Rivoreo Source Code Repositories
src.rivoreo.one / security / openssh-library / 6d31193d0baa3da339c196ac49625b7ba1c2ecc7
commit6d31193d0baa3da339c196ac49625b7ba1c2ecc7[log] [download]
authordjm@openbsd.org <djm@openbsd.org>Fri Jul 08 03:44:42 2016 +0000
committerDamien Miller <djm@mindrot.org>Fri Jul 08 13:50:03 2016 +1000
tree83c1b9c11099ff8577178f702f2cb34765229d9b
parent71f5598f06941f645a451948c4a5125c83828e1c [diff]
upstream commit

Improve crypto ordering for Encrypt-then-MAC (EtM) mode
MAC algorithms.

Previously we were computing the MAC, decrypting the packet and then
checking the MAC. This gave rise to the possibility of creating a
side-channel oracle in the decryption step, though no such oracle has
been identified.

This adds a mac_check() function that computes and checks the MAC in
one pass, and uses it to advance MAC checking for EtM algorithms to
before payload decryption.

Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and
Martin Albrecht. feedback and ok markus@

Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b
3 files changed
tree: 83c1b9c11099ff8577178f702f2cb34765229d9b
  1. .skipped-commit-ids
  2. CREDITS
  3. INSTALL
  4. LICENCE
  5. Makefile.in
  6. OVERVIEW
  7. PROTOCOL
  8. PROTOCOL.agent
  9. PROTOCOL.certkeys
  10. PROTOCOL.chacha20poly1305
  11. PROTOCOL.key
  12. PROTOCOL.krl
  13. PROTOCOL.mux
  14. README
  15. README.dns
  16. README.platform
  17. README.privsep
  18. README.tun
  19. TODO
  20. aclocal.m4
  21. addrmatch.c
  22. atomicio.c
  23. atomicio.h
  24. audit-bsm.c
  25. audit-linux.c
  26. audit.c
  27. audit.h
  28. auth-bsdauth.c
  29. auth-chall.c
  30. auth-krb5.c
  31. auth-options.c
  32. auth-options.h
  33. auth-pam.c
  34. auth-pam.h
  35. auth-passwd.c
  36. auth-rh-rsa.c
  37. auth-rhosts.c
  38. auth-rsa.c
  39. auth-shadow.c
  40. auth-sia.c
  41. auth-sia.h
  42. auth-skey.c
  43. auth.c
  44. auth.h
  45. auth1.c
  46. auth2-chall.c
  47. auth2-gss.c
  48. auth2-hostbased.c
  49. auth2-kbdint.c
  50. auth2-none.c
  51. auth2-passwd.c
  52. auth2-pubkey.c
  53. auth2.c
  54. authfd.c
  55. authfd.h
  56. authfile.c
  57. authfile.h
  58. bitmap.c
  59. bitmap.h
  60. blocks.c
  61. bufaux.c
  62. bufbn.c
  63. bufec.c
  64. buffer.c
  65. buffer.h
  66. buildpkg.sh.in
  67. canohost.c
  68. canohost.h
  69. chacha.c
  70. chacha.h
  71. channels.c
  72. channels.h
  73. cipher-3des1.c
  74. cipher-aes.c
  75. cipher-aesctr.c
  76. cipher-aesctr.h
  77. cipher-bf1.c
  78. cipher-chachapoly.c
  79. cipher-chachapoly.h
  80. cipher-ctr.c
  81. cipher.c
  82. cipher.h
  83. cleanup.c
  84. clientloop.c
  85. clientloop.h
  86. compat.c
  87. compat.h
  88. config.guess
  89. config.sub
  90. configure.ac
  91. contrib/
  92. crc32.c
  93. crc32.h
  94. crypto_api.h
  95. deattack.c
  96. deattack.h
  97. defines.h
  98. dh.c
  99. dh.h
  100. digest-libc.c
  101. digest-openssl.c
  102. digest.h
  103. dispatch.c
  104. dispatch.h
  105. dns.c
  106. dns.h
  107. ed25519.c
  108. entropy.c
  109. entropy.h
  110. fatal.c
  111. fe25519.c
  112. fe25519.h
  113. fixalgorithms
  114. fixpaths
  115. fixprogs
  116. ge25519.c
  117. ge25519.h
  118. ge25519_base.data
  119. groupaccess.c
  120. groupaccess.h
  121. gss-genr.c
  122. gss-serv-krb5.c
  123. gss-serv.c
  124. hash.c
  125. hmac.c
  126. hmac.h
  127. hostfile.c
  128. hostfile.h
  129. includes.h
  130. install-sh
  131. kex.c
  132. kex.h
  133. kexc25519.c
  134. kexc25519c.c
  135. kexc25519s.c
  136. kexdh.c
  137. kexdhc.c
  138. kexdhs.c
  139. kexecdh.c
  140. kexecdhc.c
  141. kexecdhs.c
  142. kexgex.c
  143. kexgexc.c
  144. kexgexs.c
  145. key.c
  146. key.h
  147. krl.c
  148. krl.h
  149. log.c
  150. log.h
  151. loginrec.c
  152. loginrec.h
  153. logintest.c
  154. mac.c
  155. mac.h
  156. match.c
  157. match.h
  158. md-sha256.c
  159. md5crypt.c
  160. md5crypt.h
  161. mdoc2man.awk
  162. misc.c
  163. misc.h
  164. mkinstalldirs
  165. moduli
  166. moduli.5
  167. moduli.c
  168. monitor.c
  169. monitor.h
  170. monitor_fdpass.c
  171. monitor_fdpass.h
  172. monitor_mm.c
  173. monitor_mm.h
  174. monitor_wrap.c
  175. monitor_wrap.h
  176. msg.c
  177. msg.h
  178. mux.c
  179. myproposal.h
  180. nchan.c
  181. nchan.ms
  182. nchan2.ms
  183. opacket.c
  184. opacket.h
  185. openbsd-compat/
  186. openssh.xml.in
  187. opensshd.init.in
  188. packet.c
  189. packet.h
  190. pathnames.h
  191. pkcs11.h
  192. platform-pledge.c
  193. platform-tracing.c
  194. platform.c
  195. platform.h
  196. poly1305.c
  197. poly1305.h
  198. progressmeter.c
  199. progressmeter.h
  200. readconf.c
  201. readconf.h
  202. readpass.c
  203. regress/
  204. rijndael.c
  205. rijndael.h
  206. rsa.c
  207. rsa.h
  208. sandbox-capsicum.c
  209. sandbox-darwin.c
  210. sandbox-null.c
  211. sandbox-pledge.c
  212. sandbox-rlimit.c
  213. sandbox-seccomp-filter.c
  214. sandbox-solaris.c
  215. sandbox-systrace.c
  216. sc25519.c
  217. sc25519.h
  218. scp.1
  219. scp.c
  220. servconf.c
  221. servconf.h
  222. serverloop.c
  223. serverloop.h
  224. session.c
  225. session.h
  226. sftp-client.c
  227. sftp-client.h
  228. sftp-common.c
  229. sftp-common.h
  230. sftp-glob.c
  231. sftp-server-main.c
  232. sftp-server.8
  233. sftp-server.c
  234. sftp.1
  235. sftp.c
  236. sftp.h
  237. smult_curve25519_ref.c
  238. ssh-add.1
  239. ssh-add.c
  240. ssh-agent.1
  241. ssh-agent.c
  242. ssh-dss.c
  243. ssh-ecdsa.c
  244. ssh-ed25519.c
  245. ssh-gss.h
  246. ssh-keygen.1
  247. ssh-keygen.c
  248. ssh-keyscan.1
  249. ssh-keyscan.c
  250. ssh-keysign.8
  251. ssh-keysign.c
  252. ssh-pkcs11-client.c
  253. ssh-pkcs11-helper.8
  254. ssh-pkcs11-helper.c
  255. ssh-pkcs11.c
  256. ssh-pkcs11.h
  257. ssh-rsa.c
  258. ssh-sandbox.h
  259. ssh.1
  260. ssh.c
  261. ssh.h
  262. ssh1.h
  263. ssh2.h
  264. ssh_api.c
  265. ssh_api.h
  266. ssh_config
  267. ssh_config.5
  268. sshbuf-getput-basic.c
  269. sshbuf-getput-crypto.c
  270. sshbuf-misc.c
  271. sshbuf.c
  272. sshbuf.h
  273. sshconnect.c
  274. sshconnect.h
  275. sshconnect1.c
  276. sshconnect2.c
  277. sshd.8
  278. sshd.c
  279. sshd_config
  280. sshd_config.5
  281. ssherr.c
  282. ssherr.h
  283. sshkey.c
  284. sshkey.h
  285. sshlogin.c
  286. sshlogin.h
  287. sshpty.c
  288. sshpty.h
  289. sshtty.c
  290. survey.sh.in
  291. ttymodes.c
  292. ttymodes.h
  293. uidswap.c
  294. uidswap.h
  295. umac.c
  296. umac.h
  297. utf8.c
  298. utf8.h
  299. uuencode.c
  300. uuencode.h
  301. verify.c
  302. version.h
  303. xmalloc.c
  304. xmalloc.h