Antonio Larrosa
da2c6cc517
* No changes for askpass, see main package changelog for details. - Fix a dbus connection leaked in the logind patch that was missing a sd_bus_unref call (found by Matthias Gerstner): * logind_set_tty.patch - Add a patch that fixes a small memory leak when parsing the subsystem configuration option: * fix-memleak-in-process_server_config_line_depth.patch - Update to openssh 9.8p1: = Security * 1) Race condition in sshd(8) (bsc#1226642, CVE-2024-6387). A critical vulnerability in sshd(8) was present in Portable OpenSSH versions between 8.5p1 and 9.7p1 (inclusive) that may allow arbitrary code execution with root privileges. Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. It's likely that these attacks will be improved upon. Exploitation on non-glibc systems is conceivable but has not been examined. Systems that lack ASLR or users of downstream Linux distributions that have modified OpenSSH to disable per-connection ASLR re-randomisation (yes - this is a thing, no - we don't understand why) may potentially have an easier path to exploitation. OpenBSD is not vulnerable. OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=272
305 lines
7.8 KiB
Diff
305 lines
7.8 KiB
Diff
# HG changeset patch
|
|
# Parent cc1022edba2c5eeb0facba08468f65afc2466b63
|
|
CAVS test for OpenSSH's own CTR encryption mode implementation
|
|
|
|
Index: openssh-8.8p1/Makefile.in
|
|
===================================================================
|
|
--- openssh-8.8p1.orig/Makefile.in
|
|
+++ openssh-8.8p1/Makefile.in
|
|
@@ -26,6 +26,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server
|
|
SSHD_SESSION=$(libexecdir)/sshd-session
|
|
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
|
|
SSH_SK_HELPER=$(libexecdir)/ssh-sk-helper
|
|
+CAVSTEST_CTR=$(libexecdir)/cavstest-ctr
|
|
PRIVSEP_PATH=@PRIVSEP_PATH@
|
|
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
|
|
STRIP_OPT=@STRIP_OPT@
|
|
@@ -69,6 +70,8 @@ MKDIR_P=@MKDIR_P@
|
|
|
|
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) sshd-session$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT)
|
|
|
|
+TARGETS += cavstest-ctr$(EXEEXT)
|
|
+
|
|
XMSS_OBJS=\
|
|
ssh-xmss.o \
|
|
sshkey-xmss.o \
|
|
@@ -245,6 +248,10 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libss
|
|
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTP_OBJS)
|
|
$(LD) -o $@ $(SFTP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
|
|
|
|
+# FIPS tests
|
|
+cavstest-ctr$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-sk.o sk-usbhid.o cavstest-ctr.o
|
|
+ $(LD) -o $@ cavstest-ctr.o ssh-sk.o sk-usbhid.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(LIBFIDO2) -lz
|
|
+
|
|
# test driver for the loginrec code - not built by default
|
|
logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
|
|
$(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
|
|
@@ -407,6 +414,7 @@ install-files:
|
|
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-sk-helper$(EXEEXT) $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
|
|
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
|
|
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
|
+ $(INSTALL) -m 0755 $(STRIP_OPT) cavstest-ctr$(EXEEXT) $(DESTDIR)$(libexecdir)/cavstest-ctr$(EXEEXT)
|
|
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
|
$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
|
|
$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
|
|
Index: openssh-8.8p1/cavstest-ctr.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ openssh-8.8p1/cavstest-ctr.c
|
|
@@ -0,0 +1,214 @@
|
|
+/*
|
|
+ *
|
|
+ * invocation (all of the following are equal):
|
|
+ * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6
|
|
+ * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6 --iv 00000000000000000000000000000000
|
|
+ * echo -n a6deca405eef2e8e4609abf3c3ccf4a6 | ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt
|
|
+ */
|
|
+
|
|
+#include "includes.h"
|
|
+
|
|
+#include <sys/types.h>
|
|
+#include <sys/param.h>
|
|
+#include <stdarg.h>
|
|
+#include <stdio.h>
|
|
+#include <stdlib.h>
|
|
+#include <string.h>
|
|
+#include <ctype.h>
|
|
+
|
|
+#include "xmalloc.h"
|
|
+#include "log.h"
|
|
+#include "cipher.h"
|
|
+
|
|
+/* compatibility with old or broken OpenSSL versions */
|
|
+#include "openbsd-compat/openssl-compat.h"
|
|
+
|
|
+void
|
|
+usage(void)
|
|
+{
|
|
+ fprintf(stderr, "Usage: ctr-cavstest --algo <ssh-crypto-algorithm>\n"
|
|
+ " --key <hexadecimal-key> --mode <encrypt|decrypt>\n"
|
|
+ " [--iv <hexadecimal-iv>] --data <hexadecimal-data>\n\n"
|
|
+ "Hexadecimal output is printed to stdout.\n"
|
|
+ "Hexadecimal input data can be alternatively read from stdin.\n");
|
|
+ exit(1);
|
|
+}
|
|
+
|
|
+void *
|
|
+fromhex(char *hex, size_t * len)
|
|
+{
|
|
+ unsigned char *bin;
|
|
+ char *p;
|
|
+ size_t n = 0;
|
|
+ int shift = 4;
|
|
+ unsigned char out = 0;
|
|
+ unsigned char *optr;
|
|
+
|
|
+ bin = xmalloc(strlen(hex) / 2);
|
|
+ optr = bin;
|
|
+
|
|
+ for (p = hex; *p != '\0'; ++p) {
|
|
+ unsigned char c;
|
|
+
|
|
+ c = *p;
|
|
+ if (isspace(c))
|
|
+ continue;
|
|
+
|
|
+ if (c >= '0' && c <= '9') {
|
|
+ c = c - '0';
|
|
+ } else if (c >= 'A' && c <= 'F') {
|
|
+ c = c - 'A' + 10;
|
|
+ } else if (c >= 'a' && c <= 'f') {
|
|
+ c = c - 'a' + 10;
|
|
+ } else {
|
|
+ /* truncate on nonhex cipher */
|
|
+ break;
|
|
+ }
|
|
+
|
|
+ out |= c << shift;
|
|
+ shift = (shift + 4) % 8;
|
|
+
|
|
+ if (shift) {
|
|
+ *(optr++) = out;
|
|
+ out = 0;
|
|
+ ++n;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ *len = n;
|
|
+ return bin;
|
|
+}
|
|
+
|
|
+#define READ_CHUNK 4096
|
|
+#define MAX_READ_SIZE 1024*1024*100
|
|
+char *
|
|
+read_stdin(void)
|
|
+{
|
|
+ char *buf;
|
|
+ size_t n, total = 0;
|
|
+
|
|
+ buf = xmalloc(READ_CHUNK);
|
|
+
|
|
+ do {
|
|
+ n = fread(buf + total, 1, READ_CHUNK, stdin);
|
|
+ if (n < READ_CHUNK) /* terminate on short read */
|
|
+ break;
|
|
+
|
|
+ total += n;
|
|
+ buf = xreallocarray(buf, total + READ_CHUNK, 1);
|
|
+ } while (total < MAX_READ_SIZE);
|
|
+ return buf;
|
|
+}
|
|
+
|
|
+int
|
|
+main(int argc, char *argv[])
|
|
+{
|
|
+
|
|
+ struct sshcipher *c;
|
|
+ struct sshcipher_ctx cc;
|
|
+ struct sshcipher_ctx *ccp;
|
|
+ char *algo = "aes128-ctr";
|
|
+ char *hexkey = NULL;
|
|
+ char *hexiv = "00000000000000000000000000000000";
|
|
+ char *hexdata = NULL;
|
|
+ char *p;
|
|
+ int i;
|
|
+ int encrypt = 1;
|
|
+ void *key;
|
|
+ size_t keylen;
|
|
+ void *iv;
|
|
+ size_t ivlen;
|
|
+ void *data;
|
|
+ size_t datalen;
|
|
+ void *outdata;
|
|
+
|
|
+ for (i = 1; i < argc; ++i) {
|
|
+ if (strcmp(argv[i], "--algo") == 0) {
|
|
+ algo = argv[++i];
|
|
+ } else if (strcmp(argv[i], "--key") == 0) {
|
|
+ hexkey = argv[++i];
|
|
+ } else if (strcmp(argv[i], "--mode") == 0) {
|
|
+ ++i;
|
|
+ if (argv[i] == NULL) {
|
|
+ usage();
|
|
+ }
|
|
+ if (strncmp(argv[i], "enc", 3) == 0) {
|
|
+ encrypt = 1;
|
|
+ } else if (strncmp(argv[i], "dec", 3) == 0) {
|
|
+ encrypt = 0;
|
|
+ } else {
|
|
+ usage();
|
|
+ }
|
|
+ } else if (strcmp(argv[i], "--iv") == 0) {
|
|
+ hexiv = argv[++i];
|
|
+ } else if (strcmp(argv[i], "--data") == 0) {
|
|
+ hexdata = argv[++i];
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (hexkey == NULL || algo == NULL) {
|
|
+ usage();
|
|
+ }
|
|
+
|
|
+ OpenSSL_add_all_algorithms();
|
|
+
|
|
+ c = cipher_by_name(algo);
|
|
+ if (c == NULL) {
|
|
+ fprintf(stderr, "Error: unknown algorithm\n");
|
|
+ return 2;
|
|
+ }
|
|
+
|
|
+ if (hexdata == NULL) {
|
|
+ hexdata = read_stdin();
|
|
+ } else {
|
|
+ hexdata = xstrdup(hexdata);
|
|
+ }
|
|
+
|
|
+ key = fromhex(hexkey, &keylen);
|
|
+
|
|
+ if (keylen != 16 && keylen != 24 && keylen == 32) {
|
|
+ fprintf(stderr, "Error: unsupported key length\n");
|
|
+ return 2;
|
|
+ }
|
|
+
|
|
+ iv = fromhex(hexiv, &ivlen);
|
|
+
|
|
+ if (ivlen != 16) {
|
|
+ fprintf(stderr, "Error: unsupported iv length\n");
|
|
+ return 2;
|
|
+ }
|
|
+
|
|
+ data = fromhex(hexdata, &datalen);
|
|
+
|
|
+ if (data == NULL || datalen == 0) {
|
|
+ fprintf(stderr, "Error: no data to encrypt/decrypt\n");
|
|
+ return 2;
|
|
+ }
|
|
+
|
|
+ ccp = &cc;
|
|
+ cipher_init(&ccp, c, key, keylen, iv, ivlen, encrypt);
|
|
+
|
|
+ free(key);
|
|
+ free(iv);
|
|
+
|
|
+ outdata = malloc(datalen);
|
|
+ if (outdata == NULL) {
|
|
+ fprintf(stderr, "Error: memory allocation failure\n");
|
|
+ return 2;
|
|
+ }
|
|
+
|
|
+ cipher_crypt(&cc, 0, outdata, data, datalen, 0, 0);
|
|
+
|
|
+ free(data);
|
|
+
|
|
+ cipher_free(&cc);
|
|
+
|
|
+ for (p = outdata; datalen > 0; ++p, --datalen) {
|
|
+ printf("%02X", (unsigned char) *p);
|
|
+ }
|
|
+
|
|
+ free(outdata);
|
|
+
|
|
+ printf("\n");
|
|
+ return 0;
|
|
+}
|
|
Index: openssh-8.8p1/cipher.c
|
|
===================================================================
|
|
--- openssh-8.8p1.orig/cipher.c
|
|
+++ openssh-8.8p1/cipher.c
|
|
@@ -58,15 +58,6 @@
|
|
#define EVP_CIPHER_CTX void
|
|
#endif
|
|
|
|
-struct sshcipher_ctx {
|
|
- int plaintext;
|
|
- int encrypt;
|
|
- EVP_CIPHER_CTX *evp;
|
|
- struct chachapoly_ctx *cp_ctx;
|
|
- struct aesctr_ctx ac_ctx; /* XXX union with evp? */
|
|
- const struct sshcipher *cipher;
|
|
-};
|
|
-
|
|
struct sshcipher {
|
|
char *name;
|
|
u_int block_size;
|
|
Index: openssh-8.8p1/cipher.h
|
|
===================================================================
|
|
--- openssh-8.8p1.orig/cipher.h
|
|
+++ openssh-8.8p1/cipher.h
|
|
@@ -48,7 +48,15 @@
|
|
#define CIPHER_DECRYPT 0
|
|
|
|
struct sshcipher;
|
|
-struct sshcipher_ctx;
|
|
+struct sshcipher_ctx {
|
|
+ int plaintext;
|
|
+ int encrypt;
|
|
+ EVP_CIPHER_CTX *evp;
|
|
+ struct chachapoly_ctx *cp_ctx; /* XXX union with evp? */
|
|
+ struct aesctr_ctx ac_ctx; /* XXX union with evp? */
|
|
+ const struct sshcipher *cipher;
|
|
+};
|
|
+
|
|
|
|
const struct sshcipher *cipher_by_name(const char *);
|
|
const char *cipher_warning_message(const struct sshcipher_ctx *);
|