From b9cd944358d375e4e14eeea3fa25172730e5c4b8 Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: May 20 2019 06:38:52 +0000 Subject: Based on openssh-8.0p1-2.fc30 --- diff --git a/gsi-openssh.spec b/gsi-openssh.spec index f157605..5e17ca0 100644 --- a/gsi-openssh.spec +++ b/gsi-openssh.spec @@ -31,7 +31,7 @@ %global ldap 1 %global openssh_ver 8.0p1 -%global openssh_rel 1 +%global openssh_rel 2 Summary: An implementation of the SSH protocol with GSI authentication Name: gsi-openssh @@ -56,9 +56,6 @@ Source99: README.sshd-and-gsisshd #https://bugzilla.mindrot.org/show_bug.cgi?id=2581 Patch100: openssh-6.7p1-coverity.patch -#https://bugzilla.mindrot.org/show_bug.cgi?id=1894 -#https://bugzilla.redhat.com/show_bug.cgi?id=735889 -#Patch102: openssh-5.8p1-getaddrinfo.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1402 # https://bugzilla.redhat.com/show_bug.cgi?id=1171248 @@ -155,6 +152,15 @@ Patch953: openssh-7.8p1-scp-ipv6.patch Patch958: openssh-7.9p1-ssh-copy-id.patch # Update cached passwd structure after PAM authentication (#1674541) Patch960: openssh-7.9p1-updated-cached-pw.patch +# Verify the SCP vulnerabilities are fixed in the package testsuite +# https://bugzilla.mindrot.org/show_bug.cgi?id=3007 +Patch961: openssh-8.0p1-scp-tests.patch +# Mention crypto-policies in manual pages (#1668325) +Patch962: openssh-8.0p1-crypto-policies.patch +# Use OpenSSL high-level API to produce and verify signatures (#1707485) +Patch963: openssh-8.0p1-openssl-evp.patch +# Use OpenSSL KDF (#1631761) +Patch964: openssh-8.0p1-openssl-kdf.patch # This is the patch that adds GSI support # Based on hpn_isshd-gsi.7.5p1b.patch from Globus upstream @@ -257,8 +263,6 @@ This version of OpenSSH has been modified to support GSI authentication. gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0} %setup -q -n openssh-%{version} -# investigate %%patch102 -p1 -b .getaddrinfo - %patch400 -p1 -b .role-mls %patch404 -p1 -b .privsep-selinux @@ -304,6 +308,10 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0} %patch953 -p1 -b .scp-ipv6 %patch958 -p1 -b .ssh-copy-id %patch960 -p1 -b .update-pw +%patch961 -p1 -b .scp-tests +%patch962 -p1 -b .crypto-policies +%patch963 -p1 -b .openssl-evp +%patch964 -p1 -b .openssl-kdf %patch200 -p1 -b .audit %patch201 -p1 -b .audit-race @@ -515,7 +523,10 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_tmpfilesdir}/gsissh.conf %changelog -* Fri May 3 2019 Mattias Ellert - 8.0p1-1 +* Mon May 20 2019 Mattias Ellert - 8.0p1-2 +- Based on openssh-8.0p1-2.fc30 + +* Fri May 03 2019 Mattias Ellert - 8.0p1-1 - Based on openssh-8.0p1-1.fc30 * Fri Mar 22 2019 Mattias Ellert - 7.9p1-7 diff --git a/openssh-5.8p1-getaddrinfo.patch b/openssh-5.8p1-getaddrinfo.patch deleted file mode 100644 index 76deaef..0000000 --- a/openssh-5.8p1-getaddrinfo.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up openssh-5.6p1/channels.c.getaddrinfo openssh-5.6p1/channels.c ---- openssh-5.6p1/channels.c.getaddrinfo 2012-02-14 16:12:54.427852524 +0100 -+++ openssh-5.6p1/channels.c 2012-02-14 16:13:22.818928690 +0100 -@@ -3275,6 +3275,9 @@ x11_create_display_inet(int x11_display_ - memset(&hints, 0, sizeof(hints)); - hints.ai_family = IPv4or6; - hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE; -+#ifdef AI_ADDRCONFIG -+ hints.ai_flags |= AI_ADDRCONFIG; -+#endif - hints.ai_socktype = SOCK_STREAM; - snprintf(strport, sizeof strport, "%d", port); - if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) { -diff -up openssh-5.6p1/sshconnect.c.getaddrinfo openssh-5.6p1/sshconnect.c ---- openssh-5.6p1/sshconnect.c.getaddrinfo 2012-02-14 16:09:25.057964291 +0100 -+++ openssh-5.6p1/sshconnect.c 2012-02-14 16:09:25.106047007 +0100 -@@ -343,6 +343,7 @@ ssh_connect(const char *host, struct soc - memset(&hints, 0, sizeof(hints)); - hints.ai_family = family; - hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_V4MAPPED | AI_ADDRCONFIG; - snprintf(strport, sizeof strport, "%u", port); - if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) - fatal("%s: Could not resolve hostname %.100s: %s", __progname, diff --git a/openssh-7.7p1-fips.patch b/openssh-7.7p1-fips.patch index 14cf5c3..f28b943 100644 --- a/openssh-7.7p1-fips.patch +++ b/openssh-7.7p1-fips.patch @@ -1,67 +1,3 @@ -diff -up openssh-7.9p1/cipher.c.fips openssh-7.9p1/cipher.c ---- openssh-7.9p1/cipher.c.fips 2019-03-11 17:06:37.614877975 +0100 -+++ openssh-7.9p1/cipher.c 2019-03-11 17:06:37.620878031 +0100 -@@ -39,6 +39,8 @@ - - #include - -+#include -+ - #include - #include - #include -@@ -92,6 +94,33 @@ static const struct sshcipher ciphers[] - { NULL, 0, 0, 0, 0, 0, NULL } - }; - -+static const struct sshcipher fips_ciphers[] = { -+#ifdef WITH_OPENSSL -+ { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc }, -+ { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc }, -+ { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc }, -+ { "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc }, -+ { "rijndael-cbc@lysator.liu.se", -+ 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc }, -+ { "aes128-ctr", 16, 16, 0, 0, 0, EVP_aes_128_ctr }, -+ { "aes192-ctr", 16, 24, 0, 0, 0, EVP_aes_192_ctr }, -+ { "aes256-ctr", 16, 32, 0, 0, 0, EVP_aes_256_ctr }, -+# ifdef OPENSSL_HAVE_EVPGCM -+ { "aes128-gcm@openssh.com", -+ 16, 16, 12, 16, 0, EVP_aes_128_gcm }, -+ { "aes256-gcm@openssh.com", -+ 16, 32, 12, 16, 0, EVP_aes_256_gcm }, -+# endif /* OPENSSL_HAVE_EVPGCM */ -+#else -+ { "aes128-ctr", 16, 16, 0, 0, CFLAG_AESCTR, NULL }, -+ { "aes192-ctr", 16, 24, 0, 0, CFLAG_AESCTR, NULL }, -+ { "aes256-ctr", 16, 32, 0, 0, CFLAG_AESCTR, NULL }, -+#endif -+ { "none", 8, 0, 0, 0, CFLAG_NONE, NULL }, -+ -+ { NULL, 0, 0, 0, 0, 0, NULL } -+}; -+ - /*--*/ - - /* Returns a comma-separated list of supported ciphers. */ -@@ -102,7 +131,7 @@ cipher_alg_list(char sep, int auth_only) - size_t nlen, rlen = 0; - const struct sshcipher *c; - -- for (c = ciphers; c->name != NULL; c++) { -+ for (c = FIPS_mode() ? fips_ciphers : ciphers; c->name != NULL; c++) { - if ((c->flags & CFLAG_INTERNAL) != 0) - continue; - if (auth_only && c->auth_len == 0) -@@ -174,7 +203,7 @@ const struct sshcipher * - cipher_by_name(const char *name) - { - const struct sshcipher *c; -- for (c = ciphers; c->name != NULL; c++) -+ for (c = FIPS_mode() ? fips_ciphers : ciphers; c->name != NULL; c++) - if (strcmp(c->name, name) == 0) - return c; - return NULL; diff -up openssh-7.9p1/cipher-ctr.c.fips openssh-7.9p1/cipher-ctr.c --- openssh-7.9p1/cipher-ctr.c.fips 2019-03-11 17:06:37.519877082 +0100 +++ openssh-7.9p1/cipher-ctr.c 2019-03-11 17:06:37.620878031 +0100 @@ -154,75 +90,9 @@ diff -up openssh-7.9p1/dh.h.fips openssh-7.9p1/dh.h u_int dh_estimate(int); -diff -up openssh-7.9p1/entropy.c.fips openssh-7.9p1/entropy.c ---- openssh-7.9p1/entropy.c.fips 2018-10-17 02:01:20.000000000 +0200 -+++ openssh-7.9p1/entropy.c 2019-03-11 17:06:37.621878041 +0100 -@@ -223,6 +223,11 @@ seed_rng(void) - "have %lx", (u_long)OPENSSL_VERSION_NUMBER, - OpenSSL_version_num()); - -+ /* clean the PRNG status when exiting the program */ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ atexit(RAND_cleanup); -+#endif -+ - #ifndef OPENSSL_PRNG_ONLY - if (RAND_status() == 1) - debug3("RNG is ready, skipping seeding"); diff -up openssh-7.9p1/kex.c.fips openssh-7.9p1/kex.c --- openssh-7.9p1/kex.c.fips 2019-03-11 17:06:37.614877975 +0100 +++ openssh-7.9p1/kex.c 2019-03-11 17:06:37.621878041 +0100 -@@ -122,6 +123,26 @@ static const struct kexalg kexalgs[] = { - { NULL, -1, -1, -1 }, - }; - -+static const struct kexalg kexalgs_fips[] = { -+ { KEX_DH14_SHA256, KEX_DH_GRP14_SHA256, 0, SSH_DIGEST_SHA256 }, -+ { KEX_DH16_SHA512, KEX_DH_GRP16_SHA512, 0, SSH_DIGEST_SHA512 }, -+ { KEX_DH18_SHA512, KEX_DH_GRP18_SHA512, 0, SSH_DIGEST_SHA512 }, -+#ifdef HAVE_EVP_SHA256 -+ { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, -+#endif -+#ifdef OPENSSL_HAS_ECC -+ { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, -+ NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, -+ { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, -+ SSH_DIGEST_SHA384 }, -+# ifdef OPENSSL_HAS_NISTP521 -+ { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, -+ SSH_DIGEST_SHA512 }, -+# endif -+#endif -+ { NULL, -1, -1, -1 }, -+}; -+ - static char * - kex_alg_list_internal(char sep, const struct kexalg *algs) - { -@@ -129,7 +150,7 @@ kex_alg_list(char sep) - char * - kex_alg_list(char sep) - { -- return kex_alg_list_internal(sep, kexalgs); -+ return kex_alg_list_internal(sep, (FIPS_mode() ? kexalgs_fips : kexalgs)); - } - - char * -@@ -149,11 +170,11 @@ kex_alg_by_name(const char *name) - { - const struct kexalg *k; - -- for (k = kexalgs; k->name != NULL; k++) { -+ for (k = (FIPS_mode() ? kexalgs_fips : kexalgs); k->name != NULL; k++) { - if (strcmp(k->name, name) == 0) - return k; - } -- for (k = gss_kexalgs; k->name != NULL; k++) { -+ for (k = (FIPS_mode() ? NULL : gss_kexalgs); k->name != NULL; k++) { - if (strncmp(k->name, name, strlen(k->name)) == 0) - return k; - } - return NULL; @@ -175,7 +196,10 @@ kex_names_valid(const char *names) for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { @@ -257,70 +127,6 @@ diff -up openssh-7.9p1/kexgexc.c.fips openssh-7.9p1/kexgexc.c p = g = NULL; /* belong to kex->dh now */ /* generate and send 'e', client DH public key */ -diff -up openssh-7.9p1/mac.c.fips openssh-7.9p1/mac.c ---- openssh-7.9p1/mac.c.fips 2019-03-11 17:06:37.614877975 +0100 -+++ openssh-7.9p1/mac.c 2019-03-11 17:06:37.621878041 +0100 -@@ -27,6 +27,8 @@ - - #include - -+#include -+ - #include - #include - #include -@@ -54,7 +56,7 @@ struct macalg { - int etm; /* Encrypt-then-MAC */ - }; - --static const struct macalg macs[] = { -+static const struct macalg all_macs[] = { - /* Encrypt-and-MAC (encrypt-and-authenticate) variants */ - { "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 }, - { "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 }, -@@ -82,6 +84,24 @@ static const struct macalg macs[] = { - { NULL, 0, 0, 0, 0, 0, 0 } - }; - -+static const struct macalg fips_macs[] = { -+ /* Encrypt-and-MAC (encrypt-and-authenticate) variants */ -+ { "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 }, -+#ifdef HAVE_EVP_SHA256 -+ { "hmac-sha2-256", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 }, -+ { "hmac-sha2-512", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 }, -+#endif -+ -+ /* Encrypt-then-MAC variants */ -+ { "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 }, -+#ifdef HAVE_EVP_SHA256 -+ { "hmac-sha2-256-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 }, -+ { "hmac-sha2-512-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 }, -+#endif -+ -+ { NULL, 0, 0, 0, 0, 0, 0 } -+}; -+ - /* Returns a list of supported MACs separated by the specified char. */ - char * - mac_alg_list(char sep) -@@ -90,7 +110,7 @@ mac_alg_list(char sep) - size_t nlen, rlen = 0; - const struct macalg *m; - -- for (m = macs; m->name != NULL; m++) { -+ for (m = FIPS_mode() ? fips_macs : all_macs; m->name != NULL; m++) { - if (ret != NULL) - ret[rlen++] = sep; - nlen = strlen(m->name); -@@ -129,7 +149,7 @@ mac_setup(struct sshmac *mac, char *name - { - const struct macalg *m; - -- for (m = macs; m->name != NULL; m++) { -+ for (m = FIPS_mode() ? fips_macs : all_macs; m->name != NULL; m++) { - if (strcmp(name, m->name) != 0) - continue; - if (mac != NULL) diff -up openssh-7.9p1/Makefile.in.fips openssh-7.9p1/Makefile.in --- openssh-7.9p1/Makefile.in.fips 2019-03-11 17:06:37.615877984 +0100 +++ openssh-7.9p1/Makefile.in 2019-03-11 17:06:37.621878041 +0100 diff --git a/openssh-8.0p1-crypto-policies.patch b/openssh-8.0p1-crypto-policies.patch new file mode 100644 index 0000000..8a63501 --- /dev/null +++ b/openssh-8.0p1-crypto-policies.patch @@ -0,0 +1,210 @@ +diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5 +--- openssh-8.0p1/ssh_config.5.crypto-policies 2019-05-13 14:04:01.999099570 +0200 ++++ openssh-8.0p1/ssh_config.5 2019-05-13 14:12:36.343923071 +0200 +@@ -445,12 +445,10 @@ aes256-gcm@openssh.com + chacha20-poly1305@openssh.com + .Ed + .Pp +-The default is: +-.Bd -literal -offset indent +-chacha20-poly1305@openssh.com, +-aes128-ctr,aes192-ctr,aes256-ctr, +-aes128-gcm@openssh.com,aes256-gcm@openssh.com +-.Ed ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the defaults and how to modifuy this default, see manual page ++.Xr update-crypto-policies 8 . + .Pp + The list of available ciphers may also be obtained using + .Qq ssh -Q cipher . +@@ -812,8 +810,10 @@ gss-nistp256-sha256-, + gss-curve25519-sha256- + .Ed + .Pp +-The default is +-.Dq gss-gex-sha1-,gss-group14-sha1- . ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the defaults and how to modifuy this default, see manual page ++.Xr update-crypto-policies 8 . + This option only applies to protocol version 2 connections using GSSAPI. + .It Cm HashKnownHosts + Indicates that +@@ -1123,16 +1123,10 @@ If the specified value begins with a + .Sq - + character, then the specified methods (including wildcards) will be removed + from the default set instead of replacing them. +-The default is: +-.Bd -literal -offset indent +-curve25519-sha256,curve25519-sha256@libssh.org, +-ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, +-diffie-hellman-group-exchange-sha256, +-diffie-hellman-group16-sha512, +-diffie-hellman-group18-sha512, +-diffie-hellman-group14-sha256, +-diffie-hellman-group14-sha1 +-.Ed ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the defaults and how to modifuy this default, see manual page ++.Xr update-crypto-policies 8 . + .Pp + The list of available key exchange algorithms may also be obtained using + .Qq ssh -Q kex . +@@ -1210,14 +1204,10 @@ The algorithms that contain + calculate the MAC after encryption (encrypt-then-mac). + These are considered safer and their use recommended. + .Pp +-The default is: +-.Bd -literal -offset indent +-umac-64-etm@openssh.com,umac-128-etm@openssh.com, +-hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, +-hmac-sha1-etm@openssh.com, +-umac-64@openssh.com,umac-128@openssh.com, +-hmac-sha2-256,hmac-sha2-512,hmac-sha1 +-.Ed ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the defaults and how to modifuy this default, see manual page ++.Xr update-crypto-policies 8 . + .Pp + The list of available MAC algorithms may also be obtained using + .Qq ssh -Q mac . +@@ -1361,17 +1351,10 @@ If the specified value begins with a + .Sq - + character, then the specified key types (including wildcards) will be removed + from the default set instead of replacing them. +-The default for this option is: +-.Bd -literal -offset 3n +-ecdsa-sha2-nistp256-cert-v01@openssh.com, +-ecdsa-sha2-nistp384-cert-v01@openssh.com, +-ecdsa-sha2-nistp521-cert-v01@openssh.com, +-ssh-ed25519-cert-v01@openssh.com, +-rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, +-ssh-rsa-cert-v01@openssh.com, +-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa +-.Ed ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the defaults and how to modifuy this default, see manual page ++.Xr update-crypto-policies 8 . + .Pp + The list of available key types may also be obtained using + .Qq ssh -Q key . +diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5 +--- openssh-8.0p1/sshd_config.5.crypto-policies 2019-05-13 14:12:41.226968863 +0200 ++++ openssh-8.0p1/sshd_config.5 2019-05-13 14:15:14.581406997 +0200 +@@ -490,12 +490,10 @@ aes256-gcm@openssh.com + chacha20-poly1305@openssh.com + .El + .Pp +-The default is: +-.Bd -literal -offset indent +-chacha20-poly1305@openssh.com, +-aes128-ctr,aes192-ctr,aes256-ctr, +-aes128-gcm@openssh.com,aes256-gcm@openssh.com +-.Ed ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the defaults and how to modifuy this default, see manual page ++.Xr update-crypto-policies 8 . + .Pp + The list of available ciphers may also be obtained using + .Qq ssh -Q cipher . +@@ -700,8 +698,10 @@ gss-nistp256-sha256-, + gss-curve25519-sha256- + .Ed + .Pp +-The default is +-.Dq gss-gex-sha1-,gss-group14-sha1- . ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the defaults and how to modifuy this default, see manual page ++.Xr update-crypto-policies 8 . + This option only applies to protocol version 2 connections using GSSAPI. + .It Cm HostbasedAcceptedKeyTypes + Specifies the key types that will be accepted for hostbased authentication +@@ -792,17 +792,10 @@ environment variable. + .It Cm HostKeyAlgorithms + Specifies the host key algorithms + that the server offers. +-The default for this option is: +-.Bd -literal -offset 3n +-ecdsa-sha2-nistp256-cert-v01@openssh.com, +-ecdsa-sha2-nistp384-cert-v01@openssh.com, +-ecdsa-sha2-nistp521-cert-v01@openssh.com, +-ssh-ed25519-cert-v01@openssh.com, +-rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, +-ssh-rsa-cert-v01@openssh.com, +-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa +-.Ed ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the defaults and how to modifuy this default, see manual page ++.Xr update-crypto-policies 8 . + .Pp + The list of available key types may also be obtained using + .Qq ssh -Q key . +@@ -960,14 +953,10 @@ ecdh-sha2-nistp384 + ecdh-sha2-nistp521 + .El + .Pp +-The default is: +-.Bd -literal -offset indent +-curve25519-sha256,curve25519-sha256@libssh.org, +-ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, +-diffie-hellman-group-exchange-sha256, +-diffie-hellman-group16-sha512,diffie-hellman-group18-sha512, +-diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 +-.Ed ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the defaults and how to modifuy this default, see manual page ++.Xr update-crypto-policies 8 . + .Pp + The list of available key exchange algorithms may also be obtained using + .Qq ssh -Q kex . +@@ -1090,14 +1079,10 @@ umac-64-etm@openssh.com + umac-128-etm@openssh.com + .El + .Pp +-The default is: +-.Bd -literal -offset indent +-umac-64-etm@openssh.com,umac-128-etm@openssh.com, +-hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, +-hmac-sha1-etm@openssh.com, +-umac-64@openssh.com,umac-128@openssh.com, +-hmac-sha2-256,hmac-sha2-512,hmac-sha1 +-.Ed ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the defaults and how to modifuy this default, see manual page ++.Xr update-crypto-policies 8 . + .Pp + The list of available MAC algorithms may also be obtained using + .Qq ssh -Q mac . +@@ -1455,17 +1440,10 @@ If the specified value begins with a + .Sq - + character, then the specified key types (including wildcards) will be removed + from the default set instead of replacing them. +-The default for this option is: +-.Bd -literal -offset 3n +-ecdsa-sha2-nistp256-cert-v01@openssh.com, +-ecdsa-sha2-nistp384-cert-v01@openssh.com, +-ecdsa-sha2-nistp521-cert-v01@openssh.com, +-ssh-ed25519-cert-v01@openssh.com, +-rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, +-ssh-rsa-cert-v01@openssh.com, +-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa +-.Ed ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the defaults and how to modifuy this default, see manual page ++.Xr update-crypto-policies 8 . + .Pp + The list of available key types may also be obtained using + .Qq ssh -Q key . diff --git a/openssh-8.0p1-gsissh.patch b/openssh-8.0p1-gsissh.patch index e7c8c3a..d889a8f 100644 --- a/openssh-8.0p1-gsissh.patch +++ b/openssh-8.0p1-gsissh.patch @@ -1,6 +1,6 @@ diff -Nur openssh-8.0p1.orig/auth2.c openssh-8.0p1/auth2.c ---- openssh-8.0p1.orig/auth2.c 2019-05-03 17:45:02.084333024 +0200 -+++ openssh-8.0p1/auth2.c 2019-05-05 14:21:03.207471114 +0200 +--- openssh-8.0p1.orig/auth2.c 2019-05-20 08:24:38.155774971 +0200 ++++ openssh-8.0p1/auth2.c 2019-05-20 08:25:21.577323166 +0200 @@ -281,7 +281,28 @@ (r = sshpkt_get_cstring(ssh, &service, NULL)) != 0 || (r = sshpkt_get_cstring(ssh, &method, NULL)) != 0) @@ -102,8 +102,8 @@ diff -Nur openssh-8.0p1.orig/auth2.c openssh-8.0p1/auth2.c authctxt->user, authctxt->service, user, service); } diff -Nur openssh-8.0p1.orig/auth2-gss.c openssh-8.0p1/auth2-gss.c ---- openssh-8.0p1.orig/auth2-gss.c 2019-05-03 17:45:02.006333854 +0200 -+++ openssh-8.0p1/auth2-gss.c 2019-05-05 13:31:35.509069506 +0200 +--- openssh-8.0p1.orig/auth2-gss.c 2019-05-20 08:24:38.068775876 +0200 ++++ openssh-8.0p1/auth2-gss.c 2019-05-20 08:25:21.578323156 +0200 @@ -49,6 +49,7 @@ extern ServerOptions options; @@ -298,8 +298,8 @@ diff -Nur openssh-8.0p1.orig/auth2-gss.c openssh-8.0p1/auth2-gss.c "gssapi-keyex", userauth_gsskeyex, diff -Nur openssh-8.0p1.orig/auth.c openssh-8.0p1/auth.c ---- openssh-8.0p1.orig/auth.c 2019-05-03 17:45:02.085333014 +0200 -+++ openssh-8.0p1/auth.c 2019-05-04 16:57:48.606935950 +0200 +--- openssh-8.0p1.orig/auth.c 2019-05-20 08:24:38.155774971 +0200 ++++ openssh-8.0p1/auth.c 2019-05-20 08:25:21.578323156 +0200 @@ -343,7 +343,8 @@ method, submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, @@ -331,8 +331,8 @@ diff -Nur openssh-8.0p1.orig/auth.c openssh-8.0p1/auth.c record_failed_login(ssh, user, auth_get_canonical_hostname(ssh, options.use_dns), "ssh"); diff -Nur openssh-8.0p1.orig/auth.h openssh-8.0p1/auth.h ---- openssh-8.0p1.orig/auth.h 2019-05-03 17:45:02.085333014 +0200 -+++ openssh-8.0p1/auth.h 2019-05-04 16:57:48.606935950 +0200 +--- openssh-8.0p1.orig/auth.h 2019-05-20 08:24:38.156774960 +0200 ++++ openssh-8.0p1/auth.h 2019-05-20 08:25:21.578323156 +0200 @@ -85,6 +85,8 @@ krb5_principal krb5_user; char *krb5_ticket_file; @@ -343,8 +343,8 @@ diff -Nur openssh-8.0p1.orig/auth.h openssh-8.0p1/auth.h #endif struct sshbuf *loginmsg; diff -Nur openssh-8.0p1.orig/auth-pam.c openssh-8.0p1/auth-pam.c ---- openssh-8.0p1.orig/auth-pam.c 2019-05-03 17:45:01.961334333 +0200 -+++ openssh-8.0p1/auth-pam.c 2019-05-05 17:59:01.979771873 +0200 +--- openssh-8.0p1.orig/auth-pam.c 2019-05-20 08:24:38.017776406 +0200 ++++ openssh-8.0p1/auth-pam.c 2019-05-20 08:25:21.579323145 +0200 @@ -251,6 +251,7 @@ static char *sshpam_rhost = NULL; static char *sshpam_laddr = NULL; @@ -506,8 +506,8 @@ diff -Nur openssh-8.0p1.orig/auth-pam.c openssh-8.0p1/auth-pam.c free(fake); if (sshpam_err == PAM_MAXTRIES) diff -Nur openssh-8.0p1.orig/auth-pam.h openssh-8.0p1/auth-pam.h ---- openssh-8.0p1.orig/auth-pam.h 2019-05-03 17:45:01.961334333 +0200 -+++ openssh-8.0p1/auth-pam.h 2019-05-04 16:57:48.607935939 +0200 +--- openssh-8.0p1.orig/auth-pam.h 2019-05-20 08:24:38.017776406 +0200 ++++ openssh-8.0p1/auth-pam.h 2019-05-20 08:25:21.579323145 +0200 @@ -43,5 +43,6 @@ int sshpam_get_maxtries_reached(void); void sshpam_set_maxtries_reached(int); @@ -516,8 +516,8 @@ diff -Nur openssh-8.0p1.orig/auth-pam.h openssh-8.0p1/auth-pam.h #endif /* USE_PAM */ diff -Nur openssh-8.0p1.orig/canohost.c openssh-8.0p1/canohost.c ---- openssh-8.0p1.orig/canohost.c 2019-05-03 17:45:02.006333854 +0200 -+++ openssh-8.0p1/canohost.c 2019-05-04 16:57:48.607935939 +0200 +--- openssh-8.0p1.orig/canohost.c 2019-05-20 08:24:38.068775876 +0200 ++++ openssh-8.0p1/canohost.c 2019-05-20 08:25:21.579323145 +0200 @@ -17,6 +17,7 @@ #include #include @@ -561,8 +561,8 @@ diff -Nur openssh-8.0p1.orig/canohost.c openssh-8.0p1/canohost.c + } +} diff -Nur openssh-8.0p1.orig/canohost.h openssh-8.0p1/canohost.h ---- openssh-8.0p1.orig/canohost.h 2019-05-03 17:45:02.006333854 +0200 -+++ openssh-8.0p1/canohost.h 2019-05-04 16:57:48.608935928 +0200 +--- openssh-8.0p1.orig/canohost.h 2019-05-20 08:24:38.068775876 +0200 ++++ openssh-8.0p1/canohost.h 2019-05-20 08:25:21.579323145 +0200 @@ -26,4 +26,6 @@ #endif /* _CANOHOST_H */ @@ -571,9 +571,9 @@ diff -Nur openssh-8.0p1.orig/canohost.h openssh-8.0p1/canohost.h + void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); diff -Nur openssh-8.0p1.orig/configure.ac openssh-8.0p1/configure.ac ---- openssh-8.0p1.orig/configure.ac 2019-05-03 17:45:02.071333163 +0200 -+++ openssh-8.0p1/configure.ac 2019-05-04 16:57:48.609935918 +0200 -@@ -4571,6 +4571,14 @@ +--- openssh-8.0p1.orig/configure.ac 2019-05-20 08:24:38.151775012 +0200 ++++ openssh-8.0p1/configure.ac 2019-05-20 08:25:21.580323135 +0200 +@@ -4572,6 +4572,14 @@ AC_CHECK_HEADER([gssapi_krb5.h], , [ CPPFLAGS="$oldCPP" ]) @@ -588,7 +588,7 @@ diff -Nur openssh-8.0p1.orig/configure.ac openssh-8.0p1/configure.ac fi if test -n "${rpath_opt}" ; then LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" -@@ -4610,6 +4618,40 @@ +@@ -4611,6 +4619,40 @@ AC_SUBST([GSSLIBS]) AC_SUBST([K5LIBS]) @@ -630,8 +630,8 @@ diff -Nur openssh-8.0p1.orig/configure.ac openssh-8.0p1/configure.ac SYSTEMD_MSG="no" AC_ARG_WITH(systemd, diff -Nur openssh-8.0p1.orig/gss-genr.c openssh-8.0p1/gss-genr.c ---- openssh-8.0p1.orig/gss-genr.c 2019-05-03 17:45:02.008333833 +0200 -+++ openssh-8.0p1/gss-genr.c 2019-05-04 16:57:48.610935907 +0200 +--- openssh-8.0p1.orig/gss-genr.c 2019-05-20 08:24:38.070775855 +0200 ++++ openssh-8.0p1/gss-genr.c 2019-05-20 08:25:21.581323124 +0200 @@ -40,6 +40,7 @@ #include "ssherr.h" #include "sshbuf.h" @@ -669,8 +669,8 @@ diff -Nur openssh-8.0p1.orig/gss-genr.c openssh-8.0p1/gss-genr.c return (ctx->major); } diff -Nur openssh-8.0p1.orig/gss-serv.c openssh-8.0p1/gss-serv.c ---- openssh-8.0p1.orig/gss-serv.c 2019-05-03 17:45:02.025333652 +0200 -+++ openssh-8.0p1/gss-serv.c 2019-05-04 20:13:35.891347677 +0200 +--- openssh-8.0p1.orig/gss-serv.c 2019-05-20 08:24:38.086775688 +0200 ++++ openssh-8.0p1/gss-serv.c 2019-05-20 08:25:21.581323124 +0200 @@ -50,10 +50,12 @@ #include "monitor_wrap.h" @@ -953,7 +953,7 @@ diff -Nur openssh-8.0p1.orig/gss-serv.c openssh-8.0p1/gss-serv.c diff -Nur openssh-8.0p1.orig/gss-serv-gsi.c openssh-8.0p1/gss-serv-gsi.c --- openssh-8.0p1.orig/gss-serv-gsi.c 1970-01-01 01:00:00.000000000 +0100 -+++ openssh-8.0p1/gss-serv-gsi.c 2019-05-04 16:57:48.611935896 +0200 ++++ openssh-8.0p1/gss-serv-gsi.c 2019-05-20 08:25:21.582323114 +0200 @@ -0,0 +1,328 @@ +/* + * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -1284,8 +1284,8 @@ diff -Nur openssh-8.0p1.orig/gss-serv-gsi.c openssh-8.0p1/gss-serv-gsi.c +#endif /* GSI */ +#endif /* GSSAPI */ diff -Nur openssh-8.0p1.orig/gss-serv-krb5.c openssh-8.0p1/gss-serv-krb5.c ---- openssh-8.0p1.orig/gss-serv-krb5.c 2019-05-03 17:45:02.047333418 +0200 -+++ openssh-8.0p1/gss-serv-krb5.c 2019-05-04 17:55:04.987868146 +0200 +--- openssh-8.0p1.orig/gss-serv-krb5.c 2019-05-20 08:24:38.107775470 +0200 ++++ openssh-8.0p1/gss-serv-krb5.c 2019-05-20 08:25:21.582323114 +0200 @@ -379,6 +379,34 @@ return found_principal; } @@ -1340,8 +1340,8 @@ diff -Nur openssh-8.0p1.orig/gss-serv-krb5.c openssh-8.0p1/gss-serv-krb5.c &ssh_gssapi_krb5_updatecreds }; diff -Nur openssh-8.0p1.orig/kexgsss.c openssh-8.0p1/kexgsss.c ---- openssh-8.0p1.orig/kexgsss.c 2019-05-03 17:45:02.011333801 +0200 -+++ openssh-8.0p1/kexgsss.c 2019-05-05 13:42:59.924759377 +0200 +--- openssh-8.0p1.orig/kexgsss.c 2019-05-20 08:24:38.072775834 +0200 ++++ openssh-8.0p1/kexgsss.c 2019-05-20 08:25:21.582323114 +0200 @@ -48,6 +48,7 @@ #include "digest.h" #include "ssherr.h" @@ -1406,8 +1406,8 @@ diff -Nur openssh-8.0p1.orig/kexgsss.c openssh-8.0p1/kexgsss.c +} #endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */ diff -Nur openssh-8.0p1.orig/Makefile.in openssh-8.0p1/Makefile.in ---- openssh-8.0p1.orig/Makefile.in 2019-05-03 17:45:02.098332875 +0200 -+++ openssh-8.0p1/Makefile.in 2019-05-04 16:57:48.613935875 +0200 +--- openssh-8.0p1.orig/Makefile.in 2019-05-20 08:24:38.168774835 +0200 ++++ openssh-8.0p1/Makefile.in 2019-05-20 08:25:21.583323104 +0200 @@ -125,6 +125,7 @@ auth2-none.o auth2-passwd.o auth2-pubkey.o \ monitor.o monitor_wrap.o auth-krb5.o \ @@ -1417,8 +1417,8 @@ diff -Nur openssh-8.0p1.orig/Makefile.in openssh-8.0p1/Makefile.in sftp-server.o sftp-common.o \ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ diff -Nur openssh-8.0p1.orig/misc.c openssh-8.0p1/misc.c ---- openssh-8.0p1.orig/misc.c 2019-05-03 17:45:01.962334322 +0200 -+++ openssh-8.0p1/misc.c 2019-05-04 16:57:48.614935864 +0200 +--- openssh-8.0p1.orig/misc.c 2019-05-20 08:24:38.020776375 +0200 ++++ openssh-8.0p1/misc.c 2019-05-20 08:25:21.583323104 +0200 @@ -313,11 +313,14 @@ #define WHITESPACE " \t\r\n" #define QUOTE "\"" @@ -1480,7 +1480,7 @@ diff -Nur openssh-8.0p1.orig/misc.c openssh-8.0p1/misc.c * Port must be >=0 and <=65535. diff -Nur openssh-8.0p1.orig/misc.h openssh-8.0p1/misc.h --- openssh-8.0p1.orig/misc.h 2019-04-18 00:52:57.000000000 +0200 -+++ openssh-8.0p1/misc.h 2019-05-04 16:57:48.614935864 +0200 ++++ openssh-8.0p1/misc.h 2019-05-20 08:25:21.583323104 +0200 @@ -87,6 +87,7 @@ void sock_set_v6only(int); @@ -1490,8 +1490,8 @@ diff -Nur openssh-8.0p1.orig/misc.h openssh-8.0p1/misc.h typedef struct arglist arglist; diff -Nur openssh-8.0p1.orig/monitor.c openssh-8.0p1/monitor.c ---- openssh-8.0p1.orig/monitor.c 2019-05-03 17:45:02.106332790 +0200 -+++ openssh-8.0p1/monitor.c 2019-05-04 18:32:50.066418064 +0200 +--- openssh-8.0p1.orig/monitor.c 2019-05-20 08:24:38.176774752 +0200 ++++ openssh-8.0p1/monitor.c 2019-05-20 08:25:21.584323093 +0200 @@ -154,6 +154,9 @@ int mm_answer_gss_userok(struct ssh *, int, struct sshbuf *); int mm_answer_gss_checkmic(struct ssh *, int, struct sshbuf *); @@ -1663,8 +1663,8 @@ diff -Nur openssh-8.0p1.orig/monitor.c openssh-8.0p1/monitor.c { gss_buffer_desc data; diff -Nur openssh-8.0p1.orig/monitor.h openssh-8.0p1/monitor.h ---- openssh-8.0p1.orig/monitor.h 2019-05-03 17:45:02.087332993 +0200 -+++ openssh-8.0p1/monitor.h 2019-05-04 18:34:50.027124629 +0200 +--- openssh-8.0p1.orig/monitor.h 2019-05-20 08:24:38.158774939 +0200 ++++ openssh-8.0p1/monitor.h 2019-05-20 08:25:21.584323093 +0200 @@ -75,6 +75,10 @@ MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151, @@ -1677,8 +1677,8 @@ diff -Nur openssh-8.0p1.orig/monitor.h openssh-8.0p1/monitor.h struct ssh; diff -Nur openssh-8.0p1.orig/monitor_wrap.c openssh-8.0p1/monitor_wrap.c ---- openssh-8.0p1.orig/monitor_wrap.c 2019-05-03 17:45:02.107332780 +0200 -+++ openssh-8.0p1/monitor_wrap.c 2019-05-04 20:14:18.401891101 +0200 +--- openssh-8.0p1.orig/monitor_wrap.c 2019-05-20 08:24:38.176774752 +0200 ++++ openssh-8.0p1/monitor_wrap.c 2019-05-20 08:25:21.584323093 +0200 @@ -1061,6 +1061,94 @@ return (authenticated); } @@ -1775,8 +1775,8 @@ diff -Nur openssh-8.0p1.orig/monitor_wrap.c openssh-8.0p1/monitor_wrap.c mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) { diff -Nur openssh-8.0p1.orig/monitor_wrap.h openssh-8.0p1/monitor_wrap.h ---- openssh-8.0p1.orig/monitor_wrap.h 2019-05-03 17:45:02.093332929 +0200 -+++ openssh-8.0p1/monitor_wrap.h 2019-05-04 16:57:48.617935831 +0200 +--- openssh-8.0p1.orig/monitor_wrap.h 2019-05-20 08:24:38.164774877 +0200 ++++ openssh-8.0p1/monitor_wrap.h 2019-05-20 08:25:21.585323083 +0200 @@ -69,6 +69,10 @@ int mm_ssh_gssapi_userok(char *user, struct passwd *, int kex); OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); @@ -1789,8 +1789,8 @@ diff -Nur openssh-8.0p1.orig/monitor_wrap.h openssh-8.0p1/monitor_wrap.h #endif diff -Nur openssh-8.0p1.orig/readconf.c openssh-8.0p1/readconf.c ---- openssh-8.0p1.orig/readconf.c 2019-05-03 17:45:02.098332875 +0200 -+++ openssh-8.0p1/readconf.c 2019-05-04 16:57:48.618935821 +0200 +--- openssh-8.0p1.orig/readconf.c 2019-05-20 08:24:38.169774825 +0200 ++++ openssh-8.0p1/readconf.c 2019-05-20 08:25:21.586323072 +0200 @@ -2052,13 +2052,13 @@ if (options->challenge_response_authentication == -1) options->challenge_response_authentication = 1; @@ -1810,8 +1810,8 @@ diff -Nur openssh-8.0p1.orig/readconf.c openssh-8.0p1/readconf.c options->gss_renewal_rekey = 0; #ifdef GSSAPI diff -Nur openssh-8.0p1.orig/readconf.h openssh-8.0p1/readconf.h ---- openssh-8.0p1.orig/readconf.h 2019-05-03 17:45:02.013333780 +0200 -+++ openssh-8.0p1/readconf.h 2019-05-04 16:57:48.619935810 +0200 +--- openssh-8.0p1.orig/readconf.h 2019-05-20 08:24:38.074775813 +0200 ++++ openssh-8.0p1/readconf.h 2019-05-20 08:25:21.586323072 +0200 @@ -78,6 +78,8 @@ char *host_key_alias; /* hostname alias for .ssh/known_hosts */ char *proxy_command; /* Proxy command for connecting the host. */ @@ -1822,8 +1822,8 @@ diff -Nur openssh-8.0p1.orig/readconf.h openssh-8.0p1/readconf.h u_int num_system_hostfiles; /* Paths for /etc/ssh/ssh_known_hosts */ diff -Nur openssh-8.0p1.orig/servconf.c openssh-8.0p1/servconf.c ---- openssh-8.0p1.orig/servconf.c 2019-05-03 17:45:02.108332769 +0200 -+++ openssh-8.0p1/servconf.c 2019-05-04 19:24:49.590820223 +0200 +--- openssh-8.0p1.orig/servconf.c 2019-05-20 08:24:38.177774742 +0200 ++++ openssh-8.0p1/servconf.c 2019-05-20 08:25:21.587323062 +0200 @@ -84,6 +84,7 @@ /* Portable-specific options */ @@ -1995,8 +1995,8 @@ diff -Nur openssh-8.0p1.orig/servconf.c openssh-8.0p1/servconf.c M_CP_INTOPT(kerberos_authentication); M_CP_INTOPT(hostbased_authentication); diff -Nur openssh-8.0p1.orig/servconf.h openssh-8.0p1/servconf.h ---- openssh-8.0p1.orig/servconf.h 2019-05-03 17:45:02.059333290 +0200 -+++ openssh-8.0p1/servconf.h 2019-05-04 16:57:48.620935799 +0200 +--- openssh-8.0p1.orig/servconf.h 2019-05-20 08:24:38.119775345 +0200 ++++ openssh-8.0p1/servconf.h 2019-05-20 08:25:21.587323062 +0200 @@ -131,9 +131,12 @@ * be stored in per-session ccache */ int use_kuserok; @@ -2019,8 +2019,8 @@ diff -Nur openssh-8.0p1.orig/servconf.h openssh-8.0p1/servconf.h int permit_tun; diff -Nur openssh-8.0p1.orig/ssh.1 openssh-8.0p1/ssh.1 ---- openssh-8.0p1.orig/ssh.1 2019-05-03 17:45:02.014333769 +0200 -+++ openssh-8.0p1/ssh.1 2019-05-04 16:57:48.621935788 +0200 +--- openssh-8.0p1.orig/ssh.1 2019-05-20 08:24:38.075775803 +0200 ++++ openssh-8.0p1/ssh.1 2019-05-20 08:25:21.587323062 +0200 @@ -1427,6 +1427,18 @@ on to new connections). .It Ev USER @@ -2041,8 +2041,8 @@ diff -Nur openssh-8.0p1.orig/ssh.1 openssh-8.0p1/ssh.1 .Pp Additionally, diff -Nur openssh-8.0p1.orig/ssh.c openssh-8.0p1/ssh.c ---- openssh-8.0p1.orig/ssh.c 2019-05-03 17:45:02.100332854 +0200 -+++ openssh-8.0p1/ssh.c 2019-05-04 16:57:48.622935778 +0200 +--- openssh-8.0p1.orig/ssh.c 2019-05-20 08:24:38.170774815 +0200 ++++ openssh-8.0p1/ssh.c 2019-05-20 08:25:21.588323052 +0200 @@ -543,6 +543,38 @@ fatal("Can't open user config file %.100s: " "%.100s", config, strerror(errno)); @@ -2097,8 +2097,8 @@ diff -Nur openssh-8.0p1.orig/ssh.c openssh-8.0p1/ssh.c /* Set up strings used to percent_expand() arguments */ if (gethostname(thishost, sizeof(thishost)) == -1) diff -Nur openssh-8.0p1.orig/ssh_config openssh-8.0p1/ssh_config ---- openssh-8.0p1.orig/ssh_config 2019-05-03 17:45:02.015333759 +0200 -+++ openssh-8.0p1/ssh_config 2019-05-04 16:57:48.622935778 +0200 +--- openssh-8.0p1.orig/ssh_config 2019-05-20 08:24:38.076775793 +0200 ++++ openssh-8.0p1/ssh_config 2019-05-20 08:25:21.588323052 +0200 @@ -22,10 +22,10 @@ # ForwardX11 no # PasswordAuthentication yes @@ -2115,8 +2115,8 @@ diff -Nur openssh-8.0p1.orig/ssh_config openssh-8.0p1/ssh_config # CheckHostIP yes # AddressFamily any diff -Nur openssh-8.0p1.orig/ssh_config.5 openssh-8.0p1/ssh_config.5 ---- openssh-8.0p1.orig/ssh_config.5 2019-05-03 17:45:02.076333110 +0200 -+++ openssh-8.0p1/ssh_config.5 2019-05-04 16:57:48.623935767 +0200 +--- openssh-8.0p1.orig/ssh_config.5 2019-05-20 08:24:38.145775075 +0200 ++++ openssh-8.0p1/ssh_config.5 2019-05-20 08:32:58.762570830 +0200 @@ -52,6 +52,12 @@ user's configuration file .Pq Pa ~/.ssh/config @@ -2130,7 +2130,7 @@ diff -Nur openssh-8.0p1.orig/ssh_config.5 openssh-8.0p1/ssh_config.5 system-wide configuration file .Pq Pa /etc/ssh/ssh_config .El -@@ -753,7 +759,7 @@ +@@ -751,7 +757,7 @@ .It Cm GSSAPIAuthentication Specifies whether user authentication based on GSSAPI is allowed. The default is @@ -2139,7 +2139,7 @@ diff -Nur openssh-8.0p1.orig/ssh_config.5 openssh-8.0p1/ssh_config.5 .It Cm GSSAPIClientIdentity If set, specifies the GSSAPI client identity that ssh should use when connecting to the server. The default is unset, which means that the default -@@ -761,12 +767,12 @@ +@@ -759,12 +765,12 @@ .It Cm GSSAPIDelegateCredentials Forward (delegate) credentials to the server. The default is @@ -2154,7 +2154,7 @@ diff -Nur openssh-8.0p1.orig/ssh_config.5 openssh-8.0p1/ssh_config.5 .It Cm GSSAPIRenewalForcesRekey If set to .Dq yes -@@ -798,7 +804,7 @@ +@@ -796,7 +802,7 @@ the hostname entered on the command line will be passed untouched to the GSSAPI library. The default is @@ -2163,7 +2163,15 @@ diff -Nur openssh-8.0p1.orig/ssh_config.5 openssh-8.0p1/ssh_config.5 .It Cm GSSAPIKexAlgorithms The list of key exchange algorithms that are offered for GSSAPI key exchange. Possible values are -@@ -1270,7 +1276,7 @@ +@@ -814,7 +820,6 @@ + .Xr crypto-policies 7 . + To see the defaults and how to modifuy this default, see manual page + .Xr update-crypto-policies 8 . +-This option only applies to protocol version 2 connections using GSSAPI. + .It Cm HashKnownHosts + Indicates that + .Xr ssh 1 +@@ -1260,7 +1265,7 @@ .Cm password ) . The default is: .Bd -literal -offset indent @@ -2173,8 +2181,8 @@ diff -Nur openssh-8.0p1.orig/ssh_config.5 openssh-8.0p1/ssh_config.5 .Ed .It Cm ProxyCommand diff -Nur openssh-8.0p1.orig/sshconnect2.c openssh-8.0p1/sshconnect2.c ---- openssh-8.0p1.orig/sshconnect2.c 2019-05-03 17:45:02.100332854 +0200 -+++ openssh-8.0p1/sshconnect2.c 2019-05-04 18:51:03.754633706 +0200 +--- openssh-8.0p1.orig/sshconnect2.c 2019-05-20 08:24:38.171774804 +0200 ++++ openssh-8.0p1/sshconnect2.c 2019-05-20 08:25:21.590323031 +0200 @@ -778,6 +778,11 @@ gss_OID mech = NULL; char *gss_host; @@ -2242,8 +2250,8 @@ diff -Nur openssh-8.0p1.orig/sshconnect2.c openssh-8.0p1/sshconnect2.c (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || (r = sshpkt_put_string(ssh, mic.value, mic.length)) != 0 || diff -Nur openssh-8.0p1.orig/sshd.8 openssh-8.0p1/sshd.8 ---- openssh-8.0p1.orig/sshd.8 2019-05-03 17:45:02.030333599 +0200 -+++ openssh-8.0p1/sshd.8 2019-05-04 16:57:48.625935745 +0200 +--- openssh-8.0p1.orig/sshd.8 2019-05-20 08:24:38.090775647 +0200 ++++ openssh-8.0p1/sshd.8 2019-05-20 08:25:21.590323031 +0200 @@ -788,6 +788,29 @@ # A CA key, accepted for any host in *.mydomain.com or *.mydomain.org @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... @@ -2275,8 +2283,8 @@ diff -Nur openssh-8.0p1.orig/sshd.8 openssh-8.0p1/sshd.8 .Bl -tag -width Ds -compact .It Pa ~/.hushlogin diff -Nur openssh-8.0p1.orig/sshd.c openssh-8.0p1/sshd.c ---- openssh-8.0p1.orig/sshd.c 2019-05-03 17:45:02.109332758 +0200 -+++ openssh-8.0p1/sshd.c 2019-05-04 16:57:48.625935745 +0200 +--- openssh-8.0p1.orig/sshd.c 2019-05-20 08:24:38.179774721 +0200 ++++ openssh-8.0p1/sshd.c 2019-05-20 08:25:21.590323031 +0200 @@ -2265,7 +2265,7 @@ #endif @@ -2287,8 +2295,8 @@ diff -Nur openssh-8.0p1.orig/sshd.c openssh-8.0p1/sshd.c authctxt->krb5_set_env = ssh_gssapi_storecreds(); restore_uid(); diff -Nur openssh-8.0p1.orig/sshd_config openssh-8.0p1/sshd_config ---- openssh-8.0p1.orig/sshd_config 2019-05-03 17:45:02.054333344 +0200 -+++ openssh-8.0p1/sshd_config 2019-05-04 16:57:48.625935745 +0200 +--- openssh-8.0p1.orig/sshd_config 2019-05-20 08:24:38.114775397 +0200 ++++ openssh-8.0p1/sshd_config 2019-05-20 08:25:21.591323020 +0200 @@ -84,10 +84,11 @@ #KerberosUseKuserok yes @@ -2315,9 +2323,9 @@ diff -Nur openssh-8.0p1.orig/sshd_config openssh-8.0p1/sshd_config #AllowTcpForwarding yes #GatewayPorts no diff -Nur openssh-8.0p1.orig/sshd_config.5 openssh-8.0p1/sshd_config.5 ---- openssh-8.0p1.orig/sshd_config.5 2019-05-03 17:45:02.060333280 +0200 -+++ openssh-8.0p1/sshd_config.5 2019-05-04 18:52:25.145757179 +0200 -@@ -644,15 +644,34 @@ +--- openssh-8.0p1.orig/sshd_config.5 2019-05-20 08:24:38.146775064 +0200 ++++ openssh-8.0p1/sshd_config.5 2019-05-20 08:32:15.212022217 +0200 +@@ -642,15 +642,34 @@ to allow the client to select the address to which the forwarding is bound. The default is .Cm no . @@ -2353,7 +2361,7 @@ diff -Nur openssh-8.0p1.orig/sshd_config.5 openssh-8.0p1/sshd_config.5 .It Cm GSSAPIEnablek5users Specifies whether to look at .k5users file for GSSAPI authentication access control. Further details are described in -@@ -663,7 +682,7 @@ +@@ -661,7 +680,7 @@ Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange doesn't rely on ssh keys to verify host identity. The default is @@ -2363,14 +2371,14 @@ diff -Nur openssh-8.0p1.orig/sshd_config.5 openssh-8.0p1/sshd_config.5 Determines whether to be strict about the identity of the GSSAPI acceptor a client authenticates against. @@ -702,7 +721,6 @@ - .Pp - The default is - .Dq gss-gex-sha1-,gss-group14-sha1- . + .Xr crypto-policies 7 . + To see the defaults and how to modifuy this default, see manual page + .Xr update-crypto-policies 8 . -This option only applies to protocol version 2 connections using GSSAPI. .It Cm HostbasedAcceptedKeyTypes Specifies the key types that will be accepted for hostbased authentication as a list of comma-separated patterns. -@@ -1674,6 +1692,12 @@ +@@ -1652,6 +1670,12 @@ as a non-root user. The default is .Cm no . @@ -2384,8 +2392,8 @@ diff -Nur openssh-8.0p1.orig/sshd_config.5 openssh-8.0p1/sshd_config.5 Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. diff -Nur openssh-8.0p1.orig/ssh-gss.h openssh-8.0p1/ssh-gss.h ---- openssh-8.0p1.orig/ssh-gss.h 2019-05-03 17:45:02.027333631 +0200 -+++ openssh-8.0p1/ssh-gss.h 2019-05-04 16:58:00.709805460 +0200 +--- openssh-8.0p1.orig/ssh-gss.h 2019-05-20 08:24:38.087775678 +0200 ++++ openssh-8.0p1/ssh-gss.h 2019-05-20 08:25:21.592323010 +0200 @@ -93,12 +93,14 @@ } ssh_gssapi_ccache; @@ -2423,7 +2431,7 @@ diff -Nur openssh-8.0p1.orig/ssh-gss.h openssh-8.0p1/ssh-gss.h const char *); diff -Nur openssh-8.0p1.orig/version.h openssh-8.0p1/version.h --- openssh-8.0p1.orig/version.h 2019-04-18 00:52:57.000000000 +0200 -+++ openssh-8.0p1/version.h 2019-05-04 18:53:27.162089305 +0200 ++++ openssh-8.0p1/version.h 2019-05-20 08:25:21.592323010 +0200 @@ -2,5 +2,19 @@ #define SSH_VERSION "OpenSSH_8.0" diff --git a/openssh-8.0p1-openssl-evp.patch b/openssh-8.0p1-openssl-evp.patch new file mode 100644 index 0000000..ade0bbb --- /dev/null +++ b/openssh-8.0p1-openssl-evp.patch @@ -0,0 +1,720 @@ +From ed7ec0cdf577ffbb0b15145340cf51596ca3eb89 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Tue, 14 May 2019 10:45:45 +0200 +Subject: [PATCH] Use high-level OpenSSL API for signatures + +--- + digest-openssl.c | 16 ++++ + digest.h | 6 ++ + ssh-dss.c | 65 ++++++++++------ + ssh-ecdsa.c | 69 ++++++++++------- + ssh-rsa.c | 193 +++++++++-------------------------------------- + sshkey.c | 77 +++++++++++++++++++ + sshkey.h | 4 + + 7 files changed, 221 insertions(+), 209 deletions(-) + +diff --git a/digest-openssl.c b/digest-openssl.c +index da7ed72bc..6a21d8adb 100644 +--- a/digest-openssl.c ++++ b/digest-openssl.c +@@ -63,6 +63,22 @@ const struct ssh_digest digests[] = { + { -1, NULL, 0, NULL }, + }; + ++const EVP_MD * ++ssh_digest_to_md(int digest_type) ++{ ++ switch (digest_type) { ++ case SSH_DIGEST_SHA1: ++ return EVP_sha1(); ++ case SSH_DIGEST_SHA256: ++ return EVP_sha256(); ++ case SSH_DIGEST_SHA384: ++ return EVP_sha384(); ++ case SSH_DIGEST_SHA512: ++ return EVP_sha512(); ++ } ++ return NULL; ++} ++ + static const struct ssh_digest * + ssh_digest_by_alg(int alg) + { +diff --git a/digest.h b/digest.h +index 274574d0e..c7ceeb36f 100644 +--- a/digest.h ++++ b/digest.h +@@ -32,6 +32,12 @@ + struct sshbuf; + struct ssh_digest_ctx; + ++#ifdef WITH_OPENSSL ++#include ++/* Converts internal digest representation to the OpenSSL one */ ++const EVP_MD *ssh_digest_to_md(int digest_type); ++#endif ++ + /* Looks up a digest algorithm by name */ + int ssh_digest_alg_by_name(const char *name); + +diff --git a/ssh-dss.c b/ssh-dss.c +index a23c383dc..ea45e7275 100644 +--- a/ssh-dss.c ++++ b/ssh-dss.c +@@ -52,11 +52,15 @@ int + ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat) + { ++ EVP_PKEY *pkey = NULL; + DSA_SIG *sig = NULL; + const BIGNUM *sig_r, *sig_s; +- u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; +- size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); ++ u_char sigblob[SIGBLOB_LEN]; ++ size_t rlen, slen; ++ int len; + struct sshbuf *b = NULL; ++ u_char *sigb = NULL; ++ const u_char *psig = NULL; + int ret = SSH_ERR_INVALID_ARGUMENT; + + if (lenp != NULL) +@@ -67,17 +71,24 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + if (key == NULL || key->dsa == NULL || + sshkey_type_plain(key->type) != KEY_DSA) + return SSH_ERR_INVALID_ARGUMENT; +- if (dlen == 0) +- return SSH_ERR_INTERNAL_ERROR; + +- if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, +- digest, sizeof(digest))) != 0) ++ if ((pkey = EVP_PKEY_new()) == NULL || ++ EVP_PKEY_set1_DSA(pkey, key->dsa) != 1) ++ return SSH_ERR_ALLOC_FAIL; ++ ret = sshkey_calculate_signature(pkey, SSH_DIGEST_SHA1, &sigb, &len, ++ data, datalen); ++ EVP_PKEY_free(pkey); ++ if (ret < 0) { + goto out; ++ } + +- if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) { ++ psig = sigb; ++ if ((sig = d2i_DSA_SIG(NULL, &psig, len)) == NULL) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } ++ free(sigb); ++ sigb = NULL; + + DSA_SIG_get0(sig, &sig_r, &sig_s); + rlen = BN_num_bytes(sig_r); +@@ -110,7 +121,7 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + *lenp = len; + ret = 0; + out: +- explicit_bzero(digest, sizeof(digest)); ++ free(sigb); + DSA_SIG_free(sig); + sshbuf_free(b); + return ret; +@@ -121,20 +132,20 @@ ssh_dss_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat) + { ++ EVP_PKEY *pkey = NULL; + DSA_SIG *sig = NULL; + BIGNUM *sig_r = NULL, *sig_s = NULL; +- u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob = NULL; +- size_t len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); ++ u_char *sigblob = NULL; ++ size_t len, slen; + int ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL; + char *ktype = NULL; ++ u_char *sigb = NULL, *psig = NULL; + + if (key == NULL || key->dsa == NULL || + sshkey_type_plain(key->type) != KEY_DSA || + signature == NULL || signaturelen == 0) + return SSH_ERR_INVALID_ARGUMENT; +- if (dlen == 0) +- return SSH_ERR_INTERNAL_ERROR; + + /* fetch signature */ + if ((b = sshbuf_from(signature, signaturelen)) == NULL) +@@ -176,25 +187,31 @@ ssh_dss_verify(const struct sshkey *key, + } + sig_r = sig_s = NULL; /* transferred */ + +- /* sha1 the data */ +- if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, +- digest, sizeof(digest))) != 0) ++ if ((slen = i2d_DSA_SIG(sig, NULL)) == 0) { ++ ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; +- +- switch (DSA_do_verify(digest, dlen, sig, key->dsa)) { +- case 1: +- ret = 0; +- break; +- case 0: +- ret = SSH_ERR_SIGNATURE_INVALID; ++ } ++ if ((sigb = malloc(slen)) == NULL) { ++ ret = SSH_ERR_ALLOC_FAIL; + goto out; +- default: ++ } ++ psig = sigb; ++ if ((slen = i2d_DSA_SIG(sig, &psig)) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + ++ if ((pkey = EVP_PKEY_new()) == NULL || ++ EVP_PKEY_set1_DSA(pkey, key->dsa) != 1) { ++ ret = SSH_ERR_ALLOC_FAIL; ++ goto out; ++ } ++ ret = sshkey_verify_signature(pkey, SSH_DIGEST_SHA1, data, datalen, ++ sigb, slen); ++ EVP_PKEY_free(pkey); ++ + out: +- explicit_bzero(digest, sizeof(digest)); ++ free(sigb); + DSA_SIG_free(sig); + BN_clear_free(sig_r); + BN_clear_free(sig_s); +diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c +index 599c7199d..b036796e8 100644 +--- a/ssh-ecdsa.c ++++ b/ssh-ecdsa.c +@@ -50,11 +50,13 @@ int + ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat) + { ++ EVP_PKEY *pkey = NULL; + ECDSA_SIG *sig = NULL; ++ unsigned char *sigb = NULL; ++ const unsigned char *psig; + const BIGNUM *sig_r, *sig_s; + int hash_alg; +- u_char digest[SSH_DIGEST_MAX_LENGTH]; +- size_t len, dlen; ++ int len; + struct sshbuf *b = NULL, *bb = NULL; + int ret = SSH_ERR_INTERNAL_ERROR; + +@@ -67,18 +69,24 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + sshkey_type_plain(key->type) != KEY_ECDSA) + return SSH_ERR_INVALID_ARGUMENT; + +- if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 || +- (dlen = ssh_digest_bytes(hash_alg)) == 0) ++ if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1) + return SSH_ERR_INTERNAL_ERROR; +- if ((ret = ssh_digest_memory(hash_alg, data, datalen, +- digest, sizeof(digest))) != 0) ++ ++ if ((pkey = EVP_PKEY_new()) == NULL || ++ EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1) ++ return SSH_ERR_ALLOC_FAIL; ++ ret = sshkey_calculate_signature(pkey, hash_alg, &sigb, &len, data, ++ datalen); ++ EVP_PKEY_free(pkey); ++ if (ret < 0) { + goto out; ++ } + +- if ((sig = ECDSA_do_sign(digest, dlen, key->ecdsa)) == NULL) { ++ psig = sigb; ++ if ((sig = d2i_ECDSA_SIG(NULL, &psig, len)) == NULL) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } +- + if ((bb = sshbuf_new()) == NULL || (b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; +@@ -102,7 +110,7 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + *lenp = len; + ret = 0; + out: +- explicit_bzero(digest, sizeof(digest)); ++ free(sigb); + sshbuf_free(b); + sshbuf_free(bb); + ECDSA_SIG_free(sig); +@@ -115,22 +123,21 @@ ssh_ecdsa_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat) + { ++ EVP_PKEY *pkey = NULL; + ECDSA_SIG *sig = NULL; + BIGNUM *sig_r = NULL, *sig_s = NULL; +- int hash_alg; +- u_char digest[SSH_DIGEST_MAX_LENGTH]; +- size_t dlen; ++ int hash_alg, len; + int ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL, *sigbuf = NULL; + char *ktype = NULL; ++ unsigned char *sigb = NULL, *psig = NULL; + + if (key == NULL || key->ecdsa == NULL || + sshkey_type_plain(key->type) != KEY_ECDSA || + signature == NULL || signaturelen == 0) + return SSH_ERR_INVALID_ARGUMENT; + +- if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 || +- (dlen = ssh_digest_bytes(hash_alg)) == 0) ++ if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1) + return SSH_ERR_INTERNAL_ERROR; + + /* fetch signature */ +@@ -166,28 +173,36 @@ ssh_ecdsa_verify(const struct sshkey *key, + } + sig_r = sig_s = NULL; /* transferred */ + +- if (sshbuf_len(sigbuf) != 0) { +- ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; ++ /* Figure out the length */ ++ if ((len = i2d_ECDSA_SIG(sig, NULL)) == 0) { ++ ret = SSH_ERR_LIBCRYPTO_ERROR; ++ goto out; ++ } ++ if ((sigb = malloc(len)) == NULL) { ++ ret = SSH_ERR_ALLOC_FAIL; + goto out; + } +- if ((ret = ssh_digest_memory(hash_alg, data, datalen, +- digest, sizeof(digest))) != 0) ++ psig = sigb; ++ if ((len = i2d_ECDSA_SIG(sig, &psig)) == 0) { ++ ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; ++ } + +- switch (ECDSA_do_verify(digest, dlen, sig, key->ecdsa)) { +- case 1: +- ret = 0; +- break; +- case 0: +- ret = SSH_ERR_SIGNATURE_INVALID; ++ if (sshbuf_len(sigbuf) != 0) { ++ ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; +- default: +- ret = SSH_ERR_LIBCRYPTO_ERROR; ++ } ++ ++ if ((pkey = EVP_PKEY_new()) == NULL || ++ EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1) { ++ ret = SSH_ERR_ALLOC_FAIL; + goto out; + } ++ ret = sshkey_verify_signature(pkey, hash_alg, data, datalen, sigb, len); ++ EVP_PKEY_free(pkey); + + out: +- explicit_bzero(digest, sizeof(digest)); ++ free(sigb); + sshbuf_free(sigbuf); + sshbuf_free(b); + ECDSA_SIG_free(sig); +diff --git a/ssh-rsa.c b/ssh-rsa.c +index 9b14f9a9a..8ef3a6aca 100644 +--- a/ssh-rsa.c ++++ b/ssh-rsa.c +@@ -37,7 +37,7 @@ + + #include "openbsd-compat/openssl-compat.h" + +-static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *); ++static int openssh_RSA_verify(int, const u_char *, size_t, u_char *, size_t, EVP_PKEY *); + + static const char * + rsa_hash_alg_ident(int hash_alg) +@@ -90,21 +90,6 @@ rsa_hash_id_from_keyname(const char *alg) + return -1; + } + +-static int +-rsa_hash_alg_nid(int type) +-{ +- switch (type) { +- case SSH_DIGEST_SHA1: +- return NID_sha1; +- case SSH_DIGEST_SHA256: +- return NID_sha256; +- case SSH_DIGEST_SHA512: +- return NID_sha512; +- default: +- return -1; +- } +-} +- + int + ssh_rsa_complete_crt_parameters(struct sshkey *key, const BIGNUM *iqmp) + { +@@ -164,11 +149,10 @@ int + ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, const char *alg_ident) + { +- const BIGNUM *rsa_n; +- u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL; +- size_t slen = 0; +- u_int dlen, len; +- int nid, hash_alg, ret = SSH_ERR_INTERNAL_ERROR; ++ EVP_PKEY *pkey = NULL; ++ u_char *sig = NULL; ++ int len, slen = 0; ++ int hash_alg, ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL; + + if (lenp != NULL) +@@ -180,33 +164,24 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + hash_alg = SSH_DIGEST_SHA1; + else + hash_alg = rsa_hash_id_from_keyname(alg_ident); ++ + if (key == NULL || key->rsa == NULL || hash_alg == -1 || + sshkey_type_plain(key->type) != KEY_RSA) + return SSH_ERR_INVALID_ARGUMENT; +- RSA_get0_key(key->rsa, &rsa_n, NULL, NULL); +- if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE) +- return SSH_ERR_KEY_LENGTH; + slen = RSA_size(key->rsa); +- if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) +- return SSH_ERR_INVALID_ARGUMENT; +- +- /* hash the data */ +- nid = rsa_hash_alg_nid(hash_alg); +- if ((dlen = ssh_digest_bytes(hash_alg)) == 0) +- return SSH_ERR_INTERNAL_ERROR; +- if ((ret = ssh_digest_memory(hash_alg, data, datalen, +- digest, sizeof(digest))) != 0) +- goto out; ++ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) ++ return SSH_ERR_KEY_LENGTH; + +- if ((sig = malloc(slen)) == NULL) { +- ret = SSH_ERR_ALLOC_FAIL; ++ if ((pkey = EVP_PKEY_new()) == NULL || ++ EVP_PKEY_set1_RSA(pkey, key->rsa) != 1) ++ return SSH_ERR_ALLOC_FAIL; ++ ret = sshkey_calculate_signature(pkey, hash_alg, &sig, &len, data, ++ datalen); ++ EVP_PKEY_free(pkey); ++ if (ret < 0) { + goto out; + } + +- if (RSA_sign(nid, digest, dlen, sig, &len, key->rsa) != 1) { +- ret = SSH_ERR_LIBCRYPTO_ERROR; +- goto out; +- } + if (len < slen) { + size_t diff = slen - len; + memmove(sig + diff, sig, len); +@@ -215,6 +190,7 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + ret = SSH_ERR_INTERNAL_ERROR; + goto out; + } ++ + /* encode signature */ + if ((b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; +@@ -235,7 +211,6 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + *lenp = len; + ret = 0; + out: +- explicit_bzero(digest, sizeof(digest)); + freezero(sig, slen); + sshbuf_free(b); + return ret; +@@ -246,10 +221,10 @@ ssh_rsa_verify(const struct sshkey *key, + const u_char *sig, size_t siglen, const u_char *data, size_t datalen, + const char *alg) + { +- const BIGNUM *rsa_n; ++ EVP_PKEY *pkey = NULL; + char *sigtype = NULL; + int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR; +- size_t len = 0, diff, modlen, dlen; ++ size_t len = 0, diff, modlen; + struct sshbuf *b = NULL; + u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL; + +@@ -257,8 +232,7 @@ ssh_rsa_verify(const struct sshkey *key, + sshkey_type_plain(key->type) != KEY_RSA || + sig == NULL || siglen == 0) + return SSH_ERR_INVALID_ARGUMENT; +- RSA_get0_key(key->rsa, &rsa_n, NULL, NULL); +- if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE) ++ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) + return SSH_ERR_KEY_LENGTH; + + if ((b = sshbuf_from(sig, siglen)) == NULL) +@@ -310,16 +284,15 @@ ssh_rsa_verify(const struct sshkey *key, + explicit_bzero(sigblob, diff); + len = modlen; + } +- if ((dlen = ssh_digest_bytes(hash_alg)) == 0) { +- ret = SSH_ERR_INTERNAL_ERROR; ++ ++ if ((pkey = EVP_PKEY_new()) == NULL || ++ EVP_PKEY_set1_RSA(pkey, key->rsa) != 1) { ++ ret = SSH_ERR_ALLOC_FAIL; + goto out; + } +- if ((ret = ssh_digest_memory(hash_alg, data, datalen, +- digest, sizeof(digest))) != 0) +- goto out; ++ ret = openssh_RSA_verify(hash_alg, data, datalen, sigblob, len, pkey); ++ EVP_PKEY_free(pkey); + +- ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len, +- key->rsa); + out: + freezero(sigblob, len); + free(sigtype); +@@ -328,122 +301,26 @@ ssh_rsa_verify(const struct sshkey *key, + return ret; + } + +-/* +- * See: +- * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/ +- * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn +- */ +- +-/* +- * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) +- * oiw(14) secsig(3) algorithms(2) 26 } +- */ +-static const u_char id_sha1[] = { +- 0x30, 0x21, /* type Sequence, length 0x21 (33) */ +- 0x30, 0x09, /* type Sequence, length 0x09 */ +- 0x06, 0x05, /* type OID, length 0x05 */ +- 0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */ +- 0x05, 0x00, /* NULL */ +- 0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */ +-}; +- +-/* +- * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html +- * id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) +- * organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2) +- * id-sha256(1) } +- */ +-static const u_char id_sha256[] = { +- 0x30, 0x31, /* type Sequence, length 0x31 (49) */ +- 0x30, 0x0d, /* type Sequence, length 0x0d (13) */ +- 0x06, 0x09, /* type OID, length 0x09 */ +- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, /* id-sha256 */ +- 0x05, 0x00, /* NULL */ +- 0x04, 0x20 /* Octet string, length 0x20 (32), followed by sha256 hash */ +-}; +- +-/* +- * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html +- * id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) +- * organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2) +- * id-sha256(3) } +- */ +-static const u_char id_sha512[] = { +- 0x30, 0x51, /* type Sequence, length 0x51 (81) */ +- 0x30, 0x0d, /* type Sequence, length 0x0d (13) */ +- 0x06, 0x09, /* type OID, length 0x09 */ +- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, /* id-sha512 */ +- 0x05, 0x00, /* NULL */ +- 0x04, 0x40 /* Octet string, length 0x40 (64), followed by sha512 hash */ +-}; +- + static int +-rsa_hash_alg_oid(int hash_alg, const u_char **oidp, size_t *oidlenp) ++openssh_RSA_verify(int hash_alg, const u_char *data, size_t datalen, ++ u_char *sigbuf, size_t siglen, EVP_PKEY *pkey) + { +- switch (hash_alg) { +- case SSH_DIGEST_SHA1: +- *oidp = id_sha1; +- *oidlenp = sizeof(id_sha1); +- break; +- case SSH_DIGEST_SHA256: +- *oidp = id_sha256; +- *oidlenp = sizeof(id_sha256); +- break; +- case SSH_DIGEST_SHA512: +- *oidp = id_sha512; +- *oidlenp = sizeof(id_sha512); +- break; +- default: +- return SSH_ERR_INVALID_ARGUMENT; +- } +- return 0; +-} ++ size_t rsasize = 0; ++ const RSA *rsa; ++ int ret; + +-static int +-openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen, +- u_char *sigbuf, size_t siglen, RSA *rsa) +-{ +- size_t rsasize = 0, oidlen = 0, hlen = 0; +- int ret, len, oidmatch, hashmatch; +- const u_char *oid = NULL; +- u_char *decrypted = NULL; +- +- if ((ret = rsa_hash_alg_oid(hash_alg, &oid, &oidlen)) != 0) +- return ret; +- ret = SSH_ERR_INTERNAL_ERROR; +- hlen = ssh_digest_bytes(hash_alg); +- if (hashlen != hlen) { +- ret = SSH_ERR_INVALID_ARGUMENT; +- goto done; +- } ++ rsa = EVP_PKEY_get0_RSA(pkey); + rsasize = RSA_size(rsa); + if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM || + siglen == 0 || siglen > rsasize) { + ret = SSH_ERR_INVALID_ARGUMENT; + goto done; + } +- if ((decrypted = malloc(rsasize)) == NULL) { +- ret = SSH_ERR_ALLOC_FAIL; +- goto done; +- } +- if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa, +- RSA_PKCS1_PADDING)) < 0) { +- ret = SSH_ERR_LIBCRYPTO_ERROR; +- goto done; +- } +- if (len < 0 || (size_t)len != hlen + oidlen) { +- ret = SSH_ERR_INVALID_FORMAT; +- goto done; +- } +- oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0; +- hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0; +- if (!oidmatch || !hashmatch) { +- ret = SSH_ERR_SIGNATURE_INVALID; +- goto done; +- } +- ret = 0; ++ ++ ret = sshkey_verify_signature(pkey, hash_alg, data, datalen, ++ sigbuf, siglen); ++ + done: +- freezero(decrypted, rsasize); + return ret; + } + #endif /* WITH_OPENSSL */ +diff --git a/sshkey.c b/sshkey.c +index ad1957762..b95ed0b10 100644 +--- a/sshkey.c ++++ b/sshkey.c +@@ -358,6 +358,83 @@ sshkey_type_plain(int type) + } + + #ifdef WITH_OPENSSL ++int ++sshkey_calculate_signature(EVP_PKEY *pkey, int hash_alg, u_char **sigp, ++ int *lenp, const u_char *data, size_t datalen) ++{ ++ EVP_MD_CTX *ctx = NULL; ++ u_char *sig = NULL; ++ int ret, slen, len; ++ ++ if (sigp == NULL || lenp == NULL) { ++ return SSH_ERR_INVALID_ARGUMENT; ++ } ++ ++ slen = EVP_PKEY_size(pkey); ++ if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) ++ return SSH_ERR_INVALID_ARGUMENT; ++ ++ len = slen; ++ if ((sig = malloc(slen)) == NULL) { ++ return SSH_ERR_ALLOC_FAIL; ++ } ++ ++ if ((ctx = EVP_MD_CTX_new()) == NULL) { ++ ret = SSH_ERR_ALLOC_FAIL; ++ goto error; ++ } ++ if (EVP_SignInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 || ++ EVP_SignUpdate(ctx, data, datalen) <= 0 || ++ EVP_SignFinal(ctx, sig, &len, pkey) <= 0) { ++ ret = SSH_ERR_LIBCRYPTO_ERROR; ++ goto error; ++ } ++ ++ *sigp = sig; ++ *lenp = len; ++ /* Now owned by the caller */ ++ sig = NULL; ++ ret = 0; ++ ++error: ++ EVP_MD_CTX_free(ctx); ++ free(sig); ++ return ret; ++} ++ ++int ++sshkey_verify_signature(EVP_PKEY *pkey, int hash_alg, const u_char *data, ++ size_t datalen, u_char *sigbuf, int siglen) ++{ ++ EVP_MD_CTX *ctx = NULL; ++ int ret; ++ ++ if ((ctx = EVP_MD_CTX_new()) == NULL) { ++ return SSH_ERR_ALLOC_FAIL; ++ } ++ if (EVP_VerifyInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 || ++ EVP_VerifyUpdate(ctx, data, datalen) <= 0) { ++ ret = SSH_ERR_LIBCRYPTO_ERROR; ++ goto done; ++ } ++ ret = EVP_VerifyFinal(ctx, sigbuf, siglen, pkey); ++ switch (ret) { ++ case 1: ++ ret = 0; ++ break; ++ case 0: ++ ret = SSH_ERR_SIGNATURE_INVALID; ++ break; ++ default: ++ ret = SSH_ERR_LIBCRYPTO_ERROR; ++ break; ++ } ++ ++done: ++ EVP_MD_CTX_free(ctx); ++ return ret; ++} ++ + /* XXX: these are really begging for a table-driven approach */ + int + sshkey_curve_name_to_nid(const char *name) +diff --git a/sshkey.h b/sshkey.h +index a91e60436..270901a87 100644 +--- a/sshkey.h ++++ b/sshkey.h +@@ -179,6 +179,10 @@ const char *sshkey_ssh_name(const struct sshkey *); + const char *sshkey_ssh_name_plain(const struct sshkey *); + int sshkey_names_valid2(const char *, int); + char *sshkey_alg_list(int, int, int, char); ++int sshkey_calculate_signature(EVP_PKEY*, int, u_char **, ++ int *, const u_char *, size_t); ++int sshkey_verify_signature(EVP_PKEY *, int, const u_char *, ++ size_t, u_char *, int); + + int sshkey_from_blob(const u_char *, size_t, struct sshkey **); + int sshkey_fromb(struct sshbuf *, struct sshkey **); + diff --git a/openssh-8.0p1-openssl-kdf.patch b/openssh-8.0p1-openssl-kdf.patch new file mode 100644 index 0000000..1db95c3 --- /dev/null +++ b/openssh-8.0p1-openssl-kdf.patch @@ -0,0 +1,137 @@ +commit 2c3ef499bfffce3cfd315edeebf202850ba4e00a +Author: Jakub Jelen +Date: Tue Apr 16 15:35:18 2019 +0200 + + Use the new OpenSSL KDF + +diff --git a/configure.ac b/configure.ac +index 2a455e4e..e01c3d43 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -2712,6 +2712,7 @@ if test "x$openssl" = "xyes" ; then + HMAC_CTX_init \ + RSA_generate_key_ex \ + RSA_get_default_method \ ++ EVP_KDF_CTX_new_id \ + ]) + + # OpenSSL_add_all_algorithms may be a macro. +diff --git a/kex.c b/kex.c +index b6f041f4..1fbce2bb 100644 +--- a/kex.c ++++ b/kex.c +@@ -38,6 +38,9 @@ + #ifdef WITH_OPENSSL + #include + #include ++# ifdef HAVE_EVP_KDF_CTX_NEW_ID ++# include ++# endif + #endif + + #include "ssh.h" +@@ -942,6 +945,95 @@ kex_choose_conf(struct ssh *ssh) + return r; + } + ++#ifdef HAVE_EVP_KDF_CTX_NEW_ID ++static const EVP_MD * ++digest_to_md(int digest_type) ++{ ++ switch (digest_type) { ++ case SSH_DIGEST_SHA1: ++ return EVP_sha1(); ++ case SSH_DIGEST_SHA256: ++ return EVP_sha256(); ++ case SSH_DIGEST_SHA384: ++ return EVP_sha384(); ++ case SSH_DIGEST_SHA512: ++ return EVP_sha512(); ++ } ++ return NULL; ++} ++ ++static int ++derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, ++ const struct sshbuf *shared_secret, u_char **keyp) ++{ ++ struct kex *kex = ssh->kex; ++ EVP_KDF_CTX *ctx = NULL; ++ u_char *key = NULL; ++ int r, key_len; ++ ++ if ((key_len = ssh_digest_bytes(kex->hash_alg)) == 0) ++ return SSH_ERR_INVALID_ARGUMENT; ++ key_len = ROUNDUP(need, key_len); ++ if ((key = calloc(1, key_len)) == NULL) { ++ r = SSH_ERR_ALLOC_FAIL; ++ goto out; ++ } ++ ++ ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF); ++ if (!ctx) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++ goto out; ++ } ++ ++ r = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD, digest_to_md(kex->hash_alg)); ++ if (r != 1) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++ goto out; ++ } ++ r = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, ++ sshbuf_ptr(shared_secret), sshbuf_len(shared_secret)); ++ if (r != 1) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++ goto out; ++ } ++ r = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, hash, hashlen); ++ if (r != 1) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++ goto out; ++ } ++ r = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, id); ++ if (r != 1) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++ goto out; ++ } ++ r = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, ++ kex->session_id, kex->session_id_len); ++ if (r != 1) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++ goto out; ++ } ++ r = EVP_KDF_derive(ctx, key, key_len); ++ if (r != 1) { ++ r = SSH_ERR_LIBCRYPTO_ERROR; ++ goto out; ++ } ++#ifdef DEBUG_KEX ++ fprintf(stderr, "key '%c'== ", id); ++ dump_digest("key", key, key_len); ++#endif ++ *keyp = key; ++ key = NULL; ++ r = 0; ++ ++out: ++ free (key); ++ EVP_KDF_CTX_free(ctx); ++ if (r < 0) { ++ return r; ++ } ++ return 0; ++} ++#else + static int + derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, + const struct sshbuf *shared_secret, u_char **keyp) +@@ -1004,6 +1096,7 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, + ssh_digest_free(hashctx); + return r; + } ++#endif /* HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID */ + + #define NKEYS 6 + int + diff --git a/openssh-8.0p1-scp-tests.patch b/openssh-8.0p1-scp-tests.patch new file mode 100644 index 0000000..e0a63c4 --- /dev/null +++ b/openssh-8.0p1-scp-tests.patch @@ -0,0 +1,61 @@ +diff --git a/regress/scp-ssh-wrapper.sh b/regress/scp-ssh-wrapper.sh +index 59f1ff63..dd48a482 100644 +--- a/regress/scp-ssh-wrapper.sh ++++ b/regress/scp-ssh-wrapper.sh +@@ -51,6 +51,18 @@ badserver_4) + echo "C755 2 file" + echo "X" + ;; ++badserver_5) ++ echo "D0555 0 " ++ echo "X" ++ ;; ++badserver_6) ++ echo "D0555 0 ." ++ echo "X" ++ ;; ++badserver_7) ++ echo "C0755 2 extrafile" ++ echo "X" ++ ;; + *) + set -- $arg + shift +diff --git a/regress/scp.sh b/regress/scp.sh +index 57cc7706..104c89e1 100644 +--- a/regress/scp.sh ++++ b/regress/scp.sh +@@ -25,6 +25,7 @@ export SCP # used in scp-ssh-wrapper.scp + scpclean() { + rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2} + mkdir ${DIR} ${DIR2} ++ chmod 755 ${DIR} ${DIR2} + } + + verbose "$tid: simple copy local file to local file" +@@ -101,7 +102,7 @@ if [ ! -z "$SUDO" ]; then + $SUDO rm ${DIR2}/copy + fi + +-for i in 0 1 2 3 4; do ++for i in 0 1 2 3 4 5 6 7; do + verbose "$tid: disallow bad server #$i" + SCPTESTMODE=badserver_$i + export DIR SCPTESTMODE +@@ -113,6 +114,15 @@ for i in 0 1 2 3 4; do + scpclean + $SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null + [ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir" ++ ++ scpclean ++ $SCP -pr $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null ++ [ ! -w ${DIR2} ] && fail "allows target root attribute change" ++ ++ scpclean ++ $SCP $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null ++ [ -e ${DIR2}/extrafile ] && fail "allows extranous object creation" ++ rm -f ${DIR2}/extrafile + done + + verbose "$tid: detect non-directory target" +