[openssh/private-master-vanilla] backport fix of curve25519-sha256 at libssh.org issue openssh-6.6.1p1
plautrba
plautrba at fedoraproject.org
Wed May 14 12:45:29 UTC 2014
commit ae736694aab201c3e69fb675618891aef74341dc
Author: Petr Lautrbach <plautrba at redhat.com>
Date: Wed May 14 14:45:14 2014 +0200
backport fix of curve25519-sha256 at libssh.org issue
openssh-6.6.1p1
...-5618210618256bbf5f4f71b2887ff186fd451736.patch | 162 ++++++++++++++++++++
openssh.spec | 13 ++-
2 files changed, 172 insertions(+), 3 deletions(-)
---
diff --git a/openssh-5618210618256bbf5f4f71b2887ff186fd451736.patch b/openssh-5618210618256bbf5f4f71b2887ff186fd451736.patch
new file mode 100644
index 0000000..ff29907
--- /dev/null
+++ b/openssh-5618210618256bbf5f4f71b2887ff186fd451736.patch
@@ -0,0 +1,162 @@
+From 5618210618256bbf5f4f71b2887ff186fd451736 Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm at mindrot.org>
+Date: Sun, 20 Apr 2014 13:44:47 +1000
+Subject: [PATCH] - (djm) [bufaux.c compat.c compat.h sshconnect2.c sshd.c
+ version.h] OpenSSH 6.5 and 6.6 sometimes encode a value used in the
+ curve25519 key exchange incorrectly, causing connection failures about
+ 0.2% of the time when this method is used against a peer that implements
+ the method properly.
+
+ Fix the problem and disable the curve25519 KEX when speaking to
+ OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
+ to enable the compatability code.
+---
+ ChangeLog | 11 +++++++++++
+ bufaux.c | 5 ++++-
+ compat.c | 17 ++++++++++++++++-
+ compat.h | 2 ++
+ sshconnect2.c | 2 ++
+ sshd.c | 3 +++
+ version.h | 2 +-
+ 7 files changed, 39 insertions(+), 3 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 9c59cc4..60f181a 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,14 @@
++20140420
++ - (djm) [bufaux.c compat.c compat.h sshconnect2.c sshd.c version.h]
++ OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519
++ key exchange incorrectly, causing connection failures about 0.2% of
++ the time when this method is used against a peer that implements
++ the method properly.
++
++ Fix the problem and disable the curve25519 KEX when speaking to
++ OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
++ to enable the compatability code.
++
+ 20140313
+ - (djm) Release OpenSSH 6.6
+
+diff --git a/bufaux.c b/bufaux.c
+index e24b5fc..f6a6f2a 100644
+--- a/bufaux.c
++++ b/bufaux.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
++/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
+ /*
+ * Author: Tatu Ylonen <ylo at cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
+@@ -372,6 +372,9 @@ buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l)
+
+ if (l > 8 * 1024)
+ fatal("%s: length %u too long", __func__, l);
++ /* Skip leading zero bytes */
++ for (; l > 0 && *s == 0; l--, s++)
++ ;
+ p = buf = xmalloc(l + 1);
+ /*
+ * If most significant bit is set then prepend a zero byte to
+diff --git a/compat.c b/compat.c
+index 9d9fabe..2709dc5 100644
+--- a/compat.c
++++ b/compat.c
+@@ -95,6 +95,9 @@ compat_datafellows(const char *version)
+ { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
+ { "OpenSSH_4*", 0 },
+ { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
++ { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH},
++ { "OpenSSH_6.5*,"
++ "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
+ { "OpenSSH*", SSH_NEW_OPENSSH },
+ { "*MindTerm*", 0 },
+ { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+@@ -251,7 +254,6 @@ compat_cipher_proposal(char *cipher_prop)
+ return cipher_prop;
+ }
+
+-
+ char *
+ compat_pkalg_proposal(char *pkalg_prop)
+ {
+@@ -265,3 +267,16 @@ compat_pkalg_proposal(char *pkalg_prop)
+ return pkalg_prop;
+ }
+
++char *
++compat_kex_proposal(char *kex_prop)
++{
++ if (!(datafellows & SSH_BUG_CURVE25519PAD))
++ return kex_prop;
++ debug2("%s: original KEX proposal: %s", __func__, kex_prop);
++ kex_prop = filter_proposal(kex_prop, "curve25519-sha256 at libssh.org");
++ debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
++ if (*kex_prop == '\0')
++ fatal("No supported key exchange algorithms found");
++ return kex_prop;
++}
++
+diff --git a/compat.h b/compat.h
+index b174fa1..a6c3f3d 100644
+--- a/compat.h
++++ b/compat.h
+@@ -59,6 +59,7 @@
+ #define SSH_BUG_RFWD_ADDR 0x02000000
+ #define SSH_NEW_OPENSSH 0x04000000
+ #define SSH_BUG_DYNAMIC_RPORT 0x08000000
++#define SSH_BUG_CURVE25519PAD 0x10000000
+
+ void enable_compat13(void);
+ void enable_compat20(void);
+@@ -66,6 +67,7 @@ void compat_datafellows(const char *);
+ int proto_spec(const char *);
+ char *compat_cipher_proposal(char *);
+ char *compat_pkalg_proposal(char *);
++char *compat_kex_proposal(char *);
+
+ extern int compat13;
+ extern int compat20;
+diff --git a/sshconnect2.c b/sshconnect2.c
+index 7f4ff41..ec3ad6a 100644
+--- a/sshconnect2.c
++++ b/sshconnect2.c
+@@ -195,6 +195,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
+ }
+ if (options.kex_algorithms != NULL)
+ myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
++ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
++ myproposal[PROPOSAL_KEX_ALGS]);
+
+ if (options.rekey_limit || options.rekey_interval)
+ packet_set_rekey_limits((u_int32_t)options.rekey_limit,
+diff --git a/sshd.c b/sshd.c
+index 7523de9..e9084b7 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -2462,6 +2462,9 @@ do_ssh2_kex(void)
+ if (options.kex_algorithms != NULL)
+ myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+
++ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
++ myproposal[PROPOSAL_KEX_ALGS]);
++
+ if (options.rekey_limit || options.rekey_interval)
+ packet_set_rekey_limits((u_int32_t)options.rekey_limit,
+ (time_t)options.rekey_interval);
+diff --git a/version.h b/version.h
+index a1579ac..a33e77c 100644
+--- a/version.h
++++ b/version.h
+@@ -1,6 +1,6 @@
+ /* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */
+
+-#define SSH_VERSION "OpenSSH_6.6"
++#define SSH_VERSION "OpenSSH_6.6.1"
+
+ #define SSH_PORTABLE "p1"
+ #define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+--
+1.8.3.1
+
diff --git a/openssh.spec b/openssh.spec
index 8be81a3..205ef05 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -15,7 +15,7 @@
# rpm -ba|--rebuild --define 'skip_xxx 1'
%{?skip_gnome_askpass:%global no_gnome_askpass 1}
-%define openssh_ver 6.6p1
+%define openssh_ver 6.6.1p1
%define openssh_rel 1
Summary: An open source implementation of SSH protocol versions 1 and 2
@@ -24,7 +24,8 @@ Version: %{openssh_ver}
Release: %{openssh_rel}%{?dist}
URL: http://www.openssh.com/portable.html
#URL1: http://pamsshagentauth.sourceforge.net
-Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
+#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
+Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.6p1.tar.gz
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
Source2: sshd.pam
Source3: sshd.init
@@ -37,6 +38,8 @@ Source12: sshd-keygen.service
Source13: sshd-keygen
Source14: sshd_config
+Patch1: openssh-5618210618256bbf5f4f71b2887ff186fd451736.patch
+
License: BSD
Group: Applications/Internet
Requires: /sbin/nologin
@@ -140,7 +143,8 @@ into and executing commands on a remote machine. This package contains
an X11 passphrase dialog for OpenSSH.
%prep
-%setup -q
+%setup -q -n openssh-6.6p1
+%patch1 -p1 -b .curve25519-sha256-bug
%build
# the -fvisibility=hidden is needed for clean build of the pam_ssh_agent_auth
@@ -386,6 +390,9 @@ getent passwd sshd >/dev/null || \
%endif
%changelog
+* Wed May 14 2014 Petr Lautrbach <plautrba at redhat.com> 6.6.1p1-1
+- backport fix of curve25519-sha256 at libssh.org issue
+
* Tue Apr 08 2014 Petr Lautrbach <plautrba at redhat.com> 6.6p1-1
- new upstream release - vanilla version without Fedora patches
More information about the scm-commits
mailing list