From c8d852caf646d060babd4be9d074caee51c5aead Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sat, 17 Feb 2018 12:16:18 +0800 Subject: [PATCH 01/26] loginrec close fd on error path --- loginrec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/loginrec.c b/loginrec.c index 7254cf1..af10d95 100644 --- a/loginrec.c +++ b/loginrec.c @@ -1330,7 +1330,8 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode) if ( lseek(*fd, offset, SEEK_SET) != offset ) { dropbear_log(LOG_WARNING, "lastlog_openseek: %s->lseek(): %s", - lastlog_file, strerror(errno)); + lastlog_file, strerror(errno)); + m_close(*fd); return 0; } } From b080f5a047f113fc5190133df8d8518cc9d8f73b Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Tue, 20 Feb 2018 19:29:55 +0800 Subject: [PATCH 02/26] rename default_options.h.in in docs too --- CHANGES | 2 +- INSTALL | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 1f002ac..2b66e44 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ Upcoming... - IMPORTANT: Custom configuration is now specified in local_options.h rather than options.h - Available options and defaults can be seen in default_options.h.in + Available options and defaults can be seen in default_options.h To migrate your configuration, compare your customised options.h against the upstream options.h from your relevant version. Any customised options should diff --git a/INSTALL b/INSTALL index bb24c20..ce0637f 100644 --- a/INSTALL +++ b/INSTALL @@ -1,7 +1,7 @@ Basic Dropbear build instructions: - Edit localoptions.h to set which features you want. Available options - are described in default_options.h.in, these will be overridden by + are described in default_options.h, these will be overridden by anything set in localoptions.h - If using a Mercurial or Git checkout, "autoconf; autoheader" From 5fd677af765c0b4a623e6ba86c7207b7c6d9b47f Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Tue, 20 Feb 2018 19:30:34 +0800 Subject: [PATCH 03/26] 12 years is too old for a TODO list --- TODO | 27 --------------------------- 1 file changed, 27 deletions(-) delete mode 100644 TODO diff --git a/TODO b/TODO deleted file mode 100644 index 9d688b3..0000000 --- a/TODO +++ /dev/null @@ -1,27 +0,0 @@ -Current: - -Things which might need doing: - -- default private dbclient keys - -- Make options.h generated from configure perhaps? - -- handle /etc/environment in AIX - -- check that there aren't timing issues with valid/invalid user authentication - feedback. - -- Binding to different interfaces - -- CTR mode -- SSH_MSG_IGNORE sending to improve CBC security -- DH Group Exchange possibly, or just add group14 (whatever it's called today) - -- fix scp.c for IRIX - -- Be able to use OpenSSH keys for the client? or at least have some form of - encrypted keys. - -- Client agent forwarding - -- Handle restrictions in ~/.ssh/authorized_keys ? From 67111efdad6c3fe499aaf39e7f0f0d97f9e3ac21 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sat, 17 Feb 2018 19:41:44 +0800 Subject: [PATCH 04/26] limit rsa->e size to 64 bits --- rsa.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/rsa.c b/rsa.c index 7222b8d..67b90f7 100644 --- a/rsa.c +++ b/rsa.c @@ -68,6 +68,12 @@ int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) { goto out; } + /* 64 bit is limit used by openssl, so we won't block any keys in the wild */ + if (mp_count_bits(key->e) > 64) { + dropbear_log(LOG_WARNING, "RSA key bad e"); + goto out; + } + TRACE(("leave buf_get_rsa_pub_key: success")) ret = DROPBEAR_SUCCESS; out: From c2f2f2b8170465103ed582cfe317ea91824c2107 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sun, 18 Feb 2018 00:29:17 +0800 Subject: [PATCH 05/26] rename some options and move some to sysoptions.h --- cli-auth.c | 4 +- default_options.h | 99 ++++++++++++++++--------------------- default_options.h.in | 113 +++++++++---------------------------------- sysoptions.h | 39 ++++++++++++++- 4 files changed, 106 insertions(+), 149 deletions(-) diff --git a/cli-auth.c b/cli-auth.c index bcc7281..2e509e5 100644 --- a/cli-auth.c +++ b/cli-auth.c @@ -60,7 +60,7 @@ void cli_auth_getmethods() { */ if (ses.keys->trans.algo_comp != DROPBEAR_COMP_ZLIB_DELAY) { ses.authstate.authtypes = AUTH_TYPE_PUBKEY; -#if DROPBEAR_USE_DROPBEAR_PASSWORD +#if DROPBEAR_USE_PASSWORD_ENV if (getenv(DROPBEAR_PASSWORD_ENV)) { ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT; } @@ -337,7 +337,7 @@ char* getpass_or_cancel(const char* prompt) { char* password = NULL; -#if DROPBEAR_USE_DROPBEAR_PASSWORD +#if DROPBEAR_USE_PASSWORD_ENV /* Password provided in an environment var */ password = getenv(DROPBEAR_PASSWORD_ENV); if (password) diff --git a/default_options.h b/default_options.h index cc82605..5239c36 100644 --- a/default_options.h +++ b/default_options.h @@ -57,10 +57,11 @@ IMPORTANT: Many options will require "make clean" after changes */ #define INETD_MODE 1 #endif -/* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is - * perhaps 20% slower for pubkey operations (it is probably worth experimenting - * if you want to use this) */ -/*#define NO_FAST_EXPTMOD*/ +/* Include verbose debug output, enabled with -v at runtime. + * This will add a reasonable amount to your executable size. */ +#ifndef DEBUG_TRACE +#define DEBUG_TRACE 0 +#endif /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save several kB in binary size however will make the symmetrical ciphers and hashes @@ -101,7 +102,6 @@ much traffic. */ #define DROPBEAR_CLI_AGENTFWD 1 #endif - /* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to * allow multihop dbclient connections */ @@ -118,14 +118,15 @@ much traffic. */ #endif /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */ -#ifndef ENABLE_USER_ALGO_LIST -#define ENABLE_USER_ALGO_LIST 1 +#ifndef DROPBEAR_USER_ALGO_LIST +#define DROPBEAR_USER_ALGO_LIST 1 #endif /* Encryption - at least one required. - * Protocol RFC requires 3DES and recommends AES128 for interoperability. - * Including multiple keysize variants the same cipher - * (eg AES256 as well as AES128) will result in a minimal size increase.*/ + * AES128 should be enabled, some very old implementations might only + * support 3DES. + * Including both AES keysize variants (128 and 256) will result in + * a minimal size increase */ #ifndef DROPBEAR_AES128 #define DROPBEAR_AES128 1 #endif @@ -135,14 +136,16 @@ much traffic. */ #ifndef DROPBEAR_AES256 #define DROPBEAR_AES256 1 #endif -/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ -/*#define DROPBEAR_BLOWFISH*/ #ifndef DROPBEAR_TWOFISH256 #define DROPBEAR_TWOFISH256 1 #endif #ifndef DROPBEAR_TWOFISH128 #define DROPBEAR_TWOFISH128 1 #endif +/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ +#ifndef DROPBEAR_BLOWFISH +#define DROPBEAR_BLOWFISH 0 +#endif /* Enable CBC mode for ciphers. This has security issues though * is the most compatible with older SSH implementations */ @@ -150,7 +153,7 @@ much traffic. */ #define DROPBEAR_ENABLE_CBC_MODE 1 #endif -/* Enable "Counter Mode" for ciphers. This is more secure than normal +/* Enable "Counter Mode" for ciphers. This is more secure than * CBC mode against certain attacks. It is recommended for security * and forwards compatibility */ #ifndef DROPBEAR_ENABLE_CTR_MODE @@ -175,7 +178,7 @@ If you test it please contact the Dropbear author */ #ifndef DROPBEAR_SHA2_256_HMAC #define DROPBEAR_SHA2_256_HMAC 1 #endif -/* Default is to include it is sha512 is being compiled in for ECDSA */ +/* Default is to include it if sha512 is being compiled in for ECDSA */ #ifndef DROPBEAR_SHA2_512_HMAC #define DROPBEAR_SHA2_512_HMAC (DROPBEAR_ECDSA) #endif @@ -284,6 +287,9 @@ If you test it please contact the Dropbear author */ /* Authentication Types - at least one required. RFC Draft requires pubkey auth, and recommends password */ +#ifndef DROPBEAR_SVR_PASSWORD_AUTH +#define DROPBEAR_SVR_PASSWORD_AUTH 1 +#endif /* Note: PAM auth is quite simple and only works for PAM modules which just do * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). @@ -291,21 +297,11 @@ If you test it please contact the Dropbear author */ * but there's an interface via a PAM module. It won't work for more complex * PAM challenge/response. * You can't enable both PASSWORD and PAM. */ - -/* This requires crypt() */ -#ifdef HAVE_CRYPT -#ifndef DROPBEAR_SVR_PASSWORD_AUTH -#define DROPBEAR_SVR_PASSWORD_AUTH 1 -#endif -#else -#ifndef DROPBEAR_SVR_PASSWORD_AUTH -#define DROPBEAR_SVR_PASSWORD_AUTH 0 -#endif -#endif -/* PAM requires ./configure --enable-pam */ #ifndef DROPBEAR_SVR_PAM_AUTH #define DROPBEAR_SVR_PAM_AUTH 0 #endif + +/* ~/.ssh/authorized_keys authentication */ #ifndef DROPBEAR_SVR_PUBKEY_AUTH #define DROPBEAR_SVR_PUBKEY_AUTH 1 #endif @@ -316,15 +312,10 @@ If you test it please contact the Dropbear author */ #define DROPBEAR_SVR_PUBKEY_OPTIONS 1 #endif -/* This requires getpass. */ -#ifdef HAVE_GETPASS +/* Client authentication options */ #ifndef DROPBEAR_CLI_PASSWORD_AUTH #define DROPBEAR_CLI_PASSWORD_AUTH 1 #endif -#ifndef DROPBEAR_CLI_INTERACT_AUTH -#define DROPBEAR_CLI_INTERACT_AUTH 1 -#endif -#endif #ifndef DROPBEAR_CLI_PUBKEY_AUTH #define DROPBEAR_CLI_PUBKEY_AUTH 1 #endif @@ -335,14 +326,10 @@ Homedir is prepended unless path begins with / */ #define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear" #endif -/* This variable can be used to set a password for client - * authentication on the commandline. Beware of platforms - * that don't protect environment variables of processes etc. Also - * note that it will be provided for all "hidden" client-interactive - * style prompts - if you want something more sophisticated, use - * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/ -#ifndef DROPBEAR_PASSWORD_ENV -#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD" +/* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD + * environment variable. */ +#ifndef DROPBEAR_USE_PASSWORD_ENV +#define DROPBEAR_USE_PASSWORD_ENV 1 #endif /* Define this (as well as DROPBEAR_CLI_PASSWORD_AUTH) to allow the use of @@ -355,24 +342,18 @@ Homedir is prepended unless path begins with / */ #endif /* Save a network roundtrip by sendng a real auth request immediately after - * sending a query for the available methods. It is at the expense of < 100 - * bytes of extra network traffic. This is not yet enabled by default since it - * could cause problems with non-compliant servers */ -#ifndef DROPBEAR_CLI_IMMEDIATE_AUTH -#define DROPBEAR_CLI_IMMEDIATE_AUTH 0 + * sending a query for the available methods. This is not yet enabled by default + since it could cause problems with non-compliant servers */ + #define DROPBEAR_CLI_IMMEDIATE_AUTH 0 + +/* Set this to use PRNGD or EGD instead of /dev/urandom */ +#ifndef DROPBEAR_USE_PRNGD +#define DROPBEAR_USE_PRNGD 0 #endif - -/* Source for randomness. This must be able to provide hundreds of bytes per SSH - * connection without blocking. In addition /dev/random is used for seeding - * rsa/dss key generation */ -#ifndef DROPBEAR_URANDOM_DEV -#define DROPBEAR_URANDOM_DEV "/dev/urandom" +#ifndef DROPBEAR_PRNGD_SOCKET +#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng" #endif -/* Set this to use PRNGD or EGD instead of /dev/urandom or /dev/random */ -/*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ - - /* Specify the number of clients we will allow to be connected but * not yet authenticated. After this limit, connections are rejected */ /* The first setting is per-IP, to avoid denial of service */ @@ -404,9 +385,13 @@ Homedir is prepended unless path begins with / */ #define XAUTH_COMMAND "/usr/bin/xauth -q" #endif + /* if you want to enable running an sftp server (such as the one included with - * OpenSSH), set the path below. If the path isn't defined, sftp will not - * be enabled */ + * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. + * The sftp-server program is not provided by Dropbear itself */ +#ifndef DROPBEAR_SFTPSERVER +#define DROPBEAR_SFTPSERVER 1 +#endif #ifndef SFTPSERVER_PATH #define SFTPSERVER_PATH "/usr/libexec/sftp-server" #endif diff --git a/default_options.h.in b/default_options.h.in index 3e7052f..201044d 100644 --- a/default_options.h.in +++ b/default_options.h.in @@ -36,9 +36,9 @@ IMPORTANT: Many options will require "make clean" after changes */ #define NON_INETD_MODE 1 #define INETD_MODE 1 -#if !(NON_INETD_MODE || INETD_MODE) - #error "NON_INETD_MODE or INETD_MODE (or both) must be enabled." -#endif +/* Include verbose debug output, enabled with -v at runtime. + * This will add a reasonable amount to your executable size. */ +#define DEBUG_TRACE 0 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save several kB in binary size however will make the symmetrical ciphers and hashes @@ -63,7 +63,6 @@ much traffic. */ #define DROPBEAR_SVR_AGENTFWD 1 #define DROPBEAR_CLI_AGENTFWD 1 - /* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to * allow multihop dbclient connections */ @@ -79,9 +78,10 @@ much traffic. */ #define DROPBEAR_USER_ALGO_LIST 1 /* Encryption - at least one required. - * Protocol RFC requires 3DES and recommends AES128 for interoperability. - * Including multiple keysize variants the same cipher - * (eg AES256 as well as AES128) will result in a minimal size increase.*/ + * AES128 should be enabled, some very old implementations might only + * support 3DES. + * Including both AES keysize variants (128 and 256) will result in + * a minimal size increase */ #define DROPBEAR_AES128 1 #define DROPBEAR_3DES 1 #define DROPBEAR_AES256 1 @@ -90,16 +90,11 @@ much traffic. */ /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ #define DROPBEAR_BLOWFISH 0 -#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \ - || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128) - #error "At least one encryption algorithm must be enabled; 3DES and AES128 are recommended." -#endif - /* Enable CBC mode for ciphers. This has security issues though * is the most compatible with older SSH implementations */ #define DROPBEAR_ENABLE_CBC_MODE 1 -/* Enable "Counter Mode" for ciphers. This is more secure than normal +/* Enable "Counter Mode" for ciphers. This is more secure than * CBC mode against certain attacks. It is recommended for security * and forwards compatibility */ #define DROPBEAR_ENABLE_CTR_MODE 1 @@ -114,7 +109,7 @@ If you test it please contact the Dropbear author */ #define DROPBEAR_SHA1_HMAC 1 #define DROPBEAR_SHA1_96_HMAC 1 #define DROPBEAR_SHA2_256_HMAC 1 -/* Default is to include it is sha512 is being compiled in for ECDSA */ +/* Default is to include it if sha512 is being compiled in for ECDSA */ #define DROPBEAR_SHA2_512_HMAC (DROPBEAR_ECDSA) /* XXX needed for fingerprints */ @@ -133,10 +128,6 @@ If you test it please contact the Dropbear author */ * on x86-64 */ #define DROPBEAR_ECDSA 1 -#if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA) - #error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended." -#endif - /* RSA must be >=1024 */ #define DROPBEAR_DEFAULT_RSA_SIZE 2048 /* DSS is always 1024 */ @@ -193,6 +184,7 @@ If you test it please contact the Dropbear author */ /* Authentication Types - at least one required. RFC Draft requires pubkey auth, and recommends password */ +#define DROPBEAR_SVR_PASSWORD_AUTH 1 /* Note: PAM auth is quite simple and only works for PAM modules which just do * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). @@ -200,69 +192,26 @@ If you test it please contact the Dropbear author */ * but there's an interface via a PAM module. It won't work for more complex * PAM challenge/response. * You can't enable both PASSWORD and PAM. */ +#define DROPBEAR_SVR_PAM_AUTH 0 -/* PAM requires ./configure --enable-pam */ -#if defined(HAVE_LIBPAM) && !DROPBEAR_SVR_PASSWORD_AUTH - #define DROPBEAR_SVR_PAM_AUTH 1 -#else - #define DROPBEAR_SVR_PAM_AUTH 0 -#endif - -/* This requires crypt() */ -#if defined(HAVE_CRYPT) && !DROPBEAR_SVR_PAM_AUTH - #define DROPBEAR_SVR_PASSWORD_AUTH 1 -#else - #define DROPBEAR_SVR_PASSWORD_AUTH 0 -#endif - +/* ~/.ssh/authorized_keys authentication */ #define DROPBEAR_SVR_PUBKEY_AUTH 1 -#if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH) - #error "At least one server authentication type must be enabled; PUBKEY and PASSWORD are recommended." -#endif - -#if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT - #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'." -#endif - -#if DROPBEAR_SVR_PAM_AUTH - #if DISABLE_PAM - #error "DROPBEAR_SVR_PAM_AUTH requires 'configure --enable-pam' to succeed." - #endif - #if DROPBEAR_SVR_PASSWORD_AUTH - #error "DROPBEAR_SVR_PASSWORD_AUTH cannot be enabled at the same time as DROPBEAR_SVR_PAM_AUTH." - #endif -#endif - /* Whether to take public key options in * authorized_keys file into account */ #define DROPBEAR_SVR_PUBKEY_OPTIONS 1 -/* This requires getpass. */ -#ifdef HAVE_GETPASS - #define DROPBEAR_CLI_PASSWORD_AUTH 1 - #define DROPBEAR_CLI_INTERACT_AUTH 1 -#else - #define DROPBEAR_CLI_PASSWORD_AUTH 0 - #define DROPBEAR_CLI_INTERACT_AUTH 0 -#endif +/* Client authentication options */ +#define DROPBEAR_CLI_PASSWORD_AUTH 1 #define DROPBEAR_CLI_PUBKEY_AUTH 1 -#if !(DROPBEAR_CLI_PASSWORD_AUTH || DROPBEAR_CLI_PUBKEY_AUTH) - #error "At least one client authentication type must be enabled; PUBKEY and PASSWORD are recommended." -#endif - /* A default argument for dbclient -i . Homedir is prepended unless path begins with / */ #define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear" -/* This variable can be used to set a password for client - * authentication on the commandline. Beware of platforms - * that don't protect environment variables of processes etc. Also - * note that it will be provided for all "hidden" client-interactive - * style prompts - if you want something more sophisticated, use - * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/ -#define DROPBEAR_USE_DROPBEAR_PASSWORD 1 +/* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD + * environment variable. */ +#define DROPBEAR_USE_PASSWORD_ENV 1 /* Define this (as well as DROPBEAR_CLI_PASSWORD_AUTH) to allow the use of * a helper program for the ssh client. The helper program should be @@ -271,22 +220,12 @@ Homedir is prepended unless path begins with / */ * return the password on standard output */ #define DROPBEAR_CLI_ASKPASS_HELPER 0 -#if DROPBEAR_CLI_ASKPASS_HELPER - #define DROPBEAR_CLI_PASSWORD_AUTH 1 -#endif - /* Save a network roundtrip by sendng a real auth request immediately after - * sending a query for the available methods. It is at the expense of < 100 - * bytes of extra network traffic. This is not yet enabled by default since it - * could cause problems with non-compliant servers */ -#define DROPBEAR_CLI_IMMEDIATE_AUTH 0 + * sending a query for the available methods. This is not yet enabled by default + since it could cause problems with non-compliant servers */ + #define DROPBEAR_CLI_IMMEDIATE_AUTH 0 -/* Source for randomness. This must be able to provide hundreds of bytes per SSH - * connection without blocking. In addition /dev/random is used for seeding - * rsa/dss key generation */ -#define DROPBEAR_URANDOM_DEV "/dev/urandom" - -/* Set this to use PRNGD or EGD instead of /dev/urandom or /dev/random */ +/* Set this to use PRNGD or EGD instead of /dev/urandom */ #define DROPBEAR_USE_PRNGD 0 #define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng" @@ -311,11 +250,11 @@ Homedir is prepended unless path begins with / */ * "-q" for quiet */ #define XAUTH_COMMAND "/usr/bin/xauth -q" -#define DROPBEAR_SFTPSERVER 1 /* if you want to enable running an sftp server (such as the one included with - * OpenSSH), set the path below. If the path isn't defined, sftp will not - * be enabled */ + * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. + * The sftp-server program is not provided by Dropbear itself */ +#define DROPBEAR_SFTPSERVER 1 #define SFTPSERVER_PATH "/usr/libexec/sftp-server" /* This is used by the scp binary when used as a client binary. If you're @@ -358,8 +297,4 @@ be overridden at runtime with -I. 0 disables idle timeouts */ /* The default path. This will often get replaced by the shell */ #define DEFAULT_PATH "/usr/bin:/bin" -/* Include verbose debug output, enabled with -v at runtime. - * This will add a reasonable amount to your executable size. */ -#define DEBUG_TRACE 0 - #endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */ diff --git a/sysoptions.h b/sysoptions.h index bf88cf3..b081ffc 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -23,7 +23,11 @@ #define AUTH_TIMEOUT 300 /* we choose 5 minutes */ #endif - #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS)) +#define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS)) + +#if !(NON_INETD_MODE || INETD_MODE) + #error "NON_INETD_MODE or INETD_MODE (or both) must be enabled." +#endif /* A client should try and send an initial key exchange packet guessing * the algorithm that will match - saves a round trip connecting, has little @@ -205,6 +209,39 @@ #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h" #endif +/* PAM requires ./configure --enable-pam */ +#if !defined(HAVE_LIBPAM) && DROPBEAR_SVR_PAM_AUTH +#error "DROPBEAR_SVR_PATM_AUTH requires PAM headers. Perhaps ./configure --enable-pam ?" +#endif + +#if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT + #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'." +#endif + +#if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH) + #error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended." +#endif + + +#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \ + || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128) + #error "At least one encryption algorithm must be enabled. AES128 is recommended." +#endif + +#if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA) + #error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended." +#endif + +/* Source for randomness. This must be able to provide hundreds of bytes per SSH + * connection without blocking. */ +#ifndef DROPBEAR_URANDOM_DEV +#define DROPBEAR_URANDOM_DEV "/dev/urandom" +#endif + +/* client keyboard interactive authentication is often used for password auth. + rfc4256 */ +#define DROPBEAR_CLI_INTERACT_AUTH (DROPBEAR_CLI_PASSWORD_AUTH) + /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant * code, if we're just compiling as client or server */ #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT) From 802dace05e8bce06bf4c7df9faadba779d60bb82 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sun, 18 Feb 2018 11:22:13 +0800 Subject: [PATCH 06/26] include config.h for options.h. don't need to include options.h when includes.h brings it in --- cli-tcpfwd.c | 1 - dbhelpers.h | 2 +- ecc.c | 1 - ecc.h | 1 - ecdsa.c | 1 - includes.h | 1 - list.c | 2 +- ltc_prng.c | 1 - ltc_prng.h | 1 - options.h | 3 +++ session.h | 1 - 11 files changed, 5 insertions(+), 10 deletions(-) diff --git a/cli-tcpfwd.c b/cli-tcpfwd.c index 1a1850d..662a407 100644 --- a/cli-tcpfwd.c +++ b/cli-tcpfwd.c @@ -23,7 +23,6 @@ * SOFTWARE. */ #include "includes.h" -#include "options.h" #include "dbutil.h" #include "tcpfwd.h" #include "channel.h" diff --git a/dbhelpers.h b/dbhelpers.h index d47707e..551bcb4 100644 --- a/dbhelpers.h +++ b/dbhelpers.h @@ -3,7 +3,7 @@ /* This header defines some things that are also used by libtomcrypt/math. We avoid including normal include.h since that can result in conflicting - definitinos - only include config.h */ + definitions - only include config.h */ #include "config.h" #ifdef __GNUC__ diff --git a/ecc.c b/ecc.c index f949dd1..c4881d9 100644 --- a/ecc.c +++ b/ecc.c @@ -1,5 +1,4 @@ #include "includes.h" -#include "options.h" #include "ecc.h" #include "dbutil.h" #include "bignum.h" diff --git a/ecc.h b/ecc.h index bb3bb75..f4508f8 100644 --- a/ecc.h +++ b/ecc.h @@ -2,7 +2,6 @@ #define DROPBEAR_DROPBEAR_ECC_H #include "includes.h" -#include "options.h" #include "buffer.h" diff --git a/ecdsa.c b/ecdsa.c index d7615e0..56e5355 100644 --- a/ecdsa.c +++ b/ecdsa.c @@ -1,4 +1,3 @@ -#include "options.h" #include "includes.h" #include "dbutil.h" #include "crypto_desc.h" diff --git a/includes.h b/includes.h index 766f58f..dd47107 100644 --- a/includes.h +++ b/includes.h @@ -26,7 +26,6 @@ #define DROPBEAR_INCLUDES_H_ -#include "config.h" #include "options.h" #include "debug.h" diff --git a/list.c b/list.c index 1730711..eeba7c3 100644 --- a/list.c +++ b/list.c @@ -1,4 +1,4 @@ -#include "options.h" +#include "includes.h" #include "dbutil.h" #include "list.h" diff --git a/ltc_prng.c b/ltc_prng.c index 1188ac8..4f2e9e1 100644 --- a/ltc_prng.c +++ b/ltc_prng.c @@ -11,7 +11,6 @@ * * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ -#include "options.h" #include "includes.h" #include "dbrandom.h" #include "ltc_prng.h" diff --git a/ltc_prng.h b/ltc_prng.h index 5e00759..6bc8273 100644 --- a/ltc_prng.h +++ b/ltc_prng.h @@ -1,7 +1,6 @@ #ifndef DROPBEAR_LTC_PRNG_H_DROPBEAR #define DROPBEAR_LTC_PRNG_H_DROPBEAR -#include "options.h" #include "includes.h" #if DROPBEAR_LTC_PRNG diff --git a/options.h b/options.h index c1782d2..2fe67c3 100644 --- a/options.h +++ b/options.h @@ -8,6 +8,9 @@ Local compile-time configuration should be defined in localoptions.h See default_options.h.in for a description of the available options. */ +/* Some configuration options or checks depend on system config */ +#include "config.h" + #ifdef LOCALOPTIONS_H_EXISTS #include "localoptions.h" #endif diff --git a/session.h b/session.h index 01db2ca..ced8ff4 100644 --- a/session.h +++ b/session.h @@ -26,7 +26,6 @@ #define DROPBEAR_SESSION_H_ #include "includes.h" -#include "options.h" #include "buffer.h" #include "signkey.h" #include "kex.h" From 1656db9e58e7e8188e4ca27ae4892b14949c56a5 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sun, 18 Feb 2018 15:12:15 +0800 Subject: [PATCH 07/26] Add dbclient '-J &fd' option for a file descriptor Based on patch by Harald Becker --- cli-main.c | 15 +++++++++++++++ dbclient.1 | 11 +++++++++++ 2 files changed, 26 insertions(+) diff --git a/cli-main.c b/cli-main.c index 09ff496..713cb09 100644 --- a/cli-main.c +++ b/cli-main.c @@ -158,6 +158,21 @@ static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out) { size_t ex_cmdlen; int ret; + /* File descriptor "-j &3" */ + if (*cli_opts.proxycmd == '&') { + char *p = cli_opts.proxycmd + 1; + int sock = strtoul(p, &p, 10); + /* must be a single number, and not stdin/stdout/stderr */ + if (sock > 2 && sock < 1024 && *p == '\0') { + *sock_in = sock; + *sock_out = sock; + return; + } + } + + /* Normal proxycommand */ + + /* So that spawn_command knows which shell to run */ fill_passwd(cli_opts.own_user); ex_cmdlen = strlen(cli_opts.proxycmd) + 6; /* "exec " + command + '\0' */ diff --git a/dbclient.1 b/dbclient.1 index 8607254..1516e7c 100644 --- a/dbclient.1 +++ b/dbclient.1 @@ -111,11 +111,22 @@ if 0 disables keepalives. If no response is received for 3 consecutive keepalive .B \-I \fIidle_timeout Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds. .TP + +.\" TODO: how to avoid a line break between these two -J arguments? .B \-J \fIproxy_command +.TP +.B \-J \fI&fd +.br Use the standard input/output of the program \fIproxy_command\fR rather than using a normal TCP connection. A hostname should be still be provided, as this is used for comparing saved hostkeys. This command will be executed as "exec proxy_command ..." with the default shell. + +The second form &fd will make dbclient use the numeric file descriptor as a socket. This +can be used for more complex tunnelling scenarios. Example usage with socat is + +socat EXEC:'dbclient -J &38 ev',fdin=38,fdout=38 TCP4:host.example.com:22 + .TP .B \-B \fIendhost:endport "Netcat-alike" mode, where Dropbear will connect to the given host, then create a From 34ee32607598cdcaaf40dcaa99dd58c8eae672e3 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sun, 18 Feb 2018 22:27:51 +0800 Subject: [PATCH 08/26] clean up some default options - move hmac-sha2-512, hmac-md5, twofish_ctr to sysoptions.h, off by default - try and improve text for KEX methods --- default_options.h.in | 52 ++++++++++++++++++-------------------------- sysoptions.h | 17 +++++++++++++++ 2 files changed, 38 insertions(+), 31 deletions(-) diff --git a/default_options.h.in b/default_options.h.in index 201044d..1dfe709 100644 --- a/default_options.h.in +++ b/default_options.h.in @@ -9,9 +9,9 @@ Local customisation should be added to localoptions.h which is used if it exists. Options defined there will override any options in this file. -Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS +Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS -IMPORTANT: Many options will require "make clean" after changes */ +IMPORTANT: Some options will require "make clean" after changes */ #define DROPBEAR_DEFPORT "22" @@ -41,9 +41,9 @@ IMPORTANT: Many options will require "make clean" after changes */ #define DEBUG_TRACE 0 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save -several kB in binary size however will make the symmetrical ciphers and hashes -slower, perhaps by 50%. Recommended for small systems that aren't doing -much traffic. */ + * several kB in binary size however will make the symmetrical ciphers and hashes + * slower, perhaps by 50%. Recommended for small systems that aren't doing + * much traffic. */ #define DROPBEAR_SMALL_CODE 1 /* Enable X11 Forwarding - server only */ @@ -52,7 +52,6 @@ much traffic. */ /* Enable TCP Fowarding */ /* 'Local' is "-L" style (client listening port forwarded via server) * 'Remote' is "-R" style (server listening port forwarded via client) */ - #define DROPBEAR_CLI_LOCALTCPFWD 1 #define DROPBEAR_CLI_REMOTETCPFWD 1 @@ -85,8 +84,8 @@ much traffic. */ #define DROPBEAR_AES128 1 #define DROPBEAR_3DES 1 #define DROPBEAR_AES256 1 -#define DROPBEAR_TWOFISH256 1 -#define DROPBEAR_TWOFISH128 1 +#define DROPBEAR_TWOFISH256 0 +#define DROPBEAR_TWOFISH128 0 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ #define DROPBEAR_BLOWFISH 0 @@ -99,21 +98,11 @@ much traffic. */ * and forwards compatibility */ #define DROPBEAR_ENABLE_CTR_MODE 1 -/* Twofish counter mode is disabled by default because it -has not been tested for interoperability with other SSH implementations. -If you test it please contact the Dropbear author */ -#define DROPBEAR_TWOFISH_CTR 0 - /* Message integrity. sha2-256 is recommended as a default, sha1 for compatibility */ #define DROPBEAR_SHA1_HMAC 1 #define DROPBEAR_SHA1_96_HMAC 1 #define DROPBEAR_SHA2_256_HMAC 1 -/* Default is to include it if sha512 is being compiled in for ECDSA */ -#define DROPBEAR_SHA2_512_HMAC (DROPBEAR_ECDSA) - -/* XXX needed for fingerprints */ -#define DROPBEAR_MD5_HMAC 0 /* Hostkey/public key algorithms - at least one required, these are used * for hostkey as well as for verifying signatures with pubkey auth. @@ -139,30 +128,33 @@ If you test it please contact the Dropbear author */ with badly seeded /dev/urandom when systems first boot. */ #define DROPBEAR_DELAY_HOSTKEY 1 -/* Enable Curve25519 for key exchange. This is another elliptic - * curve method with good security properties. Increases binary size - * by ~8kB on x86-64 */ -#define DROPBEAR_CURVE25519 1 - -/* Enable elliptic curve Diffie Hellman key exchange, see note about - * ECDSA above */ -#define DROPBEAR_ECDH 1 /* Key exchange algorithm. + * group14_sha1 - 2048 bit, sha1 * group14_sha256 - 2048 bit, sha2-256 * group16 - 4096 bit, sha2-512 * group1 - 1024 bit, sha1 + * curve25519 - elliptic curve DH + * ecdh - NIST elliptic curve DH (256, 384, 521) * - * group14 is supported by most implementations. - * group16 provides a greater strength level but is slower and increases binary size * group1 is too small for security though is necessary if you need compatibility with some implementations such as Dropbear versions < 0.53 + * group14 is supported by most implementations. + * group16 provides a greater strength level but is slower and increases binary size + * curve25519 and ecdh algorithms are faster than non-elliptic curve methods + * curve25519 increases binary size by ~8kB on x86-64 + * including either ECDH or ECDSA increases binary size by ~30kB on x86-64 + + * Small systems should generally include either curve25519 or ecdh for performance. + * curve25519 is less widely supported but is faster */ #define DROPBEAR_DH_GROUP1 1 #define DROPBEAR_DH_GROUP14_SHA1 1 #define DROPBEAR_DH_GROUP14_SHA256 1 #define DROPBEAR_DH_GROUP16 0 +#define DROPBEAR_CURVE25519 1 +#define DROPBEAR_ECDH 1 /* Control the memory/performance/compression tradeoff for zlib. * Set windowBits=8 for least memory usage, see your system's @@ -178,8 +170,6 @@ If you test it please contact the Dropbear author */ /* Whether to print the message of the day (MOTD). */ #define DO_MOTD 0 - -/* The MOTD file path */ #define MOTD_FILENAME "/etc/motd" /* Authentication Types - at least one required. @@ -223,7 +213,7 @@ Homedir is prepended unless path begins with / */ /* Save a network roundtrip by sendng a real auth request immediately after * sending a query for the available methods. This is not yet enabled by default since it could cause problems with non-compliant servers */ - #define DROPBEAR_CLI_IMMEDIATE_AUTH 0 +#define DROPBEAR_CLI_IMMEDIATE_AUTH 0 /* Set this to use PRNGD or EGD instead of /dev/urandom */ #define DROPBEAR_USE_PRNGD 0 diff --git a/sysoptions.h b/sysoptions.h index b081ffc..ba4b4ca 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -99,6 +99,23 @@ #define MAX_MAC_LEN 20 #endif +/* sha2-512 is not necessary unless unforseen problems arise with sha2-256 */ +#ifndef DROPBEAR_SHA2_512_HMAC +#define DROPBEAR_SHA2_512_HMAC 0 +#endif + +/* might be needed for compatibility with very old implementations */ +#ifndef DROPBEAR_MD5_HMAC +#define DROPBEAR_MD5_HMAC 0 +#endif + +/* Twofish counter mode is disabled by default because it +has not been tested for interoperability with other SSH implementations. +If you test it please contact the Dropbear author */ +#ifndef DROPBEAR_TWOFISH_CTR +#define DROPBEAR_TWOFISH_CTR 0 +#endif + #define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA)) From f2d86ae7d369feb17d022fc21ad695b5dcbb8381 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sun, 18 Feb 2018 22:47:51 +0800 Subject: [PATCH 09/26] group14-sha256 should be higher than group14-sha1 --- common-algo.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/common-algo.c b/common-algo.c index e61fcaa..5bfe831 100644 --- a/common-algo.c +++ b/common-algo.c @@ -289,12 +289,12 @@ algo_type sshkex[] = { {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL}, #endif #endif -#if DROPBEAR_DH_GROUP14_SHA1 - {"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL}, -#endif #if DROPBEAR_DH_GROUP14_SHA256 {"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL}, #endif +#if DROPBEAR_DH_GROUP14_SHA1 + {"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL}, +#endif #if DROPBEAR_DH_GROUP1 {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL}, #endif From 8fdaf0268df14c25048d96e7fa89f53b080524d9 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sun, 18 Feb 2018 23:48:24 +0800 Subject: [PATCH 10/26] missed regenerating --- default_options.h | 68 +++++++++++++++++++---------------------------- 1 file changed, 27 insertions(+), 41 deletions(-) diff --git a/default_options.h b/default_options.h index 5239c36..5369a80 100644 --- a/default_options.h +++ b/default_options.h @@ -16,9 +16,9 @@ Local customisation should be added to localoptions.h which is used if it exists. Options defined there will override any options in this file. -Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS +Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS -IMPORTANT: Many options will require "make clean" after changes */ +IMPORTANT: Some options will require "make clean" after changes */ #ifndef DROPBEAR_DEFPORT #define DROPBEAR_DEFPORT "22" @@ -64,9 +64,9 @@ IMPORTANT: Many options will require "make clean" after changes */ #endif /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save -several kB in binary size however will make the symmetrical ciphers and hashes -slower, perhaps by 50%. Recommended for small systems that aren't doing -much traffic. */ + * several kB in binary size however will make the symmetrical ciphers and hashes + * slower, perhaps by 50%. Recommended for small systems that aren't doing + * much traffic. */ #ifndef DROPBEAR_SMALL_CODE #define DROPBEAR_SMALL_CODE 1 #endif @@ -79,7 +79,6 @@ much traffic. */ /* Enable TCP Fowarding */ /* 'Local' is "-L" style (client listening port forwarded via server) * 'Remote' is "-R" style (server listening port forwarded via client) */ - #ifndef DROPBEAR_CLI_LOCALTCPFWD #define DROPBEAR_CLI_LOCALTCPFWD 1 #endif @@ -137,10 +136,10 @@ much traffic. */ #define DROPBEAR_AES256 1 #endif #ifndef DROPBEAR_TWOFISH256 -#define DROPBEAR_TWOFISH256 1 +#define DROPBEAR_TWOFISH256 0 #endif #ifndef DROPBEAR_TWOFISH128 -#define DROPBEAR_TWOFISH128 1 +#define DROPBEAR_TWOFISH128 0 #endif /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ #ifndef DROPBEAR_BLOWFISH @@ -160,13 +159,6 @@ much traffic. */ #define DROPBEAR_ENABLE_CTR_MODE 1 #endif -/* Twofish counter mode is disabled by default because it -has not been tested for interoperability with other SSH implementations. -If you test it please contact the Dropbear author */ -#ifndef DROPBEAR_TWOFISH_CTR -#define DROPBEAR_TWOFISH_CTR 0 -#endif - /* Message integrity. sha2-256 is recommended as a default, sha1 for compatibility */ #ifndef DROPBEAR_SHA1_HMAC @@ -178,15 +170,6 @@ If you test it please contact the Dropbear author */ #ifndef DROPBEAR_SHA2_256_HMAC #define DROPBEAR_SHA2_256_HMAC 1 #endif -/* Default is to include it if sha512 is being compiled in for ECDSA */ -#ifndef DROPBEAR_SHA2_512_HMAC -#define DROPBEAR_SHA2_512_HMAC (DROPBEAR_ECDSA) -#endif - -/* XXX needed for fingerprints */ -#ifndef DROPBEAR_MD5_HMAC -#define DROPBEAR_MD5_HMAC 0 -#endif /* Hostkey/public key algorithms - at least one required, these are used * for hostkey as well as for verifying signatures with pubkey auth. @@ -222,29 +205,26 @@ If you test it please contact the Dropbear author */ #define DROPBEAR_DELAY_HOSTKEY 1 #endif -/* Enable Curve25519 for key exchange. This is another elliptic - * curve method with good security properties. Increases binary size - * by ~8kB on x86-64 */ -#ifndef DROPBEAR_CURVE25519 -#define DROPBEAR_CURVE25519 1 -#endif - -/* Enable elliptic curve Diffie Hellman key exchange, see note about - * ECDSA above */ -#ifndef DROPBEAR_ECDH -#define DROPBEAR_ECDH 1 -#endif /* Key exchange algorithm. + * group14_sha1 - 2048 bit, sha1 * group14_sha256 - 2048 bit, sha2-256 * group16 - 4096 bit, sha2-512 * group1 - 1024 bit, sha1 + * curve25519 - elliptic curve DH + * ecdh - NIST elliptic curve DH (256, 384, 521) * - * group14 is supported by most implementations. - * group16 provides a greater strength level but is slower and increases binary size * group1 is too small for security though is necessary if you need compatibility with some implementations such as Dropbear versions < 0.53 + * group14 is supported by most implementations. + * group16 provides a greater strength level but is slower and increases binary size + * curve25519 and ecdh algorithms are faster than non-elliptic curve methods + * curve25519 increases binary size by ~8kB on x86-64 + * including either ECDH or ECDSA increases binary size by ~30kB on x86-64 + + * Small systems should generally include either curve25519 or ecdh for performance. + * curve25519 is less widely supported but is faster */ #ifndef DROPBEAR_DH_GROUP1 #define DROPBEAR_DH_GROUP1 1 @@ -258,6 +238,12 @@ If you test it please contact the Dropbear author */ #ifndef DROPBEAR_DH_GROUP16 #define DROPBEAR_DH_GROUP16 0 #endif +#ifndef DROPBEAR_CURVE25519 +#define DROPBEAR_CURVE25519 1 +#endif +#ifndef DROPBEAR_ECDH +#define DROPBEAR_ECDH 1 +#endif /* Control the memory/performance/compression tradeoff for zlib. * Set windowBits=8 for least memory usage, see your system's @@ -279,8 +265,6 @@ If you test it please contact the Dropbear author */ #ifndef DO_MOTD #define DO_MOTD 0 #endif - -/* The MOTD file path */ #ifndef MOTD_FILENAME #define MOTD_FILENAME "/etc/motd" #endif @@ -344,7 +328,9 @@ Homedir is prepended unless path begins with / */ /* Save a network roundtrip by sendng a real auth request immediately after * sending a query for the available methods. This is not yet enabled by default since it could cause problems with non-compliant servers */ - #define DROPBEAR_CLI_IMMEDIATE_AUTH 0 +#ifndef DROPBEAR_CLI_IMMEDIATE_AUTH +#define DROPBEAR_CLI_IMMEDIATE_AUTH 0 +#endif /* Set this to use PRNGD or EGD instead of /dev/urandom */ #ifndef DROPBEAR_USE_PRNGD From 316c923188bd5d1f835cf3a5e22ee39e89b8e8d5 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sun, 18 Feb 2018 23:48:32 +0800 Subject: [PATCH 11/26] draft CHANGES --- CHANGES | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/CHANGES b/CHANGES index 4230b57..1f002ac 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,76 @@ +Upcoming... + +- IMPORTANT: + Custom configuration is now specified in local_options.h rather than options.h + Available options and defaults can be seen in default_options.h.in + + To migrate your configuration, compare your customised options.h against the + upstream options.h from your relevant version. Any customised options should + be put in localoptions.h + +- "configure --enable-static" should now be used instead of "make STATIC=1" + +- Add group14-256 and group16 key exchange options + +- Set hardened build flags by default if supported by the compiler. + -Wl,-pie + -Wl,-z,now -Wl,-z,relro + -fstack-protector-strong + -D_FORTIFY_SOURCE=2 + # spectre v2 mitigation + -mfunction-return=thunk + -mindirect-branch=thunk + + These can be disabled with configure --disable-harden if needed + Spectre patch from Loganaden Velvindron + +- Add runtime -T max_auth_tries option from Kevin Darbyshire-Bryant + +- Add 'dbclient -J &fd' to allow dbclient to connect over an existing socket. + See dbclient manpage for a socat example. Patch from Harald Becker + +- Add "-c forced_command" option. Patch from Jeremy Kerr + +- Support server-chosen TCP forwarding ports, patch from houseofkodai + +- Allow choosing outgoing address for dbclient with -b [bind_address][:bind_port] + Patch from houseofkodai + +- Update bundled libtomcrypt to 1.18.1, libtommath to 1.0.1 + +- Minimum RSA key length has been increased to 1024 bits + +- Set PAM_RHOST which is needed by modules such as pam_abl + +- Improvements to DSS public key validation, found by OSS-Fuzz. + +- Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz + +- Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz + +- Numerous code cleanups and small issues fixed by Francois Perrad + +- Test for pkt_sched.h rather than SO_PRIORITY which was problematic with some musl + platforms. Reported by Oliver Schneider and Andrew Bainbridge + +- Fix some platform portability problems, from Ben Gardner + +- Add EXEEXT filename suffix for building dropbearmulti, from William Foster + +- Support --enable-