Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/OPENSSH]: src/crypto/external/bsd/openssh/dist OpenSSH 8.3 was released ...
details: https://anonhg.NetBSD.org/src/rev/cf3837d45b70
branches: OPENSSH
changeset: 933700:cf3837d45b70
user: christos <christos%NetBSD.org@localhost>
date: Thu May 28 17:02:58 2020 +0000
description:
OpenSSH 8.3 was released on 2020-05-27. It is available from the
mirrors listed at https://www.openssh.com/.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html
Future deprecation notice
=========================
It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.
This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs.
The better alternatives include:
* The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
algorithms have the advantage of using the same key type as
"ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
supported since OpenSSH 7.2 and are already used by default if the
client and server support them.
* The ssh-ed25519 signature algorithm. It has been supported in
OpenSSH since release 6.5.
* The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
have been supported by OpenSSH since release 5.7.
To check whether a server is using the weak ssh-rsa public key
algorithm, for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:
ssh -oHostKeyAlgorithms=-ssh-rsa user@host
If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.
A future release of OpenSSH will enable UpdateHostKeys by default
to allow the client to automatically migrate to better algorithms.
Users may consider enabling this option manually. Vendors of devices
that implement the SSH protocol should ensure that they support the
new signature algorithms for RSA keys.
[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
Application to the PGP Web of Trust" Leurent, G and Peyrin, T
(2020) https://eprint.iacr.org/2020/014.pdf
Security
========
* scp(1): when receiving files, scp(1) could be become desynchronised
if a utimes(2) system call failed. This could allow file contents
to be interpreted as file metadata and thereby permit an adversary
to craft a file system that, when copied with scp(1) in a
configuration that caused utimes(2) to fail (e.g. under a SELinux
policy or syscall sandbox), transferred different file names and
contents to the actual file system layout.
Exploitation of this is not likely as utimes(2) does not fail under
normal circumstances. Successful exploitation is not silent - the
output of scp(1) would show transfer errors followed by the actual
file(s) that were received.
Finally, filenames returned from the peer are (since openssh-8.0)
matched against the user's requested destination, thereby
disallowing a successful exploit from writing files outside the
user's selected target glob (or directory, in the case of a
recursive transfer). This ensures that this attack can achieve no
more than a hostile peer is already able to achieve within the scp
protocol.
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* sftp(1): reject an argument of "-1" in the same way as ssh(1) and
scp(1) do instead of accepting and silently ignoring it.
Changes since OpenSSH 8.2
=========================
The focus of this release is bug fixing.
New Features
------------
* sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore
rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only"
to allow .shosts files but not .rhosts.
* sshd(8): allow the IgnoreRhosts directive to appear anywhere in a
sshd_config, not just before any Match blocks; bz3148
* ssh(1): add %TOKEN percent expansion for the LocalFoward and
RemoteForward keywords when used for Unix domain socket forwarding.
bz#3014
* all: allow loading public keys from the unencrypted envelope of a
private key file if no corresponding public key file is present.
* ssh(1), sshd(8): prefer to use chacha20 from libcrypto where
possible instead of the (slower) portable C implementation included
in OpenSSH.
* ssh-keygen(1): add ability to dump the contents of a binary key
revocation list via "ssh-keygen -lQf /path" bz#3132
Bugfixes
--------
* ssh(1): fix IdentitiesOnly=yes to also apply to keys loaded from
a PKCS11Provider; bz#3141
* ssh-keygen(1): avoid NULL dereference when trying to convert an
invalid RFC4716 private key.
* scp(1): when performing remote-to-remote copies using "scp -3",
start the second ssh(1) channel with BatchMode=yes enabled to
avoid confusing and non-deterministic ordering of prompts.
* ssh(1), ssh-keygen(1): when signing a challenge using a FIDO token,
perform hashing of the message to be signed in the middleware layer
rather than in OpenSSH code. This permits the use of security key
middlewares that perform the hashing implicitly, such as Windows
Hello.
* ssh(1): fix incorrect error message for "too many known hosts
files." bz#3149
* ssh(1): make failures when establishing "Tunnel" forwarding
terminate the connection when ExitOnForwardFailure is enabled;
bz#3116
* ssh-keygen(1): fix printing of fingerprints on private keys and add
a regression test for same.
* sshd(8): document order of checking AuthorizedKeysFile (first) and
AuthorizedKeysCommand (subsequently, if the file doesn't match);
bz#3134
* sshd(8): document that /etc/hosts.equiv and /etc/shosts.equiv are
not considered for HostbasedAuthentication when the target user is
root; bz#3148
* ssh(1), ssh-keygen(1): fix NULL dereference in private certificate
key parsing (oss-fuzz #20074).
* ssh(1), sshd(8): more consistency between sets of %TOKENS are
accepted in various configuration options.
* ssh(1), ssh-keygen(1): improve error messages for some common
PKCS#11 C_Login failure cases; bz#3130
* ssh(1), sshd(8): make error messages for problems during SSH banner
exchange consistent with other SSH transport-layer error messages
and ensure they include the relevant IP addresses bz#3129
* various: fix a number of spelling errors in comments and debug/error
messages
* ssh-keygen(1), ssh-add(1): when downloading FIDO2 resident keys
from a token, don't prompt for a PIN until the token has told us
that it needs one. Avoids double-prompting on devices that
implement on-device authentication.
* sshd(8), ssh-keygen(1): no-touch-required FIDO certificate option
should be an extension, not a critical option.
* ssh(1), ssh-keygen(1), ssh-add(1): offer a better error message
when trying to use a FIDO key function and SecurityKeyProvider is
empty.
* ssh-add(1), ssh-agent(8): ensure that a key lifetime fits within
the values allowed by the wire format (u32). Prevents integer
wraparound of the timeout values. bz#3119
* ssh(1): detect and prevent trivial configuration loops when using
ProxyJump. bz#3057.
Portability
-----------
* Detect systems where signals flagged with SA_RESTART will interrupt
select(2). POSIX permits implementations to choose whether
select(2) will return when interrupted with a SA_RESTART-flagged
signal, but OpenSSH requires interrupting behaviour.
* Several compilation fixes for HP/UX and AIX.
* On platforms that do not support setting process-wide routing
domains (all excepting OpenBSD at present), fail to accept a
configuration attempts to set one at process start time rather than
fatally erroring at run time. bz#3126
* Improve detection of egrep (used in regression tests) on platforms
that offer a poor default one (e.g. Solaris).
* A number of shell portability fixes for the regression tests.
* Fix theoretical infinite loop in the glob(3) replacement
implementation.
* Fix seccomp sandbox compilation problems for some Linux
configurations bz#3085
* Improved detection of libfido2 and some compilation fixes for some
configurations when --with-security-key-builtin is selected.
diffstat:
crypto/external/bsd/openssh/dist/PROTOCOL | 6 +-
crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 | 4 +-
crypto/external/bsd/openssh/dist/PROTOCOL.mux | 4 +-
crypto/external/bsd/openssh/dist/PROTOCOL.u2f | 6 +-
crypto/external/bsd/openssh/dist/auth-options.c | 13 +-
crypto/external/bsd/openssh/dist/auth-rhosts.c | 6 +-
crypto/external/bsd/openssh/dist/auth2-chall.c | 5 +-
crypto/external/bsd/openssh/dist/auth2-passwd.c | 5 +-
crypto/external/bsd/openssh/dist/auth2.c | 4 +-
crypto/external/bsd/openssh/dist/authfd.c | 10 +-
crypto/external/bsd/openssh/dist/authfile.c | 103 +-
crypto/external/bsd/openssh/dist/channels.c | 17 +-
crypto/external/bsd/openssh/dist/cipher-chachapoly-libcrypto.c | 158 +++
crypto/external/bsd/openssh/dist/cipher-chachapoly.c | 25 +-
crypto/external/bsd/openssh/dist/cipher-chachapoly.h | 13 +-
crypto/external/bsd/openssh/dist/cipher.c | 26 +-
crypto/external/bsd/openssh/dist/clientloop.c | 28 +-
crypto/external/bsd/openssh/dist/clientloop.h | 5 +-
crypto/external/bsd/openssh/dist/digest-libc.c | 5 +-
crypto/external/bsd/openssh/dist/gss-serv.c | 4 +-
crypto/external/bsd/openssh/dist/hmac.c | 5 +-
crypto/external/bsd/openssh/dist/hostfile.c | 7 +-
crypto/external/bsd/openssh/dist/kex.c | 17 +-
crypto/external/bsd/openssh/dist/krl.c | 97 +-
crypto/external/bsd/openssh/dist/krl.h | 3 +-
crypto/external/bsd/openssh/dist/misc.c | 4 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh | 13 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 | 151 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 | 150 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 | 123 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 | 141 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 | 122 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 | 130 +-
crypto/external/bsd/openssh/dist/monitor.c | 7 +-
crypto/external/bsd/openssh/dist/mux.c | 3 +-
crypto/external/bsd/openssh/dist/packet.c | 10 +-
crypto/external/bsd/openssh/dist/packet.h | 5 +-
crypto/external/bsd/openssh/dist/readconf.c | 28 +-
crypto/external/bsd/openssh/dist/readconf.h | 4 +-
crypto/external/bsd/openssh/dist/scp.1 | 9 +-
crypto/external/bsd/openssh/dist/scp.c | 101 +-
crypto/external/bsd/openssh/dist/servconf.c | 22 +-
crypto/external/bsd/openssh/dist/servconf.h | 7 +-
crypto/external/bsd/openssh/dist/session.c | 6 +-
crypto/external/bsd/openssh/dist/sftp.1 | 14 +-
crypto/external/bsd/openssh/dist/sftp.c | 23 +-
crypto/external/bsd/openssh/dist/sk-api.h | 4 +-
crypto/external/bsd/openssh/dist/sk-usbhid.c | 35 +-
crypto/external/bsd/openssh/dist/ssh-add.c | 22 +-
crypto/external/bsd/openssh/dist/ssh-agent.c | 7 +-
crypto/external/bsd/openssh/dist/ssh-dss.c | 8 +-
crypto/external/bsd/openssh/dist/ssh-ed25519-sk.c | 8 +-
crypto/external/bsd/openssh/dist/ssh-ed25519.c | 20 +-
crypto/external/bsd/openssh/dist/ssh-keygen.1 | 10 +-
crypto/external/bsd/openssh/dist/ssh-keygen.c | 157 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c | 10 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11.c | 25 +-
crypto/external/bsd/openssh/dist/ssh-sk.c | 20 +-
crypto/external/bsd/openssh/dist/ssh-xmss.c | 20 +-
crypto/external/bsd/openssh/dist/ssh.1 | 9 +-
crypto/external/bsd/openssh/dist/ssh.c | 274 +++--
crypto/external/bsd/openssh/dist/ssh_config.5 | 53 +-
crypto/external/bsd/openssh/dist/sshbuf-misc.c | 11 +-
crypto/external/bsd/openssh/dist/sshbuf.c | 5 +-
crypto/external/bsd/openssh/dist/sshbuf.h | 6 +-
crypto/external/bsd/openssh/dist/sshconnect.c | 7 +-
crypto/external/bsd/openssh/dist/sshconnect2.c | 4 +-
crypto/external/bsd/openssh/dist/sshd.c | 17 +-
crypto/external/bsd/openssh/dist/sshd_config.5 | 36 +-
crypto/external/bsd/openssh/dist/sshkey.c | 507 +++++----
crypto/external/bsd/openssh/dist/sshkey.h | 4 +-
crypto/external/bsd/openssh/dist/sshsig.c | 26 +-
crypto/external/bsd/openssh/dist/umac.c | 7 +-
crypto/external/bsd/openssh/dist/utf8.c | 27 +-
crypto/external/bsd/openssh/dist/utf8.h | 5 +-
crypto/external/bsd/openssh/dist/version.h | 4 +-
76 files changed, 1720 insertions(+), 1277 deletions(-)
diffs (truncated from 5507 to 300 lines):
diff -r 85797100b9f9 -r cf3837d45b70 crypto/external/bsd/openssh/dist/PROTOCOL
--- a/crypto/external/bsd/openssh/dist/PROTOCOL Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL Thu May 28 17:02:58 2020 +0000
@@ -194,7 +194,7 @@
SSH_TUNMODE_ETHERNET 2 /* layer 2 frames */
The "tunnel unit number" specifies the remote interface number, or may
-be 0x7fffffff to allow the server to automatically chose an interface. A
+be 0x7fffffff to allow the server to automatically choose an interface. A
server that is not willing to open a client-specified unit should refuse
the request with a SSH_MSG_CHANNEL_OPEN_FAILURE error. On successful
open, the server should reply with SSH_MSG_CHANNEL_OPEN_SUCCESS.
@@ -298,7 +298,7 @@
supplied host keys are present in known_hosts.
Note that the server may send key types that the client does not
-support. The client should disgregard such keys if they are received.
+support. The client should disregard such keys if they are received.
If the client identifies any keys that are not present for the host,
it should send a "hostkeys-prove%openssh.com@localhost" message to request the
@@ -496,4 +496,4 @@
PROTOCOL.mux over a Unix domain socket for communications between a
master instance and later clients.
-$OpenBSD: PROTOCOL,v 1.36 2018/10/02 12:51:58 djm Exp $
+$OpenBSD: PROTOCOL,v 1.37 2020/02/21 00:04:43 dtucker Exp $
diff -r 85797100b9f9 -r cf3837d45b70 crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 Thu May 28 17:02:58 2020 +0000
@@ -34,7 +34,7 @@
The chacha20-poly1305%openssh.com@localhost cipher requires 512 bits of key
material as output from the SSH key exchange. This forms two 256 bit
keys (K_1 and K_2), used by two separate instances of chacha20.
-The first 256 bits consitute K_2 and the second 256 bits become
+The first 256 bits constitute K_2 and the second 256 bits become
K_1.
The instance keyed by K_1 is a stream cipher that is used only
@@ -103,5 +103,5 @@
[3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
-$OpenBSD: PROTOCOL.chacha20poly1305,v 1.4 2018/04/10 00:10:49 djm Exp $
+$OpenBSD: PROTOCOL.chacha20poly1305,v 1.5 2020/02/21 00:04:43 dtucker Exp $
diff -r 85797100b9f9 -r cf3837d45b70 crypto/external/bsd/openssh/dist/PROTOCOL.mux
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.mux Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.mux Thu May 28 17:02:58 2020 +0000
@@ -39,7 +39,7 @@
speak a significant subset of the SSH protocol, but in return is able
to access basically the full suite of connection protocol features.
Moreover, as no file descriptor passing is required, the connection
-supporting a proxy client may iteself be forwarded or relayed to another
+supporting a proxy client may itself be forwarded or relayed to another
host if necessary.
1. Connection setup
@@ -295,4 +295,4 @@
XXX signals via mux request
XXX list active connections via mux
-$OpenBSD: PROTOCOL.mux,v 1.11 2018/09/26 07:30:05 djm Exp $
+$OpenBSD: PROTOCOL.mux,v 1.12 2020/03/13 03:17:07 djm Exp $
diff -r 85797100b9f9 -r cf3837d45b70 crypto/external/bsd/openssh/dist/PROTOCOL.u2f
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.u2f Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.u2f Thu May 28 17:02:58 2020 +0000
@@ -142,7 +142,7 @@
default.
Attestation information is useful for out-of-band key and certificate
-registration worksflows, e.g. proving to a CA that a key is backed
+registration workflows, e.g. proving to a CA that a key is backed
by trusted hardware before it will issue a certificate. To support this
case, OpenSSH optionally allows retaining the attestation information
at the time of key generation. It will take the following format:
@@ -169,7 +169,7 @@
byte[] extensions
byte[32] SHA256(message)
-No extensons are yet defined for SSH use. If any are defined in the future,
+No extensions are yet defined for SSH use. If any are defined in the future,
it will be possible to infer their presence from the contents of the "flags"
value.
@@ -236,7 +236,7 @@
The middleware library need only expose a handful of functions:
- #define SSH_SK_VERSION_MAJOR 0x00040000 /* API version */
+ #define SSH_SK_VERSION_MAJOR 0x00050000 /* API version */
#define SSH_SK_VERSION_MAJOR_MASK 0xffff0000
/* Flags */
diff -r 85797100b9f9 -r cf3837d45b70 crypto/external/bsd/openssh/dist/auth-options.c
--- a/crypto/external/bsd/openssh/dist/auth-options.c Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.c Thu May 28 17:02:58 2020 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.90 2019/11/25 00:54:23 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.92 2020/03/06 18:15:38 markus Exp $ */
/*
* Copyright (c) 2018 Damien Miller <djm%mindrot.org@localhost>
*
@@ -219,8 +219,7 @@
free(opts->permitlisten[i]);
free(opts->permitlisten);
- explicit_bzero(opts, sizeof(*opts));
- free(opts);
+ freezero(opts, sizeof(*opts));
}
struct sshauthopt *
@@ -732,9 +731,11 @@
*np = n;
n = 0;
out:
- for (i = 0; i < n; i++)
- free(a[i]);
- free(a);
+ if (a != NULL) {
+ for (i = 0; i < n; i++)
+ free(a[i]);
+ free(a);
+ }
sshbuf_free(b);
return r;
}
diff -r 85797100b9f9 -r cf3837d45b70 crypto/external/bsd/openssh/dist/auth-rhosts.c
--- a/crypto/external/bsd/openssh/dist/auth-rhosts.c Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-rhosts.c Thu May 28 17:02:58 2020 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.51 2019/10/02 00:42:30 djm Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.52 2020/04/17 03:30:05 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -294,7 +294,9 @@
* Check if we have been configured to ignore .rhosts
* and .shosts files.
*/
- if (options.ignore_rhosts) {
+ if (options.ignore_rhosts == IGNORE_RHOSTS_YES ||
+ (options.ignore_rhosts == IGNORE_RHOSTS_SHOSTS &&
+ strcmp(rhosts_files[rhosts_file_index], ".shosts") != 0)) {
auth_debug_add("Server has been configured to "
"ignore %.100s.", rhosts_files[rhosts_file_index]);
continue;
diff -r 85797100b9f9 -r cf3837d45b70 crypto/external/bsd/openssh/dist/auth2-chall.c
--- a/crypto/external/bsd/openssh/dist/auth2-chall.c Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-chall.c Thu May 28 17:02:58 2020 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.52 2019/11/13 04:47:52 deraadt Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.53 2020/02/26 13:40:09 jsg Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -108,8 +108,7 @@
if (kbdintctxt->device)
kbdint_reset_device(kbdintctxt);
free(kbdintctxt->devices);
- explicit_bzero(kbdintctxt, sizeof(*kbdintctxt));
- free(kbdintctxt);
+ freezero(kbdintctxt, sizeof(*kbdintctxt));
}
/* get next device */
static int
diff -r 85797100b9f9 -r cf3837d45b70 crypto/external/bsd/openssh/dist/auth2-passwd.c
--- a/crypto/external/bsd/openssh/dist/auth2-passwd.c Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-passwd.c Thu May 28 17:02:58 2020 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-passwd.c,v 1.17 2019/09/06 04:53:27 djm Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.18 2020/02/26 13:40:09 jsg Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -64,8 +64,7 @@
logit("password change not supported");
else if (PRIVSEP(auth_password(ssh, password)) == 1)
authenticated = 1;
- explicit_bzero(password, len);
- free(password);
+ freezero(password, len);
return authenticated;
}
diff -r 85797100b9f9 -r cf3837d45b70 crypto/external/bsd/openssh/dist/auth2.c
--- a/crypto/external/bsd/openssh/dist/auth2.c Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2.c Thu May 28 17:02:58 2020 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.157 2019/09/06 04:53:27 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.158 2020/03/06 18:16:21 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -207,7 +207,7 @@
r = 0;
out:
free(service);
- return 0;
+ return r;
}
#define MIN_FAIL_DELAY_SECONDS 0.005
diff -r 85797100b9f9 -r cf3837d45b70 crypto/external/bsd/openssh/dist/authfd.c
--- a/crypto/external/bsd/openssh/dist/authfd.c Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/authfd.c Thu May 28 17:02:58 2020 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.121 2019/12/21 02:19:13 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.123 2020/03/06 18:24:39 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -341,7 +341,7 @@
size_t i;
struct ssh_identitylist *idlist = NULL;
- if ((r = ssh_fetch_identitylist(sock, &idlist)) < 0) {
+ if ((r = ssh_fetch_identitylist(sock, &idlist)) != 0) {
return r;
}
@@ -560,10 +560,8 @@
goto out;
r = decode_reply(type);
out:
- if (blob != NULL) {
- explicit_bzero(blob, blen);
- free(blob);
- }
+ if (blob != NULL)
+ freezero(blob, blen);
sshbuf_free(msg);
return r;
}
diff -r 85797100b9f9 -r cf3837d45b70 crypto/external/bsd/openssh/dist/authfile.c
--- a/crypto/external/bsd/openssh/dist/authfile.c Thu Feb 27 00:21:35 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/authfile.c Thu May 28 17:02:58 2020 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.137 2020/01/25 23:02:13 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.140 2020/04/17 07:15:11 djm Exp $ */
/*
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
*
@@ -136,6 +136,14 @@
}
int
+sshkey_load_private(const char *filename, const char *passphrase,
+ struct sshkey **keyp, char **commentp)
+{
+ return sshkey_load_private_type(KEY_UNSPEC, filename, passphrase,
+ keyp, commentp);
+}
+
+int
sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
struct sshkey **keyp, char **commentp)
{
@@ -156,51 +164,57 @@
return r;
}
-/* XXX this is almost identical to sshkey_load_private_type() */
-int
-sshkey_load_private(const char *filename, const char *passphrase,
- struct sshkey **keyp, char **commentp)
+/* Load a pubkey from the unencrypted envelope of a new-format private key */
+static int
+sshkey_load_pubkey_from_private(const char *filename, struct sshkey **pubkeyp)
{
struct sshbuf *buffer = NULL;
+ struct sshkey *pubkey = NULL;
int r, fd;
- if (keyp != NULL)
- *keyp = NULL;
- if (commentp != NULL)
- *commentp = NULL;
+ if (pubkeyp != NULL)
+ *pubkeyp = NULL;
if ((fd = open(filename, O_RDONLY)) == -1)
return SSH_ERR_SYSTEM_ERROR;
- if (sshkey_perm_ok(fd, filename) != 0) {
- r = SSH_ERR_KEY_BAD_PERMISSIONS;
+ if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
+ (r = sshkey_parse_pubkey_from_private_fileblob_type(buffer,
+ KEY_UNSPEC, &pubkey)) != 0)
goto out;
+ if ((r = sshkey_set_filename(pubkey, filename)) != 0)
+ goto out;
+ /* success */
+ if (pubkeyp != NULL) {
+ *pubkeyp = pubkey;
+ pubkey = NULL;
}
- if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
- (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp,
- commentp)) != 0)
Home |
Main Index |
Thread Index |
Old Index