openssh-portable/sntrup761.c

1274 lines
25 KiB
C
Raw Permalink Normal View History

Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
/* $OpenBSD: sntrup761.c,v 1.6 2023/01/11 02:13:52 djm Exp $ */
/*
* Public Domain, Authors:
* - Daniel J. Bernstein
* - Chitchanok Chuengsatiansup
* - Tanja Lange
* - Christine van Vredendaal
*/
#include "includes.h"
#ifdef USE_SNTRUP761X25519
#include <string.h>
#include "crypto_api.h"
#define int8 crypto_int8
#define uint8 crypto_uint8
#define int16 crypto_int16
#define uint16 crypto_uint16
#define int32 crypto_int32
#define uint32 crypto_uint32
#define int64 crypto_int64
#define uint64 crypto_uint64
/* from supercop-20201130/crypto_sort/int32/portable4/int32_minmax.inc */
#define int32_MINMAX(a,b) \
do { \
int64_t ab = (int64_t)b ^ (int64_t)a; \
int64_t c = (int64_t)b - (int64_t)a; \
c ^= ab & (c ^ b); \
c >>= 31; \
c &= ab; \
a ^= c; \
b ^= c; \
} while(0)
/* from supercop-20201130/crypto_sort/int32/portable4/sort.c */
static void crypto_sort_int32(void *array,long long n)
{
long long top,p,q,r,i,j;
int32 *x = array;
if (n < 2) return;
top = 1;
while (top < n - top) top += top;
for (p = top;p >= 1;p >>= 1) {
i = 0;
while (i + 2 * p <= n) {
for (j = i;j < i + p;++j)
int32_MINMAX(x[j],x[j+p]);
i += 2 * p;
}
for (j = i;j < n - p;++j)
int32_MINMAX(x[j],x[j+p]);
i = 0;
j = 0;
for (q = top;q > p;q >>= 1) {
if (j != i) for (;;) {
if (j == n - q) goto done;
int32 a = x[j + p];
for (r = q;r > p;r >>= 1)
int32_MINMAX(a,x[j + r]);
x[j + p] = a;
++j;
if (j == i + p) {
i += 2 * p;
break;
}
}
while (i + p <= n - q) {
for (j = i;j < i + p;++j) {
int32 a = x[j + p];
for (r = q;r > p;r >>= 1)
int32_MINMAX(a,x[j+r]);
x[j + p] = a;
}
i += 2 * p;
}
/* now i + p > n - q */
j = i;
while (j < n - q) {
int32 a = x[j + p];
for (r = q;r > p;r >>= 1)
int32_MINMAX(a,x[j+r]);
x[j + p] = a;
++j;
}
done: ;
}
}
}
/* from supercop-20201130/crypto_sort/uint32/useint32/sort.c */
/* can save time by vectorizing xor loops */
/* can save time by integrating xor loops with int32_sort */
static void crypto_sort_uint32(void *array,long long n)
{
crypto_uint32 *x = array;
long long j;
for (j = 0;j < n;++j) x[j] ^= 0x80000000;
crypto_sort_int32(array,n);
for (j = 0;j < n;++j) x[j] ^= 0x80000000;
}
/* from supercop-20201130/crypto_kem/sntrup761/ref/uint32.c */
/*
CPU division instruction typically takes time depending on x.
This software is designed to take time independent of x.
Time still varies depending on m; user must ensure that m is constant.
Time also varies on CPUs where multiplication is variable-time.
There could be more CPU issues.
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
There could also be compiler issues.
*/
static void uint32_divmod_uint14(uint32 *q,uint16 *r,uint32 x,uint16 m)
{
uint32 v = 0x80000000;
uint32 qpart;
uint32 mask;
v /= m;
/* caller guarantees m > 0 */
/* caller guarantees m < 16384 */
/* vm <= 2^31 <= vm+m-1 */
/* xvm <= 2^31 x <= xvm+x(m-1) */
*q = 0;
qpart = (x*(uint64)v)>>31;
/* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */
/* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */
/* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */
/* 0 <= 2^31 newx <= (2^31-1)m + x(m-1) */
/* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */
/* 0 <= newx <= (1-1/2^31)(2^14-1) + (2^32-1)((2^14-1)-1)/2^31 */
x -= qpart*m; *q += qpart;
/* x <= 49146 */
qpart = (x*(uint64)v)>>31;
/* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */
/* 0 <= newx <= m + 49146(2^14-1)/2^31 */
/* 0 <= newx <= m + 0.4 */
/* 0 <= newx <= m */
x -= qpart*m; *q += qpart;
/* x <= m */
x -= m; *q += 1;
mask = -(x>>31);
x += mask&(uint32)m; *q += mask;
/* x < m */
*r = x;
}
static uint16 uint32_mod_uint14(uint32 x,uint16 m)
{
uint32 q;
uint16 r;
uint32_divmod_uint14(&q,&r,x,m);
return r;
}
/* from supercop-20201130/crypto_kem/sntrup761/ref/int32.c */
static void int32_divmod_uint14(int32 *q,uint16 *r,int32 x,uint16 m)
{
uint32 uq,uq2;
uint16 ur,ur2;
uint32 mask;
uint32_divmod_uint14(&uq,&ur,0x80000000+(uint32)x,m);
uint32_divmod_uint14(&uq2,&ur2,0x80000000,m);
ur -= ur2; uq -= uq2;
mask = -(uint32)(ur>>15);
ur += mask&m; uq += mask;
*r = ur; *q = uq;
}
static uint16 int32_mod_uint14(int32 x,uint16 m)
{
int32 q;
uint16 r;
int32_divmod_uint14(&q,&r,x,m);
return r;
}
/* from supercop-20201130/crypto_kem/sntrup761/ref/paramsmenu.h */
/* pick one of these three: */
#define SIZE761
#undef SIZE653
#undef SIZE857
/* pick one of these two: */
#define SNTRUP /* Streamlined NTRU Prime */
#undef LPR /* NTRU LPRime */
/* from supercop-20201130/crypto_kem/sntrup761/ref/params.h */
#ifndef params_H
#define params_H
/* menu of parameter choices: */
/* what the menu means: */
#if defined(SIZE761)
#define p 761
#define q 4591
#define Rounded_bytes 1007
#ifndef LPR
#define Rq_bytes 1158
#define w 286
#else
#define w 250
#define tau0 2156
#define tau1 114
#define tau2 2007
#define tau3 287
#endif
#elif defined(SIZE653)
#define p 653
#define q 4621
#define Rounded_bytes 865
#ifndef LPR
#define Rq_bytes 994
#define w 288
#else
#define w 252
#define tau0 2175
#define tau1 113
#define tau2 2031
#define tau3 290
#endif
#elif defined(SIZE857)
#define p 857
#define q 5167
#define Rounded_bytes 1152
#ifndef LPR
#define Rq_bytes 1322
#define w 322
#else
#define w 281
#define tau0 2433
#define tau1 101
#define tau2 2265
#define tau3 324
#endif
#else
#error "no parameter set defined"
#endif
#ifdef LPR
#define I 256
#endif
#endif
/* from supercop-20201130/crypto_kem/sntrup761/ref/Decode.h */
#ifndef Decode_H
#define Decode_H
/* Decode(R,s,M,len) */
/* assumes 0 < M[i] < 16384 */
/* produces 0 <= R[i] < M[i] */
#endif
/* from supercop-20201130/crypto_kem/sntrup761/ref/Decode.c */
static void Decode(uint16 *out,const unsigned char *S,const uint16 *M,long long len)
{
if (len == 1) {
if (M[0] == 1)
*out = 0;
else if (M[0] <= 256)
*out = uint32_mod_uint14(S[0],M[0]);
else
*out = uint32_mod_uint14(S[0]+(((uint16)S[1])<<8),M[0]);
}
if (len > 1) {
uint16 R2[(len+1)/2];
uint16 M2[(len+1)/2];
uint16 bottomr[len/2];
uint32 bottomt[len/2];
long long i;
for (i = 0;i < len-1;i += 2) {
uint32 m = M[i]*(uint32) M[i+1];
if (m > 256*16383) {
bottomt[i/2] = 256*256;
bottomr[i/2] = S[0]+256*S[1];
S += 2;
M2[i/2] = (((m+255)>>8)+255)>>8;
} else if (m >= 16384) {
bottomt[i/2] = 256;
bottomr[i/2] = S[0];
S += 1;
M2[i/2] = (m+255)>>8;
} else {
bottomt[i/2] = 1;
bottomr[i/2] = 0;
M2[i/2] = m;
}
}
if (i < len)
M2[i/2] = M[i];
Decode(R2,S,M2,(len+1)/2);
for (i = 0;i < len-1;i += 2) {
uint32 r = bottomr[i/2];
uint32 r1;
uint16 r0;
r += bottomt[i/2]*R2[i/2];
uint32_divmod_uint14(&r1,&r0,r,M[i]);
r1 = uint32_mod_uint14(r1,M[i+1]); /* only needed for invalid inputs */
*out++ = r0;
*out++ = r1;
}
if (i < len)
*out++ = R2[i/2];
}
}
/* from supercop-20201130/crypto_kem/sntrup761/ref/Encode.h */
#ifndef Encode_H
#define Encode_H
/* Encode(s,R,M,len) */
/* assumes 0 <= R[i] < M[i] < 16384 */
#endif
/* from supercop-20201130/crypto_kem/sntrup761/ref/Encode.c */
/* 0 <= R[i] < M[i] < 16384 */
static void Encode(unsigned char *out,const uint16 *R,const uint16 *M,long long len)
{
if (len == 1) {
uint16 r = R[0];
uint16 m = M[0];
while (m > 1) {
*out++ = r;
r >>= 8;
m = (m+255)>>8;
}
}
if (len > 1) {
uint16 R2[(len+1)/2];
uint16 M2[(len+1)/2];
long long i;
for (i = 0;i < len-1;i += 2) {
uint32 m0 = M[i];
uint32 r = R[i]+R[i+1]*m0;
uint32 m = M[i+1]*m0;
while (m >= 16384) {
*out++ = r;
r >>= 8;
m = (m+255)>>8;
}
R2[i/2] = r;
M2[i/2] = m;
}
if (i < len) {
R2[i/2] = R[i];
M2[i/2] = M[i];
}
Encode(out,R2,M2,(len+1)/2);
}
}
/* from supercop-20201130/crypto_kem/sntrup761/ref/kem.c */
#ifdef LPR
#endif
/* ----- masks */
#ifndef LPR
/* return -1 if x!=0; else return 0 */
static int int16_nonzero_mask(int16 x)
{
uint16 u = x; /* 0, else 1...65535 */
uint32 v = u; /* 0, else 1...65535 */
v = -v; /* 0, else 2^32-65535...2^32-1 */
v >>= 31; /* 0, else 1 */
return -v; /* 0, else -1 */
}
#endif
/* return -1 if x<0; otherwise return 0 */
static int int16_negative_mask(int16 x)
{
uint16 u = x;
u >>= 15;
return -(int) u;
/* alternative with gcc -fwrapv: */
/* x>>15 compiles to CPU's arithmetic right shift */
}
/* ----- arithmetic mod 3 */
typedef int8 small;
/* F3 is always represented as -1,0,1 */
/* so ZZ_fromF3 is a no-op */
/* x must not be close to top int16 */
static small F3_freeze(int16 x)
{
return int32_mod_uint14(x+1,3)-1;
}
/* ----- arithmetic mod q */
#define q12 ((q-1)/2)
typedef int16 Fq;
/* always represented as -q12...q12 */
/* so ZZ_fromFq is a no-op */
/* x must not be close to top int32 */
static Fq Fq_freeze(int32 x)
{
return int32_mod_uint14(x+q12,q)-q12;
}
#ifndef LPR
static Fq Fq_recip(Fq a1)
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
{
int i = 1;
Fq ai = a1;
while (i < q-2) {
ai = Fq_freeze(a1*(int32)ai);
i += 1;
}
return ai;
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
}
#endif
/* ----- Top and Right */
#ifdef LPR
#define tau 16
static int8 Top(Fq C)
{
return (tau1*(int32)(C+tau0)+16384)>>15;
}
static Fq Right(int8 T)
{
return Fq_freeze(tau3*(int32)T-tau2);
}
#endif
/* ----- small polynomials */
#ifndef LPR
/* 0 if Weightw_is(r), else -1 */
static int Weightw_mask(small *r)
{
int weight = 0;
int i;
for (i = 0;i < p;++i) weight += r[i]&1;
return int16_nonzero_mask(weight-w);
}
/* R3_fromR(R_fromRq(r)) */
static void R3_fromRq(small *out,const Fq *r)
{
int i;
for (i = 0;i < p;++i) out[i] = F3_freeze(r[i]);
}
/* h = f*g in the ring R3 */
static void R3_mult(small *h,const small *f,const small *g)
{
small fg[p+p-1];
small result;
int i,j;
for (i = 0;i < p;++i) {
result = 0;
for (j = 0;j <= i;++j) result = F3_freeze(result+f[j]*g[i-j]);
fg[i] = result;
}
for (i = p;i < p+p-1;++i) {
result = 0;
for (j = i-p+1;j < p;++j) result = F3_freeze(result+f[j]*g[i-j]);
fg[i] = result;
}
for (i = p+p-2;i >= p;--i) {
fg[i-p] = F3_freeze(fg[i-p]+fg[i]);
fg[i-p+1] = F3_freeze(fg[i-p+1]+fg[i]);
}
for (i = 0;i < p;++i) h[i] = fg[i];
}
/* returns 0 if recip succeeded; else -1 */
static int R3_recip(small *out,const small *in)
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
{
small f[p+1],g[p+1],v[p+1],r[p+1];
int i,loop,delta;
int sign,swap,t;
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
for (i = 0;i < p+1;++i) v[i] = 0;
for (i = 0;i < p+1;++i) r[i] = 0;
r[0] = 1;
for (i = 0;i < p;++i) f[i] = 0;
f[0] = 1; f[p-1] = f[p] = -1;
for (i = 0;i < p;++i) g[p-1-i] = in[i];
g[p] = 0;
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
delta = 1;
for (loop = 0;loop < 2*p-1;++loop) {
for (i = p;i > 0;--i) v[i] = v[i-1];
v[0] = 0;
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
sign = -g[0]*f[0];
swap = int16_negative_mask(-delta) & int16_nonzero_mask(g[0]);
delta ^= swap&(delta^-delta);
delta += 1;
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
for (i = 0;i < p+1;++i) {
t = swap&(f[i]^g[i]); f[i] ^= t; g[i] ^= t;
t = swap&(v[i]^r[i]); v[i] ^= t; r[i] ^= t;
}
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
for (i = 0;i < p+1;++i) g[i] = F3_freeze(g[i]+sign*f[i]);
for (i = 0;i < p+1;++i) r[i] = F3_freeze(r[i]+sign*v[i]);
for (i = 0;i < p;++i) g[i] = g[i+1];
g[p] = 0;
}
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
sign = f[0];
for (i = 0;i < p;++i) out[i] = sign*v[p-1-i];
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
return int16_nonzero_mask(delta);
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
}
#endif
/* ----- polynomials mod q */
/* h = f*g in the ring Rq */
static void Rq_mult_small(Fq *h,const Fq *f,const small *g)
{
Fq fg[p+p-1];
Fq result;
int i,j;
for (i = 0;i < p;++i) {
result = 0;
for (j = 0;j <= i;++j) result = Fq_freeze(result+f[j]*(int32)g[i-j]);
fg[i] = result;
}
for (i = p;i < p+p-1;++i) {
result = 0;
for (j = i-p+1;j < p;++j) result = Fq_freeze(result+f[j]*(int32)g[i-j]);
fg[i] = result;
}
for (i = p+p-2;i >= p;--i) {
fg[i-p] = Fq_freeze(fg[i-p]+fg[i]);
fg[i-p+1] = Fq_freeze(fg[i-p+1]+fg[i]);
}
for (i = 0;i < p;++i) h[i] = fg[i];
}
#ifndef LPR
/* h = 3f in Rq */
static void Rq_mult3(Fq *h,const Fq *f)
{
int i;
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
for (i = 0;i < p;++i) h[i] = Fq_freeze(3*f[i]);
}
/* out = 1/(3*in) in Rq */
/* returns 0 if recip succeeded; else -1 */
static int Rq_recip3(Fq *out,const small *in)
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
{
Fq f[p+1],g[p+1],v[p+1],r[p+1];
int i,loop,delta;
int swap,t;
int32 f0,g0;
Fq scale;
for (i = 0;i < p+1;++i) v[i] = 0;
for (i = 0;i < p+1;++i) r[i] = 0;
r[0] = Fq_recip(3);
for (i = 0;i < p;++i) f[i] = 0;
f[0] = 1; f[p-1] = f[p] = -1;
for (i = 0;i < p;++i) g[p-1-i] = in[i];
g[p] = 0;
delta = 1;
for (loop = 0;loop < 2*p-1;++loop) {
for (i = p;i > 0;--i) v[i] = v[i-1];
v[0] = 0;
swap = int16_negative_mask(-delta) & int16_nonzero_mask(g[0]);
delta ^= swap&(delta^-delta);
delta += 1;
for (i = 0;i < p+1;++i) {
t = swap&(f[i]^g[i]); f[i] ^= t; g[i] ^= t;
t = swap&(v[i]^r[i]); v[i] ^= t; r[i] ^= t;
}
f0 = f[0];
g0 = g[0];
for (i = 0;i < p+1;++i) g[i] = Fq_freeze(f0*g[i]-g0*f[i]);
for (i = 0;i < p+1;++i) r[i] = Fq_freeze(f0*r[i]-g0*v[i]);
for (i = 0;i < p;++i) g[i] = g[i+1];
g[p] = 0;
}
scale = Fq_recip(f[0]);
for (i = 0;i < p;++i) out[i] = Fq_freeze(scale*(int32)v[p-1-i]);
return int16_nonzero_mask(delta);
}
#endif
/* ----- rounded polynomials mod q */
static void Round(Fq *out,const Fq *a)
{
int i;
for (i = 0;i < p;++i) out[i] = a[i]-F3_freeze(a[i]);
}
/* ----- sorting to generate short polynomial */
static void Short_fromlist(small *out,const uint32 *in)
{
uint32 L[p];
int i;
for (i = 0;i < w;++i) L[i] = in[i]&(uint32)-2;
for (i = w;i < p;++i) L[i] = (in[i]&(uint32)-3)|1;
crypto_sort_uint32(L,p);
for (i = 0;i < p;++i) out[i] = (L[i]&3)-1;
}
/* ----- underlying hash function */
#define Hash_bytes 32
/* e.g., b = 0 means out = Hash0(in) */
static void Hash_prefix(unsigned char *out,int b,const unsigned char *in,int inlen)
{
unsigned char x[inlen+1];
unsigned char h[64];
int i;
x[0] = b;
for (i = 0;i < inlen;++i) x[i+1] = in[i];
crypto_hash_sha512(h,x,inlen+1);
for (i = 0;i < 32;++i) out[i] = h[i];
}
/* ----- higher-level randomness */
static uint32 urandom32(void)
{
unsigned char c[4];
uint32 out[4];
randombytes(c,4);
out[0] = (uint32)c[0];
out[1] = ((uint32)c[1])<<8;
out[2] = ((uint32)c[2])<<16;
out[3] = ((uint32)c[3])<<24;
return out[0]+out[1]+out[2]+out[3];
}
static void Short_random(small *out)
{
uint32 L[p];
int i;
for (i = 0;i < p;++i) L[i] = urandom32();
Short_fromlist(out,L);
}
#ifndef LPR
static void Small_random(small *out)
{
int i;
for (i = 0;i < p;++i) out[i] = (((urandom32()&0x3fffffff)*3)>>30)-1;
}
#endif
/* ----- Streamlined NTRU Prime Core */
#ifndef LPR
/* h,(f,ginv) = KeyGen() */
static void KeyGen(Fq *h,small *f,small *ginv)
{
small g[p];
Fq finv[p];
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
for (;;) {
Small_random(g);
if (R3_recip(ginv,g) == 0) break;
}
Short_random(f);
Rq_recip3(finv,f); /* always works */
Rq_mult_small(h,finv,g);
}
/* c = Encrypt(r,h) */
static void Encrypt(Fq *c,const small *r,const Fq *h)
{
Fq hr[p];
Rq_mult_small(hr,h,r);
Round(c,hr);
}
/* r = Decrypt(c,(f,ginv)) */
static void Decrypt(small *r,const Fq *c,const small *f,const small *ginv)
{
Fq cf[p];
Fq cf3[p];
small e[p];
small ev[p];
int mask;
int i;
Rq_mult_small(cf,c,f);
Rq_mult3(cf3,cf);
R3_fromRq(e,cf3);
R3_mult(ev,e,ginv);
mask = Weightw_mask(ev); /* 0 if weight w, else -1 */
for (i = 0;i < w;++i) r[i] = ((ev[i]^1)&~mask)^1;
for (i = w;i < p;++i) r[i] = ev[i]&~mask;
}
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
#endif
/* ----- NTRU LPRime Core */
#ifdef LPR
/* (G,A),a = KeyGen(G); leaves G unchanged */
static void KeyGen(Fq *A,small *a,const Fq *G)
{
Fq aG[p];
Short_random(a);
Rq_mult_small(aG,G,a);
Round(A,aG);
}
/* B,T = Encrypt(r,(G,A),b) */
static void Encrypt(Fq *B,int8 *T,const int8 *r,const Fq *G,const Fq *A,const small *b)
{
Fq bG[p];
Fq bA[p];
int i;
Rq_mult_small(bG,G,b);
Round(B,bG);
Rq_mult_small(bA,A,b);
for (i = 0;i < I;++i) T[i] = Top(Fq_freeze(bA[i]+r[i]*q12));
}
/* r = Decrypt((B,T),a) */
static void Decrypt(int8 *r,const Fq *B,const int8 *T,const small *a)
{
Fq aB[p];
int i;
Rq_mult_small(aB,B,a);
for (i = 0;i < I;++i)
r[i] = -int16_negative_mask(Fq_freeze(Right(T[i])-aB[i]+4*w+1));
}
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
#endif
/* ----- encoding I-bit inputs */
#ifdef LPR
#define Inputs_bytes (I/8)
typedef int8 Inputs[I]; /* passed by reference */
static void Inputs_encode(unsigned char *s,const Inputs r)
{
int i;
for (i = 0;i < Inputs_bytes;++i) s[i] = 0;
for (i = 0;i < I;++i) s[i>>3] |= r[i]<<(i&7);
}
#endif
/* ----- Expand */
#ifdef LPR
static const unsigned char aes_nonce[16] = {0};
static void Expand(uint32 *L,const unsigned char *k)
{
int i;
crypto_stream_aes256ctr((unsigned char *) L,4*p,aes_nonce,k);
for (i = 0;i < p;++i) {
uint32 L0 = ((unsigned char *) L)[4*i];
uint32 L1 = ((unsigned char *) L)[4*i+1];
uint32 L2 = ((unsigned char *) L)[4*i+2];
uint32 L3 = ((unsigned char *) L)[4*i+3];
L[i] = L0+(L1<<8)+(L2<<16)+(L3<<24);
}
}
#endif
/* ----- Seeds */
#ifdef LPR
#define Seeds_bytes 32
static void Seeds_random(unsigned char *s)
{
randombytes(s,Seeds_bytes);
}
#endif
/* ----- Generator, HashShort */
#ifdef LPR
/* G = Generator(k) */
static void Generator(Fq *G,const unsigned char *k)
{
uint32 L[p];
int i;
Expand(L,k);
for (i = 0;i < p;++i) G[i] = uint32_mod_uint14(L[i],q)-q12;
}
/* out = HashShort(r) */
static void HashShort(small *out,const Inputs r)
{
unsigned char s[Inputs_bytes];
unsigned char h[Hash_bytes];
uint32 L[p];
Inputs_encode(s,r);
Hash_prefix(h,5,s,sizeof s);
Expand(L,h);
Short_fromlist(out,L);
}
#endif
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
/* ----- NTRU LPRime Expand */
#ifdef LPR
/* (S,A),a = XKeyGen() */
static void XKeyGen(unsigned char *S,Fq *A,small *a)
{
Fq G[p];
Seeds_random(S);
Generator(G,S);
KeyGen(A,a,G);
}
/* B,T = XEncrypt(r,(S,A)) */
static void XEncrypt(Fq *B,int8 *T,const int8 *r,const unsigned char *S,const Fq *A)
{
Fq G[p];
small b[p];
Generator(G,S);
HashShort(b,r);
Encrypt(B,T,r,G,A,b);
}
#define XDecrypt Decrypt
#endif
/* ----- encoding small polynomials (including short polynomials) */
#define Small_bytes ((p+3)/4)
/* these are the only functions that rely on p mod 4 = 1 */
static void Small_encode(unsigned char *s,const small *f)
{
small x;
int i;
for (i = 0;i < p/4;++i) {
x = *f++ + 1;
x += (*f++ + 1)<<2;
x += (*f++ + 1)<<4;
x += (*f++ + 1)<<6;
*s++ = x;
}
x = *f++ + 1;
*s++ = x;
}
static void Small_decode(small *f,const unsigned char *s)
{
unsigned char x;
int i;
for (i = 0;i < p/4;++i) {
x = *s++;
*f++ = ((small)(x&3))-1; x >>= 2;
*f++ = ((small)(x&3))-1; x >>= 2;
*f++ = ((small)(x&3))-1; x >>= 2;
*f++ = ((small)(x&3))-1;
}
x = *s++;
*f++ = ((small)(x&3))-1;
}
/* ----- encoding general polynomials */
#ifndef LPR
static void Rq_encode(unsigned char *s,const Fq *r)
{
uint16 R[p],M[p];
int i;
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
for (i = 0;i < p;++i) R[i] = r[i]+q12;
for (i = 0;i < p;++i) M[i] = q;
Encode(s,R,M,p);
}
static void Rq_decode(Fq *r,const unsigned char *s)
{
uint16 R[p],M[p];
int i;
for (i = 0;i < p;++i) M[i] = q;
Decode(R,s,M,p);
for (i = 0;i < p;++i) r[i] = ((Fq)R[i])-q12;
}
Merge 9.2 (#657) * upstream: attemp FIDO key signing without PIN and use the error code returned to fall back only if necessary. Avoids PIN prompts for FIDO tokens that don't require them; part of GHPR#302 OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e * Install Cygwin packages based on OS not config. * initial list of allowed signers * upstream: whitespace OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 * upstream: whitespace OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 * Add cygwin-release test target. This also moves the cygwin package install from the workflow file to setup_ci.sh so that we can install different sets of Cygwin packages for different test configs. * Add Windows 2022 test targets. * Add libcrypt-devel to cygwin-release deps. Based on feedback from vinschen at redhat.com. * cross-sign allowed_signers with PGP key Provides continuity of trust from legacy PGP release key to the SSHSIG signing keys that we will use henceforth for git signing. * additional keys * upstream: whitespace OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 * Move sftp from valgrind-2 to 3 to rebalance. * upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV explicitly test whether the token performs built-in UV (e.g. biometric tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd * Remove arc4random_uniform from arc4random.c This was previously moved into its own file (matching OpenBSD) which prematurely committed in commit 73541f2. * Move OPENBSD ORIGINAL marker. Putting this after the copyright statement (which doesn't change) instead of before the version identifier (which does) prevents merge conflicts when resyncing changes. * Resync arc4random with OpenBSD. This brings us up to current, including djm's random-reseeding change, as prompted by logan at cyberstorm.mu in bz#3467. It brings the platform-specific hooks from LibreSSL Portable, simplified to match our use case. ok djm@. * Remove DEF_WEAK, it's already in defines.h. * openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf Fixes the following build failure with Clang 15 on musl: ``` bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o do not support implicit function declarations [-Wimplicit-function-declaration] ret = vsnprintf(string, INIT_SZ, fmt, ap2); ^ bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' 1 error generated. ``` * upstream: notifier_complete(NULL, ...) is a noop, so no need to test that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a * upstream: fix repeated words ok miod@ jmc@ OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 * upstream: .Li -> .Vt where appropriate; from josiah frentsos, tweaked by schwarze ok schwarze OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed * upstream: ssh-agent: attempt FIDO key signing without PIN and use the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd * upstream: a little extra debugging OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a * upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response Now that all FIDO signing calls attempt first without PIN and then fall back to trying PIN only if that attempt fails, we can remove the hack^wtrick that removed the UV flag from the keys returned during enroll. By Corinna Vinschen OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f * upstream: sftp: Don't attempt to complete arguments for non-existent commands If user entered a non-existent command (e.g. because they made a typo) there is no point in trying to complete its arguments. Skip calling complete_match() if that's the case. From Michal Privoznik OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a * upstream: sftp: Be a bit more clever about completions There are commands (e.g. "get" or "put") that accept two arguments, a local path and a remote path. However, the way current completion is written doesn't take this distinction into account and always completes remote or local paths. By expanding CMD struct and "cmds" array this distinction can be reflected and with small adjustment to completer code the correct path can be completed. By Michal Privoznik, ok dtucker@ OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b * upstream: correct error value OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 * upstream: actually hook up restrict_websafe; the command-line flag was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 * upstream: Add a sshkey_check_rsa_length() call for checking the length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 * upstream: add a RequiredRSASize for checking RSA key length in ssh(1). User authentication keys that fall beneath this limit will be ignored. If a host presents a host key beneath this limit then the connection will be terminated (unfortunately there are no fallbacks in the protocol for host authentication). feedback deraadt, Dmitry Belyavskiy; ok markus@ OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a * upstream: Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit will be ignored for user and host-based authentication. Feedback deraadt@ ok markus@ OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 * upstream: better debugging for connect_next() OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 * upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. Will be used to make directory listings more useful and consistent in sftp(1). ok markus@ OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 * upstream: extend sftp-common.c:extend ls_file() to support supplied user/group names; ok markus@ OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 * upstream: sftp client library support for users-groups-by-id@openssh.com; ok markus@ OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de * upstream: use users-groups-by-id@openssh.com sftp-server extension (when available) to fill in user/group names for directory listings. Implement a client-side cache of see uid/gid=>user/group names. ok markus@ OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e * avoid Wuninitialized false positive in gcc-12ish * no need for glob.h here it also causes portability problems * upstream: add RequiredRSASize to the list of keywords accepted by -o; spotted by jmc@ OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e * upstream: Fix typo. From AlexanderStohr via github PR#343. OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 * upstream: openssh-9.1 OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 * crank versions in RPM spec files * update release notes URL * update .depend * remove mention of --with-security-key-builtin it is enabled by default when libfido2 is installed * mention libfido2 autodetection * whitespace at EOL * Test commits to all branches of portable. Only test OpenBSD upstream on commits to master since that's what it tracks. * Add 9.1 branch to CI status page. * Add LibreSSL 3.6.0 to test suite. While there, bump OpenSSL to latest 1.1.1q release. * upstream: honour user's umask if it is more restrictive then the ssh default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d * skip bsd-poll.h if poll.h found; ok dtucker * Fix snprintf configure test for clang 15 Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. A handful of tests have "main(..." and not "int main(..." which caused the tests to produce incorrect results. * undef _get{short,long} before redefining * revert c64b62338b4 and guard POLL* defines instead c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) Spotted by dtucker * OpenSSL dev branch now identifies as 3.2.0. * upstream: document "-O no-restrict-websafe"; spotted by Ross L Richardson OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b * upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 * upstream: use correct type with sizeof ok djm@ OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 * upstream: when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. Reported by Michael Yagliyan in bz3488; ok dtucker@ OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 * upstream: regress test for unmatched glob characters; fails before previous commit but passes now. bz3488; prodded by dtucker@ OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd * upstream: Be more paranoid with host/domain names coming from the never write a name with bad characters to a known_hosts file. reported by David Leadbeater, ok deraadt@ OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad * upstream: begin big refactor of sshkey Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec * upstream: factor out sshkey_equal_public() feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 * upstream: factor out public key serialization feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 * upstream: refactor and simplify sshkey_read() feedback/ok markus@ OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 * upstream: factor out key generation feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb * upstream: refactor sshkey_from_private() feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 * upstream: refactor sshkey_from_blob_internal() feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 * upstream: refactor sshkey_sign() and sshkey_verify() feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc * upstream: refactor certify feedback/ok markus@ OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 * upstream: refactor sshkey_private_serialize_opt() feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd * upstream: refactor sshkey_private_deserialize feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f * fix merge botch * upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b * upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e * OpenSSL dev branch is 302 not 320. While there, also accept 301 which it shat it was previously. * upstream: Use variable for diff options instead of unconditionally specifying "-rN". This will make life easier in -portable where not all diff's understand -N. OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 * Check for sockaddr_in.sin_len. If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan tests on platforms with this (eg old NetBSD). * Always use compat getentropy. Have it call native getentropy and fall back as required. Should fix issues of platforms where libc has getentropy but it is not implemented in the kernel. Based on github PR#354 from simsergey. * Include time.h when defining timegm. Fixes build on some platforms eg recent AIX. * Compat tests need libcrypto. This was moved to CHANNELLIBS during the libs refactor. Spotted by rapier at psc.edu. * Run compat regress tests too. * Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. * Only run opensslver tests if built with OpenSSL. * Increase selfhosted job timeout. The default job timeout of 360 (6h) is not enough to complete the regress tests for some of the slow VMs depending on the load on the host. Increase to 600 (10h). * Fix compat regress to work with non-GNU make. * Link libssh into compat tests. The cygwin compat code uses xmalloc, so add libssh.a so pick up that. * Rerun tests on changes to Makefile.in in any dir. * upstream: replace recently-added valid_domain() check for hostnames going to known_hosts with a more relaxed check for bad characters; previous commit broke address literals. Reported by/feedback from florian@ OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 * Don't run openbsd-compat tests on Cygwin. Add "compat-tests" to the default TEST_TARGET so we can override as necessary. Override TEST_TARGET for Cygwin as the tests don't currently compile there. * Fix broken zlib link. * configure.ac: Add <pty.h> include for openpty Another Clang 16ish fix (which makes -Wimplicit-function-declaration an error by default). github PR#355. See: 2efd71da49b9cfeab7987058cf5919e473ff466b See: be197635329feb839865fdc738e34e24afd1fca8 * configure.ac: Fix -Wstrict-prototypes Clang 16 now warns on this and it'll be removed in C23, so let's just be future proof. It also reduces noise when doing general Clang 16 porting work (which is a big job as it is). github PR#355. Signed-off-by: Sam James <sam@gentoo.org> * Fix setres*id checks to work with clang-16. glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, and clang 16 will error out on implicit function definitions, so add _GNU_SOURCE and the required headers to the configure checks. From sam at @gentoo.org via bz#3497. * Fix tracing disable on FreeBSD. Some versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. From emaste at freebsd.org. * Use "prohibit-password" in -portable comments. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. From emaste at freebsd.org. * Link to branch-specific queries for V_9_1 status. * upstream: Fix typo. From pablomh via -portable github PR#344. OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 * upstream: Import regenerated moduli. OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f * Add CIFuzz integration * Run cifuzz workflow on the actions as regular CI. * Whitespace change to trigger CIFuzz workflow. * Do not run CIFuzz on selfhosted tree. We already run it on the regular tree, no need to double up. * Add CIFuzz status badge. * Branch-specific links for master status badges. * Fix merge conflict. * upstream: fix parsing of hex cert expiry time; was checking whether the start time began with "0x", not the expiry time. from Ed Maste OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 * upstream: Check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than faling later at runtime. bz#3489, ok djm@ OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b * upstream: Remove some set but otherwise unused variables, spotted in -portable by clang 16's -Wunused-but-set-variable. ok djm@ OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 * upstream: The IdentityFile option in ssh_config can also be used to specify a public key file, as documented in ssh.1 for the -i option. Document this also for IdentityFile in ssh_config.5, for documentation completeness. From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b * Split out rekey test since it runs the longest. * Update checkout and upload actions. Update actions/checkout and actions/upload-artifact to main branch for compatibility with node.js v16. * Add valrind-5 test here too. * Run vm startup and shutdown from runner temp dir. Should work even if the github workspace dir is on a stale sshfs mount. * Shutdown any VM before trying to check out repo. In the case where the previous run did not clean up, the checkout will fail as it'll leave a stale mount. * Avoid assuming layout of fd_set POSIX doesn't specify the internal layout of the fd_set object, so let's not assume it is just a bit mask. This increases compatibility with systems that have a different layout. The assumption is also worthless as we already refuse to use file descriptors over FD_SETSIZE anyway. Meaning that the default size of fd_set is quite sufficient. * Fix comment text. From emaste at freebsd.org. * Defer seed_rng until after closefrom call. seed_rng will initialize OpenSSL, and some engine providers (eg Intel's QAT) will open descriptors for their own use. bz#3483, patch from joel.d.schuetze at intel.com, ok djm@ * upstream: typo in comment OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a * upstream: rename client_global_hostkeys_private_confirm() to client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d * upstream: Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org. OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 * upstream: Fix typo in fatal error message. Patch from vapier at chromium.org. OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf * Skip reexec test on OpenSSL 1.1.1 specifically. OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip that test. See bz#3483 for details. * Remove seed passing over reexec. This was added for the benefit of platforms using ssh-rand-helper to prevent a delay on each connection as sshd reseeded itself. ssh-random-helper is long gone, and since the re-exec happens before the chroot the re-execed sshd can reseed itself normally. ok djm@ * upstream: Handle dynamic remote port forwarding in escape commandline's -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 * Add dfly62 test target. * If we haven't found it yet, recheck for sys/stat.h. On some very old platforms, sys/stat.h needs sys/types.h, however autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order, which in combination with modern autoconf's "present but cannot be compiled" behaviour causes it to not be detected. * Add fallback for old platforms w/out MAP_ANON. * Remove explicit "default" test config argument. Not specifying the test config implicitly selects default args. * Remove unused self-hosted test targets. * Rename "os" in matrix to "target". This is in preparation to distinguish this from the host that the runner runs on in case where they are separate (eg VMs). * Add "libvirt" label to dfly30. * Make "config" in matrix singular and pass in env. This will allow the startup scripts to adapt their behaviour based on the type and config. * Run vmstartup from temp dir. This will allow us to create ephemeral disk images per-runner. * Rework how selfhosted tests interact with runners. Previously there was one runner per test target (mostly VMs). This had a few limitations: - multiple tests that ran on the same target (eg multiple build configs) were serialized on availability or that runner. - it needed manual balancing of VMs over host machines. To address this, make VMs that use ephemeral disks (ie most of them) all use a pool of runners with the "libvirt" label. This requires that we distinguish between "host" and "target" for those. Native runners and VMs with persistent disks (eg the constantly-updated snapshot ones) specify the same host and target. This should improve test throughput. * Skip unit tests on slow riscv64 hardware. * Use -fzero-call-used-regs=used on clang 15. clang 15 seems to have a problem with -fzero-call-used-reg=all which causes spurious "incorrect signature" failures with ED25519. On those versions, use -fzero-call-used-regs=used instead. (We may add exceptions later if specific versions prove to be OK). Also move the GCC version check to match. Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ * upstream: In channel_request_remote_forwarding the parameters for permission_set_add are leaked as they are also duplicated in the call. Found by CodeChecker. ok djm OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e * upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a * upstream: tighten pledge(2) after session establishment feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 * upstream: Add void to client_repledge args to fix compiler warning. ok djm@ OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 * upstream: Log output of ssh-agent and ssh-add This should make debugging easier. OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 * upstream: Clean up ssh-add and ssh-agent logs. OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c * Restore ssh-agent permissions on exit. ...enough that subsequent builds can overwrite ssh-agent if necessary. * upstream: make struct sshbuf private and remove an unused field; ok dtucker OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 * upstream: Remove duplicate includes. Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea * Fix typo in comment. Spotted by tim@ * Update autotools Regenerate config files using latest autotools * disable SANDBOX_SECCOMP_FILTER_DEBUG It was mistakenly enabled in 2580916e4872 Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net * Add SANDBOX_DEBUG to the kitchensink test build. * upstream: Fix comment typo. OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 * upstream: remove '?' from getopt(3) loops userspace: remove vestigial '?' cases from top-level getopt(3) loops getopt(3) returns '?' when it encounters a flag not present in the in the optstring or if a flag is missing its option argument. We can handle this case with the "default" failure case with no loss of legibility. Hence, remove all the redundant "case '?':" lines. Prompted by dlg@. With help from dlg@ and millert@. Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 ok naddy@ millert@ dlg@ OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e * upstream: Add server debugging for hostbased auth. auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a * upstream: Warn if no host keys for hostbased auth can be loaded. OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 * use calloc for allocating arc4random structs ok dtucker * Move obsdsnap test VMs to ephemeral runners. * Run upstream obsdsnap tests on ephemeral runners. * obsdsnap test VMs runs-on libvirt too. * Fetch regress logs from obj dir. * Set group perms on regress dir. This ensures that the tests don't fail due to StrictMode checks. * Use sudo when resetting perms on directories. * Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. * Simply handling of SSH_CONNECTION PAM env var. Prompted by bz#3508: there's no need to cache the value of sshpam_conninfo so remove the global. While there, add check of return value from pam_putenv. ok djm@ * upstream: The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea * upstream: add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence. ok dtucker@ OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c * upstream: add -X to usage(); OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 * upstream: Clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. Reported by Sreedhar Balasubramanian; ok dtucker@ OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae * upstream: Mention that scp uses the SFTP protocol and remove reference to legacy flag. Spotted by, feedback and ok jmc@ OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 * upstream: spelling fixes; from paul tagliamonte amendments to his diff are noted on tech OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a * upstream: fix bug in PermitRemoteOpen which caused it to ignore its first argument unless it was one of the special keywords "any" or "none". Reported by Georges Chaudy in bz3515; ok dtucker@ OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 * upstream: regression test for PermitRemoteOpen OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c * upstream: suppress "Connection closed" message when in quiet mode OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f * upstream: add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead * upstream: replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 * upstream: Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b * upstream: tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 * upstream: Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca * upstream: Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 * unbreak scp on NetBSD 4.x e555d5cad5 effectively increased the default copy buffer size for SFTP transfers. This caused NetBSD 4.x to hang during the "copy local file to remote file in place" scp.sh regression test. This puts back the original 32KB copy buffer size until we can properly figure out why. lots of debugging assistance from dtucker@ * upstream: Copy bytes from the_banana[] rather than banana() Fixes test failure due to segfault seen on arm64 with xonly snap. ok djm OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 * upstream: unit tests for misc.c:ptimeout_* API OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 * upstream: fix typo in verbose logging OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 * upstream: regression test for ChannelTimeout OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 * upstream: Save debug logs from ssh for debugging purposes. OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 * Set OPENSSL_BIN from OpenSSL directory. * Check openssl_bin path is executable before using. * Use autoconf to find openssl binary. It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that. * Use our own netcat for dynamic-forward test. That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations. * upstream: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 * don't test IPv6 addresses if platform lacks support * Skip dynamic-forward test on minix3. This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails. * try to improve logging for dynamic-forward test previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding * upstream: tweak previous; ok djm OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 * upstream: Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d * add back use of pipes in scp.c under USE_PIPES This matches sftp.c which prefers socketpair but uses pipes on some older platforms. * remove buffer len workaround for NetBSD 4.x Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem. * upstream: rewrite this test to use a multiplexed ssh session so we can control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 * upstream: remove whitespace at EOL from code extracted from SUPERCOP OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 * upstream: ignore bogus upload/download buffer lengths in the limits extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 * upstream: clamp the minimum buffer lengths and number of inflight requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 * upstream: avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 * upstream: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 * Remove skipping test when scp not in path. An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier. * upstream: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 * upstream: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 * Retry package installation 3 times. When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues. * upstream: Document "UserKnownHostsFile none". ok djm@ OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 * upstream: fix double phrase in previous; OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 * upstream: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea * upstream: Shell syntax fix. From ren mingshuai vi github PR#369. OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 * Allow writev is seccomp sandbox. This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@ * upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b * upstream: adapt to ed25519 changes in src/usr.bin/ssh OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 * upstream: Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 * upstream: unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac * upstream: regression test for UnusedConnectionTimeout OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 * upstream: also check that an active session inhibits UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 * upstream: For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 * upstream: Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e * upstream: when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 * Skip connection-timeout when missing FD passing. This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin. * Skip connection-timeout test under Valgrind. Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work. * upstream: tweak previous; ok djm OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 * upstream: Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 * upstream: delete useless dependency OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad * fix libfido2 detection without pkg-config Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@ * Skip connection-timeout test on minix3. Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment. * upstream: fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 * upstream: openssh-9.2 OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 * upstream: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d * upstream: test compat_kex_proposal(); by dtucker@ OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 * adapt compat_kex_proposal() test to portable * update version in README * crank versions in RPM specs * remove files from libssh project * re-merge arc4random.c * re-merge misc.c * remove unused files from libssh.vcxproj * fix outstanding merge conflicts * fix build errors * modify upstream workflows to trigger on workflow dispatch instead of all PRs * fix scp client hanging with pipes * fix some failing bash tests * make bash test compatible with Windows * address scp's sftp mode buf len limitations * address review feedback * address review feedback * update comment --------- Signed-off-by: Sam James <sam@gentoo.org> Co-authored-by: djm@openbsd.org <djm@openbsd.org> Co-authored-by: Darren Tucker <dtucker@dtucker.net> Co-authored-by: Damien Miller <djm@mindrot.org> Co-authored-by: Sam James <sam@gentoo.org> Co-authored-by: jsg@openbsd.org <jsg@openbsd.org> Co-authored-by: jmc@openbsd.org <jmc@openbsd.org> Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org> Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com> Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com> Co-authored-by: David Korczynski <david@adalogics.com> Co-authored-by: Pierre Ossman <ossman@cendio.se> Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org> Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com> Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org> Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org> Co-authored-by: tb@openbsd.org <tb@openbsd.org> Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
#endif
/* ----- encoding rounded polynomials */
static void Rounded_encode(unsigned char *s,const Fq *r)
{
uint16 R[p],M[p];
int i;
for (i = 0;i < p;++i) R[i] = ((r[i]+q12)*10923)>>15;
for (i = 0;i < p;++i) M[i] = (q+2)/3;
Encode(s,R,M,p);
}
static void Rounded_decode(Fq *r,const unsigned char *s)
{
uint16 R[p],M[p];
int i;
for (i = 0;i < p;++i) M[i] = (q+2)/3;
Decode(R,s,M,p);
for (i = 0;i < p;++i) r[i] = R[i]*3-q12;
}
/* ----- encoding top polynomials */
#ifdef LPR
#define Top_bytes (I/2)
static void Top_encode(unsigned char *s,const int8 *T)
{
int i;
for (i = 0;i < Top_bytes;++i)
s[i] = T[2*i]+(T[2*i+1]<<4);
}
static void Top_decode(int8 *T,const unsigned char *s)
{
int i;
for (i = 0;i < Top_bytes;++i) {
T[2*i] = s[i]&15;
T[2*i+1] = s[i]>>4;
}
}
#endif
/* ----- Streamlined NTRU Prime Core plus encoding */
#ifndef LPR
typedef small Inputs[p]; /* passed by reference */
#define Inputs_random Short_random
#define Inputs_encode Small_encode
#define Inputs_bytes Small_bytes
#define Ciphertexts_bytes Rounded_bytes
#define SecretKeys_bytes (2*Small_bytes)
#define PublicKeys_bytes Rq_bytes
/* pk,sk = ZKeyGen() */
static void ZKeyGen(unsigned char *pk,unsigned char *sk)
{
Fq h[p];
small f[p],v[p];
KeyGen(h,f,v);
Rq_encode(pk,h);
Small_encode(sk,f); sk += Small_bytes;
Small_encode(sk,v);
}
/* C = ZEncrypt(r,pk) */
static void ZEncrypt(unsigned char *C,const Inputs r,const unsigned char *pk)
{
Fq h[p];
Fq c[p];
Rq_decode(h,pk);
Encrypt(c,r,h);
Rounded_encode(C,c);
}
/* r = ZDecrypt(C,sk) */
static void ZDecrypt(Inputs r,const unsigned char *C,const unsigned char *sk)
{
small f[p],v[p];
Fq c[p];
Small_decode(f,sk); sk += Small_bytes;
Small_decode(v,sk);
Rounded_decode(c,C);
Decrypt(r,c,f,v);
}
#endif
/* ----- NTRU LPRime Expand plus encoding */
#ifdef LPR
#define Ciphertexts_bytes (Rounded_bytes+Top_bytes)
#define SecretKeys_bytes Small_bytes
#define PublicKeys_bytes (Seeds_bytes+Rounded_bytes)
static void Inputs_random(Inputs r)
{
unsigned char s[Inputs_bytes];
int i;
randombytes(s,sizeof s);
for (i = 0;i < I;++i) r[i] = 1&(s[i>>3]>>(i&7));
}
/* pk,sk = ZKeyGen() */
static void ZKeyGen(unsigned char *pk,unsigned char *sk)
{
Fq A[p];
small a[p];
XKeyGen(pk,A,a); pk += Seeds_bytes;
Rounded_encode(pk,A);
Small_encode(sk,a);
}
/* c = ZEncrypt(r,pk) */
static void ZEncrypt(unsigned char *c,const Inputs r,const unsigned char *pk)
{
Fq A[p];
Fq B[p];
int8 T[I];
Rounded_decode(A,pk+Seeds_bytes);
XEncrypt(B,T,r,pk,A);
Rounded_encode(c,B); c += Rounded_bytes;
Top_encode(c,T);
}
/* r = ZDecrypt(C,sk) */
static void ZDecrypt(Inputs r,const unsigned char *c,const unsigned char *sk)
{
small a[p];
Fq B[p];
int8 T[I];
Small_decode(a,sk);
Rounded_decode(B,c);
Top_decode(T,c+Rounded_bytes);
XDecrypt(r,B,T,a);
}
#endif
/* ----- confirmation hash */
#define Confirm_bytes 32
/* h = HashConfirm(r,pk,cache); cache is Hash4(pk) */
static void HashConfirm(unsigned char *h,const unsigned char *r,const unsigned char *pk,const unsigned char *cache)
{
#ifndef LPR
unsigned char x[Hash_bytes*2];
int i;
Hash_prefix(x,3,r,Inputs_bytes);
for (i = 0;i < Hash_bytes;++i) x[Hash_bytes+i] = cache[i];
#else
unsigned char x[Inputs_bytes+Hash_bytes];
int i;
for (i = 0;i < Inputs_bytes;++i) x[i] = r[i];
for (i = 0;i < Hash_bytes;++i) x[Inputs_bytes+i] = cache[i];
#endif
Hash_prefix(h,2,x,sizeof x);
}
/* ----- session-key hash */
/* k = HashSession(b,y,z) */
static void HashSession(unsigned char *k,int b,const unsigned char *y,const unsigned char *z)
{
#ifndef LPR
unsigned char x[Hash_bytes+Ciphertexts_bytes+Confirm_bytes];
int i;
Hash_prefix(x,3,y,Inputs_bytes);
for (i = 0;i < Ciphertexts_bytes+Confirm_bytes;++i) x[Hash_bytes+i] = z[i];
#else
unsigned char x[Inputs_bytes+Ciphertexts_bytes+Confirm_bytes];
int i;
for (i = 0;i < Inputs_bytes;++i) x[i] = y[i];
for (i = 0;i < Ciphertexts_bytes+Confirm_bytes;++i) x[Inputs_bytes+i] = z[i];
#endif
Hash_prefix(k,b,x,sizeof x);
}
/* ----- Streamlined NTRU Prime and NTRU LPRime */
/* pk,sk = KEM_KeyGen() */
static void KEM_KeyGen(unsigned char *pk,unsigned char *sk)
{
int i;
ZKeyGen(pk,sk); sk += SecretKeys_bytes;
for (i = 0;i < PublicKeys_bytes;++i) *sk++ = pk[i];
randombytes(sk,Inputs_bytes); sk += Inputs_bytes;
Hash_prefix(sk,4,pk,PublicKeys_bytes);
}
/* c,r_enc = Hide(r,pk,cache); cache is Hash4(pk) */
static void Hide(unsigned char *c,unsigned char *r_enc,const Inputs r,const unsigned char *pk,const unsigned char *cache)
{
Inputs_encode(r_enc,r);
ZEncrypt(c,r,pk); c += Ciphertexts_bytes;
HashConfirm(c,r_enc,pk,cache);
}
/* c,k = Encap(pk) */
static void Encap(unsigned char *c,unsigned char *k,const unsigned char *pk)
{
Inputs r;
unsigned char r_enc[Inputs_bytes];
unsigned char cache[Hash_bytes];
Hash_prefix(cache,4,pk,PublicKeys_bytes);
Inputs_random(r);
Hide(c,r_enc,r,pk,cache);
HashSession(k,1,r_enc,c);
}
/* 0 if matching ciphertext+confirm, else -1 */
static int Ciphertexts_diff_mask(const unsigned char *c,const unsigned char *c2)
{
uint16 differentbits = 0;
int len = Ciphertexts_bytes+Confirm_bytes;
while (len-- > 0) differentbits |= (*c++)^(*c2++);
return (1&((differentbits-1)>>8))-1;
}
/* k = Decap(c,sk) */
static void Decap(unsigned char *k,const unsigned char *c,const unsigned char *sk)
{
const unsigned char *pk = sk + SecretKeys_bytes;
const unsigned char *rho = pk + PublicKeys_bytes;
const unsigned char *cache = rho + Inputs_bytes;
Inputs r;
unsigned char r_enc[Inputs_bytes];
unsigned char cnew[Ciphertexts_bytes+Confirm_bytes];
int mask;
int i;
ZDecrypt(r,c,sk);
Hide(cnew,r_enc,r,pk,cache);
mask = Ciphertexts_diff_mask(c,cnew);
for (i = 0;i < Inputs_bytes;++i) r_enc[i] ^= mask&(r_enc[i]^rho[i]);
HashSession(k,1+mask,r_enc,c);
}
/* ----- crypto_kem API */
int crypto_kem_sntrup761_keypair(unsigned char *pk,unsigned char *sk)
{
KEM_KeyGen(pk,sk);
return 0;
}
int crypto_kem_sntrup761_enc(unsigned char *c,unsigned char *k,const unsigned char *pk)
{
Encap(c,k,pk);
return 0;
}
int crypto_kem_sntrup761_dec(unsigned char *k,const unsigned char *c,const unsigned char *sk)
{
Decap(k,c,sk);
return 0;
}
#endif /* USE_SNTRUP761X25519 */