search for: explicit_bzero

https://bugzilla.mindrot.org/show_bug.cgi?id=2541 Bug ID: 2541 Summary: Add explicit_bzero() before free() in OpenSSH-7.1p2 for auth1.c/auth2.c/auth2-hostbased.c Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh...

...+284,7 @@ load_identity(char *filename) pass = xstrdup(identity_passphrase); else pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); - r = sshkey_load_private(filename, pass, &prv, NULL); + r = sshkey_load_private_type(KEY_UNSPEC, filename, pass, &prv, NULL); explicit_bzero(pass, strlen(pass)); free(pass); if (r != 0) @@ -855,7 +856,7 @@ fingerprint_private(const char *path) fatal("%s: %s", path, strerror(errno)); if ((r = sshkey_load_public(path, &public, &comment)) != 0) { debug("load public \"%s\": %s", path, ssh_er...

...;xx", sizeof(salt)); - if ((pw = getpwuid(0)) == NULL) - return salt; - passwd = shadow_pw(pw); - if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL) - return salt; /* no $, DES */ - typelen = p - passwd + 1; - strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); - explicit_bzero(passwd, strlen(passwd)); + setpwent(); + while ((pw = getpwent()) != NULL) { + passwd = shadow_pw(pw); + if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) { + typelen = p - passwd + 1; + strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); + explicit_bzero(...

The freezero call is practically the same as calling explicit_bzero followed by free. Okay? Index: sshbuf.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshbuf.c,v diff -u -p -u -p -r1.19 sshbuf.c --- sshbuf.c 2 Dec 2022 04:40:27 -0000 1.19 +++ sshbuf.c 13 Aug 2024 16:54:20 -0000 @@ -183,10 +183,8 @@ sshbuf_fr...

...al; + + memcpy(ctx->buffer + partial, data, p); + data += p; + len -= p; + + SM3Block(ctx, ctx->buffer, 1, W); + } + + blocks = len / SM3_BLOCK_LENGTH; + len %= SM3_BLOCK_LENGTH; + + if (blocks) { + SM3Block(ctx, data, blocks, W); + data += blocks * SM3_BLOCK_LENGTH; + } + + explicit_bzero(W, sizeof(W)); + + partial = 0; + } + if (len) + memcpy(ctx->buffer + partial, data, len); +} + +void +SM3Final(u_int8_t digest[SM3_DIGEST_LENGTH], SM3_CTX *ctx) +{ + const unsigned int bit_offset = SM3_BLOCK_LENGTH - sizeof(u_int64_t); + unsigned int partial = ctx->count % SM3_BLOCK_LENGTH...

...return; } if (sshbuf_check_sanity(buf) != 0) return; buf->off = buf->size = 0; if (buf->alloc != SSHBUF_SIZE_INIT) { if ((d = recallocarray(buf->d, buf->alloc, SSHBUF_SIZE_INIT, 1)) != NULL) { buf->cd = buf->d = d; buf->alloc = SSHBUF_SIZE_INIT; } } explicit_bzero(buf->d, buf->alloc); } This function allocates a new buffer of size SSHBUF_SIZE_INIT if buf->alloc != SSHBUF_SIZE_INIT, which can put buf in an inconsistent state if buf->max_size < SSHBUF_SIZE_INIT, because it will make buf->alloc > buf->max_size true, which will trigger a...

...t; + len -= p; > + > + SM3Block(ctx, ctx->buffer, 1, W); > + } > + > + blocks = len / SM3_BLOCK_LENGTH; > + len %= SM3_BLOCK_LENGTH; > + > + if (blocks) { > + SM3Block(ctx, data, blocks, W); > + data += blocks * SM3_BLOCK_LENGTH; > + } > + > + explicit_bzero(W, sizeof(W)); > + > + partial = 0; > + } > + if (len) > + memcpy(ctx->buffer + partial, data, len); > +} > + > +void > +SM3Final(u_int8_t digest[SM3_DIGEST_LENGTH], SM3_CTX *ctx) > +{ > + const unsigned int bit_offset = SM3_BLOCK_LENGTH - sizeof(u_int64_t); &g...

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

On Thu, Jul 21, 2016 at 12:31 PM, Selphie Keller <selphie.keller at gmail.com> wrote: > Ahh i see, just got up to speed on the issue, so seems like the issue is > related to blowfish being faster then sha family hashing for longer length > passwords, or the system's crypt() not understanding $2a$ -style salts, which most glibcs don't. On those, crypt fails immediately due

...L_ERROR; +} + +static int +uncompress_buffer_zstd(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) +{ + return SSH_ERR_INTERNAL_ERROR; +} +#endif /* HAVE_LIBZSTD */ + void ssh_clear_newkeys(struct ssh *ssh, int mode) { @@ -924,18 +1092,29 @@ ssh_set_newkeys(struct ssh *ssh, int mode) explicit_bzero(enc->key, enc->key_len); explicit_bzero(mac->key, mac->key_len); */ if ((comp->type == COMP_ZLIB || - (comp->type == COMP_DELAYED && + ((comp->type == COMP_DELAYED || comp->type == COMP_ZSTD) && state->after_authentication)) &&...

While doing some related work I built openssh 9.3p1 with -fsanitize=address and this came up during compilation. In file included from /usr/include/string.h:535, from kex.c:34: In function 'explicit_bzero', inlined from 'kex_free_newkeys' at kex.c:743:2: /usr/include/bits/string_fortified.h:72:3: warning: '__explicit_bzero_chk' writing 48 bytes into a region of size 8 overflows the destination [-Wstringop-overflow=] 72 | __explicit_bzero_chk (__dest, __len, __glibc_o...

...CURITY extension. Reported by Thomas Hoger. * SECURITY: Fix an out of-bound read access in the packet handling code. Reported by Ben Hawkes. * PROTOCOL: Correctly interpret the 'first_kex_follows' option during the intial key exchange. Reported by Matt Johnston. * Further use of explicit_bzero has been added in various buffer handling code paths to guard against compilers aggressively doing dead-store removal. Checksums: ========== - SHA1 (openssh-7.1p2.tar.gz) = 9202f5a2a50c8a55ecfb830609df1e1fde97f758 - SHA256 (openssh-7.1p2.tar.gz) = dd75f024dcf21e06a0d6421d582690bf987a1f63...

...continue; + } + + certificate_files[n_ids] = filename; + certificates[n_ids] = cert; + ++n_ids; + } + options.num_certificate_files = n_ids; + memcpy(options.certificate_files, certificate_files, sizeof(certificate_files)); + memcpy(options.certificates, certificates, sizeof(certificates)); + + explicit_bzero(pwname, strlen(pwname)); + free(pwname); + explicit_bzero(pwdir, strlen(pwdir)); + free(pwdir); +} + + + static void load_public_identity_files(void) { diff --git a/ssh.h b/ssh.h index 4f8da5c..8fb7ba3 100644 --- a/ssh.h +++ b/ssh.h @@ -19,6 +19,13 @@ #define SSH_DEFAULT_PORT 22 /* + * Maxim...

I added ZSTD support to OpenSSH roughly three years ago and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port

https://bugzilla.mindrot.org/show_bug.cgi?id=2702 Bug ID: 2702 Summary: ssh compiled with --with-ldns segfaults during known_hosts parsing Product: Portable OpenSSH Version: 7.5p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh

I hacked zstd support into OpenSSH a while ago and just started to clean it up in the recent days. The cleanup includes configuration support among other things that I did not have. During testing I noticed the following differences compared to zlib: - highly interactive shell output (as in refreshed at a _very_ high rate) may result in higher bandwidth compared to zlib. Since zstd is quicker

...onitor calls used for authentication and allow them only when their respective authentication methods are enabled in the configuration * sshd(8): Fix uninitialised optlen in getsockopt() call; harmless on Unix/BSD but potentially crashy on Cygwin. * Fix false positive reports caused by explicit_bzero(3) not being recognised as a memory initialiser when compiled with -fsanitize-memory. * sshd_config(5): Use 2001:db8::/32, the official IPv6 subnet for configuration examples. Portability ----------- * On environments configured with Turkish locales, fall back to the C/POSIX lo...

I added ZSTD support to OpenSSH roughly over a year and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port

Hi, OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

...onitor calls used for authentication and allow them only when their respective authentication methods are enabled in the configuration * sshd(8): Fix uninitialised optlen in getsockopt() call; harmless on Unix/BSD but potentially crashy on Cygwin. * Fix false positive reports caused by explicit_bzero(3) not being recognised as a memory initialiser when compiled with -fsanitize-memory. * sshd_config(5): Use 2001:db8::/32, the official IPv6 subnet for configuration examples. Portability ----------- * On environments configured with Turkish locales, fall back to the C/POSIX lo...