From c38905ba391434834da86abfc988a2b8b9b62477 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 14 Mar 2016 16:20:54 +0000 Subject: upstream commit unbreak authentication using lone certificate keys in ssh-agent: when attempting pubkey auth with a certificate, if no separate private key is found among the keys then try with the certificate key itself. bz#2550 reported by Peter Moody Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966 --- sshconnect2.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'sshconnect2.c') diff --git a/sshconnect2.c b/sshconnect2.c index f79c96beb..1cf48a2ee 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.239 2016/02/23 01:34:14 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.240 2016/03/14 16:20:54 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1112,12 +1112,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) "certificate", __func__, id->filename, id->agent_fd != -1 ? " from agent" : ""); } else { - /* XXX maybe verbose/error? */ - debug("%s: no private key for certificate " + debug("%s: no separate private key for certificate " "\"%s\"", __func__, id->filename); - free(blob); - buffer_free(&b); - return 0; } } -- cgit v1.2.3 From 9ee692fa1146e887e008a2b9a3d3ea81770c9fc8 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 28 Apr 2016 14:30:21 +0000 Subject: upstream commit fix comment Upstream-ID: 313a385bd7b69a82f8e28ecbaf5789c774457b15 --- sshconnect2.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'sshconnect2.c') diff --git a/sshconnect2.c b/sshconnect2.c index 1cf48a2ee..f7d0644e8 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.240 2016/03/14 16:20:54 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.241 2016/04/28 14:30:21 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1094,8 +1094,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) /* * If the key is an certificate, try to find a matching private key * and use it to complete the signature. - * If no such private key exists, return failure and continue with - * other methods of authentication. + * If no such private key exists, fall back to trying the certificate + * key itself in case it has a private half already loaded. */ if (key_is_cert(id->key)) { matched = 0; -- cgit v1.2.3 From 1a31d02b2411c4718de58ce796dbb7b5e14db93e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 2 May 2016 08:49:03 +0000 Subject: upstream commit fix signed/unsigned errors reported by clang-3.7; add sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@ Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820 --- auth2-chall.c | 6 +++--- auth2.c | 6 +++--- kex.h | 7 ++++--- kexc25519.c | 6 +++--- monitor.c | 27 ++++++++++++++++----------- servconf.c | 5 +++-- sftp-client.c | 5 ++--- ssh-agent.c | 15 ++++++++------- ssh-keygen.c | 8 ++++---- sshbuf-misc.c | 25 ++++++++++++++++++++++++- sshbuf.h | 9 ++++++++- sshconnect2.c | 6 +++--- sshd.c | 51 +++++++++++++++++++++++++++++++-------------------- 13 files changed, 112 insertions(+), 64 deletions(-) (limited to 'sshconnect2.c') diff --git a/auth2-chall.c b/auth2-chall.c index 4aff09d80..ead480318 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.43 2015/07/18 07:57:14 djm Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.44 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -122,8 +122,8 @@ kbdint_alloc(const char *devs) buffer_append(&b, devices[i]->name, strlen(devices[i]->name)); } - buffer_append(&b, "\0", 1); - kbdintctxt->devices = xstrdup(buffer_ptr(&b)); + if ((kbdintctxt->devices = sshbuf_dup_string(&b)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); buffer_free(&b); } else { kbdintctxt->devices = xstrdup(devs); diff --git a/auth2.c b/auth2.c index 717796228..9108b8612 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.135 2015/01/19 20:07:45 markus Exp $ */ +/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -424,8 +424,8 @@ authmethods_get(Authctxt *authctxt) buffer_append(&b, authmethods[i]->name, strlen(authmethods[i]->name)); } - buffer_append(&b, "\0", 1); - list = xstrdup(buffer_ptr(&b)); + if ((list = sshbuf_dup_string(&b)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); buffer_free(&b); return list; } diff --git a/kex.h b/kex.h index 1c5896605..131b8d93d 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.76 2016/02/08 10:57:07 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.77 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -205,8 +205,9 @@ int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *); -int kex_c25519_hash(int, const char *, const char *, const char *, size_t, - const char *, size_t, const u_char *, size_t, const u_char *, const u_char *, +int kex_c25519_hash(int, const char *, const char *, + const u_char *, size_t, const u_char *, size_t, + const u_char *, size_t, const u_char *, const u_char *, const u_char *, size_t, u_char *, size_t *); void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) diff --git a/kexc25519.c b/kexc25519.c index 8d8cd4a2b..0897b8c51 100644 --- a/kexc25519.c +++ b/kexc25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519.c,v 1.9 2015/03/26 07:00:04 djm Exp $ */ +/* $OpenBSD: kexc25519.c,v 1.10 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -86,8 +86,8 @@ kex_c25519_hash( int hash_alg, const char *client_version_string, const char *server_version_string, - const char *ckexinit, size_t ckexinitlen, - const char *skexinit, size_t skexinitlen, + const u_char *ckexinit, size_t ckexinitlen, + const u_char *skexinit, size_t skexinitlen, const u_char *serverhostkeyblob, size_t sbloblen, const u_char client_dh_pub[CURVE25519_SIZE], const u_char server_dh_pub[CURVE25519_SIZE], diff --git a/monitor.c b/monitor.c index 6b780e480..dce920c23 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.158 2016/03/07 19:02:43 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.159 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -34,6 +34,7 @@ #include #include +#include #ifdef HAVE_PATHS_H #include #endif @@ -688,7 +689,8 @@ mm_answer_sign(int sock, Buffer *m) u_char *p = NULL, *signature = NULL; char *alg = NULL; size_t datlen, siglen, alglen; - int r, keyid, is_proof = 0; + int r, is_proof = 0; + u_int keyid; const char proof_req[] = "hostkeys-prove-00@openssh.com"; debug3("%s", __func__); @@ -697,6 +699,8 @@ mm_answer_sign(int sock, Buffer *m) (r = sshbuf_get_string(m, &p, &datlen)) != 0 || (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (keyid > INT_MAX) + fatal("%s: invalid key ID", __func__); /* * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes), @@ -1289,7 +1293,8 @@ static int monitor_valid_userblob(u_char *data, u_int datalen) { Buffer b; - char *p, *userstyle; + u_char *p; + char *userstyle, *cp; u_int len; int fail = 0; @@ -1314,26 +1319,26 @@ monitor_valid_userblob(u_char *data, u_int datalen) } if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) fail++; - p = buffer_get_cstring(&b, NULL); + cp = buffer_get_cstring(&b, NULL); xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", authctxt->style ? authctxt->style : ""); - if (strcmp(userstyle, p) != 0) { - logit("wrong user name passed to monitor: expected %s != %.100s", - userstyle, p); + if (strcmp(userstyle, cp) != 0) { + logit("wrong user name passed to monitor: " + "expected %s != %.100s", userstyle, cp); fail++; } free(userstyle); - free(p); + free(cp); buffer_skip_string(&b); if (datafellows & SSH_BUG_PKAUTH) { if (!buffer_get_char(&b)) fail++; } else { - p = buffer_get_cstring(&b, NULL); - if (strcmp("publickey", p) != 0) + cp = buffer_get_cstring(&b, NULL); + if (strcmp("publickey", cp) != 0) fail++; - free(p); + free(cp); if (!buffer_get_char(&b)) fail++; buffer_skip_string(&b); diff --git a/servconf.c b/servconf.c index ba39dce1d..6111c5a94 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.286 2016/03/07 19:02:43 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.287 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -2059,7 +2059,8 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); - obuf = cbuf = xstrdup(buffer_ptr(conf)); + if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); active = connectinfo ? 0 : 1; linenum = 1; while ((cp = strsep(&cbuf, "\n")) != NULL) { diff --git a/sftp-client.c b/sftp-client.c index cd990579e..faf14684c 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.122 2016/04/08 08:19:17 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.123 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -515,8 +515,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, struct sshbuf *msg; u_int count, id, i, expected_id, ents = 0; size_t handle_len; - u_char type; - char *handle; + u_char type, *handle; int status = SSH2_FX_FAILURE; int r; diff --git a/ssh-agent.c b/ssh-agent.c index c38906d94..8aa25b30d 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.212 2016/02/15 09:47:49 dtucker Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.213 2016/05/02 08:49:03 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -144,8 +144,8 @@ char socket_dir[PATH_MAX]; #define LOCK_SALT_SIZE 16 #define LOCK_ROUNDS 1 int locked = 0; -char lock_passwd[LOCK_SIZE]; -char lock_salt[LOCK_SALT_SIZE]; +u_char lock_pwhash[LOCK_SIZE]; +u_char lock_salt[LOCK_SALT_SIZE]; extern char *__progname; @@ -677,7 +677,8 @@ static void process_lock_agent(SocketEntry *e, int lock) { int r, success = 0, delay; - char *passwd, passwdhash[LOCK_SIZE]; + char *passwd; + u_char passwdhash[LOCK_SIZE]; static u_int fail_count = 0; size_t pwlen; @@ -689,11 +690,11 @@ process_lock_agent(SocketEntry *e, int lock) if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0) fatal("bcrypt_pbkdf"); - if (timingsafe_bcmp(passwdhash, lock_passwd, LOCK_SIZE) == 0) { + if (timingsafe_bcmp(passwdhash, lock_pwhash, LOCK_SIZE) == 0) { debug("agent unlocked"); locked = 0; fail_count = 0; - explicit_bzero(lock_passwd, sizeof(lock_passwd)); + explicit_bzero(lock_pwhash, sizeof(lock_pwhash)); success = 1; } else { /* delay in 0.1s increments up to 10s */ @@ -710,7 +711,7 @@ process_lock_agent(SocketEntry *e, int lock) locked = 1; arc4random_buf(lock_salt, sizeof(lock_salt)); if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), - lock_passwd, sizeof(lock_passwd), LOCK_ROUNDS) < 0) + lock_pwhash, sizeof(lock_pwhash), LOCK_ROUNDS) < 0) fatal("bcrypt_pbkdf"); success = 1; } diff --git a/ssh-keygen.c b/ssh-keygen.c index 478520123..079f10321 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.289 2016/05/02 08:49:03 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -883,7 +883,7 @@ do_fingerprint(struct passwd *pw) char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; int i, invalid = 1; const char *path; - long int lnum = 0; + u_long lnum = 0; if (!have_identity) ask_filename(pw, "Enter file in which the key is"); @@ -946,7 +946,7 @@ do_fingerprint(struct passwd *pw) } /* Retry after parsing leading hostname/key options */ if (public == NULL && (public = try_read_key(&cp)) == NULL) { - debug("%s:%ld: not a public key", path, lnum); + debug("%s:%lu: not a public key", path, lnum); continue; } @@ -1920,7 +1920,7 @@ do_show_cert(struct passwd *pw) FILE *f; char *cp, line[SSH_MAX_PUBKEY_BYTES]; const char *path; - long int lnum = 0; + u_long lnum = 0; if (!have_identity) ask_filename(pw, "Enter file in which the key is"); diff --git a/sshbuf-misc.c b/sshbuf-misc.c index 3da4b80e7..15dcfbc79 100644 --- a/sshbuf-misc.c +++ b/sshbuf-misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-misc.c,v 1.5 2015/10/05 17:11:21 djm Exp $ */ +/* $OpenBSD: sshbuf-misc.c,v 1.6 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -136,3 +136,26 @@ sshbuf_b64tod(struct sshbuf *buf, const char *b64) return 0; } +char * +sshbuf_dup_string(struct sshbuf *buf) +{ + const u_char *p = NULL, *s = sshbuf_ptr(buf); + size_t l = sshbuf_len(buf); + char *r; + + if (s == NULL || l > SIZE_MAX) + return NULL; + /* accept a nul only as the last character in the buffer */ + if (l > 0 && (p = memchr(s, '\0', l)) != NULL) { + if (p != s + l - 1) + return NULL; + l--; /* the nul is put back below */ + } + if ((r = malloc(l + 1)) == NULL) + return NULL; + if (l > 0) + memcpy(r, s, l); + r[l] = '\0'; + return r; +} + diff --git a/sshbuf.h b/sshbuf.h index 63495fbb0..52ff017cc 100644 --- a/sshbuf.h +++ b/sshbuf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.h,v 1.6 2015/12/10 07:01:35 mmcc Exp $ */ +/* $OpenBSD: sshbuf.h,v 1.7 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -239,6 +239,13 @@ char *sshbuf_dtob64(struct sshbuf *buf); /* Decode base64 data and append it to the buffer */ int sshbuf_b64tod(struct sshbuf *buf, const char *b64); +/* + * Duplicate the contents of a buffer to a string (caller to free). + * Returns NULL on buffer error, or if the buffer contains a premature + * nul character. + */ +char *sshbuf_dup_string(struct sshbuf *buf); + /* Macros for decoding/encoding integers */ #define PEEK_U64(p) \ (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \ diff --git a/sshconnect2.c b/sshconnect2.c index f7d0644e8..1dddf75aa 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.241 2016/04/28 14:30:21 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.242 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1922,8 +1922,8 @@ authmethods_get(void) buffer_append(&b, method->name, strlen(method->name)); } } - buffer_append(&b, "\0", 1); - list = xstrdup(buffer_ptr(&b)); + if ((list = sshbuf_dup_string(&b)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); buffer_free(&b); return list; } diff --git a/sshd.c b/sshd.c index d21aed515..8b8af2494 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.466 2016/03/07 19:02:43 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.467 2016/05/02 08:49:03 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -845,8 +845,8 @@ list_hostkey_types(void) break; } } - buffer_append(&b, "\0", 1); - ret = xstrdup(buffer_ptr(&b)); + if ((ret = sshbuf_dup_string(&b)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); buffer_free(&b); debug("list_hostkey_types: %s", ret); return ret; @@ -1027,12 +1027,13 @@ usage(void) } static void -send_rexec_state(int fd, Buffer *conf) +send_rexec_state(int fd, struct sshbuf *conf) { - Buffer m; + struct sshbuf *m; + int r; - debug3("%s: entering fd = %d config len %d", __func__, fd, - buffer_len(conf)); + debug3("%s: entering fd = %d config len %zu", __func__, fd, + sshbuf_len(conf)); /* * Protocol from reexec master to child: @@ -1046,31 +1047,41 @@ send_rexec_state(int fd, Buffer *conf) * bignum q " * string rngseed (only if OpenSSL is not self-seeded) */ - buffer_init(&m); - buffer_put_cstring(&m, buffer_ptr(conf)); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_stringb(m, conf)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #ifdef WITH_SSH1 if (sensitive_data.server_key != NULL && sensitive_data.server_key->type == KEY_RSA1) { - buffer_put_int(&m, 1); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->e); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->n); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->d); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->iqmp); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->p); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->q); + if ((r = sshbuf_put_u32(m, 1)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->e)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->n)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->d)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->iqmp)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->p)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->q)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } else #endif - buffer_put_int(&m, 0); + if ((r = sshbuf_put_u32(m, 1)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) - rexec_send_rng_seed(&m); + rexec_send_rng_seed(m); #endif - if (ssh_msg_send(fd, 0, &m) == -1) + if (ssh_msg_send(fd, 0, m) == -1) fatal("%s: ssh_msg_send failed", __func__); - buffer_free(&m); + sshbuf_free(m); debug3("%s: done", __func__); } -- cgit v1.2.3 From 0e8eeec8e75f6d0eaf33317376f773160018a9c7 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 2 May 2016 10:26:04 +0000 Subject: upstream commit add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@ Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f --- dh.c | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++-------- dh.h | 4 ++- kex.c | 7 +++-- kex.h | 12 ++++++--- kexdh.c | 9 ++++--- kexdhc.c | 10 ++++++- kexdhs.c | 10 ++++++- monitor.c | 5 +++- myproposal.h | 15 ++++++++--- ssh-keyscan.c | 5 +++- ssh_api.c | 8 +++++- sshconnect2.c | 5 +++- sshd.c | 5 +++- 13 files changed, 146 insertions(+), 32 deletions(-) (limited to 'sshconnect2.c') diff --git a/dh.c b/dh.c index 20f819131..167d3714e 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.59 2016/03/31 05:24:06 dtucker Exp $ */ +/* $OpenBSD: dh.c,v 1.60 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -314,6 +314,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus) return (dh); } +/* rfc2409 "Second Oakley Group" (1024 bits) */ DH * dh_new_group1(void) { @@ -328,6 +329,7 @@ dh_new_group1(void) return (dh_new_group_asc(gen, group1)); } +/* rfc3526 group 14 "2048-bit MODP Group" */ DH * dh_new_group14(void) { @@ -347,12 +349,9 @@ dh_new_group14(void) return (dh_new_group_asc(gen, group14)); } -/* - * 4k bit fallback group used by DH-GEX if moduli file cannot be read. - * Source: MODP group 16 from RFC3526. - */ +/* rfc3526 group 16 "4096-bit MODP Group" */ DH * -dh_new_group_fallback(int max) +dh_new_group16(void) { static char *gen = "2", *group16 = "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" @@ -378,12 +377,75 @@ dh_new_group_fallback(int max) "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199" "FFFFFFFF" "FFFFFFFF"; - if (max < 4096) { - debug3("requested max size %d, using 2k bit group 14", max); + return (dh_new_group_asc(gen, group16)); +} + +/* rfc3526 group 18 "8192-bit MODP Group" */ +DH * +dh_new_group18(void) +{ + static char *gen = "2", *group16 = + "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" + "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" + "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" + "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" + "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D" + "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F" + "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D" + "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B" + "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9" + "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510" + "15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64" + "ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7" + "ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B" + "F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C" + "BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31" + "43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7" + "88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA" + "2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6" + "287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED" + "1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9" + "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34028492" + "36C3FAB4" "D27C7026" "C1D4DCB2" "602646DE" "C9751E76" "3DBA37BD" + "F8FF9406" "AD9E530E" "E5DB382F" "413001AE" "B06A53ED" "9027D831" + "179727B0" "865A8918" "DA3EDBEB" "CF9B14ED" "44CE6CBA" "CED4BB1B" + "DB7F1447" "E6CC254B" "33205151" "2BD7AF42" "6FB8F401" "378CD2BF" + "5983CA01" "C64B92EC" "F032EA15" "D1721D03" "F482D7CE" "6E74FEF6" + "D55E702F" "46980C82" "B5A84031" "900B1C9E" "59E7C97F" "BEC7E8F3" + "23A97A7E" "36CC88BE" "0F1D45B7" "FF585AC5" "4BD407B2" "2B4154AA" + "CC8F6D7E" "BF48E1D8" "14CC5ED2" "0F8037E0" "A79715EE" "F29BE328" + "06A1D58B" "B7C5DA76" "F550AA3D" "8A1FBFF0" "EB19CCB1" "A313D55C" + "DA56C9EC" "2EF29632" "387FE8D7" "6E3C0468" "043E8F66" "3F4860EE" + "12BF2D5B" "0B7474D6" "E694F91E" "6DBE1159" "74A3926F" "12FEE5E4" + "38777CB6" "A932DF8C" "D8BEC4D0" "73B931BA" "3BC832B6" "8D9DD300" + "741FA7BF" "8AFC47ED" "2576F693" "6BA42466" "3AAB639C" "5AE4F568" + "3423B474" "2BF1C978" "238F16CB" "E39D652D" "E3FDB8BE" "FC848AD9" + "22222E04" "A4037C07" "13EB57A8" "1A23F0C7" "3473FC64" "6CEA306B" + "4BCBC886" "2F8385DD" "FA9D4B7F" "A2C087E8" "79683303" "ED5BDD3A" + "062B3CF5" "B3A278A6" "6D2A13F8" "3F44F82D" "DF310EE0" "74AB6A36" + "4597E899" "A0255DC1" "64F31CC5" "0846851D" "F9AB4819" "5DED7EA1" + "B1D510BD" "7EE74D73" "FAF36BC3" "1ECFA268" "359046F4" "EB879F92" + "4009438B" "481C6CD7" "889A002E" "D5EE382B" "C9190DA6" "FC026E47" + "9558E447" "5677E9AA" "9E3050E2" "765694DF" "C81F56E8" "80B96E71" + "60C980DD" "98EDD3DF" "FFFFFFFF" "FFFFFFFF"; + + return (dh_new_group_asc(gen, group16)); +} + +/* Select fallback group used by DH-GEX if moduli file cannot be read. */ +DH * +dh_new_group_fallback(int max) +{ + debug3("%s: requested max size %d", __func__, max); + if (max < 3072) { + debug3("using 2k bit group 14"); return dh_new_group14(); + } else if (max < 6144) { + debug3("using 4k bit group 16"); + return dh_new_group16(); } - debug3("using 4k bit group 16"); - return (dh_new_group_asc(gen, group16)); + debug3("using 8k bit group 18"); + return dh_new_group18(); } /* @@ -393,7 +455,6 @@ dh_new_group_fallback(int max) * Management Part 1 (rev 3) limited by the recommended maximum value * from RFC4419 section 3. */ - u_int dh_estimate(int bits) { diff --git a/dh.h b/dh.h index e191cfd8a..bcd485cf9 100644 --- a/dh.h +++ b/dh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.h,v 1.14 2015/10/16 22:32:22 djm Exp $ */ +/* $OpenBSD: dh.h,v 1.15 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. @@ -37,6 +37,8 @@ DH *dh_new_group_asc(const char *, const char *); DH *dh_new_group(BIGNUM *, BIGNUM *); DH *dh_new_group1(void); DH *dh_new_group14(void); +DH *dh_new_group16(void); +DH *dh_new_group18(void); DH *dh_new_group_fallback(int); int dh_gen_key(DH *, int); diff --git a/kex.c b/kex.c index d371f47c4..430cd8868 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.117 2016/02/08 10:57:07 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.118 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -88,7 +88,10 @@ struct kexalg { static const struct kexalg kexalgs[] = { #ifdef WITH_OPENSSL { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, - { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, + { KEX_DH14_SHA1, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, + { KEX_DH14_SHA256, KEX_DH_GRP14_SHA256, 0, SSH_DIGEST_SHA256 }, + { KEX_DH16_SHA512, KEX_DH_GRP16_SHA512, 0, SSH_DIGEST_SHA512 }, + { KEX_DH18_SHA512, KEX_DH_GRP18_SHA512, 0, SSH_DIGEST_SHA512 }, { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, #ifdef HAVE_EVP_SHA256 { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, diff --git a/kex.h b/kex.h index 131b8d93d..c35195568 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.77 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.78 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -51,7 +51,10 @@ #define KEX_COOKIE_LEN 16 #define KEX_DH1 "diffie-hellman-group1-sha1" -#define KEX_DH14 "diffie-hellman-group14-sha1" +#define KEX_DH14_SHA1 "diffie-hellman-group14-sha1" +#define KEX_DH14_SHA256 "diffie-hellman-group14-sha256" +#define KEX_DH16_SHA512 "diffie-hellman-group16-sha512" +#define KEX_DH18_SHA512 "diffie-hellman-group18-sha512" #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" @@ -88,6 +91,9 @@ enum kex_modes { enum kex_exchange { KEX_DH_GRP1_SHA1, KEX_DH_GRP14_SHA1, + KEX_DH_GRP14_SHA256, + KEX_DH_GRP16_SHA512, + KEX_DH_GRP18_SHA512, KEX_DH_GEX_SHA1, KEX_DH_GEX_SHA256, KEX_ECDH_SHA2, @@ -190,7 +196,7 @@ int kexecdh_server(struct ssh *); int kexc25519_client(struct ssh *); int kexc25519_server(struct ssh *); -int kex_dh_hash(const char *, const char *, +int kex_dh_hash(int, const char *, const char *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); diff --git a/kexdh.c b/kexdh.c index feea6697d..0bf0dc138 100644 --- a/kexdh.c +++ b/kexdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdh.c,v 1.25 2015/01/19 20:16:15 markus Exp $ */ +/* $OpenBSD: kexdh.c,v 1.26 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -43,6 +43,7 @@ int kex_dh_hash( + int hash_alg, const char *client_version_string, const char *server_version_string, const u_char *ckexinit, size_t ckexinitlen, @@ -56,7 +57,7 @@ kex_dh_hash( struct sshbuf *b; int r; - if (*hashlen < ssh_digest_bytes(SSH_DIGEST_SHA1)) + if (*hashlen < ssh_digest_bytes(hash_alg)) return SSH_ERR_INVALID_ARGUMENT; if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; @@ -79,12 +80,12 @@ kex_dh_hash( #ifdef DEBUG_KEX sshbuf_dump(b, stderr); #endif - if (ssh_digest_buffer(SSH_DIGEST_SHA1, b, hash, *hashlen) != 0) { + if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) { sshbuf_free(b); return SSH_ERR_LIBCRYPTO_ERROR; } sshbuf_free(b); - *hashlen = ssh_digest_bytes(SSH_DIGEST_SHA1); + *hashlen = ssh_digest_bytes(hash_alg); #ifdef DEBUG_KEX dump_digest("hash", hash, *hashlen); #endif diff --git a/kexdhc.c b/kexdhc.c index af259f16a..ad3975f09 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.18 2015/01/26 06:10:03 djm Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.19 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -63,8 +63,15 @@ kexdh_client(struct ssh *ssh) kex->dh = dh_new_group1(); break; case KEX_DH_GRP14_SHA1: + case KEX_DH_GRP14_SHA256: kex->dh = dh_new_group14(); break; + case KEX_DH_GRP16_SHA512: + kex->dh = dh_new_group16(); + break; + case KEX_DH_GRP18_SHA512: + kex->dh = dh_new_group18(); + break; default: r = SSH_ERR_INVALID_ARGUMENT; goto out; @@ -164,6 +171,7 @@ input_kex_dh(int type, u_int32_t seq, void *ctxt) /* calc and verify H */ hashlen = sizeof(hash); if ((r = kex_dh_hash( + kex->hash_alg, kex->client_version_string, kex->server_version_string, sshbuf_ptr(kex->my), sshbuf_len(kex->my), diff --git a/kexdhs.c b/kexdhs.c index bf933e4c9..108f66427 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.23 2015/12/04 16:41:28 markus Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.24 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -63,8 +63,15 @@ kexdh_server(struct ssh *ssh) kex->dh = dh_new_group1(); break; case KEX_DH_GRP14_SHA1: + case KEX_DH_GRP14_SHA256: kex->dh = dh_new_group14(); break; + case KEX_DH_GRP16_SHA512: + kex->dh = dh_new_group16(); + break; + case KEX_DH_GRP18_SHA512: + kex->dh = dh_new_group18(); + break; default: r = SSH_ERR_INVALID_ARGUMENT; goto out; @@ -158,6 +165,7 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt) /* calc H */ hashlen = sizeof(hash); if ((r = kex_dh_hash( + kex->hash_alg, kex->client_version_string, kex->server_version_string, sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), diff --git a/monitor.c b/monitor.c index dce920c23..8b3c27a76 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.159 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.160 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1860,6 +1860,9 @@ monitor_apply_keystate(struct monitor *pmonitor) #ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; + kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; + kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; + kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC diff --git a/myproposal.h b/myproposal.h index bdd05966f..597090164 100644 --- a/myproposal.h +++ b/myproposal.h @@ -67,13 +67,18 @@ #endif #ifdef HAVE_EVP_SHA256 -# define KEX_SHA256_METHODS \ - "diffie-hellman-group-exchange-sha256," +# define KEX_SHA2_METHODS \ + "diffie-hellman-group-exchange-sha256," \ + "diffie-hellman-group16-sha512," \ + "diffie-hellman-group18-sha512," +# define KEX_SHA2_GROUP14 \ + "diffie-hellman-group14-sha256," #define SHA2_HMAC_MODES \ "hmac-sha2-256," \ "hmac-sha2-512," #else -# define KEX_SHA256_METHODS +# define KEX_SHA2_METHODS +# define KEX_SHA2_GROUP14 # define SHA2_HMAC_MODES #endif @@ -86,13 +91,15 @@ #define KEX_COMMON_KEX \ KEX_CURVE25519_METHODS \ KEX_ECDH_METHODS \ - KEX_SHA256_METHODS + KEX_SHA2_METHODS #define KEX_SERVER_KEX KEX_COMMON_KEX \ + KEX_SHA2_GROUP14 \ "diffie-hellman-group14-sha1" \ #define KEX_CLIENT_KEX KEX_COMMON_KEX \ "diffie-hellman-group-exchange-sha1," \ + KEX_SHA2_GROUP14 \ "diffie-hellman-group14-sha1" #define KEX_DEFAULT_PK_ALG \ diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 7fe61e4e1..c30d54e62 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.105 2016/02/15 09:47:49 dtucker Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.106 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -302,6 +302,9 @@ keygrab_ssh2(con *c) #ifdef WITH_OPENSSL c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; + c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; + c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; + c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC diff --git a/ssh_api.c b/ssh_api.c index f544f006b..acd0b83c1 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.5 2015/12/04 16:41:28 markus Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.6 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -103,6 +103,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) #ifdef WITH_OPENSSL ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; + ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; + ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; + ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC @@ -117,6 +120,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) #ifdef WITH_OPENSSL ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; + ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; + ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; + ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC diff --git a/sshconnect2.c b/sshconnect2.c index 1dddf75aa..945471f15 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.242 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.243 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -206,6 +206,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) #ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; + kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; + kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; + kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC diff --git a/sshd.c b/sshd.c index 8b8af2494..47e046e24 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.467 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.468 2016/05/02 10:26:04 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2637,6 +2637,9 @@ do_ssh2_kex(void) #ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; + kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; + kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; + kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC -- cgit v1.2.3 From 82f24c3ddc52053aeb7beb3332fa94c92014b0c5 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 23 May 2016 23:30:50 +0000 Subject: upstream commit prefer agent-hosted keys to keys from PKCS#11; ok markus Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4 --- sshconnect2.c | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) (limited to 'sshconnect2.c') diff --git a/sshconnect2.c b/sshconnect2.c index 945471f15..c0814e5bc 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.243 2016/05/02 10:26:04 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.244 2016/05/23 23:30:50 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1299,29 +1299,6 @@ pubkey_prepare(Authctxt *authctxt) id->userprovided = options.identity_file_userprovided[i]; TAILQ_INSERT_TAIL(&files, id, next); } - /* Prefer PKCS11 keys that are explicitly listed */ - TAILQ_FOREACH_SAFE(id, &files, next, tmp) { - if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0) - continue; - found = 0; - TAILQ_FOREACH(id2, &files, next) { - if (id2->key == NULL || - (id2->key->flags & SSHKEY_FLAG_EXT) == 0) - continue; - if (sshkey_equal(id->key, id2->key)) { - TAILQ_REMOVE(&files, id, next); - TAILQ_INSERT_TAIL(preferred, id, next); - found = 1; - break; - } - } - /* If IdentitiesOnly set and key not found then don't use it */ - if (!found && options.identities_only) { - TAILQ_REMOVE(&files, id, next); - explicit_bzero(id, sizeof(*id)); - free(id); - } - } /* list of certificates specified by user */ for (i = 0; i < options.num_certificate_files; i++) { key = options.certificates[i]; @@ -1380,6 +1357,29 @@ pubkey_prepare(Authctxt *authctxt) } authctxt->agent_fd = agent_fd; } + /* Prefer PKCS11 keys that are explicitly listed */ + TAILQ_FOREACH_SAFE(id, &files, next, tmp) { + if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0) + continue; + found = 0; + TAILQ_FOREACH(id2, &files, next) { + if (id2->key == NULL || + (id2->key->flags & SSHKEY_FLAG_EXT) == 0) + continue; + if (sshkey_equal(id->key, id2->key)) { + TAILQ_REMOVE(&files, id, next); + TAILQ_INSERT_TAIL(preferred, id, next); + found = 1; + break; + } + } + /* If IdentitiesOnly set and key not found then don't use it */ + if (!found && options.identities_only) { + TAILQ_REMOVE(&files, id, next); + explicit_bzero(id, sizeof(*id)); + free(id); + } + } /* append remaining keys from the config file */ for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) { TAILQ_REMOVE(&files, id, next); -- cgit v1.2.3 From 8c02e3639acefe1e447e293dbe23a0917abd3734 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Tue, 24 May 2016 04:43:45 +0000 Subject: upstream commit KNF compression proposal and simplify the client side a little. ok djm@ Upstream-ID: aa814b694efe9e5af8a26e4c80a05526ae6d6605 --- sshconnect2.c | 12 ++++-------- sshd.c | 7 ++++--- 2 files changed, 8 insertions(+), 11 deletions(-) (limited to 'sshconnect2.c') diff --git a/sshconnect2.c b/sshconnect2.c index c0814e5bc..3d3c7bf42 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.244 2016/05/23 23:30:50 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.245 2016/05/24 04:43:45 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -171,13 +171,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) compat_cipher_proposal(options.ciphers); myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(options.ciphers); - if (options.compression) { - myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none"; - } else { - myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib"; - } + myproposal[PROPOSAL_COMP_ALGS_CTOS] = + myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? + "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; if (options.hostkeyalgorithms != NULL) { diff --git a/sshd.c b/sshd.c index 0200691e8..799c7711f 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.469 2016/05/02 14:10:58 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.470 2016/05/24 04:43:45 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2617,10 +2617,11 @@ do_ssh2_kex(void) if (options.compression == COMP_NONE) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; + myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; } else if (options.compression == COMP_DELAYED) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com"; + myproposal[PROPOSAL_COMP_ALGS_STOC] = + "none,zlib@openssh.com"; } if (options.rekey_limit || options.rekey_interval) -- cgit v1.2.3 From 65c6c6b567ab5ab12945a5ad8e0ab3a8c26119cc Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 17 Jul 2016 04:20:16 +0000 Subject: upstream commit support UTF-8 characters in ssh(1) banners using schwarze@'s safe fmprintf printer; bz#2058 feedback schwarze@ ok dtucker@ Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7 --- ssh.c | 5 ++++- sshconnect2.c | 21 ++++++++------------- 2 files changed, 12 insertions(+), 14 deletions(-) (limited to 'sshconnect2.c') diff --git a/ssh.c b/ssh.c index 4e4ff610d..03a23fb6a 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.444 2016/07/16 06:57:55 jmc Exp $ */ +/* $OpenBSD: ssh.c,v 1.445 2016/07/17 04:20:16 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -67,6 +67,7 @@ #include #include #include +#include #include #include @@ -592,6 +593,8 @@ main(int ac, char **av) */ umask(022); + setlocale(LC_CTYPE, ""); + /* * Initialize option structure to indicate that no values have been * set. diff --git a/sshconnect2.c b/sshconnect2.c index 3d3c7bf42..6742a318c 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.245 2016/05/24 04:43:45 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.246 2016/07/17 04:20:16 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -71,6 +71,7 @@ #include "uidswap.h" #include "hostfile.h" #include "ssherr.h" +#include "utf8.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -495,21 +496,15 @@ input_userauth_error(int type, u_int32_t seq, void *ctxt) int input_userauth_banner(int type, u_int32_t seq, void *ctxt) { - char *msg, *raw, *lang; + char *msg, *lang; u_int len; - debug3("input_userauth_banner"); - raw = packet_get_string(&len); + debug3("%s", __func__); + msg = packet_get_string(&len); lang = packet_get_string(NULL); - if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) { - if (len > 65536) - len = 65536; - msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ - strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); - fprintf(stderr, "%s", msg); - free(msg); - } - free(raw); + if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) + fmprintf(stderr, "%s", msg); + free(msg); free(lang); return 0; } -- cgit v1.2.3 From 83cbca693c3b0719270e6a0f2efe3f9ee93a65b8 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 22 Jul 2016 05:46:11 +0000 Subject: upstream commit Lower loglevel for "Authenticated with partial success" message similar to other similar level. bz#2599, patch from cgallek at gmail.com, ok markus@ Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd --- sshconnect2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sshconnect2.c') diff --git a/sshconnect2.c b/sshconnect2.c index 6742a318c..fae8b0f2c 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.246 2016/07/17 04:20:16 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.247 2016/07/22 05:46:11 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -556,7 +556,7 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) packet_check_eom(); if (partial != 0) { - logit("Authenticated with partial success."); + verbose("Authenticated with partial success."); /* reset state */ pubkey_cleanup(authctxt); pubkey_prepare(authctxt); -- cgit v1.2.3