diff options
| -rw-r--r-- | .hgsigs | 1 | ||||
| -rw-r--r-- | .hgtags | 1 | ||||
| -rw-r--r-- | CHANGES | 29 | ||||
| -rw-r--r-- | cli-main.c | 2 | ||||
| -rw-r--r-- | common-algo.c | 6 | ||||
| -rw-r--r-- | common-kex.c | 18 | ||||
| -rw-r--r-- | dbclient.1 | 2 | ||||
| -rw-r--r-- | dbrandom.c | 2 | ||||
| -rw-r--r-- | dbutil.c | 47 | ||||
| -rw-r--r-- | dbutil.h | 2 | ||||
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rw-r--r-- | debug.h | 2 | ||||
| -rw-r--r-- | dropbearconvert.1 | 4 | ||||
| -rw-r--r-- | dropbearkey.1 | 2 | ||||
| -rw-r--r-- | ecdsa.c | 1 | ||||
| -rw-r--r-- | keyimport.c | 2 | ||||
| -rw-r--r-- | options.h | 4 | ||||
| -rwxr-xr-x | release.sh | 4 | ||||
| -rw-r--r-- | svr-main.c | 1 | ||||
| -rw-r--r-- | sysoptions.h | 2 |
20 files changed, 109 insertions, 29 deletions
@@ -13,3 +13,4 @@ a50a1dc743317fad9b3737bc68fbca640659bb6d 0 iEYEABECAAYFAlJeqL0ACgkQjPn4sExkf7yVq 96584b934d04ebab443f603e78d38fe692d36313 0 iEYEABECAAYFAlPVFrQACgkQjPn4sExkf7xr6ACglRiLE21vRrS1rJ809o2yMADIKtwAn1f5SyZUngSde8eE55JxCMwtMC5m caac692b366c153cea0e9cd59aa2d79a7d843d4e 0 iEYEABECAAYFAlPk1mcACgkQjPn4sExkf7wLpgCeOqMYqpkf4lYUuyrn9VYThNpc7PkAn3JOSNgIqkKUcmSy6FstrI8jwJzq 2d421bc0545d1be6d59a4ebfe61606d94b124b0c 0 iEYEABECAAYFAlRJDCQACgkQjPn4sExkf7xUYACcCwVJkYWXJn5x/D5A+qMupy778lEAn0rg1oNiq96YU/4jOPsS5IMItihu +1d2d81b1b7c1b100e9c369e40b9fa5b2d491eea9 0 iEYEABECAAYFAlTKOKUACgkQjPn4sExkf7xWMACfYFozyHiRk5GaocTa5z6Ws1uyB4kAoLubxoxcnM3E7AA9mHAzc3OB5M0Y @@ -46,3 +46,4 @@ e894dbc015ba7ff4c3bf897ee20e28ca90c55a16 DROPBEAR_2013.61test 0d2d39957c029adb7f4327d37fe6b4900f0736d9 DROPBEAR_2014.64 e9579816f20ea85affc6135e87f8477992808948 DROPBEAR_2014.65 735511a4c761141416ad0e6728989d2dafa55bc2 DROPBEAR_2014.66 +cbd674d63cd4f3781464a8d4056a5506c8ae926f DROPBEAR_2015.67 @@ -1,3 +1,32 @@ +2015.67 - Wednesday 28 January 2015 + +- Call fsync() after generating private keys to ensure they aren't lost if a + reboot occurs. Thanks to Peter Korsgaard + +- Disable non-delayed zlib compression by default on the server. Can be + enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB + +- Default client key path ~/.ssh/id_dropbear + +- Prefer stronger algorithms by default, from Fedor Brunner. + AES256 over 3DES + Diffie-hellman group14 over group1 + +- Add option to disable CBC ciphers. + +- Disable twofish in default options.h + +- Enable sha2 HMAC algorithms by default, the code was already required + for ECC key exchange. sha1 is the first preference still for performance. + +- Fix installing dropbear.8 in a separate build directory, from Like Ma + +- Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusamäe + +- Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea + +- Minor bug fixes, a few issues found by Coverity scan + 2014.66 - Thursday 23 October 2014 - Use the same keepalive handling behaviour as OpenSSH. This will work better @@ -73,7 +73,7 @@ int main(int argc, char ** argv) { #endif { int sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, - 0, &error); + 1, &error); sock_in = sock_out = sock; } diff --git a/common-algo.c b/common-algo.c index 65f1913..9a3664b 100644 --- a/common-algo.c +++ b/common-algo.c @@ -144,6 +144,12 @@ algo_type sshciphers[] = { #ifdef DROPBEAR_AES256 {"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr}, #endif +#ifdef DROPBEAR_TWOFISH256 + {"twofish256-ctr", 0, &dropbear_twofish256, 1, &dropbear_mode_ctr}, +#endif +#ifdef DROPBEAR_TWOFISH128 + {"twofish128-ctr", 0, &dropbear_twofish128, 1, &dropbear_mode_ctr}, +#endif #endif /* DROPBEAR_ENABLE_CTR_MODE */ #ifdef DROPBEAR_ENABLE_CBC_MODE diff --git a/common-kex.c b/common-kex.c index 7d93708..f355560 100644 --- a/common-kex.c +++ b/common-kex.c @@ -629,16 +629,20 @@ void free_kexdh_param(struct kex_dh_param *param) void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them, sign_key *hostkey) { - mp_int dh_p; + DEF_MP_INT(dh_p); + DEF_MP_INT(dh_p_min1); mp_int *dh_e = NULL, *dh_f = NULL; - /* read the prime and generator*/ - m_mp_init(&dh_p); + m_mp_init_multi(&dh_p, &dh_p_min1, NULL); load_dh_p(&dh_p); - /* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */ - if (mp_cmp(dh_pub_them, &dh_p) != MP_LT - || mp_cmp_d(dh_pub_them, 0) != MP_GT) { + if (mp_sub_d(&dh_p, 1, &dh_p_min1) != MP_OKAY) { + dropbear_exit("Diffie-Hellman error"); + } + + /* Check that dh_pub_them (dh_e or dh_f) is in the range [2, p-2] */ + if (mp_cmp(dh_pub_them, &dh_p_min1) != MP_LT + || mp_cmp_d(dh_pub_them, 1) != MP_GT) { dropbear_exit("Diffie-Hellman error"); } @@ -649,7 +653,7 @@ void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them, } /* clear no longer needed vars */ - mp_clear_multi(&dh_p, NULL); + mp_clear_multi(&dh_p, &dh_p_min1, NULL); /* From here on, the code needs to work with the _same_ vars on each side, * not vice-versaing for client/server */ @@ -33,7 +33,7 @@ Identity file. Read the identity key from file .I idfile (multiple allowed). This file is created with dropbearkey(1) or converted -from OpenSSH with dropbearconvert(1). +from OpenSSH with dropbearconvert(1). The default path ~/.ssh/id_dropbear is used .TP .B \-L [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR Local port forwarding. @@ -306,7 +306,7 @@ void gen_random_mpint(mp_int *max, mp_int *rand) { /* keep regenerating until we get one satisfying * 0 < rand < max */ - } while (mp_cmp(rand, max) != MP_LT); + } while (!(mp_cmp(rand, max) == MP_LT && mp_cmp_d(rand, 0) == MP_GT)); m_burn(randbuf, len); m_free(randbuf); } @@ -150,18 +150,31 @@ void dropbear_log(int priority, const char* format, ...) { #ifdef DEBUG_TRACE + +static double time_since_start() +{ + static double start_time = -1; + double nowf; + struct timeval tv; + gettimeofday(&tv, NULL); + nowf = tv.tv_sec + (tv.tv_usec / 1000000.0); + if (start_time < 0) + { + start_time = nowf; + return 0; + } + return nowf - start_time; +} + void dropbear_trace(const char* format, ...) { va_list param; - struct timeval tv; if (!debug_trace) { return; } - gettimeofday(&tv, NULL); - va_start(param, format); - fprintf(stderr, "TRACE (%d) %d.%d: ", getpid(), (int)tv.tv_sec, (int)tv.tv_usec); + fprintf(stderr, "TRACE (%d) %f: ", getpid(), time_since_start()); vfprintf(stderr, format, param); fprintf(stderr, "\n"); va_end(param); @@ -170,7 +183,6 @@ void dropbear_trace(const char* format, ...) { void dropbear_trace2(const char* format, ...) { static int trace_env = -1; va_list param; - struct timeval tv; if (trace_env == -1) { trace_env = getenv("DROPBEAR_TRACE2") ? 1 : 0; @@ -180,10 +192,8 @@ void dropbear_trace2(const char* format, ...) { return; } - gettimeofday(&tv, NULL); - va_start(param, format); - fprintf(stderr, "TRACE2 (%d) %d.%d: ", getpid(), (int)tv.tv_sec, (int)tv.tv_usec); + fprintf(stderr, "TRACE2 (%d) %f: ", getpid(), time_since_start()); vfprintf(stderr, format, param); fprintf(stderr, "\n"); va_end(param); @@ -390,6 +400,23 @@ int connect_unix(const char* path) { } #endif +#if defined(__linux__) && defined(TCP_DEFER_ACCEPT) +static void set_piggyback_ack(int sock) { + /* Undocumented Linux feature - set TCP_DEFER_ACCEPT and data will be piggybacked + on the 3rd packet (ack) of the TCP handshake. Saves a IP packet. + http://thread.gmane.org/gmane.linux.network/224627/focus=224727 + "Piggyback the final ACK of the three way TCP connection establishment with the data" */ + int val = 1; + /* No error checking, this is opportunistic */ + int err = setsockopt(sock, IPPROTO_TCP, TCP_DEFER_ACCEPT, (void*)&val, sizeof(val)); + if (err) + { + TRACE(("Failed setsockopt TCP_DEFER_ACCEPT: %s", strerror(errno))) + } +} +#endif + + /* Connect via TCP to a host. Connection will try ipv4 or ipv6, will * return immediately if nonblocking is set. On failure, if errstring * wasn't null, it will be a newly malloced error message */ @@ -437,6 +464,10 @@ int connect_remote(const char* remotehost, const char* remoteport, if (nonblocking) { setnonblocking(sock); + +#if defined(__linux__) && defined(TCP_DEFER_ACCEPT) + set_piggyback_ack(sock); +#endif } if (connect(sock, res->ai_addr, res->ai_addrlen) < 0) { @@ -91,7 +91,7 @@ void m_close(int fd); void * m_malloc(size_t size); void * m_strdup(const char * str); void * m_realloc(void* ptr, size_t size); -#define m_free(X) free(X); (X) = NULL; +#define m_free(X) do {free(X); (X) = NULL;} while (0); void m_burn(void* data, unsigned int len); void setnonblocking(int fd); void disallow_core(); diff --git a/debian/changelog b/debian/changelog index d4948ac..12484cc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dropbear (2015.67-0.1) unstable; urgency=low + + * New upstream release. + + -- Matt Johnston <matt@ucc.asn.au> Wed, 28 Jan 2015 22:53:59 +0800 + dropbear (2014.66-0.1) unstable; urgency=low * New upstream release. @@ -39,7 +39,7 @@ * Caution: Don't use this in an unfriendly environment (ie unfirewalled), * since the printing may not sanitise strings etc. This will add a reasonable * amount to your executable size. */ -/* #define DEBUG_TRACE */ +/*#define DEBUG_TRACE*/ /* All functions writing to the cleartext payload buffer call * CHECKCLEARTOWRITE() before writing. This is only really useful if you're diff --git a/dropbearconvert.1 b/dropbearconvert.1 index 4643f5f..b2f34ef 100644 --- a/dropbearconvert.1 +++ b/dropbearconvert.1 @@ -39,9 +39,9 @@ or An existing Dropbear or OpenSSH private key file .TP .B output file -The path to write the converted private key file +The path to write the converted private key file. For client authentication ~/.ssh/id_dropbear is loaded by default .SH EXAMPLE - # dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/dropbear_priv + # dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_dropbear .SH AUTHOR Matt Johnston (matt@ucc.asn.au). .SH SEE ALSO diff --git a/dropbearkey.1 b/dropbearkey.1 index 207a6fe..b4d202e 100644 --- a/dropbearkey.1 +++ b/dropbearkey.1 @@ -33,7 +33,7 @@ or .TP .B \-f \fIfile Write the secret key to the file -.IR file . +.IR file . For client authentication ~/.ssh/id_dropbear is loaded by default .TP .B \-s \fIbits Set the key size to @@ -131,6 +131,7 @@ ecc_key *buf_get_ecdsa_priv_key(buffer *buf) { if (buf_getmpint(buf, new_key->k) != DROPBEAR_SUCCESS) { ecc_free(new_key); + m_free(new_key); return NULL; } diff --git a/keyimport.c b/keyimport.c index 272fcce..6f2634f 100644 --- a/keyimport.c +++ b/keyimport.c @@ -810,7 +810,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase)) } m_burn(key->keyblob, key->keyblob_size); m_free(key->keyblob); - m_burn(key, sizeof(key)); + m_burn(key, sizeof(*key)); m_free(key); if (errmsg) { fprintf(stderr, "Error: %s\n", errmsg); @@ -95,8 +95,8 @@ much traffic. */ #define DROPBEAR_AES256 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ /*#define DROPBEAR_BLOWFISH*/ -/*#define DROPBEAR_TWOFISH256*/ -/*#define DROPBEAR_TWOFISH128*/ +#define DROPBEAR_TWOFISH256 +#define DROPBEAR_TWOFISH128 /* Enable CBC mode for ciphers. This has security issues though * is the most compatible with older SSH implementations */ @@ -7,7 +7,7 @@ if ! head -n1 CHANGES | grep -q $VERSION ; then fi if ! head -n1 debian/changelog | grep -q $VERSION ; then - echo "CHANGES needs updating" + echo "debian/changelog needs updating" exit 1 fi @@ -36,5 +36,5 @@ rm -r "$RELDIR/autom4te.cache" || exit 2 (cd $RELDIR/.. && tar cjf $ARCHIVE `basename "$RELDIR"`) || exit 2 ls -l $ARCHIVE -openssl sha1 $ARCHIVE +openssl sha -sha256 $ARCHIVE echo "Done to $ARCHIVE" @@ -343,6 +343,7 @@ static void sigchld_handler(int UNUSED(unused)) { sa_chld.sa_handler = sigchld_handler; sa_chld.sa_flags = SA_NOCLDSTOP; + sigemptyset(&sa_chld.sa_mask); if (sigaction(SIGCHLD, &sa_chld, NULL) < 0) { dropbear_exit("signal() error"); } diff --git a/sysoptions.h b/sysoptions.h index 7ccdd81..bec7246 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -4,7 +4,7 @@ *******************************************************************/ #ifndef DROPBEAR_VERSION -#define DROPBEAR_VERSION "2014.66" +#define DROPBEAR_VERSION "2015.67" #endif #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION |