rpms
/
libssh2
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 1.8.0 

- New upstream release 1.8.0
  - Added a basic dockerised test suite
  - crypto: Add support for the mbedTLS backend
  - See RELEASE-NOTES for details of bug fixes
This commit is contained in:
Paul Howarth 2016-10-25 09:16:53 +01:00
parent 29e2533fad
commit a9c954ed4c
4 changed files with 10 additions and 391 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
CVE-2016-0787.patch
View File

@ -1,30 +0,0 @@
From 8a453a7b0f1e667b7369eb73b00843a8decdecc9 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 11 Feb 2016 13:52:20 +0100
Subject: [PATCH] diffie_hellman_sha1: convert bytes to bits
As otherwise we get far too small numbers.
CVE-2016-0787
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/kex.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/kex.c b/src/kex.c
index 6349457..e89b36c 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -133,7 +133,7 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
/* Generate x and e */
- _libssh2_bn_rand(exchange_state->x, group_order, 0, -1);
+ _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1);
_libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p,
exchange_state->ctx);
--
2.7.0

38
libssh2-1.7.0-openssl11-memleak.patch
View File

@ -1,38 +0,0 @@
From c43eb3bae2b63affe5b16bfdab028a65cdc055db Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Thu, 20 Oct 2016 17:22:31 +0200
Subject: [PATCH] Revert "aes: the init function fails when OpenSSL has AES
support"
This partially reverts commit f4f2298ef3635acd031cc2ee0e71026cdcda5864
because it caused the compatibility code to call initialization routines
redundantly, leading to memory leakage with OpenSSL 1.1 and broken curl
test-suite in Fedora:
88 bytes in 1 blocks are definitely lost in loss record 5 of 8
at 0x4C2DB8D: malloc (vg_replace_malloc.c:299)
by 0x72C607D: CRYPTO_zalloc (mem.c:100)
by 0x72A2480: EVP_CIPHER_meth_new (cmeth_lib.c:18)
by 0x4E5A550: make_ctr_evp.isra.0 (openssl.c:407)
by 0x4E5A8E8: _libssh2_init_aes_ctr (openssl.c:471)
by 0x4E5BB5A: libssh2_init (global.c:49)
---
src/openssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openssl.c b/src/openssl.c
index a31e2dd..4f63ef9 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -265,7 +265,7 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
return ret == 1 ? 0 : 1;
}
-#if LIBSSH2_AES_CTR
+#if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
#include <openssl/aes.h>
#include <openssl/evp.h>
--
2.7.4

304
libssh2-1.7.0-openssl11.patch
View File

@ -1,304 +0,0 @@
commit 64ebfd8182a9b6e637e65c3059e3798e199274b3
Author: Taylor Holberton <taylorcholberton@gmail.com>
Date: Mon Sep 5 06:28:51 2016 -0400
openssl: add OpenSSL 1.1.0 compatibility
diff --git a/src/openssl.c b/src/openssl.c
index b0c695d..a31e2dd 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -66,33 +66,63 @@ _libssh2_rsa_new(libssh2_rsa_ctx ** rsa,
unsigned long e2len,
const unsigned char *coeffdata, unsigned long coefflen)
{
- *rsa = RSA_new();
+ BIGNUM * e;
+ BIGNUM * n;
+ BIGNUM * d = 0;
+ BIGNUM * p = 0;
+ BIGNUM * q = 0;
+ BIGNUM * dmp1 = 0;
+ BIGNUM * dmq1 = 0;
+ BIGNUM * iqmp = 0;
- (*rsa)->e = BN_new();
- BN_bin2bn(edata, elen, (*rsa)->e);
+ e = BN_new();
+ BN_bin2bn(edata, elen, e);
- (*rsa)->n = BN_new();
- BN_bin2bn(ndata, nlen, (*rsa)->n);
+ n = BN_new();
+ BN_bin2bn(ndata, nlen, n);
if (ddata) {
- (*rsa)->d = BN_new();
- BN_bin2bn(ddata, dlen, (*rsa)->d);
+ d = BN_new();
+ BN_bin2bn(ddata, dlen, d);
- (*rsa)->p = BN_new();
- BN_bin2bn(pdata, plen, (*rsa)->p);
+ p = BN_new();
+ BN_bin2bn(pdata, plen, p);
- (*rsa)->q = BN_new();
- BN_bin2bn(qdata, qlen, (*rsa)->q);
+ q = BN_new();
+ BN_bin2bn(qdata, qlen, q);
- (*rsa)->dmp1 = BN_new();
- BN_bin2bn(e1data, e1len, (*rsa)->dmp1);
+ dmp1 = BN_new();
+ BN_bin2bn(e1data, e1len, dmp1);
- (*rsa)->dmq1 = BN_new();
- BN_bin2bn(e2data, e2len, (*rsa)->dmq1);
+ dmq1 = BN_new();
+ BN_bin2bn(e2data, e2len, dmq1);
- (*rsa)->iqmp = BN_new();
- BN_bin2bn(coeffdata, coefflen, (*rsa)->iqmp);
+ iqmp = BN_new();
+ BN_bin2bn(coeffdata, coefflen, iqmp);
}
+
+ *rsa = RSA_new();
+#ifdef HAVE_OPAQUE_STRUCTS
+ RSA_set0_key(*rsa, n, e, d);
+#else
+ (*rsa)->e = e;
+ (*rsa)->n = n;
+#endif
+
+#ifdef HAVE_OPAQUE_STRUCTS
+ RSA_set0_factors(*rsa, p, q);
+#else
+ (*rsa)->p = p;
+ (*rsa)->q = q;
+#endif
+
+#ifdef HAVE_OPAQUE_STRUCTS
+ RSA_set0_crt_params(*rsa, dmp1, dmq1, iqmp);
+#else
+ (*rsa)->dmp1 = dmp1;
+ (*rsa)->dmq1 = dmq1;
+ (*rsa)->iqmp = iqmp;
+#endif
return 0;
}
@@ -125,25 +155,45 @@ _libssh2_dsa_new(libssh2_dsa_ctx ** dsactx,
unsigned long y_len,
const unsigned char *x, unsigned long x_len)
{
- *dsactx = DSA_new();
+ BIGNUM * p_bn;
+ BIGNUM * q_bn;
+ BIGNUM * g_bn;
+ BIGNUM * pub_key;
+ BIGNUM * priv_key = NULL;
- (*dsactx)->p = BN_new();
- BN_bin2bn(p, p_len, (*dsactx)->p);
+ p_bn = BN_new();
+ BN_bin2bn(p, p_len, p_bn);
- (*dsactx)->q = BN_new();
- BN_bin2bn(q, q_len, (*dsactx)->q);
+ q_bn = BN_new();
+ BN_bin2bn(q, q_len, q_bn);
- (*dsactx)->g = BN_new();
- BN_bin2bn(g, g_len, (*dsactx)->g);
+ g_bn = BN_new();
+ BN_bin2bn(g, g_len, g_bn);
- (*dsactx)->pub_key = BN_new();
- BN_bin2bn(y, y_len, (*dsactx)->pub_key);
+ pub_key = BN_new();
+ BN_bin2bn(y, y_len, pub_key);
if (x_len) {
- (*dsactx)->priv_key = BN_new();
- BN_bin2bn(x, x_len, (*dsactx)->priv_key);
+ priv_key = BN_new();
+ BN_bin2bn(x, x_len, priv_key);
}
+ *dsactx = DSA_new();
+
+#ifdef HAVE_OPAQUE_STRUCTS
+ DSA_set0_pqg(*dsactx, p_bn, q_bn, g_bn);
+#else
+ (*dsactx)->p = p_bn;
+ (*dsactx)->g = g_bn;
+ (*dsactx)->q = q_bn;
+#endif
+
+#ifdef HAVE_OPAQUE_STRUCTS
+ DSA_set0_key(*dsactx, pub_key, priv_key);
+#else
+ (*dsactx)->pub_key = pub_key;
+ (*dsactx)->priv_key = priv_key;
+#endif
return 0;
}
@@ -153,20 +203,28 @@ _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx,
const unsigned char *m, unsigned long m_len)
{
unsigned char hash[SHA_DIGEST_LENGTH];
- DSA_SIG dsasig;
+ DSA_SIG * dsasig;
+ BIGNUM * r;
+ BIGNUM * s;
int ret = -1;
- dsasig.r = BN_new();
- BN_bin2bn(sig, 20, dsasig.r);
- dsasig.s = BN_new();
- BN_bin2bn(sig + 20, 20, dsasig.s);
+ r = BN_new();
+ BN_bin2bn(sig, 20, r);
+ s = BN_new();
+ BN_bin2bn(sig + 20, 20, s);
+ dsasig = DSA_SIG_new();
+#ifdef HAVE_OPAQUE_STRUCTS
+ DSA_SIG_set0(dsasig, r, s);
+#else
+ dsasig->r = r;
+ dsasig->s = s;
+#endif
if (!_libssh2_sha1(m, m_len, hash))
/* _libssh2_sha1() succeeded */
- ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, &dsasig, dsactx);
+ ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, dsasig, dsactx);
- BN_clear_free(dsasig.s);
- BN_clear_free(dsasig.r);
+ DSA_SIG_free(dsasig);
return (ret == 1) ? 0 : -1;
}
@@ -586,6 +644,8 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
unsigned long hash_len, unsigned char *signature)
{
DSA_SIG *sig;
+ const BIGNUM * r;
+ const BIGNUM * s;
int r_len, s_len;
(void) hash_len;
@@ -594,12 +654,18 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
return -1;
}
- r_len = BN_num_bytes(sig->r);
+#ifdef HAVE_OPAQUE_STRUCTS
+ DSA_SIG_get0(sig, &r, &s);
+#else
+ r = sig->r;
+ s = sig->s;
+#endif
+ r_len = BN_num_bytes(r);
if (r_len < 1 || r_len > 20) {
DSA_SIG_free(sig);
return -1;
}
- s_len = BN_num_bytes(sig->s);
+ s_len = BN_num_bytes(s);
if (s_len < 1 || s_len > 20) {
DSA_SIG_free(sig);
return -1;
@@ -607,8 +673,8 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
memset(signature, 0, 40);
- BN_bn2bin(sig->r, signature + (20 - r_len));
- BN_bn2bin(sig->s, signature + 20 + (20 - s_len));
+ BN_bn2bin(r, signature + (20 - r_len));
+ BN_bn2bin(s, signature + 20 + (20 - s_len));
DSA_SIG_free(sig);
@@ -768,9 +834,16 @@ gen_publickey_from_rsa(LIBSSH2_SESSION *session, RSA *rsa,
unsigned long len;
unsigned char* key;
unsigned char* p;
-
- e_bytes = BN_num_bytes(rsa->e) + 1;
- n_bytes = BN_num_bytes(rsa->n) + 1;
+ const BIGNUM * e;
+ const BIGNUM * n;
+#ifdef HAVE_OPAQUE_STRUCTS
+ RSA_get0_key(rsa, &n, &e, NULL);
+#else
+ e = rsa->e;
+ n = rsa->n;
+#endif
+ e_bytes = BN_num_bytes(e) + 1;
+ n_bytes = BN_num_bytes(n) + 1;
/* Key form is "ssh-rsa" + e + n. */
len = 4 + 7 + 4 + e_bytes + 4 + n_bytes;
@@ -788,8 +861,8 @@ gen_publickey_from_rsa(LIBSSH2_SESSION *session, RSA *rsa,
memcpy(p, "ssh-rsa", 7);
p += 7;
- p = write_bn(p, rsa->e, e_bytes);
- p = write_bn(p, rsa->n, n_bytes);
+ p = write_bn(p, e, e_bytes);
+ p = write_bn(p, n, n_bytes);
*key_len = (size_t)(p - key);
return key;
@@ -805,10 +878,27 @@ gen_publickey_from_dsa(LIBSSH2_SESSION* session, DSA *dsa,
unsigned char* key;
unsigned char* p;
- p_bytes = BN_num_bytes(dsa->p) + 1;
- q_bytes = BN_num_bytes(dsa->q) + 1;
- g_bytes = BN_num_bytes(dsa->g) + 1;
- k_bytes = BN_num_bytes(dsa->pub_key) + 1;
+ const BIGNUM * p_bn;
+ const BIGNUM * q;
+ const BIGNUM * g;
+ const BIGNUM * pub_key;
+#ifdef HAVE_OPAQUE_STRUCTS
+ DSA_get0_pqg(dsa, &p_bn, &q, &g);
+#else
+ p_bn = dsa->p;
+ q = dsa->q;
+ g = dsa->g;
+#endif
+
+#ifdef HAVE_OPAQUE_STRUCTS
+ DSA_get0_key(dsa, &pub_key, NULL);
+#else
+ pub_key = dsa->pub_key;
+#endif
+ p_bytes = BN_num_bytes(p_bn) + 1;
+ q_bytes = BN_num_bytes(q) + 1;
+ g_bytes = BN_num_bytes(g) + 1;
+ k_bytes = BN_num_bytes(pub_key) + 1;
/* Key form is "ssh-dss" + p + q + g + pub_key. */
len = 4 + 7 + 4 + p_bytes + 4 + q_bytes + 4 + g_bytes + 4 + k_bytes;
@@ -826,10 +916,10 @@ gen_publickey_from_dsa(LIBSSH2_SESSION* session, DSA *dsa,
memcpy(p, "ssh-dss", 7);
p += 7;
- p = write_bn(p, dsa->p, p_bytes);
- p = write_bn(p, dsa->q, q_bytes);
- p = write_bn(p, dsa->g, g_bytes);
- p = write_bn(p, dsa->pub_key, k_bytes);
+ p = write_bn(p, p_bn, p_bytes);
+ p = write_bn(p, q, q_bytes);
+ p = write_bn(p, g, g_bytes);
+ p = write_bn(p, pub_key, k_bytes);
*key_len = (size_t)(p - key);
return key;

29
libssh2.spec
View File

@ -11,16 +11,13 @@
%{!?__isa_bits: %global __isa_bits %((echo '#include <bits/wordsize.h>'; echo __WORDSIZE) | cpp - | grep -Ex '32|64')}
Name: libssh2
Version: 1.7.0
Release: 7%{?dist}
Version: 1.8.0
Release: 1%{?dist}
Summary: A library implementing the SSH2 protocol
Group: System Environment/Libraries
License: BSD
URL: http://www.libssh2.org/
Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz
Patch2: CVE-2016-0787.patch
Patch3: libssh2-1.7.0-openssl11.patch
Patch4: libssh2-1.7.0-openssl11-memleak.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
BuildRequires: coreutils
@ -77,15 +74,6 @@ developing applications that use libssh2.
# between 32-bit and 64-bit builds running on a single build-host
sed -i s/4711/47%{?__isa_bits}/ tests/ssh2.{c,sh}
# diffie_hellman_sha1: Convert bytes to bits (additional fix for CVE-2016-0787)
%patch2 -p1
# Build with OpenSSL 1.1.0 from upstream git
%patch3 -p1
# make curl test-suite work again with valgrind enabled
%patch4 -p1
# Make sshd transition appropriately if building in an SELinux environment
%if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7)
chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || :
@ -97,9 +85,6 @@ chcon $(/usr/sbin/matchpathcon -n /etc/ssh/ssh_host_key) tests/etc/{host,user} |
%configure --disable-silent-rules --disable-static --enable-shared
make %{?_smp_mflags}
# Avoid polluting libssh2.pc with linker options (#947813)
sed -i -e 's|[[:space:]]-Wl,[^[:space:]]*||' libssh2.pc
%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot} INSTALL="install -p"
@ -160,11 +145,17 @@ rm -rf %{buildroot}
%{_libdir}/pkgconfig/libssh2.pc
%changelog
* Tue Oct 25 2016 Paul Howarth <paul@city-fan.org> - 1.8.0-1
- Update to 1.8.0
- Added a basic dockerised test suite
- crypto: Add support for the mbedTLS backend
- See RELEASE-NOTES for details of bug fixes
* Thu Oct 20 2016 Kamil Dudka <kdudka@redhat.com> - 1.7.0-7
- make curl test-suite work again with valgrind enabled
- Make curl test-suite work again with valgrind enabled
* Tue Oct 11 2016 Tomáš Mráz <tmraz@redhat.com> - 1.7.0-6
- rebuild with OpenSSL 1.1.0
- Rebuild with OpenSSL 1.1.0
* Sun Mar 6 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-5
- Revert parts of previous change that broke EL-5 compatibility