svn commit: r264690 - vendor-crypto/openssh/dist

Dag-Erling Smørgrav des at FreeBSD.org
Sun Apr 20 11:17:46 UTC 2014 

Author: des
Date: Sun Apr 20 11:17:44 2014
New Revision: 264690
URL: http://svnweb.freebsd.org/changeset/base/264690

Log:
  Apply upstream patch for EC calculation bug that breaks EC key exchange
  about one out of 512 times.

Modified:
  vendor-crypto/openssh/dist/bufaux.c
  vendor-crypto/openssh/dist/compat.c
  vendor-crypto/openssh/dist/compat.h
  vendor-crypto/openssh/dist/sshconnect2.c
  vendor-crypto/openssh/dist/sshd.c
  vendor-crypto/openssh/dist/version.h

Modified: vendor-crypto/openssh/dist/bufaux.c
==============================================================================
--- vendor-crypto/openssh/dist/bufaux.c	Sun Apr 20 09:17:48 2014	(r264689)
+++ vendor-crypto/openssh/dist/bufaux.c	Sun Apr 20 11:17:44 2014	(r264690)
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -372,6 +372,9 @@ buffer_put_bignum2_from_string(Buffer *b
 
 	if (l > 8 * 1024)
 		fatal("%s: length %u too long", __func__, l);
+	/* Skip leading zero bytes */
+	for (; l > 0 && *s == 0; l--, s++)
+		;
 	p = buf = xmalloc(l + 1);
 	/*
 	 * If most significant bit is set then prepend a zero byte to

Modified: vendor-crypto/openssh/dist/compat.c
==============================================================================
--- vendor-crypto/openssh/dist/compat.c	Sun Apr 20 09:17:48 2014	(r264689)
+++ vendor-crypto/openssh/dist/compat.c	Sun Apr 20 11:17:44 2014	(r264690)
@@ -95,6 +95,9 @@ compat_datafellows(const char *version)
 		{ "Sun_SSH_1.0*",	SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
 		{ "OpenSSH_4*",		0 },
 		{ "OpenSSH_5*",		SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
+		{ "OpenSSH_6.6.1*",	SSH_NEW_OPENSSH},
+		{ "OpenSSH_6.5*,"
+		  "OpenSSH_6.6*",	SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
 		{ "OpenSSH*",		SSH_NEW_OPENSSH },
 		{ "*MindTerm*",		0 },
 		{ "2.1.0*",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
@@ -251,7 +254,6 @@ compat_cipher_proposal(char *cipher_prop
 	return cipher_prop;
 }
 
-
 char *
 compat_pkalg_proposal(char *pkalg_prop)
 {
@@ -265,3 +267,16 @@ compat_pkalg_proposal(char *pkalg_prop)
 	return pkalg_prop;
 }
 
+char *
+compat_kex_proposal(char *kex_prop)
+{
+	if (!(datafellows & SSH_BUG_CURVE25519PAD))
+		return kex_prop;
+	debug2("%s: original KEX proposal: %s", __func__, kex_prop);
+	kex_prop = filter_proposal(kex_prop, "curve25519-sha256 at libssh.org");
+	debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
+	if (*kex_prop == '\0')
+		fatal("No supported key exchange algorithms found");
+	return kex_prop;
+}
+

Modified: vendor-crypto/openssh/dist/compat.h
==============================================================================
--- vendor-crypto/openssh/dist/compat.h	Sun Apr 20 09:17:48 2014	(r264689)
+++ vendor-crypto/openssh/dist/compat.h	Sun Apr 20 11:17:44 2014	(r264690)
@@ -59,6 +59,7 @@
 #define SSH_BUG_RFWD_ADDR	0x02000000
 #define SSH_NEW_OPENSSH		0x04000000
 #define SSH_BUG_DYNAMIC_RPORT	0x08000000
+#define SSH_BUG_CURVE25519PAD	0x10000000
 
 void     enable_compat13(void);
 void     enable_compat20(void);
@@ -66,6 +67,7 @@ void     compat_datafellows(const char *
 int	 proto_spec(const char *);
 char	*compat_cipher_proposal(char *);
 char	*compat_pkalg_proposal(char *);
+char	*compat_kex_proposal(char *);
 
 extern int compat13;
 extern int compat20;

Modified: vendor-crypto/openssh/dist/sshconnect2.c
==============================================================================
--- vendor-crypto/openssh/dist/sshconnect2.c	Sun Apr 20 09:17:48 2014	(r264689)
+++ vendor-crypto/openssh/dist/sshconnect2.c	Sun Apr 20 11:17:44 2014	(r264690)
@@ -195,6 +195,8 @@ ssh_kex2(char *host, struct sockaddr *ho
 	}
 	if (options.kex_algorithms != NULL)
 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+	    myproposal[PROPOSAL_KEX_ALGS]);
 
 	if (options.rekey_limit || options.rekey_interval)
 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,

Modified: vendor-crypto/openssh/dist/sshd.c
==============================================================================
--- vendor-crypto/openssh/dist/sshd.c	Sun Apr 20 09:17:48 2014	(r264689)
+++ vendor-crypto/openssh/dist/sshd.c	Sun Apr 20 11:17:44 2014	(r264690)
@@ -2462,6 +2462,9 @@ do_ssh2_kex(void)
 	if (options.kex_algorithms != NULL)
 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
 
+	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+	    myproposal[PROPOSAL_KEX_ALGS]);
+
 	if (options.rekey_limit || options.rekey_interval)
 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
 		    (time_t)options.rekey_interval);

Modified: vendor-crypto/openssh/dist/version.h
==============================================================================
--- vendor-crypto/openssh/dist/version.h	Sun Apr 20 09:17:48 2014	(r264689)
+++ vendor-crypto/openssh/dist/version.h	Sun Apr 20 11:17:44 2014	(r264690)
@@ -1,6 +1,6 @@
 /* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */
 
-#define SSH_VERSION	"OpenSSH_6.6"
+#define SSH_VERSION	"OpenSSH_6.6.1"
 
 #define SSH_PORTABLE	"p1"
 #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE

More information about the svn-src-all mailing list