Mercurial > dropbear
view algo.h @ 1788:1fc0012b9c38
Fix handling of replies to global requests (#112)
The current code assumes that all global requests want / need a reply.
This isn't always true and the request itself indicates if it wants a
reply or not.
It causes a specific problem with [email protected] messages.
These are sent by OpenSSH after authentication to inform the client of
potential other host keys for the host. This can be used to add a new
type of host key or to rotate host keys.
The initial information message from the server is sent as a global
request, but with want_reply set to false. This means that the server
doesn't expect an answer to this message. Instead the client needs to
send a prove request as a reply if it wants to receive proof of
ownership for the host keys.
The bug doesn't cause any current problems with due to how OpenSSH
treats receiving the failure message. It instead treats it as a
keepalive message and further ignores it.
Arguably this is a protocol violation though of Dropbear and it is only
accidental that it doesn't cause a problem with OpenSSH.
The bug was found when adding host keys support to libssh, which is more
strict protocol wise and treats the unexpected failure message an error,
also see https://gitlab.com/libssh/libssh-mirror/-/merge_requests/145
for more information.
The fix here is to honor the want_reply flag in the global request and
to only send a reply if the other side expects a reply.
| author | Dirkjan Bussink <d.bussink@gmail.com> |
|---|---|
| date | Thu, 10 Dec 2020 16:13:13 +0100 |
| parents | 41bf8f216644 |
| children |
line wrap: on
line source
/* * Dropbear - a SSH2 server * * Copyright (c) 2002,2003 Matt Johnston * All rights reserved. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ #ifndef DROPBEAR_ALGO_H_ #define DROPBEAR_ALGO_H_ #include "includes.h" #include "buffer.h" #define DROPBEAR_MODE_UNUSED 0 #define DROPBEAR_MODE_CBC 1 #define DROPBEAR_MODE_CTR 2 struct Algo_Type { const char *name; /* identifying name */ char val; /* a value for this cipher, or -1 for invalid */ const void *data; /* algorithm specific data */ char usable; /* whether we can use this algorithm */ const void *mode; /* the mode, currently only used for ciphers, points to a 'struct dropbear_cipher_mode' */ }; typedef struct Algo_Type algo_type; /* lists mapping ssh types of algorithms to internal values */ extern algo_type sshkex[]; extern algo_type sigalgs[]; extern algo_type sshciphers[]; extern algo_type sshhashes[]; extern algo_type ssh_compress[]; extern algo_type ssh_delaycompress[]; extern algo_type ssh_nocompress[]; extern const struct dropbear_cipher dropbear_nocipher; extern const struct dropbear_cipher_mode dropbear_mode_none; extern const struct dropbear_hash dropbear_nohash; struct dropbear_cipher { const struct ltc_cipher_descriptor *cipherdesc; const unsigned long keysize; const unsigned char blocksize; }; struct dropbear_cipher_mode { int (*start)(int cipher, const unsigned char *IV, const unsigned char *key, int keylen, int num_rounds, void *cipher_state); int (*encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long len, void *cipher_state); int (*decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long len, void *cipher_state); int (*aead_crypt)(unsigned int seq, const unsigned char *in, unsigned char *out, unsigned long len, unsigned long taglen, void *cipher_state, int direction); int (*aead_getlength)(unsigned int seq, const unsigned char *in, unsigned int *outlen, unsigned long len, void *cipher_state); const struct dropbear_hash *aead_mac; }; struct dropbear_hash { const struct ltc_hash_descriptor *hash_desc; const unsigned long keysize; /* hashsize may be truncated from the size returned by hash_desc, eg sha1-96 */ const unsigned char hashsize; }; enum dropbear_kex_mode { #if DROPBEAR_NORMAL_DH DROPBEAR_KEX_NORMAL_DH, #endif #if DROPBEAR_ECDH DROPBEAR_KEX_ECDH, #endif #if DROPBEAR_CURVE25519 DROPBEAR_KEX_CURVE25519, #endif }; struct dropbear_kex { enum dropbear_kex_mode mode; /* "normal" DH KEX */ const unsigned char *dh_p_bytes; const int dh_p_len; /* elliptic curve DH KEX */ #if DROPBEAR_ECDH const struct dropbear_ecc_curve *ecc_curve; #else const void* dummy; #endif /* both */ const struct ltc_hash_descriptor *hash_desc; }; /* Includes all algorithms is useall is set */ void buf_put_algolist_all(buffer * buf, const algo_type localalgos[], int useall); /* Includes "usable" algorithms */ void buf_put_algolist(buffer * buf, const algo_type localalgos[]); #define KEXGUESS2_ALGO_NAME "[email protected]" int buf_has_algo(buffer *buf, const char *algo); algo_type * first_usable_algo(algo_type algos[]); algo_type * buf_match_algo(buffer* buf, algo_type localalgos[], int kexguess2, int *goodguess); #if DROPBEAR_USER_ALGO_LIST int check_user_algos(const char* user_algo_list, algo_type * algos, const char *algo_desc); char * algolist_string(const algo_type algos[]); #endif enum { DROPBEAR_COMP_NONE, DROPBEAR_COMP_ZLIB, DROPBEAR_COMP_ZLIB_DELAY, }; #endif /* DROPBEAR_ALGO_H_ */