From owner-svn-src-all@FreeBSD.ORG  Sun Apr 20 11:17:46 2014
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 776F641B;
 Sun, 20 Apr 2014 11:17:46 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5836C14E3;
 Sun, 20 Apr 2014 11:17:46 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s3KBHkMb091038;
 Sun, 20 Apr 2014 11:17:46 GMT (envelope-from des@svn.freebsd.org)
Received: (from des@localhost)
 by svn.freebsd.org (8.14.8/8.14.8/Submit) id s3KBHjWS091032;
 Sun, 20 Apr 2014 11:17:45 GMT (envelope-from des@svn.freebsd.org)
Message-Id: <201404201117.s3KBHjWS091032@svn.freebsd.org>
From: Dag-Erling Smørgrav <des@FreeBSD.org>
Date: Sun, 20 Apr 2014 11:17:45 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-vendor@freebsd.org
Subject: svn commit: r264690 - vendor-crypto/openssh/dist
X-SVN-Group: vendor-crypto
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Apr 2014 11:17:46 -0000

Author: des
Date: Sun Apr 20 11:17:44 2014
New Revision: 264690
URL: http://svnweb.freebsd.org/changeset/base/264690

Log:
  Apply upstream patch for EC calculation bug that breaks EC key exchange
  about one out of 512 times.

Modified:
  vendor-crypto/openssh/dist/bufaux.c
  vendor-crypto/openssh/dist/compat.c
  vendor-crypto/openssh/dist/compat.h
  vendor-crypto/openssh/dist/sshconnect2.c
  vendor-crypto/openssh/dist/sshd.c
  vendor-crypto/openssh/dist/version.h

Modified: vendor-crypto/openssh/dist/bufaux.c
==============================================================================
--- vendor-crypto/openssh/dist/bufaux.c	Sun Apr 20 09:17:48 2014	(r264689)
+++ vendor-crypto/openssh/dist/bufaux.c	Sun Apr 20 11:17:44 2014	(r264690)
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -372,6 +372,9 @@ buffer_put_bignum2_from_string(Buffer *b
 
 	if (l > 8 * 1024)
 		fatal("%s: length %u too long", __func__, l);
+	/* Skip leading zero bytes */
+	for (; l > 0 && *s == 0; l--, s++)
+		;
 	p = buf = xmalloc(l + 1);
 	/*
 	 * If most significant bit is set then prepend a zero byte to

Modified: vendor-crypto/openssh/dist/compat.c
==============================================================================
--- vendor-crypto/openssh/dist/compat.c	Sun Apr 20 09:17:48 2014	(r264689)
+++ vendor-crypto/openssh/dist/compat.c	Sun Apr 20 11:17:44 2014	(r264690)
@@ -95,6 +95,9 @@ compat_datafellows(const char *version)
 		{ "Sun_SSH_1.0*",	SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
 		{ "OpenSSH_4*",		0 },
 		{ "OpenSSH_5*",		SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
+		{ "OpenSSH_6.6.1*",	SSH_NEW_OPENSSH},
+		{ "OpenSSH_6.5*,"
+		  "OpenSSH_6.6*",	SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
 		{ "OpenSSH*",		SSH_NEW_OPENSSH },
 		{ "*MindTerm*",		0 },
 		{ "2.1.0*",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
@@ -251,7 +254,6 @@ compat_cipher_proposal(char *cipher_prop
 	return cipher_prop;
 }
 
-
 char *
 compat_pkalg_proposal(char *pkalg_prop)
 {
@@ -265,3 +267,16 @@ compat_pkalg_proposal(char *pkalg_prop)
 	return pkalg_prop;
 }
 
+char *
+compat_kex_proposal(char *kex_prop)
+{
+	if (!(datafellows & SSH_BUG_CURVE25519PAD))
+		return kex_prop;
+	debug2("%s: original KEX proposal: %s", __func__, kex_prop);
+	kex_prop = filter_proposal(kex_prop, "curve25519-sha256@libssh.org");
+	debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
+	if (*kex_prop == '\0')
+		fatal("No supported key exchange algorithms found");
+	return kex_prop;
+}
+

Modified: vendor-crypto/openssh/dist/compat.h
==============================================================================
--- vendor-crypto/openssh/dist/compat.h	Sun Apr 20 09:17:48 2014	(r264689)
+++ vendor-crypto/openssh/dist/compat.h	Sun Apr 20 11:17:44 2014	(r264690)
@@ -59,6 +59,7 @@
 #define SSH_BUG_RFWD_ADDR	0x02000000
 #define SSH_NEW_OPENSSH		0x04000000
 #define SSH_BUG_DYNAMIC_RPORT	0x08000000
+#define SSH_BUG_CURVE25519PAD	0x10000000
 
 void     enable_compat13(void);
 void     enable_compat20(void);
@@ -66,6 +67,7 @@ void     compat_datafellows(const char *
 int	 proto_spec(const char *);
 char	*compat_cipher_proposal(char *);
 char	*compat_pkalg_proposal(char *);
+char	*compat_kex_proposal(char *);
 
 extern int compat13;
 extern int compat20;

Modified: vendor-crypto/openssh/dist/sshconnect2.c
==============================================================================
--- vendor-crypto/openssh/dist/sshconnect2.c	Sun Apr 20 09:17:48 2014	(r264689)
+++ vendor-crypto/openssh/dist/sshconnect2.c	Sun Apr 20 11:17:44 2014	(r264690)
@@ -195,6 +195,8 @@ ssh_kex2(char *host, struct sockaddr *ho
 	}
 	if (options.kex_algorithms != NULL)
 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+	    myproposal[PROPOSAL_KEX_ALGS]);
 
 	if (options.rekey_limit || options.rekey_interval)
 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,

Modified: vendor-crypto/openssh/dist/sshd.c
==============================================================================
--- vendor-crypto/openssh/dist/sshd.c	Sun Apr 20 09:17:48 2014	(r264689)
+++ vendor-crypto/openssh/dist/sshd.c	Sun Apr 20 11:17:44 2014	(r264690)
@@ -2462,6 +2462,9 @@ do_ssh2_kex(void)
 	if (options.kex_algorithms != NULL)
 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
 
+	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+	    myproposal[PROPOSAL_KEX_ALGS]);
+
 	if (options.rekey_limit || options.rekey_interval)
 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
 		    (time_t)options.rekey_interval);

Modified: vendor-crypto/openssh/dist/version.h
==============================================================================
--- vendor-crypto/openssh/dist/version.h	Sun Apr 20 09:17:48 2014	(r264689)
+++ vendor-crypto/openssh/dist/version.h	Sun Apr 20 11:17:44 2014	(r264690)
@@ -1,6 +1,6 @@
 /* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */
 
-#define SSH_VERSION	"OpenSSH_6.6"
+#define SSH_VERSION	"OpenSSH_6.6.1"
 
 #define SSH_PORTABLE	"p1"
 #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE