(proposal); char *cp, *tmp; + int r; if (fix_prop == NULL || orig_prop == NULL) { free(orig_prop); @@ -314,7 +318,8 @@ match_filter_list(const char *proposal, const char *filter) tmp = orig_prop; *fix_prop = '\0'; while ((cp = strsep(&tmp, ",")) != NULL) { - if (match_pattern_list(cp, filter, 0) != 1) { + r = match_pattern_list(cp, filter, 0); + if ((blacklist && r != 1) || (!blacklist && r == 1)) { if (*fix_prop != '\0') strlcat(fix_prop, ",", len); strlcat(fix_prop, cp, len); @@ -324,3 +329,22 @@ match_filter_list(const char *proposal, const char *filter) return fix_prop; } +/* + * Filters a comma-separated list of strings, excluding any entry matching + * the 'filter' pattern list. Caller must free returned string. + */ +char * +match_filter_blacklist(const char *proposal, const char *filter) +{ + return filter_list(proposal, filter, 1); +} + +/* + * Filters a comma-separated list of strings, including only entries matching + * the 'filter' pattern list. Caller must free returned string. + */ +char * +match_filter_whitelist(const char *proposal, const char *filter) +{ + return filter_list(proposal, filter, 0); +} diff --git a/match.h b/match.h index 937ba0412..852b1a5cb 100644 --- a/match.h +++ b/match.h @@ -1,4 +1,4 @@ -/* $OpenBSD: match.h,v 1.17 2017/02/03 23:01:19 djm Exp $ */ +/* $OpenBSD: match.h,v 1.18 2018/07/04 13:49:31 djm Exp $ */ /* * Author: Tatu Ylonen @@ -20,7 +20,8 @@ int match_hostname(const char *, const char *); int match_host_and_ip(const char *, const char *, const char *); int match_user(const char *, const char *, const char *, const char *); char *match_list(const char *, const char *, u_int *); -char *match_filter_list(const char *, const char *); +char *match_filter_blacklist(const char *, const char *); +char *match_filter_whitelist(const char *, const char *); /* addrmatch.c */ int addr_match_list(const char *, const char *); diff --git a/readconf.c b/readconf.c index 8d2029547..2bc27075f 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.291 2018/06/10 23:45:41 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.292 2018/07/04 13:49:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1936,6 +1936,8 @@ fill_default_options_for_canonicalization(Options *options) void fill_default_options(Options * options) { + char *all_cipher, *all_mac, *all_kex, *all_key; + if (options->forward_agent == -1) options->forward_agent = 0; if (options->forward_x11 == -1) @@ -2082,14 +2084,27 @@ fill_default_options(Options * options) options->fingerprint_hash = SSH_FP_HASH_DEFAULT; if (options->update_hostkeys == -1) options->update_hostkeys = 0; - if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 || - kex_assemble_names(KEX_CLIENT_MAC, &options->macs) != 0 || - kex_assemble_names(KEX_CLIENT_KEX, &options->kex_algorithms) != 0 || - kex_assemble_names(KEX_DEFAULT_PK_ALG, - &options->hostbased_key_types) != 0 || - kex_assemble_names(KEX_DEFAULT_PK_ALG, - &options->pubkey_key_types) != 0) + + /* Expand KEX name lists */ + all_cipher = cipher_alg_list(',', 0); + all_mac = mac_alg_list(','); + all_kex = kex_alg_list(','); + all_key = sshkey_alg_list(0, 0, 1, ','); + if (kex_assemble_names(&options->ciphers, + KEX_CLIENT_ENCRYPT, all_cipher) != 0 || + kex_assemble_names(&options->macs, + KEX_CLIENT_MAC, all_mac) != 0 || + kex_assemble_names(&options->kex_algorithms, + KEX_CLIENT_KEX, all_kex) != 0 || + kex_assemble_names(&options->hostbased_key_types, + KEX_DEFAULT_PK_ALG, all_key) != 0 || + kex_assemble_names(&options->pubkey_key_types, + KEX_DEFAULT_PK_ALG, all_key) != 0) fatal("%s: kex_assemble_names failed", __func__); + free(all_cipher); + free(all_mac); + free(all_kex); + free(all_key); #define CLEAR_ON_NONE(v) \ do { \ @@ -2537,11 +2552,14 @@ void dump_client_config(Options *o, const char *host) { int i; - char buf[8]; + char buf[8], *all_key; /* This is normally prepared in ssh_kex2 */ - if (kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->hostkeyalgorithms) != 0) + all_key = sshkey_alg_list(0, 0, 1, ','); + if (kex_assemble_names( &o->hostkeyalgorithms, + KEX_DEFAULT_PK_ALG, all_key) != 0) fatal("%s: kex_assemble_names failed", __func__); + free(all_key); /* Most interesting options first: user, host, port */ dump_cfg_string(oUser, o->user); diff --git a/servconf.c b/servconf.c index a41fdc26a..a54219f01 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.334 2018/07/03 10:59:35 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.335 2018/07/04 13:49:31 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -190,15 +190,29 @@ option_clear_or_none(const char *o) static void assemble_algorithms(ServerOptions *o) { - if (kex_assemble_names(KEX_SERVER_ENCRYPT, &o->ciphers) != 0 || - kex_assemble_names(KEX_SERVER_MAC, &o->macs) != 0 || - kex_assemble_names(KEX_SERVER_KEX, &o->kex_algorithms) != 0 || - kex_assemble_names(KEX_DEFAULT_PK_ALG, - &o->hostkeyalgorithms) != 0 || - kex_assemble_names(KEX_DEFAULT_PK_ALG, - &o->hostbased_key_types) != 0 || - kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->pubkey_key_types) != 0) + char *all_cipher, *all_mac, *all_kex, *all_key; + + all_cipher = cipher_alg_list(',', 0); + all_mac = mac_alg_list(','); + all_kex = kex_alg_list(','); + all_key = sshkey_alg_list(0, 0, 1, ','); + if (kex_assemble_names(&o->ciphers, + KEX_SERVER_ENCRYPT, all_cipher) != 0 || + kex_assemble_names(&o->macs, + KEX_SERVER_MAC, all_mac) != 0 || + kex_assemble_names(&o->kex_algorithms, + KEX_SERVER_KEX, all_kex) != 0 || + kex_assemble_names(&o->hostkeyalgorithms, + KEX_DEFAULT_PK_ALG, all_key) != 0 || + kex_assemble_names(&o->hostbased_key_types, + KEX_DEFAULT_PK_ALG, all_key) != 0 || + kex_assemble_names(&o->pubkey_key_types, + KEX_DEFAULT_PK_ALG, all_key) != 0) fatal("kex_assemble_names failed"); + free(all_cipher); + free(all_mac); + free(all_kex); + free(all_key); } static void diff --git a/ssh_config.5 b/ssh_config.5 index eff9c5e61..df94d60db 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.278 2018/07/03 11:39:54 djm Exp $ -.Dd $Mdocdate: July 3 2018 $ +.\" $OpenBSD: ssh_config.5,v 1.279 2018/07/04 13:49:31 djm Exp $ +.Dd $Mdocdate: July 4 2018 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -757,7 +757,7 @@ or (the default). .It Cm HostbasedKeyTypes Specifies the key types that will be used for hostbased authentication -as a comma-separated pattern list. +as a comma-separated list of patterns. Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set @@ -1242,7 +1242,7 @@ The default is .Cm no . .It Cm PubkeyAcceptedKeyTypes Specifies the key types that will be used for public key authentication -as a comma-separated pattern list. +as a comma-separated list of patterns. Alternately if the specified value begins with a .Sq + character, then the key types after it will be appended to the default diff --git a/sshconnect2.c b/sshconnect2.c index db95cb214..f3ccd53a9 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.274 2018/07/03 13:20:25 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.275 2018/07/04 13:49:31 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -158,7 +158,7 @@ void ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) { char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; - char *s; + char *s, *all_key; struct kex *kex; int r; @@ -178,9 +178,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; if (options.hostkeyalgorithms != NULL) { - if (kex_assemble_names(KEX_DEFAULT_PK_ALG, - &options.hostkeyalgorithms) != 0) + all_key = sshkey_alg_list(0, 0, 1, ','); + if (kex_assemble_names(&options.hostkeyalgorithms, + KEX_DEFAULT_PK_ALG, all_key) != 0) fatal("%s: kex_assemble_namelist", __func__); + free(all_key); myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(options.hostkeyalgorithms); } else { diff --git a/sshd_config.5 b/sshd_config.5 index cc019ec7d..aa888796e 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.279 2018/07/03 11:39:54 djm Exp $ -.Dd $Mdocdate: July 3 2018 $ +.\" $OpenBSD: sshd_config.5,v 1.280 2018/07/04 13:49:31 djm Exp $ +.Dd $Mdocdate: July 4 2018 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -659,7 +659,7 @@ The default is .Cm yes . .It Cm HostbasedAcceptedKeyTypes Specifies the key types that will be accepted for hostbased authentication -as a comma-separated pattern list. +as a list of comma-separated patterns. Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set @@ -1386,7 +1386,7 @@ The default is .Cm yes . .It Cm PubkeyAcceptedKeyTypes Specifies the key types that will be accepted for public key authentication -as a comma-separated pattern list. +as a list of comma-separated patterns. Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set -- cgit v1.2.3 From 95db395d2e56a6f868193aead6cadb2493f036c6 Mon Sep 17 00:00:00 2001 From: "sf@openbsd.org" Date: Fri, 6 Jul 2018 09:05:01 +0000 Subject: upstream: Remove leftovers from pre-authentication compression Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@ OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58 --- kex.c | 4 +--- kex.h | 5 ++--- monitor_wrap.c | 4 +--- packet.c | 7 +++---- sshconnect2.c | 4 ++-- 5 files changed, 9 insertions(+), 15 deletions(-) (limited to 'kex.c') diff --git a/kex.c b/kex.c index 2fd052e96..0c444e186 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.138 2018/07/04 13:49:31 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.139 2018/07/06 09:05:01 sf Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -742,8 +742,6 @@ choose_comp(struct sshcomp *comp, char *client, char *server) return SSH_ERR_NO_COMPRESS_ALG_MATCH; if (strcmp(name, "zlib@openssh.com") == 0) { comp->type = COMP_DELAYED; - } else if (strcmp(name, "zlib") == 0) { - comp->type = COMP_ZLIB; } else if (strcmp(name, "none") == 0) { comp->type = COMP_NONE; } else { diff --git a/kex.h b/kex.h index 3ffae2df0..676c32abd 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.85 2018/07/04 13:49:31 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.86 2018/07/06 09:05:01 sf Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -64,8 +64,7 @@ #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" #define COMP_NONE 0 -#define COMP_ZLIB 1 -#define COMP_DELAYED 2 +#define COMP_DELAYED 1 #define CURVE25519_SIZE 32 diff --git a/monitor_wrap.c b/monitor_wrap.c index b1f489f79..e280fd2ad 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.99 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.100 2018/07/06 09:05:01 sf Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -84,8 +84,6 @@ #include "ssherr.h" /* Imports */ -extern z_stream incoming_stream; -extern z_stream outgoing_stream; extern struct monitor *pmonitor; extern Buffer loginmsg; extern ServerOptions options; diff --git a/packet.c b/packet.c index 4da9f52b6..a39a340f3 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.272 2018/07/06 09:03:02 sf Exp $ */ +/* $OpenBSD: packet.c,v 1.273 2018/07/06 09:05:01 sf Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -879,9 +879,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode) /* explicit_bzero(enc->iv, enc->block_size); explicit_bzero(enc->key, enc->key_len); explicit_bzero(mac->key, mac->key_len); */ - if ((comp->type == COMP_ZLIB || - (comp->type == COMP_DELAYED && - state->after_authentication)) && comp->enabled == 0) { + if (comp->type == COMP_DELAYED && state->after_authentication + && comp->enabled == 0) { if ((r = ssh_packet_init_compression(ssh)) < 0) return r; if (mode == MODE_OUT) { diff --git a/sshconnect2.c b/sshconnect2.c index f3ccd53a9..183484e08 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.275 2018/07/04 13:49:31 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.276 2018/07/06 09:05:01 sf Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -174,7 +174,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) compat_cipher_proposal(options.ciphers); myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? - "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; + "zlib@openssh.com,none" : "none,zlib@openssh.com"; myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; if (options.hostkeyalgorithms != NULL) { -- cgit v1.2.3 From ab39267fa1243d02b6c330615539fc4b21e17dc4 Mon Sep 17 00:00:00 2001 From: "sf@openbsd.org" Date: Fri, 6 Jul 2018 09:06:14 +0000 Subject: upstream: Rename COMP_DELAYED to COMP_ZLIB Only delayed compression is supported nowadays. ok markus@ OpenBSD-Commit-ID: 5b1dbaf3d9a4085aaa10fec0b7a4364396561821 --- kex.c | 4 ++-- kex.h | 4 ++-- packet.c | 8 ++++---- servconf.c | 8 ++++---- 4 files changed, 12 insertions(+), 12 deletions(-) (limited to 'kex.c') diff --git a/kex.c b/kex.c index 0c444e186..b111c4a54 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.139 2018/07/06 09:05:01 sf Exp $ */ +/* $OpenBSD: kex.c,v 1.140 2018/07/06 09:06:14 sf Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -741,7 +741,7 @@ choose_comp(struct sshcomp *comp, char *client, char *server) if (name == NULL) return SSH_ERR_NO_COMPRESS_ALG_MATCH; if (strcmp(name, "zlib@openssh.com") == 0) { - comp->type = COMP_DELAYED; + comp->type = COMP_ZLIB; } else if (strcmp(name, "none") == 0) { comp->type = COMP_NONE; } else { diff --git a/kex.h b/kex.h index 676c32abd..b57f985ef 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.86 2018/07/06 09:05:01 sf Exp $ */ +/* $OpenBSD: kex.h,v 1.87 2018/07/06 09:06:14 sf Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -64,7 +64,7 @@ #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" #define COMP_NONE 0 -#define COMP_DELAYED 1 +#define COMP_ZLIB 1 #define CURVE25519_SIZE 32 diff --git a/packet.c b/packet.c index a39a340f3..2e87e520f 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.273 2018/07/06 09:05:01 sf Exp $ */ +/* $OpenBSD: packet.c,v 1.274 2018/07/06 09:06:14 sf Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -879,7 +879,7 @@ ssh_set_newkeys(struct ssh *ssh, int mode) /* explicit_bzero(enc->iv, enc->block_size); explicit_bzero(enc->key, enc->key_len); explicit_bzero(mac->key, mac->key_len); */ - if (comp->type == COMP_DELAYED && state->after_authentication + if (comp->type == COMP_ZLIB && state->after_authentication && comp->enabled == 0) { if ((r = ssh_packet_init_compression(ssh)) < 0) return r; @@ -970,7 +970,7 @@ ssh_packet_enable_delayed_compress(struct ssh *ssh) /* * Remember that we are past the authentication step, so rekeying - * with COMP_DELAYED will turn on compression immediately. + * with COMP_ZLIB will turn on compression immediately. */ state->after_authentication = 1; for (mode = 0; mode < MODE_MAX; mode++) { @@ -978,7 +978,7 @@ ssh_packet_enable_delayed_compress(struct ssh *ssh) if (state->newkeys[mode] == NULL) continue; comp = &state->newkeys[mode]->comp; - if (comp && !comp->enabled && comp->type == COMP_DELAYED) { + if (comp && !comp->enabled && comp->type == COMP_ZLIB) { if ((r = ssh_packet_init_compression(ssh)) != 0) return r; if (mode == MODE_OUT) { diff --git a/servconf.c b/servconf.c index a54219f01..f5272b0f9 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.335 2018/07/04 13:49:31 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.336 2018/07/06 09:06:14 sf Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -349,7 +349,7 @@ fill_default_server_options(ServerOptions *options) options->permit_user_env_whitelist = NULL; } if (options->compression == -1) - options->compression = COMP_DELAYED; + options->compression = COMP_ZLIB; if (options->rekey_limit == -1) options->rekey_limit = 0; if (options->rekey_interval == -1) @@ -1170,8 +1170,8 @@ static const struct multistate multistate_permitrootlogin[] = { { NULL, -1 } }; static const struct multistate multistate_compression[] = { - { "yes", COMP_DELAYED }, - { "delayed", COMP_DELAYED }, + { "yes", COMP_ZLIB }, + { "delayed", COMP_ZLIB }, { "no", COMP_NONE }, { NULL, -1 } }; -- cgit v1.2.3 From 168b46f405d6736960ba7930389eecb9b6710b7e Mon Sep 17 00:00:00 2001 From: "sf@openbsd.org" Date: Mon, 9 Jul 2018 13:37:10 +0000 Subject: upstream: Revert previous two commits It turns out we still support pre-auth compression on the client. Therefore revert the previous two commits: date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE; Rename COMP_DELAYED to COMP_ZLIB Only delayed compression is supported nowadays. ok markus@ date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP; Remove leftovers from pre-authentication compression Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@ OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772 --- kex.c | 4 +++- kex.h | 3 ++- monitor_wrap.c | 4 +++- packet.c | 11 ++++++----- servconf.c | 8 ++++---- sshconnect2.c | 4 ++-- 6 files changed, 20 insertions(+), 14 deletions(-) (limited to 'kex.c') diff --git a/kex.c b/kex.c index b111c4a54..25f9f66f6 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.140 2018/07/06 09:06:14 sf Exp $ */ +/* $OpenBSD: kex.c,v 1.141 2018/07/09 13:37:10 sf Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -741,6 +741,8 @@ choose_comp(struct sshcomp *comp, char *client, char *server) if (name == NULL) return SSH_ERR_NO_COMPRESS_ALG_MATCH; if (strcmp(name, "zlib@openssh.com") == 0) { + comp->type = COMP_DELAYED; + } else if (strcmp(name, "zlib") == 0) { comp->type = COMP_ZLIB; } else if (strcmp(name, "none") == 0) { comp->type = COMP_NONE; diff --git a/kex.h b/kex.h index b57f985ef..e3816047a 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.87 2018/07/06 09:06:14 sf Exp $ */ +/* $OpenBSD: kex.h,v 1.88 2018/07/09 13:37:10 sf Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -65,6 +65,7 @@ #define COMP_NONE 0 #define COMP_ZLIB 1 +#define COMP_DELAYED 2 #define CURVE25519_SIZE 32 diff --git a/monitor_wrap.c b/monitor_wrap.c index e280fd2ad..012ab01a9 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.100 2018/07/06 09:05:01 sf Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.101 2018/07/09 13:37:10 sf Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -84,6 +84,8 @@ #include "ssherr.h" /* Imports */ +extern z_stream incoming_stream; +extern z_stream outgoing_stream; extern struct monitor *pmonitor; extern Buffer loginmsg; extern ServerOptions options; diff --git a/packet.c b/packet.c index 2e87e520f..4d91792e0 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.274 2018/07/06 09:06:14 sf Exp $ */ +/* $OpenBSD: packet.c,v 1.275 2018/07/09 13:37:10 sf Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -879,8 +879,9 @@ ssh_set_newkeys(struct ssh *ssh, int mode) /* explicit_bzero(enc->iv, enc->block_size); explicit_bzero(enc->key, enc->key_len); explicit_bzero(mac->key, mac->key_len); */ - if (comp->type == COMP_ZLIB && state->after_authentication - && comp->enabled == 0) { + if ((comp->type == COMP_ZLIB || + (comp->type == COMP_DELAYED && + state->after_authentication)) && comp->enabled == 0) { if ((r = ssh_packet_init_compression(ssh)) < 0) return r; if (mode == MODE_OUT) { @@ -970,7 +971,7 @@ ssh_packet_enable_delayed_compress(struct ssh *ssh) /* * Remember that we are past the authentication step, so rekeying - * with COMP_ZLIB will turn on compression immediately. + * with COMP_DELAYED will turn on compression immediately. */ state->after_authentication = 1; for (mode = 0; mode < MODE_MAX; mode++) { @@ -978,7 +979,7 @@ ssh_packet_enable_delayed_compress(struct ssh *ssh) if (state->newkeys[mode] == NULL) continue; comp = &state->newkeys[mode]->comp; - if (comp && !comp->enabled && comp->type == COMP_ZLIB) { + if (comp && !comp->enabled && comp->type == COMP_DELAYED) { if ((r = ssh_packet_init_compression(ssh)) != 0) return r; if (mode == MODE_OUT) { diff --git a/servconf.c b/servconf.c index f5272b0f9..97c268e3c 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.336 2018/07/06 09:06:14 sf Exp $ */ +/* $OpenBSD: servconf.c,v 1.337 2018/07/09 13:37:10 sf Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -349,7 +349,7 @@ fill_default_server_options(ServerOptions *options) options->permit_user_env_whitelist = NULL; } if (options->compression == -1) - options->compression = COMP_ZLIB; + options->compression = COMP_DELAYED; if (options->rekey_limit == -1) options->rekey_limit = 0; if (options->rekey_interval == -1) @@ -1170,8 +1170,8 @@ static const struct multistate multistate_permitrootlogin[] = { { NULL, -1 } }; static const struct multistate multistate_compression[] = { - { "yes", COMP_ZLIB }, - { "delayed", COMP_ZLIB }, + { "yes", COMP_DELAYED }, + { "delayed", COMP_DELAYED }, { "no", COMP_NONE }, { NULL, -1 } }; diff --git a/sshconnect2.c b/sshconnect2.c index 183484e08..4bc0a7034 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.276 2018/07/06 09:05:01 sf Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.277 2018/07/09 13:37:10 sf Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -174,7 +174,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) compat_cipher_proposal(options.ciphers); myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? - "zlib@openssh.com,none" : "none,zlib@openssh.com"; + "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; if (options.hostkeyalgorithms != NULL) { -- cgit v1.2.3