[openssh] OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519 key exchange incorrectly, causin

plautrba plautrba at fedoraproject.org
Wed Jun 4 07:45:49 UTC 2014 

commit 44fb3c6aeb398514d5a35ffb3f06f23b0ee0e4e4
Author: Petr Lautrbach <plautrba at redhat.com>
Date:   Tue Jun 3 17:18:36 2014 +0200

    OpenSSH 6.5 and 6.6 sometimes encode a value used in the
    curve25519 key exchange incorrectly, causing connection failures
    about 0.2% of the time when this method is used against a peer that
    implements the method properly.
    
    Fix the problem and disable the curve25519 KEX when speaking to
    OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
    to enable the compatability code.
    
    openssh-6.6.1p1

 ...-5618210618256bbf5f4f71b2887ff186fd451736.patch |  177 ++++++++++++++++++++
 openssh.spec                                       |   12 +-
 2 files changed, 185 insertions(+), 4 deletions(-)
---
diff --git a/openssh-5618210618256bbf5f4f71b2887ff186fd451736.patch b/openssh-5618210618256bbf5f4f71b2887ff186fd451736.patch
new file mode 100644
index 0000000..44da114
--- /dev/null
+++ b/openssh-5618210618256bbf5f4f71b2887ff186fd451736.patch
@@ -0,0 +1,177 @@
+From 5618210618256bbf5f4f71b2887ff186fd451736 Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm at mindrot.org>
+Date: Sun, 20 Apr 2014 13:44:47 +1000
+Subject: [PATCH]  - (djm) [bufaux.c compat.c compat.h sshconnect2.c sshd.c
+ version.h]    OpenSSH 6.5 and 6.6 sometimes encode a value used in the
+ curve25519    key exchange incorrectly, causing connection failures about
+ 0.2% of    the time when this method is used against a peer that implements  
+  the method properly.
+
+   Fix the problem and disable the curve25519 KEX when speaking to
+   OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
+   to enable the compatability code.
+---
+ ChangeLog     | 11 +++++++++++
+ bufaux.c      |  5 ++++-
+ compat.c      | 17 ++++++++++++++++-
+ compat.h      |  2 ++
+ sshconnect2.c |  2 ++
+ sshd.c        |  3 +++
+ version.h     |  2 +-
+ 7 files changed, 39 insertions(+), 3 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 1603a07..928999d 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,13 +1,23 @@
+ 20140420
+-   - djm at cvs.openbsd.org 2014/04/01 03:34:10
+-     [sshconnect.c]
+-     When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
+-     certificate keys to plain keys and attempt SSHFP resolution.
+-     
+-     Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
+-     dialog by offering only certificate keys.
+-     
+-     Reported by mcv21 AT cam.ac.uk
++ - (djm) [bufaux.c compat.c compat.h sshconnect2.c sshd.c version.h]
++   OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519
++   key exchange incorrectly, causing connection failures about 0.2% of
++   the time when this method is used against a peer that implements
++   the method properly.
++
++   Fix the problem and disable the curve25519 KEX when speaking to
++   OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
++   to enable the compatability code.
++
++ - djm at cvs.openbsd.org 2014/04/01 03:34:10
++   [sshconnect.c]
++   When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
++   certificate keys to plain keys and attempt SSHFP resolution.
++   
++   Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
++   dialog by offering only certificate keys.
++   
++   Reported by mcv21 AT cam.ac.uk
+ 
+ 20140313
+  - (djm) Release OpenSSH 6.6
+diff --git a/bufaux.c b/bufaux.c
+index e24b5fc..f6a6f2a 100644
+--- a/bufaux.c
++++ b/bufaux.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
++/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
+ /*
+  * Author: Tatu Ylonen <ylo at cs.hut.fi>
+  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
+@@ -372,6 +372,9 @@ buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l)
+ 
+ 	if (l > 8 * 1024)
+ 		fatal("%s: length %u too long", __func__, l);
++	/* Skip leading zero bytes */
++	for (; l > 0 && *s == 0; l--, s++)
++		;
+ 	p = buf = xmalloc(l + 1);
+ 	/*
+ 	 * If most significant bit is set then prepend a zero byte to
+diff --git a/compat.c b/compat.c
+index 9d9fabe..2709dc5 100644
+--- a/compat.c
++++ b/compat.c
+@@ -95,6 +95,9 @@ compat_datafellows(const char *version)
+ 		{ "Sun_SSH_1.0*",	SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
+ 		{ "OpenSSH_4*",		0 },
+ 		{ "OpenSSH_5*",		SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
++		{ "OpenSSH_6.6.1*",	SSH_NEW_OPENSSH},
++		{ "OpenSSH_6.5*,"
++		  "OpenSSH_6.6*",	SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
+ 		{ "OpenSSH*",		SSH_NEW_OPENSSH },
+ 		{ "*MindTerm*",		0 },
+ 		{ "2.1.0*",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+@@ -251,7 +254,6 @@ compat_cipher_proposal(char *cipher_prop)
+ 	return cipher_prop;
+ }
+ 
+-
+ char *
+ compat_pkalg_proposal(char *pkalg_prop)
+ {
+@@ -265,3 +267,16 @@ compat_pkalg_proposal(char *pkalg_prop)
+ 	return pkalg_prop;
+ }
+ 
++char *
++compat_kex_proposal(char *kex_prop)
++{
++	if (!(datafellows & SSH_BUG_CURVE25519PAD))
++		return kex_prop;
++	debug2("%s: original KEX proposal: %s", __func__, kex_prop);
++	kex_prop = filter_proposal(kex_prop, "curve25519-sha256 at libssh.org");
++	debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
++	if (*kex_prop == '\0')
++		fatal("No supported key exchange algorithms found");
++	return kex_prop;
++}
++
+diff --git a/compat.h b/compat.h
+index b174fa1..a6c3f3d 100644
+--- a/compat.h
++++ b/compat.h
+@@ -59,6 +59,7 @@
+ #define SSH_BUG_RFWD_ADDR	0x02000000
+ #define SSH_NEW_OPENSSH		0x04000000
+ #define SSH_BUG_DYNAMIC_RPORT	0x08000000
++#define SSH_BUG_CURVE25519PAD	0x10000000
+ 
+ void     enable_compat13(void);
+ void     enable_compat20(void);
+@@ -66,6 +67,7 @@ void     compat_datafellows(const char *);
+ int	 proto_spec(const char *);
+ char	*compat_cipher_proposal(char *);
+ char	*compat_pkalg_proposal(char *);
++char	*compat_kex_proposal(char *);
+ 
+ extern int compat13;
+ extern int compat20;
+diff --git a/sshconnect2.c b/sshconnect2.c
+index bb9292f..b00658b 100644
+--- a/sshconnect2.c
++++ b/sshconnect2.c
+@@ -220,6 +220,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
+ 	}
+ 	if (options.kex_algorithms != NULL)
+ 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
++	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
++	    myproposal[PROPOSAL_KEX_ALGS]);
+ 
+ #ifdef GSSAPI
+ 	/* If we've got GSSAPI algorithms, then we also support the
+diff --git a/sshd.c b/sshd.c
+index e4e406e..512c7ed 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -2488,6 +2488,9 @@ do_ssh2_kex(void)
+ 	if (options.kex_algorithms != NULL)
+ 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+ 
++	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
++	    myproposal[PROPOSAL_KEX_ALGS]);
++
+ 	if (options.rekey_limit || options.rekey_interval)
+ 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
+ 		    (time_t)options.rekey_interval);
+diff --git a/version.h b/version.h
+index a1579ac..a33e77c 100644
+--- a/version.h
++++ b/version.h
+@@ -1,6 +1,6 @@
+ /* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */
+ 
+-#define SSH_VERSION	"OpenSSH_6.6"
++#define SSH_VERSION	"OpenSSH_6.6.1"
+ 
+ #define SSH_PORTABLE	"p1"
+ #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
diff --git a/openssh.spec b/openssh.spec
index 1bb4cf5..76a61a7 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -63,7 +63,7 @@
 %endif
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
-%define openssh_ver 6.6p1
+%define openssh_ver 6.6.1p1
 %define openssh_rel 1
 %define pam_ssh_agent_ver 0.9.3
 %define pam_ssh_agent_rel 2
@@ -74,7 +74,8 @@ Version: %{openssh_ver}
 Release: %{openssh_rel}%{?dist}%{?rescue_rel}
 URL: http://www.openssh.com/portable.html
 #URL1: http://pamsshagentauth.sourceforge.net
-Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
+# Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
+Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.6p1.tar.gz
 #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
 Source2: sshd.pam
 Source3: sshd.init
@@ -191,7 +192,9 @@ Patch907: openssh-6.4p1-CLOCK_BOOTTIME.patch
 # Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
 # dialog by offering only certificate keys. (#1081338)
 Patch908: openssh-6.6p1-CVE-2014-2653.patch
-
+# OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519 key exchange incorrectly
+# Disable the curve25519 KEX when speaking to OpenSSH 6.5 or 6.6
+Patch909: openssh-5618210618256bbf5f4f71b2887ff186fd451736.patch
 
 License: BSD
 Group: Applications/Internet
@@ -348,7 +351,7 @@ remote ssh-agent instance.
 The module is most useful for su and sudo service stacks.
 
 %prep
-%setup -q -a 4
+%setup -q -a 4 -n openssh-6.6p1
 #Do not enable by default
 %if 0
 %patch0 -p1 -b .wIm
@@ -419,6 +422,7 @@ popd
 %patch906 -p1 -b .fromto-remote
 %patch907 -p1 -b .CLOCK_BOOTTIME
 %patch908 -p1 -b .CVE-2014-2653
+%patch909 -p1 -b .6.6.1
 
 %if 0
 # Nothing here yet

More information about the scm-commits mailing list