178 lines
5.9 KiB
Diff
178 lines
5.9 KiB
Diff
|
From 5618210618256bbf5f4f71b2887ff186fd451736 Mon Sep 17 00:00:00 2001
|
||
|
From: Damien Miller <djm@mindrot.org>
|
||
|
Date: Sun, 20 Apr 2014 13:44:47 +1000
|
||
|
Subject: [PATCH] - (djm) [bufaux.c compat.c compat.h sshconnect2.c sshd.c
|
||
|
version.h] OpenSSH 6.5 and 6.6 sometimes encode a value used in the
|
||
|
curve25519 key exchange incorrectly, causing connection failures about
|
||
|
0.2% of the time when this method is used against a peer that implements
|
||
|
the method properly.
|
||
|
|
||
|
Fix the problem and disable the curve25519 KEX when speaking to
|
||
|
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
|
||
|
to enable the compatability code.
|
||
|
---
|
||
|
ChangeLog | 11 +++++++++++
|
||
|
bufaux.c | 5 ++++-
|
||
|
compat.c | 17 ++++++++++++++++-
|
||
|
compat.h | 2 ++
|
||
|
sshconnect2.c | 2 ++
|
||
|
sshd.c | 3 +++
|
||
|
version.h | 2 +-
|
||
|
7 files changed, 39 insertions(+), 3 deletions(-)
|
||
|
|
||
|
diff --git a/ChangeLog b/ChangeLog
|
||
|
index 1603a07..928999d 100644
|
||
|
--- a/ChangeLog
|
||
|
+++ b/ChangeLog
|
||
|
@@ -1,13 +1,23 @@
|
||
|
20140420
|
||
|
- - djm@cvs.openbsd.org 2014/04/01 03:34:10
|
||
|
- [sshconnect.c]
|
||
|
- When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
|
||
|
- certificate keys to plain keys and attempt SSHFP resolution.
|
||
|
-
|
||
|
- Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
|
||
|
- dialog by offering only certificate keys.
|
||
|
-
|
||
|
- Reported by mcv21 AT cam.ac.uk
|
||
|
+ - (djm) [bufaux.c compat.c compat.h sshconnect2.c sshd.c version.h]
|
||
|
+ OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519
|
||
|
+ key exchange incorrectly, causing connection failures about 0.2% of
|
||
|
+ the time when this method is used against a peer that implements
|
||
|
+ the method properly.
|
||
|
+
|
||
|
+ Fix the problem and disable the curve25519 KEX when speaking to
|
||
|
+ OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
|
||
|
+ to enable the compatability code.
|
||
|
+
|
||
|
+ - djm@cvs.openbsd.org 2014/04/01 03:34:10
|
||
|
+ [sshconnect.c]
|
||
|
+ When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
|
||
|
+ certificate keys to plain keys and attempt SSHFP resolution.
|
||
|
+
|
||
|
+ Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
|
||
|
+ dialog by offering only certificate keys.
|
||
|
+
|
||
|
+ Reported by mcv21 AT cam.ac.uk
|
||
|
|
||
|
20140313
|
||
|
- (djm) Release OpenSSH 6.6
|
||
|
diff --git a/bufaux.c b/bufaux.c
|
||
|
index e24b5fc..f6a6f2a 100644
|
||
|
--- a/bufaux.c
|
||
|
+++ b/bufaux.c
|
||
|
@@ -1,4 +1,4 @@
|
||
|
-/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
|
||
|
+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
|
||
|
/*
|
||
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||
|
@@ -372,6 +372,9 @@ buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l)
|
||
|
|
||
|
if (l > 8 * 1024)
|
||
|
fatal("%s: length %u too long", __func__, l);
|
||
|
+ /* Skip leading zero bytes */
|
||
|
+ for (; l > 0 && *s == 0; l--, s++)
|
||
|
+ ;
|
||
|
p = buf = xmalloc(l + 1);
|
||
|
/*
|
||
|
* If most significant bit is set then prepend a zero byte to
|
||
|
diff --git a/compat.c b/compat.c
|
||
|
index 9d9fabe..2709dc5 100644
|
||
|
--- a/compat.c
|
||
|
+++ b/compat.c
|
||
|
@@ -95,6 +95,9 @@ compat_datafellows(const char *version)
|
||
|
{ "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
|
||
|
{ "OpenSSH_4*", 0 },
|
||
|
{ "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
|
||
|
+ { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH},
|
||
|
+ { "OpenSSH_6.5*,"
|
||
|
+ "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
|
||
|
{ "OpenSSH*", SSH_NEW_OPENSSH },
|
||
|
{ "*MindTerm*", 0 },
|
||
|
{ "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
||
|
@@ -251,7 +254,6 @@ compat_cipher_proposal(char *cipher_prop)
|
||
|
return cipher_prop;
|
||
|
}
|
||
|
|
||
|
-
|
||
|
char *
|
||
|
compat_pkalg_proposal(char *pkalg_prop)
|
||
|
{
|
||
|
@@ -265,3 +267,16 @@ compat_pkalg_proposal(char *pkalg_prop)
|
||
|
return pkalg_prop;
|
||
|
}
|
||
|
|
||
|
+char *
|
||
|
+compat_kex_proposal(char *kex_prop)
|
||
|
+{
|
||
|
+ if (!(datafellows & SSH_BUG_CURVE25519PAD))
|
||
|
+ return kex_prop;
|
||
|
+ debug2("%s: original KEX proposal: %s", __func__, kex_prop);
|
||
|
+ kex_prop = filter_proposal(kex_prop, "curve25519-sha256@libssh.org");
|
||
|
+ debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
|
||
|
+ if (*kex_prop == '\0')
|
||
|
+ fatal("No supported key exchange algorithms found");
|
||
|
+ return kex_prop;
|
||
|
+}
|
||
|
+
|
||
|
diff --git a/compat.h b/compat.h
|
||
|
index b174fa1..a6c3f3d 100644
|
||
|
--- a/compat.h
|
||
|
+++ b/compat.h
|
||
|
@@ -59,6 +59,7 @@
|
||
|
#define SSH_BUG_RFWD_ADDR 0x02000000
|
||
|
#define SSH_NEW_OPENSSH 0x04000000
|
||
|
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
|
||
|
+#define SSH_BUG_CURVE25519PAD 0x10000000
|
||
|
|
||
|
void enable_compat13(void);
|
||
|
void enable_compat20(void);
|
||
|
@@ -66,6 +67,7 @@ void compat_datafellows(const char *);
|
||
|
int proto_spec(const char *);
|
||
|
char *compat_cipher_proposal(char *);
|
||
|
char *compat_pkalg_proposal(char *);
|
||
|
+char *compat_kex_proposal(char *);
|
||
|
|
||
|
extern int compat13;
|
||
|
extern int compat20;
|
||
|
diff --git a/sshconnect2.c b/sshconnect2.c
|
||
|
index bb9292f..b00658b 100644
|
||
|
--- a/sshconnect2.c
|
||
|
+++ b/sshconnect2.c
|
||
|
@@ -220,6 +220,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
|
||
|
}
|
||
|
if (options.kex_algorithms != NULL)
|
||
|
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
|
||
|
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
|
||
|
+ myproposal[PROPOSAL_KEX_ALGS]);
|
||
|
|
||
|
#ifdef GSSAPI
|
||
|
/* If we've got GSSAPI algorithms, then we also support the
|
||
|
diff --git a/sshd.c b/sshd.c
|
||
|
index e4e406e..512c7ed 100644
|
||
|
--- a/sshd.c
|
||
|
+++ b/sshd.c
|
||
|
@@ -2488,6 +2488,9 @@ do_ssh2_kex(void)
|
||
|
if (options.kex_algorithms != NULL)
|
||
|
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
|
||
|
|
||
|
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
|
||
|
+ myproposal[PROPOSAL_KEX_ALGS]);
|
||
|
+
|
||
|
if (options.rekey_limit || options.rekey_interval)
|
||
|
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
|
||
|
(time_t)options.rekey_interval);
|
||
|
diff --git a/version.h b/version.h
|
||
|
index a1579ac..a33e77c 100644
|
||
|
--- a/version.h
|
||
|
+++ b/version.h
|
||
|
@@ -1,6 +1,6 @@
|
||
|
/* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */
|
||
|
|
||
|
-#define SSH_VERSION "OpenSSH_6.6"
|
||
|
+#define SSH_VERSION "OpenSSH_6.6.1"
|
||
|
|
||
|
#define SSH_PORTABLE "p1"
|
||
|
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
|