diff --git a/.gitignore b/.gitignore index f243b71..0279377 100644 --- a/.gitignore +++ b/.gitignore @@ -39,3 +39,5 @@ libssh-0.4.4.tar.gz.asc /libssh-0.8.5.tar.xz.asc /libssh-0.8.6.tar.xz /libssh-0.8.6.tar.xz.asc +/libssh-0.8.7.tar.xz +/libssh-0.8.7.tar.xz.asc diff --git a/libssh-0.8.6-fix-rsa-sha2-ext.patch b/libssh-0.8.6-fix-rsa-sha2-ext.patch deleted file mode 100644 index 3fe8438..0000000 --- a/libssh-0.8.6-fix-rsa-sha2-ext.patch +++ /dev/null @@ -1,261 +0,0 @@ -From d028b2495d0bb2b7ae9b0af42b4377af4a964b00 Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Tue, 8 Jan 2019 11:32:10 +0100 -Subject: [PATCH 1/3] dh: Make sure we do not access uninitialized memory - -Signed-off-by: Jakub Jelen -Reviewed-by: Andreas Schneider -(cherry picked from commit ca62632170c311923026f978c57d2e0a0be3e0e1) ---- - src/dh.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/dh.c b/src/dh.c -index 90c1813c..cc12fd46 100644 ---- a/src/dh.c -+++ b/src/dh.c -@@ -1274,6 +1274,10 @@ int ssh_get_server_publickey(ssh_session session, ssh_key *key) - - ssh_key ssh_dh_get_current_server_publickey(ssh_session session) - { -+ if (session->current_crypto == NULL) { -+ return NULL; -+ } -+ - return session->current_crypto->server_pubkey; - } - --- -2.20.1 - - -From 0acfd81f85f8c41547ac700782fa96a000abdc79 Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Mon, 7 Jan 2019 18:49:58 +0100 -Subject: [PATCH 2/3] server: Correctly handle extensions - -If the server had an RSA host key, it provided unconditionally SHA2 -signatures without consulting the client proposed list of supported host -keys. - -This commit implements more fine-grained detection of the extension -to provide the client with valid signatures according to RFC 8332 -Section 3.1. - -Signed-off-by: Jakub Jelen -Reviewed-by: Andreas Schneider -(cherry picked from commit 27fe60954c29e548c30af239d92ab4faaf8cf788) ---- - include/libssh/session.h | 7 ++++--- - src/kex.c | 24 ++++++++++++++++++++---- - src/server.c | 2 +- - 3 files changed, 25 insertions(+), 8 deletions(-) - -diff --git a/include/libssh/session.h b/include/libssh/session.h -index 8b963066..23633cc2 100644 ---- a/include/libssh/session.h -+++ b/include/libssh/session.h -@@ -87,10 +87,11 @@ enum ssh_pending_call_e { - #define SSH_OPT_FLAG_GSSAPI_AUTH 0x8 - - /* extensions flags */ -+/* negotiation enabled */ -+#define SSH_EXT_NEGOTIATION 0x01 - /* server-sig-algs extension */ --#define SSH_EXT_SIG_RSA_SHA256 0x01 --#define SSH_EXT_SIG_RSA_SHA512 0x02 --#define SSH_EXT_ALL SSH_EXT_SIG_RSA_SHA256 | SSH_EXT_SIG_RSA_SHA512 -+#define SSH_EXT_SIG_RSA_SHA256 0x02 -+#define SSH_EXT_SIG_RSA_SHA512 0x04 - - /* members that are common to ssh_session and ssh_bind */ - struct ssh_common_struct { -diff --git a/src/kex.c b/src/kex.c -index 35a5a602..d9d0c7e5 100644 ---- a/src/kex.c -+++ b/src/kex.c -@@ -526,13 +526,29 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){ - ok = ssh_match_group(session->next_crypto->client_kex.methods[SSH_KEX], - KEX_EXTENSION_CLIENT); - if (ok) { -+ const char *hostkeys = NULL; -+ -+ /* The client supports extension negotiation */ -+ session->extensions |= SSH_EXT_NEGOTIATION; - /* -- * Enable all the supported extensions and when the time comes -- * (after NEWKEYS) send them to the client. -+ * RFC 8332 Section 3.1: Use for Server Authentication -+ * Check what algorithms were provided in the SSH_HOSTKEYS list -+ * by the client and enable the respective extensions to provide -+ * correct signature in the next packet if RSA is negotiated - */ -+ hostkeys = session->next_crypto->client_kex.methods[SSH_HOSTKEYS]; -+ ok = ssh_match_group(hostkeys, "rsa-sha2-512"); -+ if (ok) { -+ session->extensions |= SSH_EXT_SIG_RSA_SHA512; -+ } -+ ok = ssh_match_group(hostkeys, "rsa-sha2-256"); -+ if (ok) { -+ session->extensions |= SSH_EXT_SIG_RSA_SHA256; -+ } - SSH_LOG(SSH_LOG_DEBUG, "The client supports extension " -- "negotiation: enabling all extensions"); -- session->extensions = SSH_EXT_ALL; -+ "negotiation. Enabled signature algorithms: %s%s", -+ session->extensions & SSH_EXT_SIG_RSA_SHA256 ? "SHA256" : "", -+ session->extensions & SSH_EXT_SIG_RSA_SHA512 ? " SHA512" : ""); - } - - /* -diff --git a/src/server.c b/src/server.c -index 8197fd86..02471e91 100644 ---- a/src/server.c -+++ b/src/server.c -@@ -523,7 +523,7 @@ static void ssh_server_connection_callback(ssh_session session){ - * our supported extensions now. This is the first message after - * sending NEWKEYS message and after turning on crypto. - */ -- if (session->extensions && -+ if (session->extensions & SSH_EXT_NEGOTIATION && - session->session_state != SSH_SESSION_STATE_AUTHENTICATED) { - ssh_server_send_extensions(session); - } --- -2.20.1 - - -From bfc39d578db2412d2ae379a105c3cb658f48748c Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Tue, 8 Jan 2019 14:27:39 +0100 -Subject: [PATCH 3/3] kex: List also the SHA2 extension when ordering hostkey - algorithms - -By default, the list of already stored known host types is preferred, -but this selection so far ignored the SHA2 extension and excluded these -keys in the KEXINIT list leading to not using this extension if not -explicitly enabled from configuration. - -This commit extends the default list with the SHA2 signatures algoritms -and compares only base types so they can be listed in the KEXINIT list. - -This adjust the tests to expect the full list of algorithms to pass. - -Signed-off-by: Jakub Jelen -Reviewed-by: Andreas Schneider -(cherry picked from commit 531b80a60bcb89c0ea09e85e36e240755407febf) ---- - src/kex.c | 36 +++++++++++--------- - tests/unittests/torture_knownhosts_parsing.c | 10 +++--- - 2 files changed, 26 insertions(+), 20 deletions(-) - -diff --git a/src/kex.c b/src/kex.c -index d9d0c7e5..44d60f59 100644 ---- a/src/kex.c -+++ b/src/kex.c -@@ -38,6 +38,7 @@ - #include "libssh/curve25519.h" - #include "libssh/knownhosts.h" - #include "libssh/misc.h" -+#include "libssh/pki.h" - - #ifdef HAVE_LIBGCRYPT - # define BLOWFISH "blowfish-cbc," -@@ -619,6 +620,8 @@ char *ssh_client_select_hostkeys(ssh_session session) - "ecdsa-sha2-nistp521", - "ecdsa-sha2-nistp384", - "ecdsa-sha2-nistp256", -+ "rsa-sha2-512", -+ "rsa-sha2-256", - "ssh-rsa", - #ifdef HAVE_DSA - "ssh-dss", -@@ -644,29 +647,30 @@ char *ssh_client_select_hostkeys(ssh_session session) - - for (i = 0; preferred_hostkeys[i] != NULL; ++i) { - bool found = false; -+ /* This is a signature type: We list also the SHA2 extensions */ -+ enum ssh_keytypes_e base_preferred = -+ ssh_key_type_from_signature_name(preferred_hostkeys[i]); - - for (it = ssh_list_get_iterator(algo_list); - it != NULL; - it = it->next) { - const char *algo = ssh_iterator_value(const char *, it); -- int cmp; -- int ok; -+ /* This is always key type so we do not have to care for the -+ * SHA2 extension */ -+ enum ssh_keytypes_e base_algo = ssh_key_type_from_name(algo); - -- cmp = strcmp(preferred_hostkeys[i], algo); -- if (cmp == 0) { -- ok = ssh_verify_existing_algo(SSH_HOSTKEYS, algo); -- if (ok) { -- if (needcomma) { -- strncat(methods_buffer, -- ",", -- sizeof(methods_buffer) - strlen(methods_buffer) - 1); -- } -+ if (base_preferred == base_algo) { -+ /* Matching the keys already verified it is a known type */ -+ if (needcomma) { - strncat(methods_buffer, -- algo, -+ ",", - sizeof(methods_buffer) - strlen(methods_buffer) - 1); -- needcomma = 1; -- found = true; - } -+ strncat(methods_buffer, -+ preferred_hostkeys[i], -+ sizeof(methods_buffer) - strlen(methods_buffer) - 1); -+ needcomma = 1; -+ found = true; - } - } - /* Collect the rest of the algorithms in other buffer, that will -@@ -728,10 +732,10 @@ int ssh_set_client_kex(ssh_session session) - - memset(client->methods, 0, KEX_METHODS_SIZE * sizeof(char **)); - /* first check if we have specific host key methods */ -- if(session->opts.wanted_methods[SSH_HOSTKEYS] == NULL){ -+ if (session->opts.wanted_methods[SSH_HOSTKEYS] == NULL) { - /* Only if no override */ - session->opts.wanted_methods[SSH_HOSTKEYS] = -- ssh_client_select_hostkeys(session); -+ ssh_client_select_hostkeys(session); - } - - for (i = 0; i < KEX_METHODS_SIZE; i++) { -diff --git a/tests/unittests/torture_knownhosts_parsing.c b/tests/unittests/torture_knownhosts_parsing.c -index 148c5da8..a7a0d99d 100644 ---- a/tests/unittests/torture_knownhosts_parsing.c -+++ b/tests/unittests/torture_knownhosts_parsing.c -@@ -310,8 +310,9 @@ torture_knownhosts_algorithms(void **state) - const char *knownhosts_file = *state; - char *algo_list = NULL; - ssh_session session; -- const char *expect = "ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521," -- "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256" -+ const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa," -+ "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384," -+ "ecdsa-sha2-nistp256" - #ifdef HAVE_DSA - ",ssh-dss" - #endif -@@ -339,8 +340,9 @@ torture_knownhosts_algorithms_global(void **state) - const char *knownhosts_file = *state; - char *algo_list = NULL; - ssh_session session; -- const char *expect = "ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521," -- "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256" -+ const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa," -+ "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384," -+ "ecdsa-sha2-nistp256" - #ifdef HAVE_DSA - ",ssh-dss" - #endif --- -2.20.1 - diff --git a/libssh.spec b/libssh.spec index 25465b0..15065f2 100644 --- a/libssh.spec +++ b/libssh.spec @@ -1,6 +1,6 @@ Name: libssh -Version: 0.8.6 -Release: 2%{?dist} +Version: 0.8.7 +Release: 1%{?dist} Summary: A library implementing the SSH protocol License: LGPLv2+ URL: http://www.libssh.org @@ -9,8 +9,6 @@ Source0: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz Source1: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz.asc Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring -Patch0: libssh-0.8.6-fix-rsa-sha2-ext.patch - BuildRequires: cmake BuildRequires: doxygen BuildRequires: gcc-c++ @@ -106,6 +104,10 @@ popd %{_libdir}/libssh_threads.so %changelog +* Mon Feb 25 2019 Anderson Sasaki - 0.8.7-1 +- Update to version 0.8.7 + https://www.libssh.org/2019/02/25/libssh-0-8-7/ + * Tue Jan 15 2019 Anderson Sasaki - 0.8.6-2 - Fix rsa-sha2 extension handling (#1666342) diff --git a/sources b/sources index 6ce465b..d4d1540 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (libssh-0.8.6.tar.xz) = e91d1f4c1343aa232ade0fe4b5e9a92ca65e3716f4ebe2ec25b04def4fae5a3774349f05a6919836551f66fb0288ed6a3e19e0ab786c081616218be973356522 -SHA512 (libssh-0.8.6.tar.xz.asc) = 16955818de162847cf926d72c762943e0b931b1e24fb4f35cf82dec9af0247f4d8731041c837d474b0b070b0f6d2001f72b36bd6efecb9b24599d391d9a23266 +SHA512 (libssh-0.8.7.tar.xz) = 13c3dccad81d521edf29c8a5e2c5f7fdd90507a0eda652b2b040a0a17bab88860873e089a46e181907ea3f449ca1847b1c84453b1960f456e391eefe5be983c5 +SHA512 (libssh-0.8.7.tar.xz.asc) = c7c33fba67216d429269d8fe0353eb85e0e4bc6848d006cb349720ecf7bf1699da495098b0d5441aaef057fe0fda0c5cb0cf95d3834f5ef7e57de90919793b3f