Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssh/dist OpenSSH 7.7 was released on...
details:   https://anonhg.NetBSD.org/src/rev/85cfd3ab996d
branches:  trunk
changeset: 360918:85cfd3ab996d
user:      christos <christos%NetBSD.org@localhost>
date:      Fri Apr 06 18:56:07 2018 +0000
description:
OpenSSH 7.7 was released on 2018-04-02. It is available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
 * ssh(1)/sshd(8): Drop compatibility support for some very old SSH
   implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These
   versions were all released in or before 2001 and predate the final
   SSH RFCs. The support in question isn't necessary for RFC-compliant
   SSH implementations.
Changes since OpenSSH 7.6
=========================
This is primarily a bugfix release.
New Features
------------
 * All: Add experimental support for PQC XMSS keys (Extended Hash-
   Based Signatures) based on the algorithm described in
   https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
   The XMSS signature code is experimental and not compiled in by
   default.
 * sshd(8): Add a "rdomain" criteria for the sshd_config Match keyword
   to allow conditional configuration that depends on which routing
   domain a connection was received on (currently supported on OpenBSD
   and Linux).
 * sshd_config(5): Add an optional rdomain qualifier to the
   ListenAddress directive to allow listening on different routing
   domains. This is supported only on OpenBSD and Linux at present.
 * sshd_config(5): Add RDomain directive to allow the authenticated
   session to be placed in an explicit routing domain. This is only
   supported on OpenBSD at present.
 * sshd(8): Add "expiry-time" option for authorized_keys files to
   allow for expiring keys.
 * ssh(1): Add a BindInterface option to allow binding the outgoing
   connection to an interface's address (basically a more usable
   BindAddress)
 * ssh(1): Expose device allocated for tun/tap forwarding via a new
   %T expansion for LocalCommand. This allows LocalCommand to be used
   to prepare the interface.
 * sshd(8): Expose the device allocated for tun/tap forwarding via a
   new SSH_TUNNEL environment variable. This allows automatic setup of
   the interface and surrounding network configuration automatically on
   the server.
 * ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp, e.g.
   ssh://user@host or sftp://user@host/path.  Additional connection
   parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not
   implemented since the ssh fingerprint format in the draft uses the
   deprecated MD5 hash with no way to specify the any other algorithm.
 * ssh-keygen(1): Allow certificate validity intervals that specify
   only a start or stop time (instead of both or neither).
 * sftp(1): Allow "cd" and "lcd" commands with no explicit path
   argument. lcd will change to the local user's home directory as
   usual. cd will change to the starting directory for session (because
   the protocol offers no way to obtain the remote user's home
   directory). bz#2760
 * sshd(8): When doing a config test with sshd -T, only require the
   attributes that are actually used in Match criteria rather than (an
   incomplete list of) all criteria.
Bugfixes
--------
 * ssh(1)/sshd(8): More strictly check signature types during key
   exchange against what was negotiated. Prevents downgrade of RSA
   signatures made with SHA-256/512 to SHA-1.
 * sshd(8): Fix support for client that advertise a protocol version
   of "1.99" (indicating that they are prepared to accept both SSHv1 and
   SSHv2). This was broken in OpenSSH 7.6 during the removal of SSHv1
   support. bz#2810
 * ssh(1): Warn when the agent returns a ssh-rsa (SHA1) signature when
   a rsa-sha2-256/512 signature was requested. This condition is possible
   when an old or non-OpenSSH agent is in use. bz#2799
 * ssh-agent(1): Fix regression introduced in 7.6 that caused ssh-agent
   to fatally exit if presented an invalid signature request message.
 * sshd_config(5): Accept yes/no flag options case-insensitively, as
   has been the case in ssh_config(5) for a long time. bz#2664
 * ssh(1): Improve error reporting for failures during connection.
   Under some circumstances misleading errors were being shown. bz#2814
 * ssh-keyscan(1): Add -D option to allow printing of results directly
   in SSHFP format. bz#2821
 * regress tests: fix PuTTY interop test broken in last release's SSHv1
   removal. bz#2823
 * ssh(1): Compatibility fix for some servers that erroneously drop the
   connection when the IUTF8 (RFC8160) option is sent.
 * scp(1): Disable RemoteCommand and RequestTTY in the ssh session
   started by scp (sftp was already doing this.)
 * ssh-keygen(1): Refuse to create a certificate with an unusable
   number of principals.
 * ssh-keygen(1): Fatally exit if ssh-keygen is unable to write all the
   public key during key generation. Previously it would silently
   ignore errors writing the comment and terminating newline.
 * ssh(1): Do not modify hostname arguments that are addresses by
   automatically forcing them to lower-case. Instead canonicalise them
   to resolve ambiguities (e.g. ::0001 => ::1) before they are matched
   against known_hosts. bz#2763
 * ssh(1): Don't accept junk after "yes" or "no" responses to hostkey
   prompts. bz#2803
 * sftp(1): Have sftp print a warning about shell cleanliness when
   decoding the first packet fails, which is usually caused by shells
   polluting stdout of non-interactive startups. bz#2800
 * ssh(1)/sshd(8): Switch timers in packet code from using wall-clock
   time to monotonic time, allowing the packet layer to better function
   over a clock step and avoiding possible integer overflows during
   steps.
 * Numerous manual page fixes and improvements.
Portability
-----------
 * sshd(8): Correctly detect MIPS ABI in use at configure time. Fixes
   sandbox violations on some environments.
 * sshd(8): Remove UNICOS support. The hardware and software are literal
   museum pieces and support in sshd is too intrusive to justify
   maintaining.
 * All: Build and link with "retpoline" flags when available to mitigate
   the "branch target injection" style (variant 2) of the Spectre
   branch-prediction vulnerability.
 * All: Add auto-generated dependency information to Makefile.
 * Numerous fixed to the RPM spec files.
Checksums:
==========
- SHA1 (openssh-7.7.tar.gz) = 24812e05fa233014c847c7775748316e7f8a836c
- SHA256 (openssh-7.7.tar.gz) = T4ua1L/vgAYqwB0muRahvnm5ZUr3PLY9nPljaG8egvo=
- SHA1 (openssh-7.7p1.tar.gz) = 446fe9ed171f289f0d62197dffdbfdaaf21c49f2
- SHA256 (openssh-7.7p1.tar.gz) = 1zvn5oTpnvzQJL4Vowv/y+QbASsvezyQhK7WIXdea48=
Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available as RELEASE_KEY.asc from
the mirror sites.
Reporting Bugs:
===============
- Please read http://www.openssh.com/report.html
  Security bugs should be reported directly to openssh%openssh.com@localhost
diffstat:
 crypto/external/bsd/openssh/dist/crypto_api.h        |     8 +-
 crypto/external/bsd/openssh/dist/ssh-xmss.c          |   188 +++
 crypto/external/bsd/openssh/dist/sshkey-xmss.c       |  1048 +++++++++++++++++
 crypto/external/bsd/openssh/dist/sshkey-xmss.h       |    56 +
 crypto/external/bsd/openssh/dist/umac128.c           |    14 +-
 crypto/external/bsd/openssh/dist/xmss_commons.c      |    28 +
 crypto/external/bsd/openssh/dist/xmss_commons.h      |    16 +
 crypto/external/bsd/openssh/dist/xmss_fast.c         |  1100 ++++++++++++++++++
 crypto/external/bsd/openssh/dist/xmss_fast.h         |   110 +
 crypto/external/bsd/openssh/dist/xmss_hash.c         |   134 ++
 crypto/external/bsd/openssh/dist/xmss_hash.h         |    20 +
 crypto/external/bsd/openssh/dist/xmss_hash_address.c |    60 +
 crypto/external/bsd/openssh/dist/xmss_hash_address.h |    38 +
 crypto/external/bsd/openssh/dist/xmss_wots.c         |   186 +++
 crypto/external/bsd/openssh/dist/xmss_wots.h         |    58 +
 15 files changed, 3052 insertions(+), 12 deletions(-)
diffs (truncated from 3135 to 300 lines):
diff -r a8699259b697 -r 85cfd3ab996d crypto/external/bsd/openssh/dist/crypto_api.h
--- a/crypto/external/bsd/openssh/dist/crypto_api.h     Fri Apr 06 17:30:25 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/crypto_api.h     Fri Apr 06 18:56:07 2018 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto_api.h,v 1.3 2013/12/17 10:36:38 markus Exp $ */
+/* $OpenBSD: crypto_api.h,v 1.4 2017/12/14 21:07:39 naddy Exp $ */
 
 /*
  * Assembled from generated headers and source files by Markus Friedl.
@@ -16,12 +16,6 @@
 
 #define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len))
 
-#define crypto_hashblocks_sha512_STATEBYTES 64U
-#define crypto_hashblocks_sha512_BLOCKBYTES 128U
-
-int    crypto_hashblocks_sha512(unsigned char *, const unsigned char *,
-     unsigned long long);
-
 #define crypto_hash_sha512_BYTES 64U
 
 int    crypto_hash_sha512(unsigned char *, const unsigned char *,
diff -r a8699259b697 -r 85cfd3ab996d crypto/external/bsd/openssh/dist/ssh-xmss.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/ssh-xmss.c       Fri Apr 06 18:56:07 2018 +0000
@@ -0,0 +1,188 @@
+/* $OpenBSD: ssh-xmss.c,v 1.1 2018/02/23 15:58:38 markus Exp $*/
+/*
+ * Copyright (c) 2017 Stefan-Lukas Gazdag.
+ * Copyright (c) 2017 Markus Friedl.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#define SSHKEY_INTERNAL
+#include <sys/types.h>
+#include <limits.h>
+
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+
+#include "log.h"
+#include "sshbuf.h"
+#include "sshkey.h"
+#include "sshkey-xmss.h"
+#include "ssherr.h"
+#include "ssh.h"
+
+#include "xmss_fast.h"
+
+int
+ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
+    const u_char *data, size_t datalen, u_int compat)
+{
+       u_char *sig = NULL;
+       size_t slen = 0, len = 0, required_siglen;
+       unsigned long long smlen;
+       int r, ret;
+       struct sshbuf *b = NULL;
+
+       if (lenp != NULL)
+               *lenp = 0;
+       if (sigp != NULL)
+               *sigp = NULL;
+
+       if (key == NULL ||
+           sshkey_type_plain(key->type) != KEY_XMSS ||
+           key->xmss_sk == NULL ||
+           sshkey_xmss_params(key) == NULL)
+               return SSH_ERR_INVALID_ARGUMENT;
+       if ((r = sshkey_xmss_siglen(key, &required_siglen)) != 0)
+               return r;
+       if (datalen >= INT_MAX - required_siglen)
+               return SSH_ERR_INVALID_ARGUMENT;
+       smlen = slen = datalen + required_siglen;
+       if ((sig = malloc(slen)) == NULL)
+               return SSH_ERR_ALLOC_FAIL;
+       if ((r = sshkey_xmss_get_state(key, error)) != 0)
+               goto out;
+       if ((ret = xmss_sign(key->xmss_sk, sshkey_xmss_bds_state(key), sig, &smlen,
+           data, datalen, sshkey_xmss_params(key))) != 0 || smlen <= datalen) {
+               r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */
+               goto out;
+       }
+       /* encode signature */
+       if ((b = sshbuf_new()) == NULL) {
+               r = SSH_ERR_ALLOC_FAIL;
+               goto out;
+       }
+       if ((r = sshbuf_put_cstring(b, "ssh-xmss%openssh.com@localhost")) != 0 ||
+           (r = sshbuf_put_string(b, sig, smlen - datalen)) != 0)
+               goto out;
+       len = sshbuf_len(b);
+       if (sigp != NULL) {
+               if ((*sigp = malloc(len)) == NULL) {
+                       r = SSH_ERR_ALLOC_FAIL;
+                       goto out;
+               }
+               memcpy(*sigp, sshbuf_ptr(b), len);
+       }
+       if (lenp != NULL)
+               *lenp = len;
+       /* success */
+       r = 0;
+ out:
+       if ((ret = sshkey_xmss_update_state(key, error)) != 0) {
+               /* discard signature since we cannot update the state */
+               if (r == 0 && sigp != NULL && *sigp != NULL) {
+                       explicit_bzero(*sigp, len);
+                       free(*sigp);
+               }
+               if (sigp != NULL)
+                       *sigp = NULL;
+               if (lenp != NULL)
+                       *lenp = 0;
+               r = ret;
+       }
+       sshbuf_free(b);
+       if (sig != NULL) {
+               explicit_bzero(sig, slen);
+               free(sig);
+       }
+
+       return r;
+}
+
+int
+ssh_xmss_verify(const struct sshkey *key,
+    const u_char *signature, size_t signaturelen,
+    const u_char *data, size_t datalen, u_int compat)
+{
+       struct sshbuf *b = NULL;
+       char *ktype = NULL;
+       const u_char *sigblob;
+       u_char *sm = NULL, *m = NULL;
+       size_t len, required_siglen;
+       unsigned long long smlen = 0, mlen = 0;
+       int r, ret;
+
+       if (key == NULL ||
+           sshkey_type_plain(key->type) != KEY_XMSS ||
+           key->xmss_pk == NULL ||
+           sshkey_xmss_params(key) == NULL ||
+           signature == NULL || signaturelen == 0)
+               return SSH_ERR_INVALID_ARGUMENT;
+       if ((r = sshkey_xmss_siglen(key, &required_siglen)) != 0)
+               return r;
+       if (datalen >= INT_MAX - required_siglen)
+               return SSH_ERR_INVALID_ARGUMENT;
+
+       if ((b = sshbuf_from(signature, signaturelen)) == NULL)
+               return SSH_ERR_ALLOC_FAIL;
+       if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 ||
+           (r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0)
+               goto out;
+       if (strcmp("ssh-xmss%openssh.com@localhost", ktype) != 0) {
+               r = SSH_ERR_KEY_TYPE_MISMATCH;
+               goto out;
+       }
+       if (sshbuf_len(b) != 0) {
+               r = SSH_ERR_UNEXPECTED_TRAILING_DATA;
+               goto out;
+       }
+       if (len != required_siglen) {
+               r = SSH_ERR_INVALID_FORMAT;
+               goto out;
+       }
+       if (datalen >= SIZE_MAX - len) {
+               r = SSH_ERR_INVALID_ARGUMENT;
+               goto out;
+       }
+       smlen = len + datalen;
+       mlen = smlen;
+       if ((sm = malloc(smlen)) == NULL || (m = malloc(mlen)) == NULL) {
+               r = SSH_ERR_ALLOC_FAIL;
+               goto out;
+       }
+       memcpy(sm, sigblob, len);
+       memcpy(sm+len, data, datalen);
+       if ((ret = xmss_sign_open(m, &mlen, sm, smlen,
+           key->xmss_pk, sshkey_xmss_params(key))) != 0) {
+               debug2("%s: crypto_sign_xmss_open failed: %d",
+                   __func__, ret);
+       }
+       if (ret != 0 || mlen != datalen) {
+               r = SSH_ERR_SIGNATURE_INVALID;
+               goto out;
+       }
+       /* XXX compare 'm' and 'data' ? */
+       /* success */
+       r = 0;
+ out:
+       if (sm != NULL) {
+               explicit_bzero(sm, smlen);
+               free(sm);
+       }
+       if (m != NULL) {
+               explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */
+               free(m);
+       }
+       sshbuf_free(b);
+       free(ktype);
+       return r;
+}
diff -r a8699259b697 -r 85cfd3ab996d crypto/external/bsd/openssh/dist/sshkey-xmss.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/sshkey-xmss.c    Fri Apr 06 18:56:07 2018 +0000
@@ -0,0 +1,1048 @@
+/* $OpenBSD: sshkey-xmss.c,v 1.1 2018/02/23 15:58:38 markus Exp $ */
+/*
+ * Copyright (c) 2017 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <sys/uio.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#include "ssh2.h"
+#include "ssherr.h"
+#include "sshbuf.h"
+#include "cipher.h"
+#include "sshkey.h"
+#include "sshkey-xmss.h"
+#include "atomicio.h"
+
+#include "xmss_fast.h"
+
+/* opaque internal XMSS state */
+#define XMSS_MAGIC             "xmss-state-v1"
+#define XMSS_CIPHERNAME                "aes256-gcm%openssh.com@localhost"
+struct ssh_xmss_state {
+       xmss_params     params;
+       u_int32_t       n, w, h, k;
+
+       bds_state       bds;
+       u_char          *stack;
+       u_int32_t       stackoffset;
+       u_char          *stacklevels;
+       u_char          *auth;
+       u_char          *keep;
+       u_char          *th_nodes;
+       u_char          *retain;
+       treehash_inst   *treehash;
+
+       u_int32_t       idx;            /* state read from file */
+       u_int32_t       maxidx;         /* resticted # of signatures */
+       int             have_state;     /* .state file exists */
+       int             lockfd;         /* locked in sshkey_xmss_get_state() */
+       int             allow_update;   /* allow sshkey_xmss_update_state() */
+       char            *enc_ciphername;/* encrypt state with cipher */
+       u_char          *enc_keyiv;     /* encrypt state with key */
+       u_int32_t       enc_keyiv_len;  /* length of enc_keyiv */
+};
+
+int     sshkey_xmss_init_bds_state(struct sshkey *);
+int     sshkey_xmss_init_enc_key(struct sshkey *, const char *);
+void    sshkey_xmss_free_bds(struct sshkey *);
+int     sshkey_xmss_get_state_from_file(struct sshkey *, const char *,
+           int *, sshkey_printfn *);
+int     sshkey_xmss_encrypt_state(const struct sshkey *, struct sshbuf *,
+           struct sshbuf **);
+int     sshkey_xmss_decrypt_state(const struct sshkey *, struct sshbuf *,
+           struct sshbuf **);
+int     sshkey_xmss_serialize_enc_key(const struct sshkey *, struct sshbuf *);
+int     sshkey_xmss_deserialize_enc_key(struct sshkey *, struct sshbuf *);
Home |
Main Index |
Thread Index |
Old Index