mirror of
https://github.com/pygos/build.git
synced 2024-11-25 20:30:43 +01:00
Bump OpenSSH version
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
This commit is contained in:
parent
06cf2e05cf
commit
61393153d4
2 changed files with 177 additions and 212 deletions
|
@ -1,14 +1,7 @@
|
||||||
Submitted by: Bruce Dubbs (bdubbs@linuxfromscratch.org)
|
diff -aurp old/auth-pam.c new/auth-pam.c
|
||||||
Date: 2017-10-08
|
--- old/auth-pam.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
Initial Package Version: 7.6p1
|
+++ new/auth-pam.c 2018-03-23 10:05:03.886621278 -1000
|
||||||
Upstream Status: Pending
|
@@ -128,6 +128,10 @@ extern u_int utmp_len;
|
||||||
Origin: https://git.archlinux.org/svntogit/packages.git/plain/trunk/openssl-1.1.0.patch?h=packages/openssh
|
|
||||||
Description: Fixes build issues with OpenSSL-1.1.0.
|
|
||||||
|
|
||||||
diff -Naur old/auth-pam.c new/auth-pam.c
|
|
||||||
--- old/auth-pam.c 2017-10-03 21:49:05.363829772 -1000
|
|
||||||
+++ new/auth-pam.c 2017-10-03 21:55:50.869718862 -1000
|
|
||||||
@@ -128,6 +128,10 @@
|
|
||||||
typedef pthread_t sp_pthread_t;
|
typedef pthread_t sp_pthread_t;
|
||||||
#else
|
#else
|
||||||
typedef pid_t sp_pthread_t;
|
typedef pid_t sp_pthread_t;
|
||||||
|
@ -19,10 +12,10 @@ diff -Naur old/auth-pam.c new/auth-pam.c
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
struct pam_ctxt {
|
struct pam_ctxt {
|
||||||
diff -Naur old/cipher.c new/cipher.c
|
diff -aurp old/cipher.c new/cipher.c
|
||||||
--- old/cipher.c 2017-10-03 21:49:05.367162904 -1000
|
--- old/cipher.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/cipher.c 2017-10-03 21:55:50.869718862 -1000
|
+++ new/cipher.c 2018-03-23 10:05:03.886621278 -1000
|
||||||
@@ -297,7 +297,10 @@
|
@@ -297,7 +297,10 @@ cipher_init(struct sshcipher_ctx **ccp,
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -34,7 +27,7 @@ diff -Naur old/cipher.c new/cipher.c
|
||||||
ret = SSH_ERR_LIBCRYPTO_ERROR;
|
ret = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
@@ -486,7 +489,7 @@
|
@@ -483,7 +486,7 @@ cipher_get_keyiv(struct sshcipher_ctx *c
|
||||||
len, iv))
|
len, iv))
|
||||||
return SSH_ERR_LIBCRYPTO_ERROR;
|
return SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
} else
|
} else
|
||||||
|
@ -43,7 +36,7 @@ diff -Naur old/cipher.c new/cipher.c
|
||||||
#endif
|
#endif
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -520,14 +523,19 @@
|
@@ -517,14 +520,19 @@ cipher_set_keyiv(struct sshcipher_ctx *c
|
||||||
EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv))
|
EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv))
|
||||||
return SSH_ERR_LIBCRYPTO_ERROR;
|
return SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
} else
|
} else
|
||||||
|
@ -66,9 +59,9 @@ diff -Naur old/cipher.c new/cipher.c
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int
|
int
|
||||||
diff -Naur old/cipher.h new/cipher.h
|
diff -aurp old/cipher.h new/cipher.h
|
||||||
--- old/cipher.h 2017-10-03 21:49:05.367162904 -1000
|
--- old/cipher.h 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/cipher.h 2017-10-03 21:55:50.869718862 -1000
|
+++ new/cipher.h 2018-03-23 10:05:03.886621278 -1000
|
||||||
@@ -46,7 +46,18 @@
|
@@ -46,7 +46,18 @@
|
||||||
#define CIPHER_DECRYPT 0
|
#define CIPHER_DECRYPT 0
|
||||||
|
|
||||||
|
@ -88,10 +81,10 @@ diff -Naur old/cipher.h new/cipher.h
|
||||||
|
|
||||||
const struct sshcipher *cipher_by_name(const char *);
|
const struct sshcipher *cipher_by_name(const char *);
|
||||||
const char *cipher_warning_message(const struct sshcipher_ctx *);
|
const char *cipher_warning_message(const struct sshcipher_ctx *);
|
||||||
diff -Naur old/configure new/configure
|
diff -aurp old/configure new/configure
|
||||||
--- old/configure 2017-10-03 21:49:05.410493626 -1000
|
--- old/configure 2018-03-23 03:30:17.000000000 -1000
|
||||||
+++ new/configure 2017-10-03 22:01:49.159050540 -1000
|
+++ new/configure 2018-03-23 10:05:03.888621444 -1000
|
||||||
@@ -12688,7 +12688,6 @@
|
@@ -13076,7 +13076,6 @@ if ac_fn_c_try_run "$LINENO"; then :
|
||||||
100*) ;; # 1.0.x
|
100*) ;; # 1.0.x
|
||||||
200*) ;; # LibreSSL
|
200*) ;; # LibreSSL
|
||||||
*)
|
*)
|
||||||
|
@ -99,10 +92,10 @@ diff -Naur old/configure new/configure
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5
|
||||||
diff -Naur old/dh.c new/dh.c
|
diff -aurp old/dh.c new/dh.c
|
||||||
--- old/dh.c 2017-10-03 21:49:05.370496037 -1000
|
--- old/dh.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/dh.c 2017-10-03 21:55:50.869718862 -1000
|
+++ new/dh.c 2018-03-23 10:05:03.888621444 -1000
|
||||||
@@ -212,14 +212,15 @@
|
@@ -211,14 +211,15 @@ choose_dh(int min, int wantbits, int max
|
||||||
/* diffie-hellman-groupN-sha1 */
|
/* diffie-hellman-groupN-sha1 */
|
||||||
|
|
||||||
int
|
int
|
||||||
|
@ -120,7 +113,7 @@ diff -Naur old/dh.c new/dh.c
|
||||||
logit("invalid public DH value: negative");
|
logit("invalid public DH value: negative");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -232,7 +233,8 @@
|
@@ -231,7 +232,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
|
||||||
error("%s: BN_new failed", __func__);
|
error("%s: BN_new failed", __func__);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -130,7 +123,7 @@ diff -Naur old/dh.c new/dh.c
|
||||||
BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */
|
BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */
|
||||||
BN_clear_free(tmp);
|
BN_clear_free(tmp);
|
||||||
logit("invalid public DH value: >= p-1");
|
logit("invalid public DH value: >= p-1");
|
||||||
@@ -243,14 +245,14 @@
|
@@ -242,14 +244,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
|
||||||
for (i = 0; i <= n; i++)
|
for (i = 0; i <= n; i++)
|
||||||
if (BN_is_bit_set(dh_pub, i))
|
if (BN_is_bit_set(dh_pub, i))
|
||||||
bits_set++;
|
bits_set++;
|
||||||
|
@ -147,7 +140,7 @@ diff -Naur old/dh.c new/dh.c
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
@@ -260,9 +262,13 @@
|
@@ -259,9 +261,13 @@ int
|
||||||
dh_gen_key(DH *dh, int need)
|
dh_gen_key(DH *dh, int need)
|
||||||
{
|
{
|
||||||
int pbits;
|
int pbits;
|
||||||
|
@ -163,7 +156,7 @@ diff -Naur old/dh.c new/dh.c
|
||||||
need > INT_MAX / 2 || 2 * need > pbits)
|
need > INT_MAX / 2 || 2 * need > pbits)
|
||||||
return SSH_ERR_INVALID_ARGUMENT;
|
return SSH_ERR_INVALID_ARGUMENT;
|
||||||
if (need < 256)
|
if (need < 256)
|
||||||
@@ -271,10 +277,13 @@
|
@@ -270,10 +276,13 @@ dh_gen_key(DH *dh, int need)
|
||||||
* Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
|
* Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
|
||||||
* so double requested need here.
|
* so double requested need here.
|
||||||
*/
|
*/
|
||||||
|
@ -181,7 +174,7 @@ diff -Naur old/dh.c new/dh.c
|
||||||
return SSH_ERR_LIBCRYPTO_ERROR;
|
return SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
@@ -283,16 +292,27 @@
|
@@ -282,16 +291,27 @@ dh_gen_key(DH *dh, int need)
|
||||||
DH *
|
DH *
|
||||||
dh_new_group_asc(const char *gen, const char *modulus)
|
dh_new_group_asc(const char *gen, const char *modulus)
|
||||||
{
|
{
|
||||||
|
@ -216,7 +209,7 @@ diff -Naur old/dh.c new/dh.c
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -307,8 +327,8 @@
|
@@ -306,8 +326,8 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulu
|
||||||
|
|
||||||
if ((dh = DH_new()) == NULL)
|
if ((dh = DH_new()) == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -227,10 +220,10 @@ diff -Naur old/dh.c new/dh.c
|
||||||
|
|
||||||
return (dh);
|
return (dh);
|
||||||
}
|
}
|
||||||
diff -Naur old/dh.h new/dh.h
|
diff -aurp old/dh.h new/dh.h
|
||||||
--- old/dh.h 2017-10-03 21:49:05.370496037 -1000
|
--- old/dh.h 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/dh.h 2017-10-03 21:55:50.869718862 -1000
|
+++ new/dh.h 2018-03-23 10:05:03.889621527 -1000
|
||||||
@@ -42,7 +42,7 @@
|
@@ -42,7 +42,7 @@ DH *dh_new_group18(void);
|
||||||
DH *dh_new_group_fallback(int);
|
DH *dh_new_group_fallback(int);
|
||||||
|
|
||||||
int dh_gen_key(DH *, int);
|
int dh_gen_key(DH *, int);
|
||||||
|
@ -239,9 +232,9 @@ diff -Naur old/dh.h new/dh.h
|
||||||
|
|
||||||
u_int dh_estimate(int);
|
u_int dh_estimate(int);
|
||||||
|
|
||||||
diff -Naur old/digest-openssl.c new/digest-openssl.c
|
diff -aurp old/digest-openssl.c new/digest-openssl.c
|
||||||
--- old/digest-openssl.c 2017-10-03 21:49:05.370496037 -1000
|
--- old/digest-openssl.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/digest-openssl.c 2017-10-03 21:55:50.869718862 -1000
|
+++ new/digest-openssl.c 2018-03-23 10:05:03.889621527 -1000
|
||||||
@@ -43,7 +43,7 @@
|
@@ -43,7 +43,7 @@
|
||||||
|
|
||||||
struct ssh_digest_ctx {
|
struct ssh_digest_ctx {
|
||||||
|
@ -251,7 +244,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c
|
||||||
};
|
};
|
||||||
|
|
||||||
struct ssh_digest {
|
struct ssh_digest {
|
||||||
@@ -106,20 +106,21 @@
|
@@ -106,20 +106,21 @@ ssh_digest_bytes(int alg)
|
||||||
size_t
|
size_t
|
||||||
ssh_digest_blocksize(struct ssh_digest_ctx *ctx)
|
ssh_digest_blocksize(struct ssh_digest_ctx *ctx)
|
||||||
{
|
{
|
||||||
|
@ -277,7 +270,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c
|
||||||
free(ret);
|
free(ret);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@@ -132,7 +133,7 @@
|
@@ -132,7 +133,7 @@ ssh_digest_copy_state(struct ssh_digest_
|
||||||
if (from->alg != to->alg)
|
if (from->alg != to->alg)
|
||||||
return SSH_ERR_INVALID_ARGUMENT;
|
return SSH_ERR_INVALID_ARGUMENT;
|
||||||
/* we have bcopy-style order while openssl has memcpy-style */
|
/* we have bcopy-style order while openssl has memcpy-style */
|
||||||
|
@ -286,7 +279,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c
|
||||||
return SSH_ERR_LIBCRYPTO_ERROR;
|
return SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -140,7 +141,7 @@
|
@@ -140,7 +141,7 @@ ssh_digest_copy_state(struct ssh_digest_
|
||||||
int
|
int
|
||||||
ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen)
|
ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen)
|
||||||
{
|
{
|
||||||
|
@ -295,7 +288,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c
|
||||||
return SSH_ERR_LIBCRYPTO_ERROR;
|
return SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -161,7 +162,7 @@
|
@@ -161,7 +162,7 @@ ssh_digest_final(struct ssh_digest_ctx *
|
||||||
return SSH_ERR_INVALID_ARGUMENT;
|
return SSH_ERR_INVALID_ARGUMENT;
|
||||||
if (dlen < digest->digest_len) /* No truncation allowed */
|
if (dlen < digest->digest_len) /* No truncation allowed */
|
||||||
return SSH_ERR_INVALID_ARGUMENT;
|
return SSH_ERR_INVALID_ARGUMENT;
|
||||||
|
@ -304,7 +297,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c
|
||||||
return SSH_ERR_LIBCRYPTO_ERROR;
|
return SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
if (l != digest->digest_len) /* sanity */
|
if (l != digest->digest_len) /* sanity */
|
||||||
return SSH_ERR_INTERNAL_ERROR;
|
return SSH_ERR_INTERNAL_ERROR;
|
||||||
@@ -172,7 +173,7 @@
|
@@ -172,7 +173,7 @@ void
|
||||||
ssh_digest_free(struct ssh_digest_ctx *ctx)
|
ssh_digest_free(struct ssh_digest_ctx *ctx)
|
||||||
{
|
{
|
||||||
if (ctx != NULL) {
|
if (ctx != NULL) {
|
||||||
|
@ -313,10 +306,10 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c
|
||||||
explicit_bzero(ctx, sizeof(*ctx));
|
explicit_bzero(ctx, sizeof(*ctx));
|
||||||
free(ctx);
|
free(ctx);
|
||||||
}
|
}
|
||||||
diff -Naur old/kexdhc.c new/kexdhc.c
|
diff -aurp old/kexdhc.c new/kexdhc.c
|
||||||
--- old/kexdhc.c 2017-10-03 21:49:05.373829169 -1000
|
--- old/kexdhc.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/kexdhc.c 2017-10-03 21:55:50.869718862 -1000
|
+++ new/kexdhc.c 2018-03-23 10:05:03.889621527 -1000
|
||||||
@@ -81,11 +81,16 @@
|
@@ -81,11 +81,16 @@ kexdh_client(struct ssh *ssh)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
debug("sending SSH2_MSG_KEXDH_INIT");
|
debug("sending SSH2_MSG_KEXDH_INIT");
|
||||||
|
@ -336,7 +329,7 @@ diff -Naur old/kexdhc.c new/kexdhc.c
|
||||||
#ifdef DEBUG_KEXDH
|
#ifdef DEBUG_KEXDH
|
||||||
DHparams_print_fp(stderr, kex->dh);
|
DHparams_print_fp(stderr, kex->dh);
|
||||||
fprintf(stderr, "pub= ");
|
fprintf(stderr, "pub= ");
|
||||||
@@ -169,6 +174,9 @@
|
@@ -169,6 +174,9 @@ input_kex_dh(int type, u_int32_t seq, st
|
||||||
|
|
||||||
/* calc and verify H */
|
/* calc and verify H */
|
||||||
hashlen = sizeof(hash);
|
hashlen = sizeof(hash);
|
||||||
|
@ -346,7 +339,7 @@ diff -Naur old/kexdhc.c new/kexdhc.c
|
||||||
if ((r = kex_dh_hash(
|
if ((r = kex_dh_hash(
|
||||||
kex->hash_alg,
|
kex->hash_alg,
|
||||||
kex->client_version_string,
|
kex->client_version_string,
|
||||||
@@ -176,11 +184,13 @@
|
@@ -176,11 +184,13 @@ input_kex_dh(int type, u_int32_t seq, st
|
||||||
sshbuf_ptr(kex->my), sshbuf_len(kex->my),
|
sshbuf_ptr(kex->my), sshbuf_len(kex->my),
|
||||||
sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
|
sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
|
||||||
server_host_key_blob, sbloblen,
|
server_host_key_blob, sbloblen,
|
||||||
|
@ -361,22 +354,11 @@ diff -Naur old/kexdhc.c new/kexdhc.c
|
||||||
+ }
|
+ }
|
||||||
|
|
||||||
if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
|
if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
|
||||||
ssh->compat)) != 0)
|
kex->hostkey_alg, ssh->compat)) != 0)
|
||||||
diff -Naur old/kexdhs.c new/kexdhs.c
|
diff -aurp old/kexdhs.c new/kexdhs.c
|
||||||
--- old/kexdhs.c 2017-10-03 21:49:05.373829169 -1000
|
--- old/kexdhs.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/kexdhs.c 2017-10-03 21:55:50.869718862 -1000
|
+++ new/kexdhs.c 2018-03-23 10:58:58.126733207 -1000
|
||||||
@@ -87,6 +87,10 @@
|
@@ -163,6 +163,9 @@ input_kex_dh_init(int type, u_int32_t se
|
||||||
ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init);
|
|
||||||
r = 0;
|
|
||||||
out:
|
|
||||||
+ if (r != 0) {
|
|
||||||
+ if (kex->dh) DH_free(kex->dh);
|
|
||||||
+ kex->dh = NULL;
|
|
||||||
+ }
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -163,6 +167,9 @@
|
|
||||||
goto out;
|
goto out;
|
||||||
/* calc H */
|
/* calc H */
|
||||||
hashlen = sizeof(hash);
|
hashlen = sizeof(hash);
|
||||||
|
@ -386,7 +368,7 @@ diff -Naur old/kexdhs.c new/kexdhs.c
|
||||||
if ((r = kex_dh_hash(
|
if ((r = kex_dh_hash(
|
||||||
kex->hash_alg,
|
kex->hash_alg,
|
||||||
kex->client_version_string,
|
kex->client_version_string,
|
||||||
@@ -171,10 +178,12 @@
|
@@ -171,10 +174,12 @@ input_kex_dh_init(int type, u_int32_t se
|
||||||
sshbuf_ptr(kex->my), sshbuf_len(kex->my),
|
sshbuf_ptr(kex->my), sshbuf_len(kex->my),
|
||||||
server_host_key_blob, sbloblen,
|
server_host_key_blob, sbloblen,
|
||||||
dh_client_pub,
|
dh_client_pub,
|
||||||
|
@ -401,7 +383,7 @@ diff -Naur old/kexdhs.c new/kexdhs.c
|
||||||
|
|
||||||
/* save session id := H */
|
/* save session id := H */
|
||||||
if (kex->session_id == NULL) {
|
if (kex->session_id == NULL) {
|
||||||
@@ -195,12 +204,17 @@
|
@@ -195,12 +200,17 @@ input_kex_dh_init(int type, u_int32_t se
|
||||||
/* destroy_sensitive_data(); */
|
/* destroy_sensitive_data(); */
|
||||||
|
|
||||||
/* send server hostkey, DH pubkey 'f' and singed H */
|
/* send server hostkey, DH pubkey 'f' and singed H */
|
||||||
|
@ -421,10 +403,10 @@ diff -Naur old/kexdhs.c new/kexdhs.c
|
||||||
|
|
||||||
if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
|
if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
|
||||||
r = kex_send_newkeys(ssh);
|
r = kex_send_newkeys(ssh);
|
||||||
diff -Naur old/kexgexc.c new/kexgexc.c
|
diff -aurp old/kexgexc.c new/kexgexc.c
|
||||||
--- old/kexgexc.c 2017-10-03 21:49:05.373829169 -1000
|
--- old/kexgexc.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/kexgexc.c 2017-10-03 21:55:50.869718862 -1000
|
+++ new/kexgexc.c 2018-03-23 11:00:00.132866201 -1000
|
||||||
@@ -118,11 +118,17 @@
|
@@ -118,11 +118,17 @@ input_kex_dh_gex_group(int type, u_int32
|
||||||
p = g = NULL; /* belong to kex->dh now */
|
p = g = NULL; /* belong to kex->dh now */
|
||||||
|
|
||||||
/* generate and send 'e', client DH public key */
|
/* generate and send 'e', client DH public key */
|
||||||
|
@ -446,22 +428,7 @@ diff -Naur old/kexgexc.c new/kexgexc.c
|
||||||
debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
|
debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
|
||||||
#ifdef DEBUG_KEXDH
|
#ifdef DEBUG_KEXDH
|
||||||
DHparams_print_fp(stderr, kex->dh);
|
DHparams_print_fp(stderr, kex->dh);
|
||||||
@@ -134,10 +140,12 @@
|
@@ -212,6 +218,10 @@ input_kex_dh_gex_reply(int type, u_int32
|
||||||
ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply);
|
|
||||||
r = 0;
|
|
||||||
out:
|
|
||||||
- if (p)
|
|
||||||
+ if (r != 0) {
|
|
||||||
BN_clear_free(p);
|
|
||||||
- if (g)
|
|
||||||
BN_clear_free(g);
|
|
||||||
+ DH_free(kex->dh);
|
|
||||||
+ kex->dh = NULL;
|
|
||||||
+ }
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -214,6 +222,10 @@
|
|
||||||
|
|
||||||
/* calc and verify H */
|
/* calc and verify H */
|
||||||
hashlen = sizeof(hash);
|
hashlen = sizeof(hash);
|
||||||
|
@ -472,7 +439,7 @@ diff -Naur old/kexgexc.c new/kexgexc.c
|
||||||
if ((r = kexgex_hash(
|
if ((r = kexgex_hash(
|
||||||
kex->hash_alg,
|
kex->hash_alg,
|
||||||
kex->client_version_string,
|
kex->client_version_string,
|
||||||
@@ -222,12 +234,14 @@
|
@@ -220,12 +230,14 @@ input_kex_dh_gex_reply(int type, u_int32
|
||||||
sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
|
sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
|
||||||
server_host_key_blob, sbloblen,
|
server_host_key_blob, sbloblen,
|
||||||
kex->min, kex->nbits, kex->max,
|
kex->min, kex->nbits, kex->max,
|
||||||
|
@ -489,11 +456,11 @@ diff -Naur old/kexgexc.c new/kexgexc.c
|
||||||
+ }
|
+ }
|
||||||
|
|
||||||
if ((r = sshkey_verify(server_host_key, signature, slen, hash,
|
if ((r = sshkey_verify(server_host_key, signature, slen, hash,
|
||||||
hashlen, ssh->compat)) != 0)
|
hashlen, kex->hostkey_alg, ssh->compat)) != 0)
|
||||||
diff -Naur old/kexgexs.c new/kexgexs.c
|
diff -aurp old/kexgexs.c new/kexgexs.c
|
||||||
--- old/kexgexs.c 2017-10-03 21:49:05.373829169 -1000
|
--- old/kexgexs.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/kexgexs.c 2017-10-03 21:55:50.869718862 -1000
|
+++ new/kexgexs.c 2018-03-23 11:03:06.045049721 -1000
|
||||||
@@ -101,11 +101,16 @@
|
@@ -101,11 +101,16 @@ input_kex_dh_gex_request(int type, u_int
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
|
debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
|
||||||
|
@ -513,18 +480,7 @@ diff -Naur old/kexgexs.c new/kexgexs.c
|
||||||
|
|
||||||
/* Compute our exchange value in parallel with the client */
|
/* Compute our exchange value in parallel with the client */
|
||||||
if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
|
if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
|
||||||
@@ -115,6 +120,10 @@
|
@@ -191,6 +196,10 @@ input_kex_dh_gex_init(int type, u_int32_
|
||||||
ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init);
|
|
||||||
r = 0;
|
|
||||||
out:
|
|
||||||
+ if (r != 0) {
|
|
||||||
+ DH_free(kex->dh);
|
|
||||||
+ kex->dh = NULL;
|
|
||||||
+ }
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -191,6 +200,10 @@
|
|
||||||
goto out;
|
goto out;
|
||||||
/* calc H */
|
/* calc H */
|
||||||
hashlen = sizeof(hash);
|
hashlen = sizeof(hash);
|
||||||
|
@ -535,7 +491,7 @@ diff -Naur old/kexgexs.c new/kexgexs.c
|
||||||
if ((r = kexgex_hash(
|
if ((r = kexgex_hash(
|
||||||
kex->hash_alg,
|
kex->hash_alg,
|
||||||
kex->client_version_string,
|
kex->client_version_string,
|
||||||
@@ -199,12 +212,14 @@
|
@@ -199,12 +208,14 @@ input_kex_dh_gex_init(int type, u_int32_
|
||||||
sshbuf_ptr(kex->my), sshbuf_len(kex->my),
|
sshbuf_ptr(kex->my), sshbuf_len(kex->my),
|
||||||
server_host_key_blob, sbloblen,
|
server_host_key_blob, sbloblen,
|
||||||
kex->min, kex->nbits, kex->max,
|
kex->min, kex->nbits, kex->max,
|
||||||
|
@ -553,7 +509,7 @@ diff -Naur old/kexgexs.c new/kexgexs.c
|
||||||
|
|
||||||
/* save session id := H */
|
/* save session id := H */
|
||||||
if (kex->session_id == NULL) {
|
if (kex->session_id == NULL) {
|
||||||
@@ -225,12 +240,17 @@
|
@@ -225,12 +236,17 @@ input_kex_dh_gex_init(int type, u_int32_
|
||||||
/* destroy_sensitive_data(); */
|
/* destroy_sensitive_data(); */
|
||||||
|
|
||||||
/* send server hostkey, DH pubkey 'f' and singed H */
|
/* send server hostkey, DH pubkey 'f' and singed H */
|
||||||
|
@ -573,10 +529,10 @@ diff -Naur old/kexgexs.c new/kexgexs.c
|
||||||
|
|
||||||
if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
|
if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
|
||||||
r = kex_send_newkeys(ssh);
|
r = kex_send_newkeys(ssh);
|
||||||
diff -Naur old/monitor.c new/monitor.c
|
diff -aurp old/monitor.c new/monitor.c
|
||||||
--- old/monitor.c 2017-10-03 21:49:05.377162302 -1000
|
--- old/monitor.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/monitor.c 2017-10-03 21:55:50.869718862 -1000
|
+++ new/monitor.c 2018-03-23 10:05:03.890621610 -1000
|
||||||
@@ -586,10 +586,12 @@
|
@@ -595,10 +595,12 @@ mm_answer_moduli(int sock, Buffer *m)
|
||||||
buffer_put_char(m, 0);
|
buffer_put_char(m, 0);
|
||||||
return (0);
|
return (0);
|
||||||
} else {
|
} else {
|
||||||
|
@ -591,10 +547,10 @@ diff -Naur old/monitor.c new/monitor.c
|
||||||
|
|
||||||
DH_free(dh);
|
DH_free(dh);
|
||||||
}
|
}
|
||||||
diff -Naur old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat.c
|
diff -aurp old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat.c
|
||||||
--- old/openbsd-compat/openssl-compat.c 2017-10-03 21:49:05.397161097 -1000
|
--- old/openbsd-compat/openssl-compat.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/openbsd-compat/openssl-compat.c 2017-10-03 21:55:50.886387486 -1000
|
+++ new/openbsd-compat/openssl-compat.c 2018-03-23 10:05:03.890621610 -1000
|
||||||
@@ -75,7 +75,6 @@
|
@@ -75,7 +75,6 @@ ssh_OpenSSL_add_all_algorithms(void)
|
||||||
/* Enable use of crypto hardware */
|
/* Enable use of crypto hardware */
|
||||||
ENGINE_load_builtin_engines();
|
ENGINE_load_builtin_engines();
|
||||||
ENGINE_register_all_complete();
|
ENGINE_register_all_complete();
|
||||||
|
@ -602,10 +558,10 @@ diff -Naur old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
diff -Naur old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey/test_file.c
|
diff -aurp old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey/test_file.c
|
||||||
--- old/regress/unittests/sshkey/test_file.c 2017-10-03 21:49:05.387161699 -1000
|
--- old/regress/unittests/sshkey/test_file.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/regress/unittests/sshkey/test_file.c 2017-10-03 21:55:50.883053761 -1000
|
+++ new/regress/unittests/sshkey/test_file.c 2018-03-23 10:05:03.890621610 -1000
|
||||||
@@ -60,9 +60,14 @@
|
@@ -60,9 +60,14 @@ sshkey_file_tests(void)
|
||||||
a = load_bignum("rsa_1.param.n");
|
a = load_bignum("rsa_1.param.n");
|
||||||
b = load_bignum("rsa_1.param.p");
|
b = load_bignum("rsa_1.param.p");
|
||||||
c = load_bignum("rsa_1.param.q");
|
c = load_bignum("rsa_1.param.q");
|
||||||
|
@ -623,7 +579,7 @@ diff -Naur old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey
|
||||||
BN_free(a);
|
BN_free(a);
|
||||||
BN_free(b);
|
BN_free(b);
|
||||||
BN_free(c);
|
BN_free(c);
|
||||||
@@ -151,9 +156,14 @@
|
@@ -151,9 +156,14 @@ sshkey_file_tests(void)
|
||||||
a = load_bignum("dsa_1.param.g");
|
a = load_bignum("dsa_1.param.g");
|
||||||
b = load_bignum("dsa_1.param.priv");
|
b = load_bignum("dsa_1.param.priv");
|
||||||
c = load_bignum("dsa_1.param.pub");
|
c = load_bignum("dsa_1.param.pub");
|
||||||
|
@ -641,10 +597,10 @@ diff -Naur old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey
|
||||||
BN_free(a);
|
BN_free(a);
|
||||||
BN_free(b);
|
BN_free(b);
|
||||||
BN_free(c);
|
BN_free(c);
|
||||||
diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshkey/test_sshkey.c
|
diff -aurp old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshkey/test_sshkey.c
|
||||||
--- old/regress/unittests/sshkey/test_sshkey.c 2017-10-03 21:49:05.387161699 -1000
|
--- old/regress/unittests/sshkey/test_sshkey.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/regress/unittests/sshkey/test_sshkey.c 2017-10-03 21:55:50.883053761 -1000
|
+++ new/regress/unittests/sshkey/test_sshkey.c 2018-03-23 10:05:03.890621610 -1000
|
||||||
@@ -197,9 +197,14 @@
|
@@ -197,9 +197,14 @@ sshkey_tests(void)
|
||||||
k1 = sshkey_new(KEY_RSA);
|
k1 = sshkey_new(KEY_RSA);
|
||||||
ASSERT_PTR_NE(k1, NULL);
|
ASSERT_PTR_NE(k1, NULL);
|
||||||
ASSERT_PTR_NE(k1->rsa, NULL);
|
ASSERT_PTR_NE(k1->rsa, NULL);
|
||||||
|
@ -662,7 +618,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk
|
||||||
sshkey_free(k1);
|
sshkey_free(k1);
|
||||||
TEST_DONE();
|
TEST_DONE();
|
||||||
|
|
||||||
@@ -207,8 +212,13 @@
|
@@ -207,8 +212,13 @@ sshkey_tests(void)
|
||||||
k1 = sshkey_new(KEY_DSA);
|
k1 = sshkey_new(KEY_DSA);
|
||||||
ASSERT_PTR_NE(k1, NULL);
|
ASSERT_PTR_NE(k1, NULL);
|
||||||
ASSERT_PTR_NE(k1->dsa, NULL);
|
ASSERT_PTR_NE(k1->dsa, NULL);
|
||||||
|
@ -678,7 +634,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk
|
||||||
sshkey_free(k1);
|
sshkey_free(k1);
|
||||||
TEST_DONE();
|
TEST_DONE();
|
||||||
|
|
||||||
@@ -234,9 +244,14 @@
|
@@ -234,9 +244,14 @@ sshkey_tests(void)
|
||||||
k1 = sshkey_new_private(KEY_RSA);
|
k1 = sshkey_new_private(KEY_RSA);
|
||||||
ASSERT_PTR_NE(k1, NULL);
|
ASSERT_PTR_NE(k1, NULL);
|
||||||
ASSERT_PTR_NE(k1->rsa, NULL);
|
ASSERT_PTR_NE(k1->rsa, NULL);
|
||||||
|
@ -696,7 +652,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk
|
||||||
ASSERT_INT_EQ(sshkey_add_private(k1), 0);
|
ASSERT_INT_EQ(sshkey_add_private(k1), 0);
|
||||||
sshkey_free(k1);
|
sshkey_free(k1);
|
||||||
TEST_DONE();
|
TEST_DONE();
|
||||||
@@ -245,8 +260,13 @@
|
@@ -245,8 +260,13 @@ sshkey_tests(void)
|
||||||
k1 = sshkey_new_private(KEY_DSA);
|
k1 = sshkey_new_private(KEY_DSA);
|
||||||
ASSERT_PTR_NE(k1, NULL);
|
ASSERT_PTR_NE(k1, NULL);
|
||||||
ASSERT_PTR_NE(k1->dsa, NULL);
|
ASSERT_PTR_NE(k1->dsa, NULL);
|
||||||
|
@ -712,7 +668,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk
|
||||||
ASSERT_INT_EQ(sshkey_add_private(k1), 0);
|
ASSERT_INT_EQ(sshkey_add_private(k1), 0);
|
||||||
sshkey_free(k1);
|
sshkey_free(k1);
|
||||||
TEST_DONE();
|
TEST_DONE();
|
||||||
@@ -285,18 +305,28 @@
|
@@ -285,18 +305,28 @@ sshkey_tests(void)
|
||||||
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0);
|
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0);
|
||||||
ASSERT_PTR_NE(kr, NULL);
|
ASSERT_PTR_NE(kr, NULL);
|
||||||
ASSERT_PTR_NE(kr->rsa, NULL);
|
ASSERT_PTR_NE(kr->rsa, NULL);
|
||||||
|
@ -747,7 +703,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk
|
||||||
TEST_DONE();
|
TEST_DONE();
|
||||||
|
|
||||||
#ifdef OPENSSL_HAS_ECC
|
#ifdef OPENSSL_HAS_ECC
|
||||||
@@ -323,9 +353,14 @@
|
@@ -323,9 +353,14 @@ sshkey_tests(void)
|
||||||
ASSERT_PTR_NE(kr, k1);
|
ASSERT_PTR_NE(kr, k1);
|
||||||
ASSERT_INT_EQ(k1->type, KEY_RSA);
|
ASSERT_INT_EQ(k1->type, KEY_RSA);
|
||||||
ASSERT_PTR_NE(k1->rsa, NULL);
|
ASSERT_PTR_NE(k1->rsa, NULL);
|
||||||
|
@ -765,7 +721,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk
|
||||||
TEST_DONE();
|
TEST_DONE();
|
||||||
|
|
||||||
TEST_START("equal KEY_RSA/demoted KEY_RSA");
|
TEST_START("equal KEY_RSA/demoted KEY_RSA");
|
||||||
@@ -339,8 +374,13 @@
|
@@ -339,8 +374,13 @@ sshkey_tests(void)
|
||||||
ASSERT_PTR_NE(kd, k1);
|
ASSERT_PTR_NE(kd, k1);
|
||||||
ASSERT_INT_EQ(k1->type, KEY_DSA);
|
ASSERT_INT_EQ(k1->type, KEY_DSA);
|
||||||
ASSERT_PTR_NE(k1->dsa, NULL);
|
ASSERT_PTR_NE(k1->dsa, NULL);
|
||||||
|
@ -781,10 +737,10 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk
|
||||||
TEST_DONE();
|
TEST_DONE();
|
||||||
|
|
||||||
TEST_START("equal KEY_DSA/demoted KEY_DSA");
|
TEST_START("equal KEY_DSA/demoted KEY_DSA");
|
||||||
diff -Naur old/ssh-dss.c new/ssh-dss.c
|
diff -aurp old/ssh-dss.c new/ssh-dss.c
|
||||||
--- old/ssh-dss.c 2017-10-03 21:49:05.403827361 -1000
|
--- old/ssh-dss.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/ssh-dss.c 2017-10-03 21:55:50.869718862 -1000
|
+++ new/ssh-dss.c 2018-03-23 10:05:03.891621693 -1000
|
||||||
@@ -53,6 +53,7 @@
|
@@ -53,6 +53,7 @@ ssh_dss_sign(const struct sshkey *key, u
|
||||||
DSA_SIG *sig = NULL;
|
DSA_SIG *sig = NULL;
|
||||||
u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN];
|
u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN];
|
||||||
size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
|
size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
|
||||||
|
@ -792,7 +748,7 @@ diff -Naur old/ssh-dss.c new/ssh-dss.c
|
||||||
struct sshbuf *b = NULL;
|
struct sshbuf *b = NULL;
|
||||||
int ret = SSH_ERR_INVALID_ARGUMENT;
|
int ret = SSH_ERR_INVALID_ARGUMENT;
|
||||||
|
|
||||||
@@ -76,15 +77,16 @@
|
@@ -76,15 +77,16 @@ ssh_dss_sign(const struct sshkey *key, u
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -811,9 +767,9 @@ diff -Naur old/ssh-dss.c new/ssh-dss.c
|
||||||
+ BN_bn2bin(r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
|
+ BN_bn2bin(r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
|
||||||
+ BN_bn2bin(s, sigblob + SIGBLOB_LEN - slen);
|
+ BN_bn2bin(s, sigblob + SIGBLOB_LEN - slen);
|
||||||
|
|
||||||
if (compat & SSH_BUG_SIGBLOB) {
|
if ((b = sshbuf_new()) == NULL) {
|
||||||
if (sigp != NULL) {
|
ret = SSH_ERR_ALLOC_FAIL;
|
||||||
@@ -176,17 +178,26 @@
|
@@ -154,17 +156,26 @@ ssh_dss_verify(const struct sshkey *key,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* parse signature */
|
/* parse signature */
|
||||||
|
@ -844,10 +800,10 @@ diff -Naur old/ssh-dss.c new/ssh-dss.c
|
||||||
|
|
||||||
/* sha1 the data */
|
/* sha1 the data */
|
||||||
if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
|
if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
|
||||||
diff -Naur old/ssh-ecdsa.c new/ssh-ecdsa.c
|
diff -aurp old/ssh-ecdsa.c new/ssh-ecdsa.c
|
||||||
--- old/ssh-ecdsa.c 2017-10-03 21:49:05.403827361 -1000
|
--- old/ssh-ecdsa.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/ssh-ecdsa.c 2017-10-03 21:55:50.869718862 -1000
|
+++ new/ssh-ecdsa.c 2018-03-23 10:05:03.891621693 -1000
|
||||||
@@ -80,9 +80,14 @@
|
@@ -80,9 +80,14 @@ ssh_ecdsa_sign(const struct sshkey *key,
|
||||||
ret = SSH_ERR_ALLOC_FAIL;
|
ret = SSH_ERR_ALLOC_FAIL;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -864,7 +820,7 @@ diff -Naur old/ssh-ecdsa.c new/ssh-ecdsa.c
|
||||||
if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 ||
|
if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 ||
|
||||||
(ret = sshbuf_put_stringb(b, bb)) != 0)
|
(ret = sshbuf_put_stringb(b, bb)) != 0)
|
||||||
goto out;
|
goto out;
|
||||||
@@ -151,11 +156,27 @@
|
@@ -150,11 +155,27 @@ ssh_ecdsa_verify(const struct sshkey *ke
|
||||||
ret = SSH_ERR_ALLOC_FAIL;
|
ret = SSH_ERR_ALLOC_FAIL;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -894,10 +850,10 @@ diff -Naur old/ssh-ecdsa.c new/ssh-ecdsa.c
|
||||||
if (sshbuf_len(sigbuf) != 0) {
|
if (sshbuf_len(sigbuf) != 0) {
|
||||||
ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
|
ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
|
||||||
goto out;
|
goto out;
|
||||||
diff -Naur old/ssh-keygen.c new/ssh-keygen.c
|
diff -aurp old/ssh-keygen.c new/ssh-keygen.c
|
||||||
--- old/ssh-keygen.c 2017-10-03 21:49:05.403827361 -1000
|
--- old/ssh-keygen.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/ssh-keygen.c 2017-10-03 21:55:50.869718862 -1000
|
+++ new/ssh-keygen.c 2018-03-23 10:05:03.891621693 -1000
|
||||||
@@ -496,11 +496,33 @@
|
@@ -493,11 +493,33 @@ do_convert_private_ssh2_from_blob(u_char
|
||||||
|
|
||||||
switch (key->type) {
|
switch (key->type) {
|
||||||
case KEY_DSA:
|
case KEY_DSA:
|
||||||
|
@ -936,7 +892,7 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c
|
||||||
break;
|
break;
|
||||||
case KEY_RSA:
|
case KEY_RSA:
|
||||||
if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
|
if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
|
||||||
@@ -517,16 +539,52 @@
|
@@ -514,16 +536,52 @@ do_convert_private_ssh2_from_blob(u_char
|
||||||
e += e3;
|
e += e3;
|
||||||
debug("e %lx", e);
|
debug("e %lx", e);
|
||||||
}
|
}
|
||||||
|
@ -995,7 +951,7 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c
|
||||||
if ((r = ssh_rsa_generate_additional_parameters(key)) != 0)
|
if ((r = ssh_rsa_generate_additional_parameters(key)) != 0)
|
||||||
fatal("generate RSA parameters failed: %s", ssh_err(r));
|
fatal("generate RSA parameters failed: %s", ssh_err(r));
|
||||||
break;
|
break;
|
||||||
@@ -636,7 +694,7 @@
|
@@ -633,7 +691,7 @@ do_convert_from_pkcs8(struct sshkey **k,
|
||||||
identity_file);
|
identity_file);
|
||||||
}
|
}
|
||||||
fclose(fp);
|
fclose(fp);
|
||||||
|
@ -1004,7 +960,7 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c
|
||||||
case EVP_PKEY_RSA:
|
case EVP_PKEY_RSA:
|
||||||
if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
|
if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
|
||||||
fatal("sshkey_new failed");
|
fatal("sshkey_new failed");
|
||||||
@@ -660,7 +718,7 @@
|
@@ -657,7 +715,7 @@ do_convert_from_pkcs8(struct sshkey **k,
|
||||||
#endif
|
#endif
|
||||||
default:
|
default:
|
||||||
fatal("%s: unsupported pubkey type %d", __func__,
|
fatal("%s: unsupported pubkey type %d", __func__,
|
||||||
|
@ -1013,10 +969,10 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c
|
||||||
}
|
}
|
||||||
EVP_PKEY_free(pubkey);
|
EVP_PKEY_free(pubkey);
|
||||||
return;
|
return;
|
||||||
diff -Naur old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c
|
diff -aurp old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c
|
||||||
--- old/ssh-pkcs11-client.c 2017-10-03 21:49:05.403827361 -1000
|
--- old/ssh-pkcs11-client.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/ssh-pkcs11-client.c 2017-10-03 21:55:50.869718862 -1000
|
+++ new/ssh-pkcs11-client.c 2018-03-23 10:05:03.892621777 -1000
|
||||||
@@ -143,12 +143,13 @@
|
@@ -144,12 +144,13 @@ pkcs11_rsa_private_encrypt(int flen, con
|
||||||
static int
|
static int
|
||||||
wrap_key(RSA *rsa)
|
wrap_key(RSA *rsa)
|
||||||
{
|
{
|
||||||
|
@ -1035,10 +991,10 @@ diff -Naur old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
|
||||||
diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
|
diff -aurp old/ssh-pkcs11.c new/ssh-pkcs11.c
|
||||||
--- old/ssh-pkcs11.c 2017-10-03 21:49:05.403827361 -1000
|
--- old/ssh-pkcs11.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/ssh-pkcs11.c 2017-10-03 21:55:50.869718862 -1000
|
+++ new/ssh-pkcs11.c 2018-03-23 10:05:03.892621777 -1000
|
||||||
@@ -67,7 +67,7 @@
|
@@ -67,7 +67,7 @@ struct pkcs11_key {
|
||||||
struct pkcs11_provider *provider;
|
struct pkcs11_provider *provider;
|
||||||
CK_ULONG slotidx;
|
CK_ULONG slotidx;
|
||||||
int (*orig_finish)(RSA *rsa);
|
int (*orig_finish)(RSA *rsa);
|
||||||
|
@ -1047,7 +1003,7 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
|
||||||
char *keyid;
|
char *keyid;
|
||||||
int keyid_len;
|
int keyid_len;
|
||||||
};
|
};
|
||||||
@@ -326,13 +326,15 @@
|
@@ -326,13 +326,15 @@ pkcs11_rsa_wrap(struct pkcs11_provider *
|
||||||
k11->keyid = xmalloc(k11->keyid_len);
|
k11->keyid = xmalloc(k11->keyid_len);
|
||||||
memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
|
memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
|
||||||
}
|
}
|
||||||
|
@ -1070,7 +1026,7 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
|
||||||
RSA_set_app_data(rsa, k11);
|
RSA_set_app_data(rsa, k11);
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
@@ -512,10 +514,19 @@
|
@@ -512,10 +514,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
|
||||||
if ((rsa = RSA_new()) == NULL) {
|
if ((rsa = RSA_new()) == NULL) {
|
||||||
error("RSA_new failed");
|
error("RSA_new failed");
|
||||||
} else {
|
} else {
|
||||||
|
@ -1094,7 +1050,7 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
cp = attribs[2].pValue;
|
cp = attribs[2].pValue;
|
||||||
@@ -525,17 +536,20 @@
|
@@ -525,16 +536,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
|
||||||
== NULL) {
|
== NULL) {
|
||||||
error("d2i_X509 failed");
|
error("d2i_X509 failed");
|
||||||
} else if ((evp = X509_get_pubkey(x509)) == NULL ||
|
} else if ((evp = X509_get_pubkey(x509)) == NULL ||
|
||||||
|
@ -1108,7 +1064,6 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
|
||||||
== NULL) {
|
== NULL) {
|
||||||
error("RSAPublicKey_dup");
|
error("RSAPublicKey_dup");
|
||||||
}
|
}
|
||||||
if (x509)
|
|
||||||
X509_free(x509);
|
X509_free(x509);
|
||||||
}
|
}
|
||||||
- if (rsa && rsa->n && rsa->e &&
|
- if (rsa && rsa->n && rsa->e &&
|
||||||
|
@ -1119,7 +1074,7 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
|
||||||
pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
|
pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
|
||||||
if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
|
if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
|
||||||
fatal("sshkey_new failed");
|
fatal("sshkey_new failed");
|
||||||
@@ -555,6 +569,7 @@
|
@@ -554,6 +568,7 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
|
||||||
} else if (rsa) {
|
} else if (rsa) {
|
||||||
RSA_free(rsa);
|
RSA_free(rsa);
|
||||||
}
|
}
|
||||||
|
@ -1127,17 +1082,28 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
|
||||||
for (i = 0; i < 3; i++)
|
for (i = 0; i < 3; i++)
|
||||||
free(attribs[i].pValue);
|
free(attribs[i].pValue);
|
||||||
}
|
}
|
||||||
diff -Naur old/ssh-rsa.c new/ssh-rsa.c
|
diff -aurp old/ssh-rsa.c new/ssh-rsa.c
|
||||||
--- old/ssh-rsa.c 2017-10-03 21:49:05.403827361 -1000
|
--- old/ssh-rsa.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/ssh-rsa.c 2017-10-03 22:06:32.005937158 -1000
|
+++ new/ssh-rsa.c 2018-03-23 10:05:03.892621777 -1000
|
||||||
@@ -99,13 +99,27 @@
|
@@ -84,7 +84,6 @@ ssh_rsa_generate_additional_parameters(s
|
||||||
}
|
{
|
||||||
rsa = key->rsa;
|
BIGNUM *aux = NULL;
|
||||||
|
BN_CTX *ctx = NULL;
|
||||||
|
- BIGNUM d;
|
||||||
|
int r;
|
||||||
|
|
||||||
- if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
|
if (key == NULL || key->rsa == NULL ||
|
||||||
- (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
|
@@ -99,16 +98,27 @@ ssh_rsa_generate_additional_parameters(s
|
||||||
- (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
|
}
|
||||||
- (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
|
BN_set_flags(aux, BN_FLG_CONSTTIME);
|
||||||
|
|
||||||
|
- BN_init(&d);
|
||||||
|
- BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME);
|
||||||
|
-
|
||||||
|
- if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) ||
|
||||||
|
- (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) ||
|
||||||
|
- (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) ||
|
||||||
|
- (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) {
|
||||||
+ {
|
+ {
|
||||||
+ const BIGNUM *q, *d, *p;
|
+ const BIGNUM *q, *d, *p;
|
||||||
+ BIGNUM *dmq1=NULL, *dmp1=NULL;
|
+ BIGNUM *dmq1=NULL, *dmp1=NULL;
|
||||||
|
@ -1146,13 +1112,13 @@ diff -Naur old/ssh-rsa.c new/ssh-rsa.c
|
||||||
+ r = SSH_ERR_ALLOC_FAIL;
|
+ r = SSH_ERR_ALLOC_FAIL;
|
||||||
+ goto out;
|
+ goto out;
|
||||||
+ }
|
+ }
|
||||||
+ RSA_get0_key(rsa, NULL, NULL, &d);
|
+ RSA_get0_key(key->rsa, NULL, NULL, &d);
|
||||||
+ RSA_get0_factors(rsa, &p, &q);
|
+ RSA_get0_factors(key->rsa, &p, &q);
|
||||||
+ if ((BN_sub(aux, q, BN_value_one()) == 0) ||
|
+ if ((BN_sub(aux, q, BN_value_one()) == 0) ||
|
||||||
+ (BN_mod(dmq1, d, aux, ctx) == 0) ||
|
+ (BN_mod(dmq1, d, aux, ctx) == 0) ||
|
||||||
+ (BN_sub(aux, p, BN_value_one()) == 0) ||
|
+ (BN_sub(aux, p, BN_value_one()) == 0) ||
|
||||||
+ (BN_mod(dmp1, d, aux, ctx) == 0) ||
|
+ (BN_mod(dmp1, d, aux, ctx) == 0) ||
|
||||||
+ RSA_set0_crt_params(rsa, dmp1, dmq1, NULL) == 0) {
|
+ RSA_set0_crt_params(key->rsa, dmp1, dmq1, NULL) == 0) {
|
||||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
+ BN_clear_free(dmp1);
|
+ BN_clear_free(dmp1);
|
||||||
+ BN_clear_free(dmq1);
|
+ BN_clear_free(dmq1);
|
||||||
|
@ -1162,7 +1128,7 @@ diff -Naur old/ssh-rsa.c new/ssh-rsa.c
|
||||||
r = 0;
|
r = 0;
|
||||||
out:
|
out:
|
||||||
BN_clear_free(aux);
|
BN_clear_free(aux);
|
||||||
@@ -136,7 +150,7 @@
|
@@ -139,7 +149,7 @@ ssh_rsa_sign(const struct sshkey *key, u
|
||||||
if (key == NULL || key->rsa == NULL || hash_alg == -1 ||
|
if (key == NULL || key->rsa == NULL || hash_alg == -1 ||
|
||||||
sshkey_type_plain(key->type) != KEY_RSA)
|
sshkey_type_plain(key->type) != KEY_RSA)
|
||||||
return SSH_ERR_INVALID_ARGUMENT;
|
return SSH_ERR_INVALID_ARGUMENT;
|
||||||
|
@ -1171,7 +1137,7 @@ diff -Naur old/ssh-rsa.c new/ssh-rsa.c
|
||||||
return SSH_ERR_KEY_LENGTH;
|
return SSH_ERR_KEY_LENGTH;
|
||||||
slen = RSA_size(key->rsa);
|
slen = RSA_size(key->rsa);
|
||||||
if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
|
if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
|
||||||
@@ -210,7 +224,7 @@
|
@@ -211,7 +221,7 @@ ssh_rsa_verify(const struct sshkey *key,
|
||||||
sshkey_type_plain(key->type) != KEY_RSA ||
|
sshkey_type_plain(key->type) != KEY_RSA ||
|
||||||
sig == NULL || siglen == 0)
|
sig == NULL || siglen == 0)
|
||||||
return SSH_ERR_INVALID_ARGUMENT;
|
return SSH_ERR_INVALID_ARGUMENT;
|
||||||
|
@ -1180,10 +1146,10 @@ diff -Naur old/ssh-rsa.c new/ssh-rsa.c
|
||||||
return SSH_ERR_KEY_LENGTH;
|
return SSH_ERR_KEY_LENGTH;
|
||||||
|
|
||||||
if ((b = sshbuf_from(sig, siglen)) == NULL)
|
if ((b = sshbuf_from(sig, siglen)) == NULL)
|
||||||
diff -Naur old/sshkey.c new/sshkey.c
|
diff -aurp old/sshkey.c new/sshkey.c
|
||||||
--- old/sshkey.c 2017-10-03 21:49:05.407160494 -1000
|
--- old/sshkey.c 2018-03-22 16:21:14.000000000 -1000
|
||||||
+++ new/sshkey.c 2017-10-03 22:16:31.124964276 -1000
|
+++ new/sshkey.c 2018-03-23 10:05:03.893621860 -1000
|
||||||
@@ -264,10 +264,18 @@
|
@@ -274,10 +274,18 @@ sshkey_size(const struct sshkey *k)
|
||||||
#ifdef WITH_OPENSSL
|
#ifdef WITH_OPENSSL
|
||||||
case KEY_RSA:
|
case KEY_RSA:
|
||||||
case KEY_RSA_CERT:
|
case KEY_RSA_CERT:
|
||||||
|
@ -1203,7 +1169,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
case KEY_ECDSA:
|
case KEY_ECDSA:
|
||||||
case KEY_ECDSA_CERT:
|
case KEY_ECDSA_CERT:
|
||||||
return sshkey_curve_nid_to_bits(k->ecdsa_nid);
|
return sshkey_curve_nid_to_bits(k->ecdsa_nid);
|
||||||
@@ -466,28 +474,55 @@
|
@@ -482,26 +490,53 @@ sshkey_new(int type)
|
||||||
#ifdef WITH_OPENSSL
|
#ifdef WITH_OPENSSL
|
||||||
case KEY_RSA:
|
case KEY_RSA:
|
||||||
case KEY_RSA_CERT:
|
case KEY_RSA_CERT:
|
||||||
|
@ -1216,7 +1182,6 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
+ (e = BN_new()) == NULL) {
|
+ (e = BN_new()) == NULL) {
|
||||||
+ BN_free(n);
|
+ BN_free(n);
|
||||||
+ BN_free(e);
|
+ BN_free(e);
|
||||||
if (rsa != NULL)
|
|
||||||
RSA_free(rsa);
|
RSA_free(rsa);
|
||||||
free(k);
|
free(k);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -1245,7 +1210,6 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
+ BN_free(q);
|
+ BN_free(q);
|
||||||
+ BN_free(g);
|
+ BN_free(g);
|
||||||
+ BN_free(pubkey);
|
+ BN_free(pubkey);
|
||||||
if (dsa != NULL)
|
|
||||||
DSA_free(dsa);
|
DSA_free(dsa);
|
||||||
free(k);
|
free(k);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -1265,7 +1229,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
k->dsa = dsa;
|
k->dsa = dsa;
|
||||||
break;
|
break;
|
||||||
case KEY_ECDSA:
|
case KEY_ECDSA:
|
||||||
@@ -523,6 +558,51 @@
|
@@ -539,6 +574,51 @@ sshkey_add_private(struct sshkey *k)
|
||||||
#ifdef WITH_OPENSSL
|
#ifdef WITH_OPENSSL
|
||||||
case KEY_RSA:
|
case KEY_RSA:
|
||||||
case KEY_RSA_CERT:
|
case KEY_RSA_CERT:
|
||||||
|
@ -1317,7 +1281,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL)
|
#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL)
|
||||||
if (bn_maybe_alloc_failed(k->rsa->d) ||
|
if (bn_maybe_alloc_failed(k->rsa->d) ||
|
||||||
bn_maybe_alloc_failed(k->rsa->iqmp) ||
|
bn_maybe_alloc_failed(k->rsa->iqmp) ||
|
||||||
@@ -531,13 +611,28 @@
|
@@ -547,13 +627,28 @@ sshkey_add_private(struct sshkey *k)
|
||||||
bn_maybe_alloc_failed(k->rsa->dmq1) ||
|
bn_maybe_alloc_failed(k->rsa->dmq1) ||
|
||||||
bn_maybe_alloc_failed(k->rsa->dmp1))
|
bn_maybe_alloc_failed(k->rsa->dmp1))
|
||||||
return SSH_ERR_ALLOC_FAIL;
|
return SSH_ERR_ALLOC_FAIL;
|
||||||
|
@ -1346,7 +1310,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
case KEY_ECDSA:
|
case KEY_ECDSA:
|
||||||
case KEY_ECDSA_CERT:
|
case KEY_ECDSA_CERT:
|
||||||
/* Cannot do anything until we know the group */
|
/* Cannot do anything until we know the group */
|
||||||
@@ -655,16 +750,34 @@
|
@@ -677,16 +772,34 @@ sshkey_equal_public(const struct sshkey
|
||||||
#ifdef WITH_OPENSSL
|
#ifdef WITH_OPENSSL
|
||||||
case KEY_RSA_CERT:
|
case KEY_RSA_CERT:
|
||||||
case KEY_RSA:
|
case KEY_RSA:
|
||||||
|
@ -1389,7 +1353,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
# ifdef OPENSSL_HAS_ECC
|
# ifdef OPENSSL_HAS_ECC
|
||||||
case KEY_ECDSA_CERT:
|
case KEY_ECDSA_CERT:
|
||||||
case KEY_ECDSA:
|
case KEY_ECDSA:
|
||||||
@@ -742,12 +855,17 @@
|
@@ -775,12 +888,17 @@ to_blob_buf(const struct sshkey *key, st
|
||||||
case KEY_DSA:
|
case KEY_DSA:
|
||||||
if (key->dsa == NULL)
|
if (key->dsa == NULL)
|
||||||
return SSH_ERR_INVALID_ARGUMENT;
|
return SSH_ERR_INVALID_ARGUMENT;
|
||||||
|
@ -1411,7 +1375,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
break;
|
break;
|
||||||
# ifdef OPENSSL_HAS_ECC
|
# ifdef OPENSSL_HAS_ECC
|
||||||
case KEY_ECDSA:
|
case KEY_ECDSA:
|
||||||
@@ -763,10 +881,14 @@
|
@@ -796,10 +914,14 @@ to_blob_buf(const struct sshkey *key, st
|
||||||
case KEY_RSA:
|
case KEY_RSA:
|
||||||
if (key->rsa == NULL)
|
if (key->rsa == NULL)
|
||||||
return SSH_ERR_INVALID_ARGUMENT;
|
return SSH_ERR_INVALID_ARGUMENT;
|
||||||
|
@ -1428,7 +1392,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
break;
|
break;
|
||||||
#endif /* WITH_OPENSSL */
|
#endif /* WITH_OPENSSL */
|
||||||
case KEY_ED25519:
|
case KEY_ED25519:
|
||||||
@@ -1643,13 +1765,32 @@
|
@@ -1740,13 +1862,32 @@ sshkey_from_private(const struct sshkey
|
||||||
case KEY_DSA_CERT:
|
case KEY_DSA_CERT:
|
||||||
if ((n = sshkey_new(k->type)) == NULL)
|
if ((n = sshkey_new(k->type)) == NULL)
|
||||||
return SSH_ERR_ALLOC_FAIL;
|
return SSH_ERR_ALLOC_FAIL;
|
||||||
|
@ -1465,7 +1429,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
break;
|
break;
|
||||||
# ifdef OPENSSL_HAS_ECC
|
# ifdef OPENSSL_HAS_ECC
|
||||||
case KEY_ECDSA:
|
case KEY_ECDSA:
|
||||||
@@ -1673,11 +1814,23 @@
|
@@ -1770,11 +1911,23 @@ sshkey_from_private(const struct sshkey
|
||||||
case KEY_RSA_CERT:
|
case KEY_RSA_CERT:
|
||||||
if ((n = sshkey_new(k->type)) == NULL)
|
if ((n = sshkey_new(k->type)) == NULL)
|
||||||
return SSH_ERR_ALLOC_FAIL;
|
return SSH_ERR_ALLOC_FAIL;
|
||||||
|
@ -1491,7 +1455,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
break;
|
break;
|
||||||
#endif /* WITH_OPENSSL */
|
#endif /* WITH_OPENSSL */
|
||||||
case KEY_ED25519:
|
case KEY_ED25519:
|
||||||
@@ -1875,12 +2028,27 @@
|
@@ -1995,12 +2148,27 @@ sshkey_from_blob_internal(struct sshbuf
|
||||||
ret = SSH_ERR_ALLOC_FAIL;
|
ret = SSH_ERR_ALLOC_FAIL;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -1522,7 +1486,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
ret = SSH_ERR_KEY_LENGTH;
|
ret = SSH_ERR_KEY_LENGTH;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
@@ -1900,13 +2068,36 @@
|
@@ -2020,13 +2188,36 @@ sshkey_from_blob_internal(struct sshbuf
|
||||||
ret = SSH_ERR_ALLOC_FAIL;
|
ret = SSH_ERR_ALLOC_FAIL;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -1563,7 +1527,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
#ifdef DEBUG_PK
|
#ifdef DEBUG_PK
|
||||||
DSA_print_fp(stderr, key->dsa, 8);
|
DSA_print_fp(stderr, key->dsa, 8);
|
||||||
#endif
|
#endif
|
||||||
@@ -2140,26 +2331,63 @@
|
@@ -2327,26 +2518,63 @@ sshkey_demote(const struct sshkey *k, st
|
||||||
goto fail;
|
goto fail;
|
||||||
/* FALLTHROUGH */
|
/* FALLTHROUGH */
|
||||||
case KEY_RSA:
|
case KEY_RSA:
|
||||||
|
@ -1635,7 +1599,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
break;
|
break;
|
||||||
case KEY_ECDSA_CERT:
|
case KEY_ECDSA_CERT:
|
||||||
if ((ret = sshkey_cert_copy(k, pk)) != 0)
|
if ((ret = sshkey_cert_copy(k, pk)) != 0)
|
||||||
@@ -2281,11 +2509,17 @@
|
@@ -2496,11 +2724,17 @@ sshkey_certify_custom(struct sshkey *k,
|
||||||
switch (k->type) {
|
switch (k->type) {
|
||||||
#ifdef WITH_OPENSSL
|
#ifdef WITH_OPENSSL
|
||||||
case KEY_DSA_CERT:
|
case KEY_DSA_CERT:
|
||||||
|
@ -1657,7 +1621,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
break;
|
break;
|
||||||
# ifdef OPENSSL_HAS_ECC
|
# ifdef OPENSSL_HAS_ECC
|
||||||
case KEY_ECDSA_CERT:
|
case KEY_ECDSA_CERT:
|
||||||
@@ -2298,9 +2532,15 @@
|
@@ -2513,9 +2747,15 @@ sshkey_certify_custom(struct sshkey *k,
|
||||||
break;
|
break;
|
||||||
# endif /* OPENSSL_HAS_ECC */
|
# endif /* OPENSSL_HAS_ECC */
|
||||||
case KEY_RSA_CERT:
|
case KEY_RSA_CERT:
|
||||||
|
@ -1675,7 +1639,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
break;
|
break;
|
||||||
#endif /* WITH_OPENSSL */
|
#endif /* WITH_OPENSSL */
|
||||||
case KEY_ED25519_CERT:
|
case KEY_ED25519_CERT:
|
||||||
@@ -2474,42 +2714,67 @@
|
@@ -2702,42 +2942,67 @@ sshkey_private_serialize_opt(const struc
|
||||||
switch (key->type) {
|
switch (key->type) {
|
||||||
#ifdef WITH_OPENSSL
|
#ifdef WITH_OPENSSL
|
||||||
case KEY_RSA:
|
case KEY_RSA:
|
||||||
|
@ -1759,7 +1723,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
break;
|
break;
|
||||||
# ifdef OPENSSL_HAS_ECC
|
# ifdef OPENSSL_HAS_ECC
|
||||||
case KEY_ECDSA:
|
case KEY_ECDSA:
|
||||||
@@ -2585,18 +2850,61 @@
|
@@ -2851,18 +3116,61 @@ sshkey_private_deserialize(struct sshbuf
|
||||||
r = SSH_ERR_ALLOC_FAIL;
|
r = SSH_ERR_ALLOC_FAIL;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -1828,7 +1792,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
break;
|
break;
|
||||||
# ifdef OPENSSL_HAS_ECC
|
# ifdef OPENSSL_HAS_ECC
|
||||||
case KEY_ECDSA:
|
case KEY_ECDSA:
|
||||||
@@ -2655,29 +2963,104 @@
|
@@ -2921,29 +3229,104 @@ sshkey_private_deserialize(struct sshbuf
|
||||||
r = SSH_ERR_ALLOC_FAIL;
|
r = SSH_ERR_ALLOC_FAIL;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -1947,7 +1911,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
r = SSH_ERR_KEY_LENGTH;
|
r = SSH_ERR_KEY_LENGTH;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
@@ -3395,7 +3778,6 @@
|
@@ -3707,7 +4090,6 @@ translate_libcrypto_error(unsigned long
|
||||||
switch (pem_reason) {
|
switch (pem_reason) {
|
||||||
case EVP_R_BAD_DECRYPT:
|
case EVP_R_BAD_DECRYPT:
|
||||||
return SSH_ERR_KEY_WRONG_PASSPHRASE;
|
return SSH_ERR_KEY_WRONG_PASSPHRASE;
|
||||||
|
@ -1955,7 +1919,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
case EVP_R_DECODE_ERROR:
|
case EVP_R_DECODE_ERROR:
|
||||||
#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
|
#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
|
||||||
case EVP_R_PRIVATE_KEY_DECODE_ERROR:
|
case EVP_R_PRIVATE_KEY_DECODE_ERROR:
|
||||||
@@ -3460,7 +3842,7 @@
|
@@ -3772,7 +4154,7 @@ sshkey_parse_private_pem_fileblob(struct
|
||||||
r = convert_libcrypto_error();
|
r = convert_libcrypto_error();
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -1964,7 +1928,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
(type == KEY_UNSPEC || type == KEY_RSA)) {
|
(type == KEY_UNSPEC || type == KEY_RSA)) {
|
||||||
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
|
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
|
||||||
r = SSH_ERR_ALLOC_FAIL;
|
r = SSH_ERR_ALLOC_FAIL;
|
||||||
@@ -3475,11 +3857,11 @@
|
@@ -3787,11 +4169,11 @@ sshkey_parse_private_pem_fileblob(struct
|
||||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -1978,7 +1942,7 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
(type == KEY_UNSPEC || type == KEY_DSA)) {
|
(type == KEY_UNSPEC || type == KEY_DSA)) {
|
||||||
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
|
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
|
||||||
r = SSH_ERR_ALLOC_FAIL;
|
r = SSH_ERR_ALLOC_FAIL;
|
||||||
@@ -3491,7 +3873,7 @@
|
@@ -3803,7 +4185,7 @@ sshkey_parse_private_pem_fileblob(struct
|
||||||
DSA_print_fp(stderr, prv->dsa, 8);
|
DSA_print_fp(stderr, prv->dsa, 8);
|
||||||
#endif
|
#endif
|
||||||
#ifdef OPENSSL_HAS_ECC
|
#ifdef OPENSSL_HAS_ECC
|
||||||
|
@ -1987,3 +1951,4 @@ diff -Naur old/sshkey.c new/sshkey.c
|
||||||
(type == KEY_UNSPEC || type == KEY_ECDSA)) {
|
(type == KEY_UNSPEC || type == KEY_ECDSA)) {
|
||||||
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
|
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
|
||||||
r = SSH_ERR_ALLOC_FAIL;
|
r = SSH_ERR_ALLOC_FAIL;
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
VERSION="7.6p1"
|
VERSION="7.7p1"
|
||||||
SRCDIR="openssh-${VERSION}"
|
SRCDIR="openssh-${VERSION}"
|
||||||
TARBALL="${SRCDIR}.tar.gz"
|
TARBALL="${SRCDIR}.tar.gz"
|
||||||
URL="https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable"
|
URL="https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable"
|
||||||
SHA256SUM="a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723"
|
SHA256SUM="d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8f"
|
||||||
DEPENDS="openssl zlib"
|
DEPENDS="openssl zlib"
|
||||||
|
|
||||||
prepare() {
|
prepare() {
|
||||||
|
|
Loading…
Reference in a new issue