? openbsd43_5.1.patch
Index: auth2-jpake.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/auth2-jpake.c,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 auth2-jpake.c
--- auth2-jpake.c 7 Nov 2008 23:34:48 -0000 1.2
+++ auth2-jpake.c 23 Feb 2009 01:21:09 -0000
@@ -57,6 +57,8 @@
#include "jpake.h"
+extern const EVP_MD *evp_ssh_sha256(void);
+
/*
* XXX options->permit_empty_passwd (at the moment, they will be refused
* anyway because they will mismatch on fake salt.
@@ -164,7 +166,7 @@ derive_rawsalt(const char *username, u_c
default:
fatal("%s: unknown key type %d", __func__, k->type);
}
- if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(),
+ if (hash_buffer(buffer_ptr(&b), buffer_len(&b), evp_ssh_sha256(),
&digest, &digest_len) != 0)
fatal("%s: hash_buffer", __func__);
buffer_free(&b);
@@ -343,7 +345,7 @@ auth2_jpake_get_pwdata(Authctxt *authctx
fake_salt_and_scheme(authctxt, salt, hash_scheme);
if (hash_buffer(authctxt->pw->pw_passwd,
- strlen(authctxt->pw->pw_passwd), EVP_sha256(),
+ strlen(authctxt->pw->pw_passwd), evp_ssh_sha256(),
&secret, &secret_len) != 0)
fatal("%s: hash_buffer", __func__);
if ((*s = BN_bin2bn(secret, secret_len, NULL)) == NULL)
Index: jpake.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/jpake.c,v
retrieving revision 1.1
diff -u -p -u -p -r1.1 jpake.c
--- jpake.c 4 Nov 2008 08:22:12 -0000 1.1
+++ jpake.c 23 Feb 2009 01:21:09 -0000
@@ -43,11 +43,14 @@
#include "packet.h"
#include "dispatch.h"
#include "log.h"
+#include "misc.h"
#include "jpake.h"
#ifdef JPAKE
+extern const EVP_MD *evp_ssh_sha256(void);
+
/* RFC3526 group 5, 1536 bits */
#define JPAKE_GROUP_G "2"
#define JPAKE_GROUP_P \
@@ -486,7 +489,7 @@ jpake_confirm_hash(const BIGNUM *k,
buffer_put_bignum2(&b, k);
buffer_put_string(&b, endpoint_id, endpoint_id_len);
buffer_put_string(&b, sess_id, sess_id_len);
- if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(),
+ if (hash_buffer(buffer_ptr(&b), buffer_len(&b), evp_ssh_sha256(),
confirm_hash, confirm_hash_len) != 0)
fatal("%s: hash_buffer", __func__);
buffer_free(&b);
Index: kex.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/kex.c,v
retrieving revision 1.80
diff -u -p -u -p -r1.80 kex.c
--- kex.c 6 Sep 2008 12:24:13 -0000 1.80
+++ kex.c 23 Feb 2009 01:21:09 -0000
@@ -52,6 +52,8 @@
static void kex_kexinit_finish(Kex *);
static void kex_choose_conf(Kex *);
+extern const EVP_MD *evp_ssh_sha256(void);
+
/* put algorithm proposal into buffer */
static void
kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
@@ -313,7 +315,7 @@ choose_kex(Kex *k, char *client, char *s
k->evp_md = EVP_sha1();
} else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) {
k->kex_type = KEX_DH_GEX_SHA256;
- k->evp_md = EVP_sha256();
+ k->evp_md = evp_ssh_sha256();
} else
fatal("bad kex alg %s", k->name);
}
Index: md-sha256.c
===================================================================
RCS file: md-sha256.c
diff -N md-sha256.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ md-sha256.c 23 Feb 2009 01:21:09 -0000
@@ -0,0 +1,73 @@
+/* $OpenBSD: md-sha256.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */
+/*
+ * Copyright (c) 2005 Damien Miller <djm@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* EVP wrapper for SHA256 */
+
+#include <sys/types.h>
+
+#include <openssl/evp.h>
+
+#include <sha2.h>
+#include <string.h>
+
+const EVP_MD *evp_ssh_sha256(void);
+
+static int
+ssh_sha256_init(EVP_MD_CTX *ctxt)
+{
+ SHA256_Init(ctxt->md_data);
+ return (1);
+}
+
+static int
+ssh_sha256_update(EVP_MD_CTX *ctxt, const void *data, unsigned long len)
+{
+ SHA256_Update(ctxt->md_data, data, len);
+ return (1);
+}
+
+static int
+ssh_sha256_final(EVP_MD_CTX *ctxt, unsigned char *digest)
+{
+ SHA256_Final(digest, ctxt->md_data);
+ return (1);
+}
+
+static int
+ssh_sha256_cleanup(EVP_MD_CTX *ctxt)
+{
+ memset(ctxt->md_data, 0, sizeof(SHA256_CTX));
+ return (1);
+}
+
+const EVP_MD *
+evp_ssh_sha256(void)
+{
+ static EVP_MD ssh_sha256;
+
+ memset(&ssh_sha256, 0, sizeof(ssh_sha256));
+ ssh_sha256.type = NID_undef;
+ ssh_sha256.md_size = SHA256_DIGEST_LENGTH;
+ ssh_sha256.init = ssh_sha256_init;
+ ssh_sha256.update = ssh_sha256_update;
+ ssh_sha256.final = ssh_sha256_final;
+ ssh_sha256.cleanup = ssh_sha256_cleanup;
+ ssh_sha256.block_size = SHA256_BLOCK_LENGTH;
+ ssh_sha256.ctx_size = sizeof(SHA256_CTX);
+
+ return (&ssh_sha256);
+}
Index: misc.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/misc.c,v
retrieving revision 1.71
diff -u -p -u -p -r1.71 misc.c
--- misc.c 21 Feb 2009 19:32:04 -0000 1.71
+++ misc.c 23 Feb 2009 01:21:09 -0000
@@ -829,3 +829,64 @@ ms_to_timeval(struct timeval *tv, int ms
tv->tv_usec = (ms % 1000) * 1000;
}
+/*
+ * Calculate a uniformly distributed random number less than upper_bound
+ * avoiding "modulo bias".
+ *
+ * Uniformity is achieved by generating new random numbers until the one
+ * returned is outside the range [0, 2**32 % upper_bound). This
+ * guarantees the selected random number will be inside
+ * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
+ * after reduction modulo upper_bound.
+ */
+u_int32_t
+arc4random_uniform(u_int32_t upper_bound)
+{
+ u_int32_t r, min;
+
+ if (upper_bound < 2)
+ return 0;
+
+#if (ULONG_MAX > 0xffffffffUL)
+ min = 0x100000000UL % upper_bound;
+#else
+ /* Calculate (2**32 % upper_bound) avoiding 64-bit math */
+ if (upper_bound > 0x80000000)
+ min = 1 + ~upper_bound; /* 2**32 - upper_bound */
+ else {
+ /* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */
+ min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound;
+ }
+#endif
+
+ /*
+ * This could theoretically loop forever but each retry has
+ * p > 0.5 (worst case, usually far better) of selecting a
+ * number inside the range we need, so it should rarely need
+ * to re-roll.
+ */
+ for (;;) {
+ r = arc4random();
+ if (r >= min)
+ break;
+ }
+
+ return r % upper_bound;
+}
+
+void
+arc4random_buf(void *_buf, size_t n)
+{
+ u_char *buf = (u_char *)_buf;
+ size_t i;
+ u_int32_t r;
+
+ for (i = 0; i < n; i++) {
+ if (i % 4 == 0)
+ r = arc4random();
+ buf[i] = r & 0xff;
+ r >>= 8;
+ }
+ r = 0;
+}
+
Index: misc.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/misc.h,v
retrieving revision 1.38
diff -u -p -u -p -r1.38 misc.h
--- misc.h 12 Jun 2008 20:38:28 -0000 1.38
+++ misc.h 23 Feb 2009 01:21:09 -0000
@@ -78,6 +78,8 @@ void put_u32(void *, u_int32_t)
void put_u16(void *, u_int16_t)
__attribute__((__bounded__( __minbytes__, 1, 2)));
+u_int32_t arc4random_uniform(u_int32_t);
+void arc4random_buf(void *, size_t);
/* readpass.c */
Index: monitor_fdpass.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/monitor_fdpass.c,v
retrieving revision 1.18
diff -u -p -u -p -r1.18 monitor_fdpass.c
--- monitor_fdpass.c 30 Nov 2008 11:59:26 -0000 1.18
+++ monitor_fdpass.c 23 Feb 2009 01:21:09 -0000
@@ -50,7 +50,7 @@ mm_send_fd(int sock, int fd)
memset(&msg, 0, sizeof(msg));
msg.msg_control = (caddr_t)&cmsgbuf.buf;
- msg.msg_controllen = sizeof(cmsgbuf.buf);
+ msg.msg_controllen = CMSG_LEN(sizeof(int));
cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_len = CMSG_LEN(sizeof(int));
cmsg->cmsg_level = SOL_SOCKET;
@@ -99,7 +99,7 @@ mm_receive_fd(int sock)
msg.msg_iov = &vec;
msg.msg_iovlen = 1;
msg.msg_control = &cmsgbuf.buf;
- msg.msg_controllen = sizeof(cmsgbuf.buf);
+ msg.msg_controllen = CMSG_LEN(sizeof(int));
while ((n = recvmsg(sock, &msg, 0)) == -1 && (errno == EAGAIN ||
errno == EINTR))
Index: schnorr.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/schnorr.c,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 schnorr.c
--- schnorr.c 18 Feb 2009 04:31:21 -0000 1.2
+++ schnorr.c 23 Feb 2009 01:21:09 -0000
@@ -55,6 +55,8 @@
# define SCHNORR_DEBUG_BUF(a) jpake_debug3_buf a
#endif /* SCHNORR_DEBUG */
+extern const EVP_MD *evp_ssh_sha256(void);
+
/*
* Calculate hash component of Schnorr signature H(g || g^v || g^x || id)
* using SHA1. Returns signature as bignum or NULL on error.
@@ -89,7 +91,7 @@ schnorr_hash(const BIGNUM *p, const BIGN
SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
"%s: hashblob", __func__));
- if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(),
+ if (hash_buffer(buffer_ptr(&b), buffer_len(&b), evp_ssh_sha256(),
&digest, &digest_len) != 0) {
error("%s: hash_buffer", __func__);
goto out;
Index: sftp-client.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sftp-client.c,v
retrieving revision 1.86
diff -u -p -u -p -r1.86 sftp-client.c
--- sftp-client.c 26 Jun 2008 06:10:09 -0000 1.86
+++ sftp-client.c 23 Feb 2009 01:21:09 -0000
@@ -25,7 +25,6 @@
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/param.h>
-#include <sys/statvfs.h>
#include <sys/uio.h>
#include <errno.h>
@@ -278,8 +277,10 @@ get_decode_statvfs(int fd, struct sftp_s
flag = buffer_get_int64(&msg);
st->f_namemax = buffer_get_int64(&msg);
+#if 0
st->f_flag = (flag & SSH2_FXE_STATVFS_ST_RDONLY) ? ST_RDONLY : 0;
st->f_flag |= (flag & SSH2_FXE_STATVFS_ST_NOSUID) ? ST_NOSUID : 0;
+#endif
buffer_free(&msg);
Index: sftp-server.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sftp-server.c,v
retrieving revision 1.84
diff -u -p -u -p -r1.84 sftp-server.c
--- sftp-server.c 26 Jun 2008 06:10:09 -0000 1.84
+++ sftp-server.c 23 Feb 2009 01:21:10 -0000
@@ -20,7 +20,9 @@
#include <sys/time.h>
#include <sys/param.h>
#include <sys/mount.h>
+#if 0
#include <sys/statvfs.h>
+#endif
#include <dirent.h>
#include <errno.h>
@@ -475,6 +477,7 @@ send_attrib(u_int32_t id, const Attrib *
buffer_free(&msg);
}
+#if 0
static void
send_statvfs(u_int32_t id, struct statvfs *st)
{
@@ -501,6 +504,7 @@ send_statvfs(u_int32_t id, struct statvf
send_msg(&msg);
buffer_free(&msg);
}
+#endif
/* parse incoming */
@@ -517,12 +521,14 @@ process_init(void)
/* POSIX rename extension */
buffer_put_cstring(&msg, "posix-rename@openssh.com");
buffer_put_cstring(&msg, "1"); /* version */
+#if 0
/* statvfs extension */
buffer_put_cstring(&msg, "statvfs@openssh.com");
buffer_put_cstring(&msg, "2"); /* version */
/* fstatvfs extension */
buffer_put_cstring(&msg, "fstatvfs@openssh.com");
buffer_put_cstring(&msg, "2"); /* version */
+#endif
send_msg(&msg);
buffer_free(&msg);
}
@@ -1116,6 +1122,7 @@ process_extended_posix_rename(u_int32_t
xfree(newpath);
}
+#if 0
static void
process_extended_statvfs(u_int32_t id)
{
@@ -1151,6 +1158,7 @@ process_extended_fstatvfs(u_int32_t id)
else
send_statvfs(id, &st);
}
+#endif
static void
process_extended(void)
@@ -1162,10 +1170,12 @@ process_extended(void)
request = get_string(NULL);
if (strcmp(request, "posix-rename@openssh.com") == 0)
process_extended_posix_rename(id);
+#if 0
else if (strcmp(request, "statvfs@openssh.com") == 0)
process_extended_statvfs(id);
else if (strcmp(request, "fstatvfs@openssh.com") == 0)
process_extended_fstatvfs(id);
+#endif
else
send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */
xfree(request);
Index: sftp.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sftp.c,v
retrieving revision 1.107
diff -u -p -u -p -r1.107 sftp.c
--- sftp.c 2 Feb 2009 11:15:14 -0000 1.107
+++ sftp.c 23 Feb 2009 01:21:10 -0000
@@ -21,7 +21,6 @@
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/param.h>
-#include <sys/statvfs.h>
#include <ctype.h>
#include <errno.h>
Index: sshconnect2.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshconnect2.c,v
retrieving revision 1.170
diff -u -p -u -p -r1.170 sshconnect2.c
--- sshconnect2.c 4 Nov 2008 08:22:13 -0000 1.170
+++ sshconnect2.c 23 Feb 2009 01:21:10 -0000
@@ -72,6 +72,7 @@
extern char *client_version_string;
extern char *server_version_string;
extern Options options;
+extern const EVP_MD *evp_ssh_sha256(void);
/*
* SSH2 key exchange
@@ -911,7 +912,7 @@ jpake_password_to_secret(Authctxt *authc
debug3("%s: crypted = %s", __func__, crypted);
#endif
- if (hash_buffer(crypted, strlen(crypted), EVP_sha256(),
+ if (hash_buffer(crypted, strlen(crypted), evp_ssh_sha256(),
&secret, &secret_len) != 0)
fatal("%s: hash_buffer", __func__);
Index: lib/Makefile
===================================================================
RCS file: /cvs/src/usr.bin/ssh/lib/Makefile,v
retrieving revision 1.58
diff -u -p -u -p -r1.58 Makefile
--- lib/Makefile 4 Nov 2008 08:22:13 -0000 1.58
+++ lib/Makefile 23 Feb 2009 01:21:10 -0000
@@ -12,7 +12,7 @@ SRCS= authfd.c authfile.c bufaux.c bufbn
key.c dispatch.c kex.c mac.c uidswap.c uuencode.c misc.c \
ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \
kexdhc.c kexgexc.c scard.c msg.c progressmeter.c dns.c \
- monitor_fdpass.c umac.c addrmatch.c schnorr.c jpake.c
+ monitor_fdpass.c umac.c addrmatch.c schnorr.c jpake.c md-sha256.c
DEBUGLIBS= no
NOPROFILE= yes