From 1036d77b34a5fa15e56f516b81b9928006848cbd Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 22 Dec 2023 17:56:26 +1100 Subject: [PATCH 01/64] better detection of broken -fzero-call-used-regs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gcc 13.2.0 on ppc64le refuses to compile some function, including cipher.c:compression_alg_list() with an error: > sorry, unimplemented: argument ‘used’ is not supportedcw > for ‘-fzero-call-used-regs’ on this target This extends the autoconf will-it-work test with a similarly- structured function that seems to catch this. Spotted/tested by Colin Watson; bz3645 --- m4/openssh.m4 | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/m4/openssh.m4 b/m4/openssh.m4 index 5d4c56280..033df501c 100644 --- a/m4/openssh.m4 +++ b/m4/openssh.m4 @@ -20,18 +20,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does From 430ef864645cff83a4022f5b050174c840e275da Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 18 Dec 2023 15:58:56 +0000 Subject: [PATCH 02/64] upstream: match flag type (s/int/u_int) OpenBSD-Commit-ID: 9422289747c35ccb7b31d0e1888ccd5e74ad566a --- ssh-agent.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh-agent.c b/ssh-agent.c index b6a3f4810..7347aaee5 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.303 2023/12/18 14:48:08 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.304 2023/12/18 15:58:56 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1525,7 +1525,7 @@ no_identities(SocketEntry *e) /* Add an identity to idlist; takes ownership of 'key' and 'comment' */ static void add_p11_identity(struct sshkey *key, char *comment, const char *provider, - time_t death, int confirm, struct dest_constraint *dest_constraints, + time_t death, u_int confirm, struct dest_constraint *dest_constraints, size_t ndest_constraints) { Identity *id; From 5413b1c7ff5a19c6a7d44bd98c5a83eb47819ba6 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 19 Dec 2023 06:41:14 +0000 Subject: [PATCH 03/64] upstream: correct section numbers; from Ed Maste OpenBSD-Commit-ID: e289576ee5651528404cb2fb68945556052cf83f --- PROTOCOL | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/PROTOCOL b/PROTOCOL index 1894d573d..b2708953a 100644 --- a/PROTOCOL +++ b/PROTOCOL @@ -137,7 +137,7 @@ than as a named global or channel request to allow pings with very short packet lengths, which would not be possible with other approaches. -1.9 transport: strict key exchange extension +1.10 transport: strict key exchange extension OpenSSH supports a number of transport-layer hardening measures under a "strict KEX" feature. This feature is signalled similarly to the @@ -163,7 +163,7 @@ b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the duration of the connection (i.e. not just the first SSH2_MSG_NEWKEYS). -1.10 transport: SSH2_MSG_EXT_INFO during user authentication +1.11 transport: SSH2_MSG_EXT_INFO during user authentication This protocol extension allows the SSH2_MSG_EXT_INFO to be sent during user authentication. RFC8308 does allow a second @@ -790,4 +790,4 @@ master instance and later clients. OpenSSH extends the usual agent protocol. These changes are documented in the PROTOCOL.agent file. -$OpenBSD: PROTOCOL,v 1.51 2023/12/18 14:45:49 djm Exp $ +$OpenBSD: PROTOCOL,v 1.52 2023/12/19 06:41:14 djm Exp $ From 503fbe9ea238a4637e8778208bde8c09bcf78475 Mon Sep 17 00:00:00 2001 From: "jmc@openbsd.org" Date: Tue, 19 Dec 2023 06:57:34 +0000 Subject: [PATCH 04/64] upstream: sort -C, and add to usage(); ok djm OpenBSD-Commit-ID: 80141b2a5d60c8593e3c65ca3c53c431262c812f --- ssh-add.1 | 14 +++++++------- ssh-add.c | 6 +++--- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/ssh-add.1 b/ssh-add.1 index f0186cd5f..290ba91d3 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.85 2023/12/18 14:46:56 djm Exp $ +.\" $OpenBSD: ssh-add.1,v 1.86 2023/12/19 06:57:34 jmc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 18 2023 $ +.Dd $Mdocdate: December 19 2023 $ .Dt SSH-ADD 1 .Os .Sh NAME @@ -43,7 +43,7 @@ .Nd adds private key identities to the OpenSSH authentication agent .Sh SYNOPSIS .Nm ssh-add -.Op Fl cCDdKkLlqvXx +.Op Fl CcDdKkLlqvXx .Op Fl E Ar fingerprint_hash .Op Fl H Ar hostkey_file .Op Fl h Ar destination_constraint @@ -52,7 +52,7 @@ .Op Ar .Nm ssh-add .Fl s Ar pkcs11 -.Op Fl vC +.Op Fl Cv .Op Ar certificate ... .Nm ssh-add .Fl e Ar pkcs11 @@ -94,6 +94,9 @@ to work. .Pp The options are as follows: .Bl -tag -width Ds +.It Fl C +When loading keys into or deleting keys from the agent, process +certificates only and skip plain keys. .It Fl c Indicates that added identities should be subject to confirmation before being used for authentication. @@ -102,9 +105,6 @@ Confirmation is performed by Successful confirmation is signaled by a zero exit status from .Xr ssh-askpass 1 , rather than text entered into the requester. -.It Fl C -When loading keys into or deleting keys from the agent, process -certificates only and skip plain keys. .It Fl D Deletes all identities from the agent. .It Fl d diff --git a/ssh-add.c b/ssh-add.c index 99ba23b52..1ec1a1f68 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.169 2023/12/18 14:46:56 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.170 2023/12/19 06:57:34 jmc Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -790,13 +790,13 @@ static void usage(void) { fprintf(stderr, -"usage: ssh-add [-cDdKkLlqvXx] [-E fingerprint_hash] [-H hostkey_file]\n" +"usage: ssh-add [-CcDdKkLlqvXx] [-E fingerprint_hash] [-H hostkey_file]\n" " [-h destination_constraint] [-S provider] [-t life]\n" #ifdef WITH_XMSS " [-M maxsign] [-m minleft]\n" #endif " [file ...]\n" -" ssh-add -s pkcs11\n" +" ssh-add -s pkcs11 [-Cv] [certificate ...]\n" " ssh-add -e pkcs11\n" " ssh-add -T pubkey ...\n" ); From 64ddf776531ca4933832beecc8b7ebe1b937e081 Mon Sep 17 00:00:00 2001 From: "jsg@openbsd.org" Date: Wed, 20 Dec 2023 00:06:25 +0000 Subject: [PATCH 05/64] upstream: spelling; ok markus@ OpenBSD-Commit-ID: 9d01f2e9d59a999d5d42fc3b3efcf8dfb892e31b --- PROTOCOL | 6 +++--- PROTOCOL.agent | 4 ++-- ssh-keyscan.c | 6 +++--- sshkey.c | 4 ++-- xmss_hash.c | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/PROTOCOL b/PROTOCOL index b2708953a..b6a418924 100644 --- a/PROTOCOL +++ b/PROTOCOL @@ -142,7 +142,7 @@ approaches. OpenSSH supports a number of transport-layer hardening measures under a "strict KEX" feature. This feature is signalled similarly to the RFC8308 ext-info feature: by including a additional algorithm in the -initiial SSH2_MSG_KEXINIT kex_algorithms field. The client may append +initial SSH2_MSG_KEXINIT kex_algorithms field. The client may append "kex-strict-c-v00@openssh.com" to its kex_algorithms and the server may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored @@ -150,7 +150,7 @@ if they are present in subsequent SSH2_MSG_KEXINIT packets. When an endpoint that supports this extension observes this algorithm name in a peer's KEXINIT packet, it MUST make the following changes to -the the protocol: +the protocol: a) During initial KEX, terminate the connection if any unexpected or out-of-sequence packet is received. This includes terminating the @@ -790,4 +790,4 @@ master instance and later clients. OpenSSH extends the usual agent protocol. These changes are documented in the PROTOCOL.agent file. -$OpenBSD: PROTOCOL,v 1.52 2023/12/19 06:41:14 djm Exp $ +$OpenBSD: PROTOCOL,v 1.53 2023/12/20 00:06:25 jsg Exp $ diff --git a/PROTOCOL.agent b/PROTOCOL.agent index e4a6b74c5..7637882f1 100644 --- a/PROTOCOL.agent +++ b/PROTOCOL.agent @@ -91,7 +91,7 @@ with private keys as they are loaded from a PKCS#11 token. bool certs_only string certsblob -Where "certsblob" constists of one or more certificates encoded as public +Where "certsblob" consists of one or more certificates encoded as public key blobs: string[] certificates @@ -112,4 +112,4 @@ A SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED will return SSH_AGENT_SUCCESS if any key (plain private or certificate) was successfully loaded, or SSH_AGENT_FAILURE if no key was loaded. -$OpenBSD: PROTOCOL.agent,v 1.21 2023/12/18 14:46:56 djm Exp $ +$OpenBSD: PROTOCOL.agent,v 1.22 2023/12/20 00:06:25 jsg Exp $ diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 1d2df709b..af0dc79b8 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.153 2023/06/21 05:06:04 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.154 2023/12/20 00:06:25 jsg Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -504,11 +504,11 @@ congreet(int s) /* * Read the server banner as per RFC4253 section 4.2. The "SSH-" - * protocol identification string may be preceeded by an arbitrarily + * protocol identification string may be preceded by an arbitrarily * large banner which we must read and ignore. Loop while reading * newline-terminated lines until we have one starting with "SSH-". * The ID string cannot be longer than 255 characters although the - * preceeding banner lines may (in which case they'll be discarded + * preceding banner lines may (in which case they'll be discarded * in multiple iterations of the outer loop). */ for (;;) { diff --git a/sshkey.c b/sshkey.c index 06db9b5da..0705674b8 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.140 2023/10/16 08:40:00 dtucker Exp $ */ +/* $OpenBSD: sshkey.c,v 1.141 2023/12/20 00:06:25 jsg Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -1927,7 +1927,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, goto out; } if (sshkey_type_is_cert(type)) { - /* Skip nonce that preceeds all certificates */ + /* Skip nonce that precedes all certificates */ if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { ret = SSH_ERR_INVALID_FORMAT; goto out; diff --git a/xmss_hash.c b/xmss_hash.c index db0e5fa36..70c126ae2 100644 --- a/xmss_hash.c +++ b/xmss_hash.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmss_hash.c,v 1.3 2022/04/20 16:00:25 millert Exp $ */ +/* $OpenBSD: xmss_hash.c,v 1.4 2023/12/20 00:06:25 jsg Exp $ */ /* hash.c version 20160722 Andreas Hülsing @@ -74,7 +74,7 @@ int prf(unsigned char *out, const unsigned char *in, const unsigned char *key, u } /* - * Implemts H_msg + * Implements H_msg */ int h_msg(unsigned char *out, const unsigned char *in, unsigned long long inlen, const unsigned char *key, const unsigned int keylen, const unsigned int n) { From f0cbd26ec91bd49719fb3eea7ca44d2380318b9a Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Thu, 4 Jan 2024 09:51:49 +0000 Subject: [PATCH 06/64] upstream: Import regenerated moduli. OpenBSD-Commit-ID: 5a636f6ca7f25bfe775df4952f7aac90a7fcbbee --- .skipped-commit-ids | 1 + 1 file changed, 1 insertion(+) diff --git a/.skipped-commit-ids b/.skipped-commit-ids index 59e80518a..5839cc3ba 100644 --- a/.skipped-commit-ids +++ b/.skipped-commit-ids @@ -27,6 +27,7 @@ cc12a9029833d222043aecd252d654965c351a69 moduli-gen Makefile f9a0726d957cf10692a231996a1f34e7f9cdfeb0 moduli update 1e0a2692b7e20b126dda60bf04999d1d30d959d8 sshd relinking makefile changes e1dc11143f83082e3154d6094f9136d0dc2637ad more relinking makefile tweaks +5a636f6ca7f25bfe775df4952f7aac90a7fcbbee moduli update Old upstream tree: From 86f9e96d9bcfd1f5cd4bf8fb57a9b4c242df67df Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 8 Jan 2024 00:30:39 +0000 Subject: [PATCH 07/64] upstream: fix typo; spotted by Albert Chin OpenBSD-Commit-ID: 77140b520a43375b886e535eb8bd842a268f9368 --- ssh-add.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh-add.c b/ssh-add.c index 1ec1a1f68..1ec6c89b0 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.170 2023/12/19 06:57:34 jmc Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.171 2024/01/08 00:30:39 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -817,7 +817,7 @@ main(int argc, char **argv) LogLevel log_level = SYSLOG_LEVEL_INFO; struct sshkey *k, **certs = NULL; struct dest_constraint **dest_constraints = NULL; - size_t ndest_constraints = 0i, ncerts = 0; + size_t ndest_constraints = 0, ncerts = 0; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); From a72833d00788ef91100c643536ac08ada46440e1 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 8 Jan 2024 00:34:33 +0000 Subject: [PATCH 08/64] upstream: remove ext-info-* in the kex.c code, not in callers; with/ok markus@ OpenBSD-Commit-ID: c06fe2d3a0605c517ff7d65e38ec7b2d1b0b2799 --- kex.c | 31 +++++++++++++++++++++++++++---- sshconnect2.c | 21 ++++++--------------- sshd.c | 4 ++-- 3 files changed, 35 insertions(+), 21 deletions(-) diff --git a/kex.c b/kex.c index cbb2af596..8a0f16513 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.184 2023/12/18 14:45:49 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.185 2024/01/08 00:34:33 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -772,10 +772,11 @@ static int kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh) { struct kex *kex = ssh->kex; - int r; + int r, initial = (kex->flags & KEX_INITIAL) != 0; + char *cp, **prop; debug("SSH2_MSG_NEWKEYS received"); - if (kex->ext_info_c && (kex->flags & KEX_INITIAL) != 0) + if (kex->ext_info_c && initial) ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_input_ext_info); ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error); ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); @@ -783,10 +784,32 @@ kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh) return r; if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0) return r; + if (initial) { + /* Remove initial KEX signalling from proposal for rekeying */ + if ((r = kex_buf2prop(kex->my, NULL, &prop)) != 0) + return r; + if ((cp = match_filter_denylist(prop[PROPOSAL_KEX_ALGS], + kex->server ? + "ext-info-s,kex-strict-s-v00@openssh.com" : + "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL) { + error_f("match_filter_denylist failed"); + goto fail; + } + free(prop[PROPOSAL_KEX_ALGS]); + prop[PROPOSAL_KEX_ALGS] = cp; + if ((r = kex_prop2buf(ssh->kex->my, prop)) != 0) { + error_f("kex_prop2buf failed"); + fail: + kex_proposal_free_entries(prop); + free(prop); + return SSH_ERR_INTERNAL_ERROR; + } + kex_proposal_free_entries(prop); + free(prop); + } kex->done = 1; kex->flags &= ~KEX_INITIAL; sshbuf_reset(kex->peer); - /* sshbuf_reset(kex->my); */ kex->flags &= ~KEX_INIT_SENT; free(kex->name); kex->name = NULL; diff --git a/sshconnect2.c b/sshconnect2.c index fab1e36be..745c2a051 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.371 2023/12/18 14:45:49 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.372 2024/01/08 00:34:34 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -221,7 +221,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, const struct ssh_conn_info *cinfo) { char *myproposal[PROPOSAL_MAX]; - char *s, *all_key, *hkalgs = NULL; + char *all_key, *hkalgs = NULL; int r, use_known_hosts_order = 0; xxx_host = host; @@ -249,14 +249,12 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, fatal_fr(r, "kex_assemble_namelist"); free(all_key); - if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) - fatal_f("kex_names_cat"); - if (use_known_hosts_order) hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo); - kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers, - options.macs, compression_alg_list(options.compression), + kex_proposal_populate_entries(ssh, myproposal, + options.kex_algorithms, options.ciphers, options.macs, + compression_alg_list(options.compression), hkalgs ? hkalgs : options.hostkeyalgorithms); free(hkalgs); @@ -281,13 +279,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, ssh->kex->verify_host_key=&verify_host_key_callback; ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done); - - /* remove ext-info from the KEX proposals for rekeying */ - free(myproposal[PROPOSAL_KEX_ALGS]); - myproposal[PROPOSAL_KEX_ALGS] = - compat_kex_proposal(ssh, options.kex_algorithms); - if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) - fatal_r(r, "kex_prop2buf"); + kex_proposal_free_entries(myproposal); #ifdef DEBUG_KEXDH /* send 1st encrypted/maced/compressed message */ @@ -297,7 +289,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, (r = ssh_packet_write_wait(ssh)) != 0) fatal_fr(r, "send packet"); #endif - kex_proposal_free_entries(myproposal); } /* diff --git a/sshd.c b/sshd.c index 9cbe92293..b4f2b9742 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.601 2023/12/18 14:45:49 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.602 2024/01/08 00:34:34 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2428,6 +2428,7 @@ do_ssh2_kex(struct ssh *ssh) kex->sign = sshd_hostkey_sign; ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done); + kex_proposal_free_entries(myproposal); #ifdef DEBUG_KEXDH /* send 1st encrypted/maced/compressed message */ @@ -2437,7 +2438,6 @@ do_ssh2_kex(struct ssh *ssh) (r = ssh_packet_write_wait(ssh)) != 0) fatal_fr(r, "send test"); #endif - kex_proposal_free_entries(myproposal); debug("KEX done"); } From 9ea0a4524ae3276546248a926b6641b2fbc8421b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 8 Jan 2024 14:45:14 +1100 Subject: [PATCH 09/64] unbreak fuzzers for clang16 getopt() needs a throw() attribute to compile, so supply one when compiling things with C++ --- openbsd-compat/getopt.h | 12 ++++++++++-- openbsd-compat/openbsd-compat.h | 10 +++++++++- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/openbsd-compat/getopt.h b/openbsd-compat/getopt.h index 65c8bc7fb..b050fa835 100644 --- a/openbsd-compat/getopt.h +++ b/openbsd-compat/getopt.h @@ -33,6 +33,14 @@ #ifndef _GETOPT_H_ #define _GETOPT_H_ +#ifndef __THROW +# if defined __cplusplus +# define __THROW throw() +# else +# define __THROW +# endif +#endif + /* * GNU-like getopt_long() and 4.4BSD getsubopt()/optreset extensions */ @@ -63,8 +71,8 @@ int getopt_long_only(int, char * const *, const char *, #ifndef _GETOPT_DEFINED_ #define _GETOPT_DEFINED_ -int getopt(int, char * const *, const char *); -int getsubopt(char **, char * const *, char **); +int getopt(int, char * const *, const char *) __THROW; +int getsubopt(char **, char * const *, char **) __THROW; extern char *optarg; /* getopt(3) external variables */ extern int opterr; diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 78faea962..0823d6a83 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -48,6 +48,14 @@ #include "blf.h" #include "fnmatch.h" +#ifndef __THROW +# if defined __cplusplus +# define __THROW throw() +# else +# define __THROW +# endif +#endif + #if defined(HAVE_LOGIN_CAP) && !defined(HAVE_LOGIN_GETPWCLASS) # include # define login_getpwclass(pw) login_getclass(pw->pw_class) @@ -187,7 +195,7 @@ int getgrouplist(const char *, gid_t, gid_t *, int *); #endif #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) -int BSDgetopt(int argc, char * const *argv, const char *opts); +int BSDgetopt(int argc, char * const *argv, const char *opts) __THROW; #include "openbsd-compat/getopt.h" #endif From fc332cb2d602c60983a8ec9f89412754ace06425 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 8 Jan 2024 14:45:49 +1100 Subject: [PATCH 10/64] unbreak fuzzers - missing pkcs11_make_cert() provide stub for use in fuzzer harness --- regress/misc/fuzz-harness/agent_fuzz_helper.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/regress/misc/fuzz-harness/agent_fuzz_helper.c b/regress/misc/fuzz-harness/agent_fuzz_helper.c index 1d419820c..c3051c72b 100644 --- a/regress/misc/fuzz-harness/agent_fuzz_helper.c +++ b/regress/misc/fuzz-harness/agent_fuzz_helper.c @@ -175,3 +175,10 @@ test_one(const uint8_t* s, size_t slen) cleanup_idtab(); cleanup_sockettab(); } + +int +pkcs11_make_cert(const struct sshkey *priv, + const struct sshkey *certpub, struct sshkey **certprivp) +{ + return -1; /* XXX */ +} From 698fe6fd61cbcb8e3e0e874a561d4335a49fbde5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 8 Jan 2024 14:46:19 +1100 Subject: [PATCH 11/64] update fuzzer example makefile to clang16 --- regress/misc/fuzz-harness/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile index 0b4238fd3..107213029 100644 --- a/regress/misc/fuzz-harness/Makefile +++ b/regress/misc/fuzz-harness/Makefile @@ -1,10 +1,10 @@ # NB. libssh and libopenbsd-compat should be built with the same sanitizer opts. -CC=clang-11 -CXX=clang++-11 +CC=clang-16 +CXX=clang++-16 FUZZ_FLAGS=-fsanitize=address,fuzzer -fno-omit-frame-pointer -FUZZ_LIBS=-lFuzzer +FUZZ_LIBS=-L/usr/lib/llvm-16/lib -lFuzzer -CXXFLAGS=-O2 -g -Wall -Wextra -Wno-unused-parameter -I ../../.. $(FUZZ_FLAGS) +CXXFLAGS=-O2 -g -Wall -Wextra -Wno-unused-parameter -Wno-exceptions -I ../../.. $(FUZZ_FLAGS) CFLAGS=$(CXXFLAGS) LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS) LIBS=-lssh -lopenbsd-compat -lmd -lcrypto -lfido2 -lcbor $(FUZZ_LIBS) From f64cede2a3c298b50a2659a8b53eb3ab2c0b8d23 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 8 Jan 2024 04:10:03 +0000 Subject: [PATCH 12/64] upstream: make kex-strict section more explicit about its intent: banning all messages not strictly required in KEX OpenBSD-Commit-ID: fc33a2d7f3b7013a7fb7500bdbaa8254ebc88116 --- PROTOCOL | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/PROTOCOL b/PROTOCOL index b6a418924..aba182ebe 100644 --- a/PROTOCOL +++ b/PROTOCOL @@ -152,12 +152,13 @@ When an endpoint that supports this extension observes this algorithm name in a peer's KEXINIT packet, it MUST make the following changes to the protocol: -a) During initial KEX, terminate the connection if any unexpected or - out-of-sequence packet is received. This includes terminating the - connection if the first packet received is not SSH2_MSG_KEXINIT. - Unexpected packets for the purpose of strict KEX include messages - that are otherwise valid at any time during the connection such as - SSH2_MSG_DEBUG and SSH2_MSG_IGNORE. +a) During initial KEX, terminate the connection if out-of-sequence + packet or any message that is not strictly required by KEX is + received. This includes terminating the connection if the first + packet received is not SSH2_MSG_KEXINIT. Unexpected packets for + the purpose of strict KEX include messages that are otherwise + valid at any time during the connection such as SSH2_MSG_DEBUG, + SSH2_MSG_IGNORE or SSH2_MSG_UNIMPLEMENTED. b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the packet sequence number to zero. This behaviour persists for the duration of the connection (i.e. not just the first @@ -790,4 +791,4 @@ master instance and later clients. OpenSSH extends the usual agent protocol. These changes are documented in the PROTOCOL.agent file. -$OpenBSD: PROTOCOL,v 1.53 2023/12/20 00:06:25 jsg Exp $ +$OpenBSD: PROTOCOL,v 1.54 2024/01/08 04:10:03 djm Exp $ From 4c3cf362631ccc4ffd422e572f075d5d594feace Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 8 Jan 2024 05:05:15 +0000 Subject: [PATCH 13/64] upstream: fix missing field in users-groups-by-id@openssh.com reply documentation GHPR441 from TJ Saunders OpenBSD-Commit-ID: ff5733ff6ef4cd24e0758ebeed557aa91184c674 --- PROTOCOL | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/PROTOCOL b/PROTOCOL index aba182ebe..26387793f 100644 --- a/PROTOCOL +++ b/PROTOCOL @@ -736,6 +736,7 @@ identifiers: The server will reply with a SSH_FXP_EXTENDED_REPLY: byte SSH_FXP_EXTENDED_REPLY + uint32 id string usernames string groupnames @@ -791,4 +792,4 @@ master instance and later clients. OpenSSH extends the usual agent protocol. These changes are documented in the PROTOCOL.agent file. -$OpenBSD: PROTOCOL,v 1.54 2024/01/08 04:10:03 djm Exp $ +$OpenBSD: PROTOCOL,v 1.55 2024/01/08 05:05:15 djm Exp $ From 219c8134157744886ee6ac5b8c1650abcd981f4c Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 8 Jan 2024 05:11:18 +0000 Subject: [PATCH 14/64] upstream: Remove outdated note from PROTOCOL.mux Port forward close by control master is already implemented by `mux_master_process_close_fwd` in `mux.c` GHPR442 from bigb4ng OpenBSD-Commit-ID: ad0734fe5916d2dc7dd02b588906cea4df0482fb --- PROTOCOL.mux | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/PROTOCOL.mux b/PROTOCOL.mux index 5a3dd5fe0..fef2e13d4 100644 --- a/PROTOCOL.mux +++ b/PROTOCOL.mux @@ -188,8 +188,6 @@ For dynamically allocated listen port the server replies with 7. Requesting closure of port forwards -Note: currently unimplemented (server will always reply with MUX_S_FAILURE). - A client may request the master to close a port forward: uint32 MUX_C_CLOSE_FWD @@ -295,4 +293,4 @@ XXX session inspection via master XXX signals via mux request XXX list active connections via mux -$OpenBSD: PROTOCOL.mux,v 1.13 2022/01/01 01:55:30 jsg Exp $ +$OpenBSD: PROTOCOL.mux,v 1.14 2024/01/08 05:11:18 djm Exp $ From 6b8be2ccd7dd091808f86af52066b0c2ec30483a Mon Sep 17 00:00:00 2001 From: Rose <83477269+AtariDreams@users.noreply.github.com> Date: Tue, 19 Dec 2023 11:48:20 -0500 Subject: [PATCH 15/64] Fix compilation error in ssh-pcks11-client.c Compilation fails becaus of an undefined reference to helper_by_ec, because we forgot the preprocessor conditional that excludes that function from being called in unsupported configurations. --- ssh-pkcs11-client.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index 82e86a518..5fa8bf02b 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c @@ -457,6 +457,7 @@ pkcs11_make_cert(const struct sshkey *priv, RSA_set_method(ret->rsa, helper->rsa_meth); if (helper->nrsa++ >= INT_MAX) fatal_f("RSA refcount error"); +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) } else if (priv->type == KEY_ECDSA) { if ((helper = helper_by_ec(priv->ecdsa)) == NULL || helper->fd == -1) @@ -466,6 +467,7 @@ pkcs11_make_cert(const struct sshkey *priv, EC_KEY_set_method(ret->ecdsa, helper->ec_meth); if (helper->nec++ >= INT_MAX) fatal_f("EC refcount error"); +#endif } else fatal_f("unknown key type %s", sshkey_type(priv)); From 690bc125f9a3b20e47745fa8f5b5e1fd5820247f Mon Sep 17 00:00:00 2001 From: Sevan Janiyan Date: Wed, 27 Dec 2023 04:57:49 +0000 Subject: [PATCH 16/64] README.platform: update tuntap url --- README.platform | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.platform b/README.platform index 7b754ba42..d06ba9ad3 100644 --- a/README.platform +++ b/README.platform @@ -56,7 +56,7 @@ has been removed in recent releases of Darwin and MacOS X. Nevertheless, tunnel support is known to work with Darwin 8 and MacOS X 10.4 in Point-to-Point (Layer 3) and Ethernet (Layer 2) mode using a third party driver. More information is available at: - http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ + https://tuntaposx.sourceforge.net Linux From 42ba34aba8708cf96583ff52975d95a8b47d990d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 8 Jan 2024 16:26:37 +1100 Subject: [PATCH 17/64] nite that recent OSX tun/tap is unsupported --- README.platform | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.platform b/README.platform index d06ba9ad3..4edf9d1f5 100644 --- a/README.platform +++ b/README.platform @@ -53,11 +53,12 @@ Darwin does not provide a tun(4) driver required for OpenSSH-based virtual private networks. The BSD manpage still exists, but the driver has been removed in recent releases of Darwin and MacOS X. -Nevertheless, tunnel support is known to work with Darwin 8 and -MacOS X 10.4 in Point-to-Point (Layer 3) and Ethernet (Layer 2) mode -using a third party driver. More information is available at: +Tunnel support is known to work with Darwin 8 and MacOS X 10.4 in +Point-to-Point (Layer 3) and Ethernet (Layer 2) mode using a third +party driver. More information is available at: https://tuntaposx.sourceforge.net +Recent Darwin/MacOS X versions are likely unsupported. Linux ----- From 602f4beeeda5bb0eca181f8753d923a2997d0a51 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 9 Jan 2024 21:39:14 +0000 Subject: [PATCH 18/64] upstream: adapt ssh_api.c code for kex-strict from markus@ ok me OpenBSD-Commit-ID: 4d9f256852af2a5b882b12cae9447f8f00f933ac --- ssh_api.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/ssh_api.c b/ssh_api.c index d3c661761..fadf2f4b1 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.27 2021/04/03 06:18:41 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.28 2024/01/09 21:39:14 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -82,6 +82,7 @@ int ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) { char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; + char *populated[PROPOSAL_MAX]; struct ssh *ssh; char **proposal; static int called; @@ -99,10 +100,19 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) /* Initialize key exchange */ proposal = kex_params ? kex_params->proposal : myproposal; - if ((r = kex_ready(ssh, proposal)) != 0) { + kex_proposal_populate_entries(ssh, populated, + proposal[PROPOSAL_KEX_ALGS], + proposal[PROPOSAL_ENC_ALGS_CTOS], + proposal[PROPOSAL_MAC_ALGS_CTOS], + proposal[PROPOSAL_COMP_ALGS_CTOS], + proposal[PROPOSAL_SERVER_HOST_KEY_ALGS]); + r = kex_ready(ssh, populated); + kex_proposal_free_entries(populated); + if (r != 0) { ssh_free(ssh); return r; } + ssh->kex->server = is_server; if (is_server) { #ifdef WITH_OPENSSL From b31b12d28de96e1d43581d32f34da8db27e11c03 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 9 Jan 2024 22:19:00 +0000 Subject: [PATCH 19/64] upstream: add a "global" ChannelTimeout type to ssh(1) and sshd(8) that watches all open channels and will close all open channels if there is no traffic on any of them for the specified interval. This is in addition to the existing per-channel timeouts added a few releases ago. This supports use-cases like having a session + x11 forwarding channel open where one may be idle for an extended period but the other is actively used. The global timeout would allow closing both channels when both have been idle for too long. ok dtucker@ OpenBSD-Commit-ID: 0054157d24d2eaa5dc1a9a9859afefc13d1d7eb3 --- channels.c | 74 +++++++++++++++++++++++++++++++++++++++------------ ssh_config.5 | 22 ++++++++++----- sshd_config.5 | 44 +++++++++++++++++------------- 3 files changed, 99 insertions(+), 41 deletions(-) diff --git a/channels.c b/channels.c index 20f31dadd..6862556be 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.435 2023/12/18 14:47:20 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.436 2024/01/09 22:19:00 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -214,6 +214,9 @@ struct ssh_channels { /* Channel timeouts by type */ struct ssh_channel_timeout *timeouts; size_t ntimeouts; + /* Global timeout for all OPEN channels */ + int global_deadline; + time_t lastused; }; /* helper */ @@ -316,6 +319,11 @@ channel_add_timeout(struct ssh *ssh, const char *type_pattern, { struct ssh_channels *sc = ssh->chanctxt; + if (strcmp(type_pattern, "global") == 0) { + debug2_f("global channel timeout %d seconds", timeout_secs); + sc->global_deadline = timeout_secs; + return; + } debug2_f("channel type \"%s\" timeout %d seconds", type_pattern, timeout_secs); sc->timeouts = xrecallocarray(sc->timeouts, sc->ntimeouts, @@ -376,6 +384,38 @@ channel_set_xtype(struct ssh *ssh, int id, const char *xctype) c->inactive_deadline); } +/* + * update "last used" time on a channel. + * NB. nothing else should update lastused except to clear it. + */ +static void +channel_set_used_time(struct ssh *ssh, Channel *c) +{ + ssh->chanctxt->lastused = monotime(); + if (c != NULL) + c->lastused = ssh->chanctxt->lastused; +} + +/* + * Get the time at which a channel is due to time out for inactivity. + * Returns 0 if the channel is not due to time out ever. + */ +static time_t +channel_get_expiry(struct ssh *ssh, Channel *c) +{ + struct ssh_channels *sc = ssh->chanctxt; + time_t expiry = 0, channel_expiry; + + if (sc->lastused != 0 && sc->global_deadline != 0) + expiry = sc->lastused + sc->global_deadline; + if (c->lastused != 0 && c->inactive_deadline != 0) { + channel_expiry = c->lastused + c->inactive_deadline; + if (expiry == 0 || channel_expiry < expiry) + expiry = channel_expiry; + } + return expiry; +} + /* * Register filedescriptors for a channel, used when allocating a channel or * when the channel consumer/producer is ready, e.g. shell exec'd @@ -441,6 +481,8 @@ channel_register_fds(struct ssh *ssh, Channel *c, int rfd, int wfd, int efd, if (efd != -1) set_nonblock(efd); } + /* channel might be entering a larval state, so reset global timeout */ + channel_set_used_time(ssh, NULL); } /* @@ -1197,7 +1239,7 @@ channel_set_fds(struct ssh *ssh, int id, int rfd, int wfd, int efd, channel_register_fds(ssh, c, rfd, wfd, efd, extusage, nonblock, is_tty); c->type = SSH_CHANNEL_OPEN; - c->lastused = monotime(); + channel_set_used_time(ssh, c); c->local_window = c->local_window_max = window_max; if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_WINDOW_ADJUST)) != 0 || @@ -1368,7 +1410,7 @@ channel_pre_x11_open(struct ssh *ssh, Channel *c) if (ret == 1) { c->type = SSH_CHANNEL_OPEN; - c->lastused = monotime(); + channel_set_used_time(ssh, c); channel_pre_open(ssh, c); } else if (ret == -1) { logit("X11 connection rejected because of wrong " @@ -2016,7 +2058,7 @@ channel_post_connecting(struct ssh *ssh, Channel *c) c->self, c->connect_ctx.host, c->connect_ctx.port); channel_connect_ctx_free(&c->connect_ctx); c->type = SSH_CHANNEL_OPEN; - c->lastused = monotime(); + channel_set_used_time(ssh, c); if (isopen) { /* no message necessary */ } else { @@ -2108,7 +2150,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c) goto rfail; } if (nr != 0) - c->lastused = monotime(); + channel_set_used_time(ssh, c); return 1; } @@ -2134,7 +2176,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c) } return -1; } - c->lastused = monotime(); + channel_set_used_time(ssh, c); if (c->input_filter != NULL) { if (c->input_filter(ssh, c, buf, len) == -1) { debug2("channel %d: filter stops", c->self); @@ -2215,7 +2257,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c) } return -1; } - c->lastused = monotime(); + channel_set_used_time(ssh, c); #ifndef BROKEN_TCGETATTR_ICANON if (c->isatty && dlen >= 1 && buf[0] != '\r') { if (tcgetattr(c->wfd, &tio) == 0 && @@ -2264,7 +2306,7 @@ channel_handle_efd_write(struct ssh *ssh, Channel *c) if ((r = sshbuf_consume(c->extended, len)) != 0) fatal_fr(r, "channel %i: consume", c->self); c->local_consumed += len; - c->lastused = monotime(); + channel_set_used_time(ssh, c); } return 1; } @@ -2291,7 +2333,7 @@ channel_handle_efd_read(struct ssh *ssh, Channel *c) channel_close_fd(ssh, c, &c->efd); return 1; } - c->lastused = monotime(); + channel_set_used_time(ssh, c); if (c->extended_usage == CHAN_EXTENDED_IGNORE) debug3("channel %d: discard efd", c->self); else if ((r = sshbuf_put(c->extended, buf, len)) != 0) @@ -2581,10 +2623,9 @@ channel_handler(struct ssh *ssh, int table, struct timespec *timeout) continue; } if (ftab[c->type] != NULL) { - if (table == CHAN_PRE && - c->type == SSH_CHANNEL_OPEN && - c->inactive_deadline != 0 && c->lastused != 0 && - now >= c->lastused + c->inactive_deadline) { + if (table == CHAN_PRE && c->type == SSH_CHANNEL_OPEN && + channel_get_expiry(ssh, c) != 0 && + now >= channel_get_expiry(ssh, c)) { /* channel closed for inactivity */ verbose("channel %d: closing after %u seconds " "of inactivity", c->self, @@ -2596,10 +2637,9 @@ channel_handler(struct ssh *ssh, int table, struct timespec *timeout) /* inactivity timeouts must interrupt poll() */ if (timeout != NULL && c->type == SSH_CHANNEL_OPEN && - c->lastused != 0 && - c->inactive_deadline != 0) { + channel_get_expiry(ssh, c) != 0) { ptimeout_deadline_monotime(timeout, - c->lastused + c->inactive_deadline); + channel_get_expiry(ssh, c)); } } else if (timeout != NULL) { /* @@ -3558,7 +3598,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, struct ssh *ssh) c->open_confirm(ssh, c->self, 1, c->open_confirm_ctx); debug2_f("channel %d: callback done", c->self); } - c->lastused = monotime(); + channel_set_used_time(ssh, c); debug2("channel %d: open confirm rwindow %u rmax %u", c->self, c->remote_window, c->remote_maxpacket); return 0; diff --git a/ssh_config.5 b/ssh_config.5 index 4bbdfefd1..15ad012f8 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.391 2023/10/12 02:18:18 djm Exp $ -.Dd $Mdocdate: October 12 2023 $ +.\" $OpenBSD: ssh_config.5,v 1.392 2024/01/09 22:19:00 djm Exp $ +.Dd $Mdocdate: January 9 2024 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -463,8 +463,10 @@ Timeouts are specified as one or more .Dq type=interval pairs separated by whitespace, where the .Dq type -must be a channel type name (as described in the table below), optionally -containing wildcard characters. +must be the special keyword +.Dq global +or a channel type name from the list below, optionally containing +wildcard characters. .Pp The timeout value .Dq interval @@ -473,11 +475,19 @@ is specified in seconds or may use any of the units documented in the section. For example, .Dq session=5m -would cause the interactive session to terminate after five minutes of +would cause interactive sessions to terminate after five minutes of inactivity. Specifying a zero value disables the inactivity timeout. .Pp -The available channel types include: +The special timeout +.Dq global +Applies to all active channels, taken together. +Traffic on any active channel will reset the timeout, but when the timeout +expires then all open channels will be closed. +Note that this global timeout is not matched by wildcards and must be +specified explicitly. +.Pp +The available channel type names include: .Bl -tag -width Ds .It Cm agent-connection Open connections to diff --git a/sshd_config.5 b/sshd_config.5 index 7e1a56cd0..ca5eeb59d 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.350 2023/07/28 05:42:36 jmc Exp $ -.Dd $Mdocdate: July 28 2023 $ +.\" $OpenBSD: sshd_config.5,v 1.351 2024/01/09 22:19:00 djm Exp $ +.Dd $Mdocdate: January 9 2024 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -409,8 +409,10 @@ Timeouts are specified as one or more .Dq type=interval pairs separated by whitespace, where the .Dq type -must be a channel type name (as described in the table below), optionally -containing wildcard characters. +must be the special keyword +.Dq global +or a channel type name from the list below, optionally containing +wildcard characters. .Pp The timeout value .Dq interval @@ -418,11 +420,20 @@ is specified in seconds or may use any of the units documented in the .Sx TIME FORMATS section. For example, -.Dq session:*=5m -would cause all sessions to terminate after five minutes of inactivity. +.Dq session=5m +would cause interactive sessions to terminate after five minutes of +inactivity. Specifying a zero value disables the inactivity timeout. .Pp -The available channel types include: +The special timeout +.Dq global +Applies to all active channels, taken together. +Traffic on any active channel will reset the timeout, but when the timeout +expires then all open channels will be closed. +Note that this global timeout is not matched by wildcards and must be +specified explicitly. +.Pp +The available channel type names include: .Bl -tag -width Ds .It Cm agent-connection Open connections to @@ -443,15 +454,15 @@ listening on behalf of a .Xr ssh 1 remote forwarding, i.e.\& .Cm RemoteForward . -.It Cm session:command -Command execution sessions. -.It Cm session:shell -Interactive shell sessions. -.It Cm session:subsystem:... -Subsystem sessions, e.g. for +.It Cm session +The interactive main session, including shell session, command execution, +.Xr scp 1 , .Xr sftp 1 , -which could be identified as -.Cm session:subsystem:sftp . +etc. +.It Cm tun-connection +Open +.Cm TunnelForward +connections. .It Cm x11-connection Open X11 forwarding sessions. .El @@ -465,9 +476,6 @@ close the SSH connection, nor does it prevent a client from requesting another channel of the same type. In particular, expiring an inactive forwarding session does not prevent another identical forwarding from being subsequently created. -See also -.Cm UnusedConnectionTimeout , -which may be used in conjunction with this option. .Pp The default is not to expire channels of any type for inactivity. .It Cm ChrootDirectory From 9707c8170c0c1baeb1e06e5a53f604498193885f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 9 Jan 2024 22:19:36 +0000 Subject: [PATCH 20/64] upstream: extend ChannelTimeout regression test to exercise multiplexed connections and the new "global" timeout type. ok dtucker@ OpenBSD-Regress-ID: f10d19f697024e9941acad7c2057f73d6eacb8a2 --- regress/channel-timeout.sh | 70 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 68 insertions(+), 2 deletions(-) diff --git a/regress/channel-timeout.sh b/regress/channel-timeout.sh index 1c42e832a..4293f0179 100644 --- a/regress/channel-timeout.sh +++ b/regress/channel-timeout.sh @@ -1,10 +1,33 @@ -# $OpenBSD: channel-timeout.sh,v 1.1 2023/01/06 08:07:39 djm Exp $ +# $OpenBSD: channel-timeout.sh,v 1.2 2024/01/09 22:19:36 djm Exp $ # Placed in the Public Domain. tid="channel timeout" # XXX not comprehensive. Still need -R -L agent X11 forwarding + interactive +rm -f $OBJ/finished.* $OBJ/mux.* + +MUXPATH=$OBJ/mux.$$ +open_mux() { + ${SSH} -nNfM -oControlPath=$MUXPATH -F $OBJ/ssh_proxy "$@" somehost || + fatal "open mux failed" + test -e $MUXPATH || fatal "mux socket $MUXPATH not established" +} + +close_mux() { + test -e $MUXPATH || fatal "mux socket $MUXPATH missing" + ${SSH} -qF $OBJ/ssh_proxy -oControlPath=$MUXPATH -O exit somehost || + fatal "could not terminate mux process" + for x in 1 2 3 4 5 6 7 8 9 10 ; do + test -e $OBJ/mux && break + sleep 1 + done + test -e $MUXPATH && fatal "mux did not clean up" +} +mux_client() { + ${SSH} -F $OBJ/ssh_proxy -oControlPath=$MUXPATH somehost "$@" +} + rm -f $OBJ/sshd_proxy.orig cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig @@ -24,6 +47,15 @@ if [ $r -ne 255 ]; then fail "ssh returned unexpected error code $r" fi +verbose "command long timeout" +(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=60") \ + > $OBJ/sshd_proxy +${SSH} -F $OBJ/ssh_proxy somehost "exit 23" +r=$? +if [ $r -ne 23 ]; then + fail "ssh returned unexpected error code $r" +fi + verbose "command wildcard timeout" (cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:*=1") \ > $OBJ/sshd_proxy @@ -42,6 +74,41 @@ if [ $r -ne 23 ]; then fail "ssh failed" fi +verbose "multiplexed command timeout" +(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=1") \ + > $OBJ/sshd_proxy +open_mux +mux_client "sleep 5 ; exit 23" +r=$? +if [ $r -ne 255 ]; then + fail "ssh returned unexpected error code $r" +fi +close_mux + +verbose "irrelevant multiplexed command timeout" +(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:shell=1") \ + > $OBJ/sshd_proxy +open_mux +mux_client "sleep 5 ; exit 23" +r=$? +if [ $r -ne 23 ]; then + fail "ssh returned unexpected error code $r" +fi +close_mux + +verbose "global command timeout" +(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout global=10") \ + > $OBJ/sshd_proxy +open_mux +mux_client "sleep 1 ; echo ok ; sleep 1; echo ok; sleep 60; touch $OBJ/finished.1" >/dev/null & +mux_client "sleep 60 ; touch $OBJ/finished.2" >/dev/null & +mux_client "sleep 2 ; touch $OBJ/finished.3" >/dev/null & +wait +test -f $OBJ/finished.1 && fail "first mux process completed" +test -f $OBJ/finished.2 && fail "second mux process completed" +test -f $OBJ/finished.3 || fail "third mux process did not complete" +close_mux + # Set up a "slow sftp server" that sleeps before executing the real one. cat > $OBJ/slow-sftp-server.sh << _EOF #!/bin/sh @@ -88,4 +155,3 @@ if [ $r -ne 0 ]; then fail "sftp failed" fi cmp $DATA $COPY || fail "corrupted copy" - From afcc9028bfc411bc26d20bba803b83f90cb84e26 Mon Sep 17 00:00:00 2001 From: "jmc@openbsd.org" Date: Wed, 10 Jan 2024 06:33:13 +0000 Subject: [PATCH 21/64] upstream: fix incorrect capitalisation; OpenBSD-Commit-ID: cb07eb06e15fa2334660ac73e98f29b6a1931984 --- ssh_config.5 | 6 +++--- sshd_config.5 | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ssh_config.5 b/ssh_config.5 index 15ad012f8..35aa2c0cc 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.392 2024/01/09 22:19:00 djm Exp $ -.Dd $Mdocdate: January 9 2024 $ +.\" $OpenBSD: ssh_config.5,v 1.393 2024/01/10 06:33:13 jmc Exp $ +.Dd $Mdocdate: January 10 2024 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -481,7 +481,7 @@ Specifying a zero value disables the inactivity timeout. .Pp The special timeout .Dq global -Applies to all active channels, taken together. +applies to all active channels, taken together. Traffic on any active channel will reset the timeout, but when the timeout expires then all open channels will be closed. Note that this global timeout is not matched by wildcards and must be diff --git a/sshd_config.5 b/sshd_config.5 index ca5eeb59d..3e0befab1 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.351 2024/01/09 22:19:00 djm Exp $ -.Dd $Mdocdate: January 9 2024 $ +.\" $OpenBSD: sshd_config.5,v 1.352 2024/01/10 06:33:13 jmc Exp $ +.Dd $Mdocdate: January 10 2024 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -427,7 +427,7 @@ Specifying a zero value disables the inactivity timeout. .Pp The special timeout .Dq global -Applies to all active channels, taken together. +applies to all active channels, taken together. Traffic on any active channel will reset the timeout, but when the timeout expires then all open channels will be closed. Note that this global timeout is not matched by wildcards and must be From 4e838120a759d187b036036610402cbda33f3203 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 11 Jan 2024 01:45:36 +0000 Subject: [PATCH 22/64] upstream: make DSA key support compile-time optional, defaulting to on ok markus@ OpenBSD-Commit-ID: 4f8e98fc1fd6de399d0921d5b31b3127a03f581d --- configure.ac | 12 ++++++++++++ readconf.c | 4 +++- readconf.h | 4 ++-- ssh-add.c | 4 +++- ssh-dss.c | 7 ++++--- ssh-keygen.c | 26 ++++++++++++++++++++++---- ssh-keyscan.c | 4 +++- ssh-keysign.c | 4 +++- ssh.c | 6 +++++- sshconnect.c | 4 +++- sshkey.c | 10 +++++++++- 11 files changed, 69 insertions(+), 16 deletions(-) diff --git a/configure.ac b/configure.ac index 379cd746b..acea84ca3 100644 --- a/configure.ac +++ b/configure.ac @@ -2067,6 +2067,18 @@ AC_ARG_WITH([security-key-builtin], [ enable_sk_internal=$withval ] ) +disable_ecdsa= +AC_ARG_ENABLE([dsa-keys], + [ --disable-dsa-keys disable DSA key support [no]], + [ + if test "x$enableval" = "xno" ; then + disable_ecdsa=1 + fi + ] +) +test -z "$disable_ecdsa" && + AC_DEFINE([WITH_DSA], [1], [Define if to enable DSA keys.]) + AC_SEARCH_LIBS([dlopen], [dl]) AC_CHECK_FUNCS([dlopen]) AC_CHECK_DECL([RTLD_NOW], [], [], [#include ]) diff --git a/readconf.c b/readconf.c index a2282b562..7b3754283 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.383 2023/10/12 02:18:18 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.384 2024/01/11 01:45:36 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2711,7 +2711,9 @@ fill_default_options(Options * options) add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ED25519_SK, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0); +#ifdef WITH_DSA add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0); +#endif } if (options->escape_char == -1) options->escape_char = '~'; diff --git a/readconf.h b/readconf.h index ff7180cd0..b18536ab9 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.154 2023/10/12 02:18:18 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.155 2024/01/11 01:45:36 djm Exp $ */ /* * Author: Tatu Ylonen @@ -87,7 +87,7 @@ typedef struct { char *sk_provider; /* Security key provider */ int verify_host_key_dns; /* Verify host key using DNS */ - int num_identity_files; /* Number of files for RSA/DSA identities. */ + int num_identity_files; /* Number of files for identities. */ char *identity_files[SSH_MAX_IDENTITY_FILES]; int identity_file_userprovided[SSH_MAX_IDENTITY_FILES]; struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES]; diff --git a/ssh-add.c b/ssh-add.c index 1ec6c89b0..e532d5ce1 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.171 2024/01/08 00:30:39 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.172 2024/01/11 01:45:36 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -85,7 +85,9 @@ static char *default_files[] = { _PATH_SSH_CLIENT_ID_ED25519, _PATH_SSH_CLIENT_ID_ED25519_SK, _PATH_SSH_CLIENT_ID_XMSS, +#ifdef WITH_DSA _PATH_SSH_CLIENT_ID_DSA, +#endif NULL }; diff --git a/ssh-dss.c b/ssh-dss.c index 3174ef146..aea661377 100644 --- a/ssh-dss.c +++ b/ssh-dss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-dss.c,v 1.49 2023/03/05 05:34:09 dtucker Exp $ */ +/* $OpenBSD: ssh-dss.c,v 1.50 2024/01/11 01:45:36 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -25,7 +25,7 @@ #include "includes.h" -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && defined(WITH_DSA) #include @@ -453,4 +453,5 @@ const struct sshkey_impl sshkey_dsa_cert_impl = { /* .keybits = */ 0, /* .funcs = */ &sshkey_dss_funcs, }; -#endif /* WITH_OPENSSL */ + +#endif /* WITH_OPENSSL && WITH_DSA */ diff --git a/ssh-keygen.c b/ssh-keygen.c index 5b945a849..97c6d134a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.471 2023/09/04 10:29:58 job Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.472 2024/01/11 01:45:36 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -262,10 +262,12 @@ ask_filename(struct passwd *pw, const char *prompt) name = _PATH_SSH_CLIENT_ID_ED25519; else { switch (sshkey_type_from_name(key_type_name)) { +#ifdef WITH_DSA case KEY_DSA_CERT: case KEY_DSA: name = _PATH_SSH_CLIENT_ID_DSA; break; +#endif #ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: @@ -376,10 +378,12 @@ do_convert_to_pkcs8(struct sshkey *k) if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) fatal("PEM_write_RSA_PUBKEY failed"); break; +#ifdef WITH_DSA case KEY_DSA: if (!PEM_write_DSA_PUBKEY(stdout, k->dsa)) fatal("PEM_write_DSA_PUBKEY failed"); break; +#endif #ifdef OPENSSL_HAS_ECC case KEY_ECDSA: if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa)) @@ -400,10 +404,12 @@ do_convert_to_pem(struct sshkey *k) if (!PEM_write_RSAPublicKey(stdout, k->rsa)) fatal("PEM_write_RSAPublicKey failed"); break; +#ifdef WITH_DSA case KEY_DSA: if (!PEM_write_DSA_PUBKEY(stdout, k->dsa)) fatal("PEM_write_DSA_PUBKEY failed"); break; +#endif #ifdef OPENSSL_HAS_ECC case KEY_ECDSA: if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa)) @@ -478,8 +484,10 @@ do_convert_private_ssh2(struct sshbuf *b) u_int magic, i1, i2, i3, i4; size_t slen; u_long e; +#ifdef WITH_DSA BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL; BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL; +#endif BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL; @@ -507,10 +515,12 @@ do_convert_private_ssh2(struct sshbuf *b) } free(cipher); - if (strstr(type, "dsa")) { - ktype = KEY_DSA; - } else if (strstr(type, "rsa")) { + if (strstr(type, "rsa")) { ktype = KEY_RSA; +#ifdef WITH_DSA + } else if (strstr(type, "dsa")) { + ktype = KEY_DSA; +#endif } else { free(type); return NULL; @@ -520,6 +530,7 @@ do_convert_private_ssh2(struct sshbuf *b) free(type); switch (key->type) { +#ifdef WITH_DSA case KEY_DSA: if ((dsa_p = BN_new()) == NULL || (dsa_q = BN_new()) == NULL || @@ -539,6 +550,7 @@ do_convert_private_ssh2(struct sshbuf *b) fatal_f("DSA_set0_key failed"); dsa_pub_key = dsa_priv_key = NULL; /* transferred */ break; +#endif case KEY_RSA: if ((r = sshbuf_get_u8(b, &e1)) != 0 || (e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) || @@ -702,12 +714,14 @@ do_convert_from_pkcs8(struct sshkey **k, int *private) (*k)->type = KEY_RSA; (*k)->rsa = EVP_PKEY_get1_RSA(pubkey); break; +#ifdef WITH_DSA case EVP_PKEY_DSA: if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) fatal("sshkey_new failed"); (*k)->type = KEY_DSA; (*k)->dsa = EVP_PKEY_get1_DSA(pubkey); break; +#endif #ifdef OPENSSL_HAS_ECC case EVP_PKEY_EC: if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) @@ -777,10 +791,12 @@ do_convert_from(struct passwd *pw) fprintf(stdout, "\n"); } else { switch (k->type) { +#ifdef WITH_DSA case KEY_DSA: ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL); break; +#endif #ifdef OPENSSL_HAS_ECC case KEY_ECDSA: ok = PEM_write_ECPrivateKey(stdout, k->ecdsa, NULL, @@ -3752,9 +3768,11 @@ main(int argc, char **argv) n += do_print_resource_record(pw, _PATH_HOST_RSA_KEY_FILE, rr_hostname, print_generic, opts, nopts); +#ifdef WITH_DSA n += do_print_resource_record(pw, _PATH_HOST_DSA_KEY_FILE, rr_hostname, print_generic, opts, nopts); +#endif n += do_print_resource_record(pw, _PATH_HOST_ECDSA_KEY_FILE, rr_hostname, print_generic, opts, nopts); diff --git a/ssh-keyscan.c b/ssh-keyscan.c index af0dc79b8..f2e6b59e3 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.154 2023/12/20 00:06:25 jsg Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.155 2024/01/11 01:45:36 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -791,9 +791,11 @@ main(int argc, char **argv) int type = sshkey_type_from_name(tname); switch (type) { +#ifdef WITH_DSA case KEY_DSA: get_keytypes |= KT_DSA; break; +#endif case KEY_ECDSA: get_keytypes |= KT_ECDSA; break; diff --git a/ssh-keysign.c b/ssh-keysign.c index b989f5e94..29bd65351 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.71 2022/08/01 11:09:26 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.72 2024/01/11 01:45:36 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -197,7 +197,9 @@ main(int argc, char **argv) i = 0; /* XXX This really needs to read sshd_config for the paths */ +#ifdef WITH_DSA key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); +#endif key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY); diff --git a/ssh.c b/ssh.c index 48d93ddf2..0019281f4 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.599 2023/12/18 14:47:44 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.600 2024/01/11 01:45:36 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1687,11 +1687,15 @@ main(int ac, char **av) L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 0); L_CERT(_PATH_HOST_ED25519_KEY_FILE, 1); L_CERT(_PATH_HOST_RSA_KEY_FILE, 2); +#ifdef WITH_DSA L_CERT(_PATH_HOST_DSA_KEY_FILE, 3); +#endif L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 4); L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 5); L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 6); +#ifdef WITH_DSA L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 7); +#endif L_CERT(_PATH_HOST_XMSS_KEY_FILE, 8); L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9); if (loaded == 0) diff --git a/sshconnect.c b/sshconnect.c index bd077c75c..d8efc50ce 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.365 2023/11/20 02:50:00 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.366 2024/01/11 01:45:36 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1595,7 +1595,9 @@ show_other_keys(struct hostkeys *hostkeys, struct sshkey *key) { int type[] = { KEY_RSA, +#ifdef WITH_DSA KEY_DSA, +#endif KEY_ECDSA, KEY_ED25519, KEY_XMSS, diff --git a/sshkey.c b/sshkey.c index 0705674b8..d4356e72c 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.141 2023/12/20 00:06:25 jsg Exp $ */ +/* $OpenBSD: sshkey.c,v 1.142 2024/01/11 01:45:36 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -121,8 +121,10 @@ extern const struct sshkey_impl sshkey_rsa_sha256_impl; extern const struct sshkey_impl sshkey_rsa_sha256_cert_impl; extern const struct sshkey_impl sshkey_rsa_sha512_impl; extern const struct sshkey_impl sshkey_rsa_sha512_cert_impl; +# ifdef WITH_DSA extern const struct sshkey_impl sshkey_dss_impl; extern const struct sshkey_impl sshkey_dsa_cert_impl; +# endif #endif /* WITH_OPENSSL */ #ifdef WITH_XMSS extern const struct sshkey_impl sshkey_xmss_impl; @@ -152,8 +154,10 @@ const struct sshkey_impl * const keyimpls[] = { &sshkey_ecdsa_sk_webauthn_impl, # endif /* ENABLE_SK */ # endif /* OPENSSL_HAS_ECC */ +# ifdef WITH_DSA &sshkey_dss_impl, &sshkey_dsa_cert_impl, +# endif &sshkey_rsa_impl, &sshkey_rsa_cert_impl, &sshkey_rsa_sha256_impl, @@ -3230,6 +3234,7 @@ sshkey_private_to_blob_pem_pkcs8(struct sshkey *key, struct sshbuf *buf, goto out; switch (key->type) { +#ifdef WITH_DSA case KEY_DSA: if (format == SSHKEY_PRIVATE_PEM) { success = PEM_write_bio_DSAPrivateKey(bio, key->dsa, @@ -3238,6 +3243,7 @@ sshkey_private_to_blob_pem_pkcs8(struct sshkey *key, struct sshbuf *buf, success = EVP_PKEY_set1_DSA(pkey, key->dsa); } break; +#endif #ifdef OPENSSL_HAS_ECC case KEY_ECDSA: if (format == SSHKEY_PRIVATE_PEM) { @@ -3466,6 +3472,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, } if ((r = sshkey_check_rsa_length(prv, 0)) != 0) goto out; +#ifdef WITH_DSA } else if (EVP_PKEY_base_id(pk) == EVP_PKEY_DSA && (type == KEY_UNSPEC || type == KEY_DSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { @@ -3477,6 +3484,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, #ifdef DEBUG_PK DSA_print_fp(stderr, prv->dsa, 8); #endif +#endif #ifdef OPENSSL_HAS_ECC } else if (EVP_PKEY_base_id(pk) == EVP_PKEY_EC && (type == KEY_UNSPEC || type == KEY_ECDSA)) { From f9311e8921d92c5efca767227a497ab63280ac39 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 11 Jan 2024 01:51:16 +0000 Subject: [PATCH 23/64] upstream: ensure key_fd is filled when DSA is disabled; spotted by tb@ OpenBSD-Commit-ID: 9dd417b6eec3cf67e870f147464a8d93f076dce7 --- ssh-keysign.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ssh-keysign.c b/ssh-keysign.c index 29bd65351..c54a4bbb7 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.72 2024/01/11 01:45:36 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.73 2024/01/11 01:51:16 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -195,6 +195,9 @@ main(int argc, char **argv) if (fd > 2) close(fd); + for (i = 0; i < NUM_KEYTYPES; i++) + key_fd[i] = -1; + i = 0; /* XXX This really needs to read sshd_config for the paths */ #ifdef WITH_DSA From 415c94ce17288e0cdcb9e58cc91fba78d33c8457 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 11 Jan 2024 01:45:58 +0000 Subject: [PATCH 24/64] upstream: make DSA testing optional, defaulting to on ok markus OpenBSD-Regress-ID: dfc27b5574e3f19dc4043395594cea5f90b8572a --- regress/Makefile | 22 ++++++++++++++-------- regress/unittests/Makefile.inc | 7 ++++++- regress/unittests/hostkeys/test_iterate.c | 11 ++++++++++- regress/unittests/kex/test_kex.c | 4 +++- regress/unittests/sshkey/test_file.c | 4 +++- regress/unittests/sshkey/test_fuzz.c | 8 +++++++- regress/unittests/sshkey/test_sshkey.c | 23 +++++++++++++++-------- regress/unittests/sshsig/tests.c | 4 +++- 8 files changed, 61 insertions(+), 22 deletions(-) diff --git a/regress/Makefile b/regress/Makefile index f5cb9bd47..8add2f5cf 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.131 2023/12/18 14:50:08 djm Exp $ +# $OpenBSD: Makefile,v 1.132 2024/01/11 01:45:58 djm Exp $ tests: prep file-tests t-exec unit @@ -180,10 +180,12 @@ t5: awk '{print $$2}' | diff - ${.CURDIR}/t5.ok t6: - ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 - ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 - chmod 600 $(OBJ)/t6.out1 - ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t6.out1 | diff - $(OBJ)/t6.out2 + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-dss ; then \ + ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 ; \ + ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 ; \ + chmod 600 $(OBJ)/t6.out1 ; \ + ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t6.out1 | diff - $(OBJ)/t6.out2 ; \ + fi $(OBJ)/t7.out: ${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@ @@ -193,11 +195,15 @@ t7: $(OBJ)/t7.out ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null $(OBJ)/t8.out: - ${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $@ + set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \ + ${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $@ ; \ + fi t8: $(OBJ)/t8.out - ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t8.out > /dev/null - ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t8.out > /dev/null + set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \ + ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t8.out > /dev/null ; \ + ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t8.out > /dev/null ; \ + fi $(OBJ)/t9.out: ! ${TEST_SSH_SSH} -Q key-plain | grep ecdsa >/dev/null || \ diff --git a/regress/unittests/Makefile.inc b/regress/unittests/Makefile.inc index 623896ffa..98e280486 100644 --- a/regress/unittests/Makefile.inc +++ b/regress/unittests/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.15 2023/09/24 08:14:13 claudio Exp $ +# $OpenBSD: Makefile.inc,v 1.16 2024/01/11 01:45:58 djm Exp $ .include .include @@ -13,6 +13,11 @@ TEST_ENV?= MALLOC_OPTIONS=${MALLOC_OPTIONS} # XXX detect from ssh binary? OPENSSL?= yes +DSAKEY?= yes + +.if (${DSAKEY:L} == "yes") +CFLAGS+= -DWITH_DSA +.endif .if (${OPENSSL:L} == "yes") CFLAGS+= -DWITH_OPENSSL diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c index 84f26b5c7..7efb8e1b9 100644 --- a/regress/unittests/hostkeys/test_iterate.c +++ b/regress/unittests/hostkeys/test_iterate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_iterate.c,v 1.8 2021/12/14 21:25:27 deraadt Exp $ */ +/* $OpenBSD: test_iterate.c,v 1.9 2024/01/11 01:45:58 djm Exp $ */ /* * Regress test for hostfile.h hostkeys_foreach() * @@ -94,6 +94,11 @@ check(struct hostkey_foreach_line *l, void *_ctx) expected->no_parse_keytype == KEY_ECDSA) skip = 1; #endif /* OPENSSL_HAS_ECC */ +#ifndef WITH_DSA + if (expected->l.keytype == KEY_DSA || + expected->no_parse_keytype == KEY_DSA) + skip = 1; +#endif #ifndef WITH_OPENSSL if (expected->l.keytype == KEY_DSA || expected->no_parse_keytype == KEY_DSA || @@ -155,6 +160,10 @@ prepare_expected(struct expected *expected, size_t n) if (expected[i].l.keytype == KEY_ECDSA) continue; #endif /* OPENSSL_HAS_ECC */ +#ifndef WITH_DSA + if (expected[i].l.keytype == KEY_DSA) + continue; +#endif #ifndef WITH_OPENSSL switch (expected[i].l.keytype) { case KEY_RSA: diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index c26761ee7..dc1014ea4 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_kex.c,v 1.6 2021/12/14 21:25:27 deraadt Exp $ */ +/* $OpenBSD: test_kex.c,v 1.7 2024/01/11 01:45:58 djm Exp $ */ /* * Regress test KEX * @@ -179,7 +179,9 @@ do_kex(char *kex) { #ifdef WITH_OPENSSL do_kex_with_key(kex, KEY_RSA, 2048); +#ifdef WITH_DSA do_kex_with_key(kex, KEY_DSA, 1024); +#endif #ifdef OPENSSL_HAS_ECC do_kex_with_key(kex, KEY_ECDSA, 256); #endif /* OPENSSL_HAS_ECC */ diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c index 488944c3b..452840596 100644 --- a/regress/unittests/sshkey/test_file.c +++ b/regress/unittests/sshkey/test_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_file.c,v 1.10 2021/12/14 21:25:27 deraadt Exp $ */ +/* $OpenBSD: test_file.c,v 1.11 2024/01/11 01:45:58 djm Exp $ */ /* * Regress test for sshkey.h key management API * @@ -165,6 +165,7 @@ sshkey_file_tests(void) sshkey_free(k1); +#ifdef WITH_DSA TEST_START("parse DSA from private"); buf = load_file("dsa_1"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); @@ -255,6 +256,7 @@ sshkey_file_tests(void) TEST_DONE(); sshkey_free(k1); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("parse ECDSA from private"); diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c index 2fae19dcf..0aff7c9bf 100644 --- a/regress/unittests/sshkey/test_fuzz.c +++ b/regress/unittests/sshkey/test_fuzz.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_fuzz.c,v 1.13 2021/12/14 21:25:27 deraadt Exp $ */ +/* $OpenBSD: test_fuzz.c,v 1.14 2024/01/11 01:45:58 djm Exp $ */ /* * Fuzz tests for key parsing * @@ -160,6 +160,7 @@ sshkey_fuzz_tests(void) fuzz_cleanup(fuzz); TEST_DONE(); +#ifdef WITH_DSA TEST_START("fuzz DSA private"); buf = load_file("dsa_1"); fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), @@ -203,6 +204,7 @@ sshkey_fuzz_tests(void) sshbuf_free(fuzzed); fuzz_cleanup(fuzz); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("fuzz ECDSA private"); @@ -288,6 +290,7 @@ sshkey_fuzz_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_DSA TEST_START("fuzz DSA public"); buf = load_file("dsa_1"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); @@ -301,6 +304,7 @@ sshkey_fuzz_tests(void) public_fuzz(k1); sshkey_free(k1); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("fuzz ECDSA public"); @@ -358,6 +362,7 @@ sshkey_fuzz_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_DSA TEST_START("fuzz DSA sig"); buf = load_file("dsa_1"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); @@ -365,6 +370,7 @@ sshkey_fuzz_tests(void) sig_fuzz(k1, NULL); sshkey_free(k1); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("fuzz ECDSA sig"); diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c index cc359aea5..c1cbb1128 100644 --- a/regress/unittests/sshkey/test_sshkey.c +++ b/regress/unittests/sshkey/test_sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshkey.c,v 1.23 2023/01/04 22:48:57 tb Exp $ */ +/* $OpenBSD: test_sshkey.c,v 1.24 2024/01/11 01:45:58 djm Exp $ */ /* * Regress test for sshkey.h key management API * @@ -180,14 +180,14 @@ get_private(const char *n) void sshkey_tests(void) { - struct sshkey *k1, *k2, *k3, *kf; + struct sshkey *k1 = NULL, *k2 = NULL, *k3 = NULL, *kf = NULL; #ifdef WITH_OPENSSL - struct sshkey *k4, *kr, *kd; + struct sshkey *k4 = NULL, *kr = NULL, *kd = NULL; #ifdef OPENSSL_HAS_ECC - struct sshkey *ke; + struct sshkey *ke = NULL; #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ - struct sshbuf *b; + struct sshbuf *b = NULL; TEST_START("new invalid"); k1 = sshkey_new(-42); @@ -208,12 +208,14 @@ sshkey_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_DSA TEST_START("new/free KEY_DSA"); k1 = sshkey_new(KEY_DSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->dsa, NULL); sshkey_free(k1); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("new/free KEY_ECDSA"); @@ -245,12 +247,14 @@ sshkey_tests(void) ASSERT_PTR_EQ(k1, NULL); TEST_DONE(); +#ifdef WITH_DSA TEST_START("generate KEY_DSA wrong bits"); ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 2048, &k1), SSH_ERR_KEY_LENGTH); ASSERT_PTR_EQ(k1, NULL); sshkey_free(k1); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("generate KEY_ECDSA wrong bits"); @@ -273,6 +277,7 @@ sshkey_tests(void) ASSERT_INT_EQ(BN_num_bits(rsa_n(kr)), 1024); TEST_DONE(); +#ifdef WITH_DSA TEST_START("generate KEY_DSA"); ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0); ASSERT_PTR_NE(kd, NULL); @@ -280,6 +285,7 @@ sshkey_tests(void) ASSERT_PTR_NE(dsa_g(kd), NULL); ASSERT_PTR_NE(dsa_priv_key(kd), NULL); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("generate KEY_ECDSA"); @@ -317,6 +323,7 @@ sshkey_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_DSA TEST_START("demote KEY_DSA"); ASSERT_INT_EQ(sshkey_from_private(kd, &k1), 0); ASSERT_PTR_NE(k1, NULL); @@ -331,6 +338,7 @@ sshkey_tests(void) ASSERT_INT_EQ(sshkey_equal(kd, k1), 1); sshkey_free(k1); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("demote KEY_ECDSA"); @@ -382,9 +390,6 @@ sshkey_tests(void) ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &k1), 0); ASSERT_INT_EQ(sshkey_equal(kr, k1), 0); sshkey_free(k1); - ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &k1), 0); - ASSERT_INT_EQ(sshkey_equal(kd, k1), 0); - sshkey_free(k1); #ifdef OPENSSL_HAS_ECC ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &k1), 0); ASSERT_INT_EQ(sshkey_equal(ke, k1), 0); @@ -479,6 +484,7 @@ sshkey_tests(void) sshkey_free(k2); TEST_DONE(); +#ifdef WITH_DSA TEST_START("sign and verify DSA"); k1 = get_private("dsa_1"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2, @@ -487,6 +493,7 @@ sshkey_tests(void) sshkey_free(k1); sshkey_free(k2); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("sign and verify ECDSA"); diff --git a/regress/unittests/sshsig/tests.c b/regress/unittests/sshsig/tests.c index 13cfcfde2..80966bdd2 100644 --- a/regress/unittests/sshsig/tests.c +++ b/regress/unittests/sshsig/tests.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.3 2021/12/14 21:25:27 deraadt Exp $ */ +/* $OpenBSD: tests.c,v 1.4 2024/01/11 01:45:59 djm Exp $ */ /* * Regress test for sshbuf.h buffer API * @@ -103,9 +103,11 @@ tests(void) check_sig("rsa.pub", "rsa.sig", msg, namespace); TEST_DONE(); +#ifdef WITH_DSA TEST_START("check DSA signature"); check_sig("dsa.pub", "dsa.sig", msg, namespace); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("check ECDSA signature"); From 50080fa42f5f744b798ee29400c0710f1b59f50e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 11 Jan 2024 04:50:28 +0000 Subject: [PATCH 25/64] upstream: don't disable RSA test when DSA is disabled; bug introduced in last commit OpenBSD-Regress-ID: 8780a7250bf742b33010e9336359a1c516f2d7b5 --- regress/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/regress/Makefile b/regress/Makefile index 8add2f5cf..ca9c66e19 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.132 2024/01/11 01:45:58 djm Exp $ +# $OpenBSD: Makefile,v 1.133 2024/01/11 04:50:28 djm Exp $ tests: prep file-tests t-exec unit From 0d96b1506b2f4757fefa5d1f884d49e96a6fd4c3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 16 Jan 2024 14:40:18 +1100 Subject: [PATCH 26/64] skip tests that use multiplexing on Windows Some tests here use multiplexing, skip these if DISABLE_FD_PASSING is set. Should unbreak tests on Windows. --- regress/channel-timeout.sh | 68 ++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 32 deletions(-) diff --git a/regress/channel-timeout.sh b/regress/channel-timeout.sh index 4293f0179..97708f2a2 100644 --- a/regress/channel-timeout.sh +++ b/regress/channel-timeout.sh @@ -74,40 +74,44 @@ if [ $r -ne 23 ]; then fail "ssh failed" fi -verbose "multiplexed command timeout" -(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=1") \ - > $OBJ/sshd_proxy -open_mux -mux_client "sleep 5 ; exit 23" -r=$? -if [ $r -ne 255 ]; then - fail "ssh returned unexpected error code $r" -fi -close_mux +if config_defined DISABLE_FD_PASSING ; then + verbose "skipping multiplexing tests" +else + verbose "multiplexed command timeout" + (cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=1") \ + > $OBJ/sshd_proxy + open_mux + mux_client "sleep 5 ; exit 23" + r=$? + if [ $r -ne 255 ]; then + fail "ssh returned unexpected error code $r" + fi + close_mux -verbose "irrelevant multiplexed command timeout" -(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:shell=1") \ - > $OBJ/sshd_proxy -open_mux -mux_client "sleep 5 ; exit 23" -r=$? -if [ $r -ne 23 ]; then - fail "ssh returned unexpected error code $r" -fi -close_mux + verbose "irrelevant multiplexed command timeout" + (cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:shell=1") \ + > $OBJ/sshd_proxy + open_mux + mux_client "sleep 5 ; exit 23" + r=$? + if [ $r -ne 23 ]; then + fail "ssh returned unexpected error code $r" + fi + close_mux -verbose "global command timeout" -(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout global=10") \ - > $OBJ/sshd_proxy -open_mux -mux_client "sleep 1 ; echo ok ; sleep 1; echo ok; sleep 60; touch $OBJ/finished.1" >/dev/null & -mux_client "sleep 60 ; touch $OBJ/finished.2" >/dev/null & -mux_client "sleep 2 ; touch $OBJ/finished.3" >/dev/null & -wait -test -f $OBJ/finished.1 && fail "first mux process completed" -test -f $OBJ/finished.2 && fail "second mux process completed" -test -f $OBJ/finished.3 || fail "third mux process did not complete" -close_mux + verbose "global command timeout" + (cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout global=10") \ + > $OBJ/sshd_proxy + open_mux + mux_client "sleep 1 ; echo ok ; sleep 1; echo ok; sleep 60; touch $OBJ/finished.1" >/dev/null & + mux_client "sleep 60 ; touch $OBJ/finished.2" >/dev/null & + mux_client "sleep 2 ; touch $OBJ/finished.3" >/dev/null & + wait + test -f $OBJ/finished.1 && fail "first mux process completed" + test -f $OBJ/finished.2 && fail "second mux process completed" + test -f $OBJ/finished.3 || fail "third mux process did not complete" + close_mux +fi # Set up a "slow sftp server" that sleeps before executing the real one. cat > $OBJ/slow-sftp-server.sh << _EOF From afd613528fd1891a40489c19f746478f8c248842 Mon Sep 17 00:00:00 2001 From: "tgauth@bu.edu" Date: Mon, 22 Jan 2024 13:07:57 -0500 Subject: [PATCH 27/64] skip bash tests that use multiplexing on Windows with explicit if --- regress/channel-timeout.sh | 74 +++++++++++++++++++------------------- 1 file changed, 38 insertions(+), 36 deletions(-) diff --git a/regress/channel-timeout.sh b/regress/channel-timeout.sh index 83120ec9d..4e0539bcc 100644 --- a/regress/channel-timeout.sh +++ b/regress/channel-timeout.sh @@ -28,7 +28,7 @@ mux_client() { ${SSH} -F $OBJ/ssh_proxy -oControlPath=$MUXPATH somehost "$@" } -rm -f $OBJ/sshd_proxy.orig +rm -f $OBJ/sshd_proxy.orig cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig verbose "no timeout" @@ -77,43 +77,45 @@ if [ $r -ne 23 ]; then fail "ssh failed" fi -if config_defined DISABLE_FD_PASSING ; then - verbose "skipping multiplexing tests" -else - verbose "multiplexed command timeout" - (cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=1") \ - > $OBJ/sshd_proxy - open_mux - mux_client "sleep 5 ; exit 23" - r=$? - if [ $r -ne 255 ]; then - fail "ssh returned unexpected error code $r" - fi - close_mux +if [ "$os" != "windows" ]; then + if config_defined DISABLE_FD_PASSING ; then + verbose "skipping multiplexing tests" + else + verbose "multiplexed command timeout" + (cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=1") \ + > $OBJ/sshd_proxy + open_mux + mux_client "sleep 5 ; exit 23" + r=$? + if [ $r -ne 255 ]; then + fail "ssh returned unexpected error code $r" + fi + close_mux - verbose "irrelevant multiplexed command timeout" - (cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:shell=1") \ - > $OBJ/sshd_proxy - open_mux - mux_client "sleep 5 ; exit 23" - r=$? - if [ $r -ne 23 ]; then - fail "ssh returned unexpected error code $r" - fi - close_mux + verbose "irrelevant multiplexed command timeout" + (cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:shell=1") \ + > $OBJ/sshd_proxy + open_mux + mux_client "sleep 5 ; exit 23" + r=$? + if [ $r -ne 23 ]; then + fail "ssh returned unexpected error code $r" + fi + close_mux - verbose "global command timeout" - (cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout global=10") \ - > $OBJ/sshd_proxy - open_mux - mux_client "sleep 1 ; echo ok ; sleep 1; echo ok; sleep 60; touch $OBJ/finished.1" >/dev/null & - mux_client "sleep 60 ; touch $OBJ/finished.2" >/dev/null & - mux_client "sleep 2 ; touch $OBJ/finished.3" >/dev/null & - wait - test -f $OBJ/finished.1 && fail "first mux process completed" - test -f $OBJ/finished.2 && fail "second mux process completed" - test -f $OBJ/finished.3 || fail "third mux process did not complete" - close_mux + verbose "global command timeout" + (cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout global=10") \ + > $OBJ/sshd_proxy + open_mux + mux_client "sleep 1 ; echo ok ; sleep 1; echo ok; sleep 60; touch $OBJ/finished.1" >/dev/null & + mux_client "sleep 60 ; touch $OBJ/finished.2" >/dev/null & + mux_client "sleep 2 ; touch $OBJ/finished.3" >/dev/null & + wait + test -f $OBJ/finished.1 && fail "first mux process completed" + test -f $OBJ/finished.2 && fail "second mux process completed" + test -f $OBJ/finished.3 || fail "third mux process did not complete" + close_mux + fi fi # Set up a "slow sftp server" that sleeps before executing the real one. From 9015aa2ecac1b7b6bb7eaefbe5479caaf1d1c27f Mon Sep 17 00:00:00 2001 From: "tgauth@bu.edu" Date: Mon, 22 Jan 2024 14:16:56 -0500 Subject: [PATCH 28/64] add WITH_DSA flag to compilation options --- contrib/win32/openssh/config.h.vs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/contrib/win32/openssh/config.h.vs b/contrib/win32/openssh/config.h.vs index d19b10758..5673d1375 100644 --- a/contrib/win32/openssh/config.h.vs +++ b/contrib/win32/openssh/config.h.vs @@ -1698,7 +1698,7 @@ #define HAVE_BZERO 1 #define PATH_MAX 32768 -#define S_IFIFO 0x1000 +#define S_IFIFO 0x1000 #define HAVE_EXPLICIT_BZERO #define HAVE_MBTOWC 1 #define HAVE_LLABS 1 @@ -1713,7 +1713,7 @@ #define __STDC__ 1 #define umac128_new umac_new -#define umac128_update umac_update +#define umac128_update umac_update #define umac_final umac128_final #define umac_delete umac128_delete @@ -1768,3 +1768,4 @@ #define HAVE_EVP_PKEY_GET0_RSA 1 #define HAVE_EVP_MD_CTX_NEW 1 #define HAVE_EVP_MD_CTX_FREE 1 +#define WITH_DSA 1 From c283f29d23611a06bbee06bcf458f2fffad721d9 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 1 Feb 2024 02:37:33 +0000 Subject: [PATCH 29/64] upstream: whitespace OpenBSD-Commit-ID: bf9e4a1049562ee4322684fbdce07142f04fdbb7 --- gss-genr.c | 8 ++++---- nchan.c | 4 ++-- session.c | 4 ++-- sftp.c | 44 +++++++++++++++++++++--------------------- sshbuf-getput-crypto.c | 4 ++-- 5 files changed, 32 insertions(+), 32 deletions(-) diff --git a/gss-genr.c b/gss-genr.c index 2cd695e54..aa34b71c5 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.28 2021/01/27 10:05:28 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.29 2024/02/01 02:37:33 djm Exp $ */ /* * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. @@ -278,7 +278,7 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"}; /* RFC 4462 says we MUST NOT do SPNEGO */ - if (oid->length == spnego_oid.length && + if (oid->length == spnego_oid.length && (memcmp(oid->elements, spnego_oid.elements, oid->length) == 0)) return 0; /* false */ @@ -286,7 +286,7 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) ssh_gssapi_set_oid(*ctx, oid); major = ssh_gssapi_import_name(*ctx, host); if (!GSS_ERROR(major)) { - major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, + major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, NULL); gss_release_buffer(&minor, &token); if ((*ctx)->context != GSS_C_NO_CONTEXT) @@ -294,7 +294,7 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) GSS_C_NO_BUFFER); } - if (GSS_ERROR(major)) + if (GSS_ERROR(major)) ssh_gssapi_delete_ctx(ctx); return (!GSS_ERROR(major)); diff --git a/nchan.c b/nchan.c index d33426fed..b156695b2 100644 --- a/nchan.c +++ b/nchan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nchan.c,v 1.74 2022/02/01 23:32:51 djm Exp $ */ +/* $OpenBSD: nchan.c,v 1.75 2024/02/01 02:37:33 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -349,7 +349,7 @@ chan_is_dead(struct ssh *ssh, Channel *c, int do_send) if (c->flags & CHAN_LOCAL) { debug2("channel %d: is dead (local)", c->self); return 1; - } + } if (!(c->flags & CHAN_CLOSE_SENT)) { if (do_send) { chan_send_close2(ssh, c); diff --git a/session.c b/session.c index aa342e84d..c821dcd44 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.336 2023/08/10 23:05:48 djm Exp $ */ +/* $OpenBSD: session.c,v 1.337 2024/02/01 02:37:33 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1327,7 +1327,7 @@ safely_chroot(const char *path, uid_t uid) memcpy(component, path, cp - path); component[cp - path] = '\0'; } - + debug3_f("checking '%s'", component); if (stat(component, &st) != 0) diff --git a/sftp.c b/sftp.c index c609b4153..76ba4de37 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.236 2023/09/10 23:12:32 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.237 2024/02/01 02:37:33 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -177,24 +177,24 @@ struct CMD { #define LOCAL 2 static const struct CMD cmds[] = { - { "bye", I_QUIT, NOARGS, NOARGS }, - { "cd", I_CHDIR, REMOTE, NOARGS }, - { "chdir", I_CHDIR, REMOTE, NOARGS }, - { "chgrp", I_CHGRP, REMOTE, NOARGS }, - { "chmod", I_CHMOD, REMOTE, NOARGS }, - { "chown", I_CHOWN, REMOTE, NOARGS }, - { "copy", I_COPY, REMOTE, LOCAL }, - { "cp", I_COPY, REMOTE, LOCAL }, - { "df", I_DF, REMOTE, NOARGS }, - { "dir", I_LS, REMOTE, NOARGS }, - { "exit", I_QUIT, NOARGS, NOARGS }, - { "get", I_GET, REMOTE, LOCAL }, - { "help", I_HELP, NOARGS, NOARGS }, + { "bye", I_QUIT, NOARGS, NOARGS }, + { "cd", I_CHDIR, REMOTE, NOARGS }, + { "chdir", I_CHDIR, REMOTE, NOARGS }, + { "chgrp", I_CHGRP, REMOTE, NOARGS }, + { "chmod", I_CHMOD, REMOTE, NOARGS }, + { "chown", I_CHOWN, REMOTE, NOARGS }, + { "copy", I_COPY, REMOTE, LOCAL }, + { "cp", I_COPY, REMOTE, LOCAL }, + { "df", I_DF, REMOTE, NOARGS }, + { "dir", I_LS, REMOTE, NOARGS }, + { "exit", I_QUIT, NOARGS, NOARGS }, + { "get", I_GET, REMOTE, LOCAL }, + { "help", I_HELP, NOARGS, NOARGS }, { "lcd", I_LCHDIR, LOCAL, NOARGS }, { "lchdir", I_LCHDIR, LOCAL, NOARGS }, { "lls", I_LLS, LOCAL, NOARGS }, { "lmkdir", I_LMKDIR, LOCAL, NOARGS }, - { "ln", I_LINK, REMOTE, REMOTE }, + { "ln", I_LINK, REMOTE, REMOTE }, { "lpwd", I_LPWD, LOCAL, NOARGS }, { "ls", I_LS, REMOTE, NOARGS }, { "lumask", I_LUMASK, NOARGS, NOARGS }, @@ -203,17 +203,17 @@ static const struct CMD cmds[] = { { "mput", I_PUT, LOCAL, REMOTE }, { "progress", I_PROGRESS, NOARGS, NOARGS }, { "put", I_PUT, LOCAL, REMOTE }, - { "pwd", I_PWD, REMOTE, NOARGS }, - { "quit", I_QUIT, NOARGS, NOARGS }, - { "reget", I_REGET, REMOTE, LOCAL }, - { "rename", I_RENAME, REMOTE, REMOTE }, + { "pwd", I_PWD, REMOTE, NOARGS }, + { "quit", I_QUIT, NOARGS, NOARGS }, + { "reget", I_REGET, REMOTE, LOCAL }, + { "rename", I_RENAME, REMOTE, REMOTE }, { "reput", I_REPUT, LOCAL, REMOTE }, { "rm", I_RM, REMOTE, NOARGS }, { "rmdir", I_RMDIR, REMOTE, NOARGS }, { "symlink", I_SYMLINK, REMOTE, REMOTE }, - { "version", I_VERSION, NOARGS, NOARGS }, - { "!", I_SHELL, NOARGS, NOARGS }, - { "?", I_HELP, NOARGS, NOARGS }, + { "version", I_VERSION, NOARGS, NOARGS }, + { "!", I_SHELL, NOARGS, NOARGS }, + { "?", I_HELP, NOARGS, NOARGS }, { NULL, -1, -1, -1 } }; diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c index 56ffdd861..af3f39795 100644 --- a/sshbuf-getput-crypto.c +++ b/sshbuf-getput-crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-crypto.c,v 1.10 2022/05/25 06:03:44 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-crypto.c,v 1.11 2024/02/01 02:37:33 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -123,7 +123,7 @@ sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v) SSHBUF_ABORT(); return SSH_ERR_INTERNAL_ERROR; } - return 0; + return 0; } #endif /* OPENSSL_HAS_ECC */ From 3ad669f81aabbd2ba9fbd472903f680f598e1e99 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 1 Feb 2024 14:01:18 +1100 Subject: [PATCH 30/64] ignore some vim droppings --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 5e4ae5a60..7fccc6fe3 100644 --- a/.gitignore +++ b/.gitignore @@ -18,6 +18,8 @@ survey.sh **/*.so **/*.out **/*.a +**/*.un~ +**/.*.swp autom4te.cache/ scp sftp From 0f6a8a0d0a518fd78c4cbebfdac990a57a1c4e41 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 6 Feb 2024 11:18:44 +1100 Subject: [PATCH 31/64] Use "skip" function instead doing it ourselves. --- regress/multiplex.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/regress/multiplex.sh b/regress/multiplex.sh index 8282d0d94..b992cd412 100644 --- a/regress/multiplex.sh +++ b/regress/multiplex.sh @@ -8,8 +8,7 @@ tid="connection multiplexing" trace "will use ProxyCommand $proxycmd" if config_defined DISABLE_FD_PASSING ; then - echo "skipped (not supported on this platform)" - exit 0 + skip "not supported on this platform (FD passing disabled)" fi P=3301 # test port From be5ed8ebed8388c5056bfde4688308cc873c18b9 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 6 Feb 2024 11:19:42 +1100 Subject: [PATCH 32/64] Add --disable-fd-passing option. .. and enable for the minix3 test VM. This will cause it to more reliably skip tests that need FD passing and should fix the current test breakage. --- .github/configs | 12 +++++++----- configure.ac | 10 ++++++++++ 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/.github/configs b/.github/configs index df82faf50..1b1e7aacc 100755 --- a/.github/configs +++ b/.github/configs @@ -269,20 +269,22 @@ case "${TARGET_HOST}" in ;; minix3) CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key" + # Unix domain sockets don't work quite like we expect, so also + # disable FD passing (and thus multiplexing). + CONFIGFLAGS="${CONFIGFLAGS} --disable-fd-passing" LIBCRYPTOFLAGS="--without-openssl" + # Minix does not have a loopback interface so we have to skip any # test that relies on one. # Also, Minix seems to be very limited in the number of select() # calls that can be operating concurrently, so prune additional tests for that. T="addrmatch agent-restrict brokenkeys cfgmatch cfgmatchlisten cfgparse - connect connect-uri exit-status forwarding hostkey-agent - key-options keyscan knownhosts-command login-timeout + connect connect-uri dynamic-forward exit-status forwarding + forward-control + hostkey-agent key-options keyscan knownhosts-command login-timeout reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data transfer" - # Unix domain sockets don't work quite like we expect, so also skip any tests - # that use multiplexing. - T="$T connection-timeout dynamic-forward forward-control multiplex" SKIP_LTESTS="$(echo $T)" TEST_TARGET=t-exec SUDO="" diff --git a/configure.ac b/configure.ac index acea84ca3..6371b386d 100644 --- a/configure.ac +++ b/configure.ac @@ -5305,6 +5305,16 @@ AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], [Specify location of ssh.pid]) AC_SUBST([piddir]) + +AC_ARG_ENABLE([fd-passing], + [ --disable-fd-passing disable file descriptor passsing [no]], + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE([DISABLE_FD_PASSING]) + fi + ] +) + dnl allow user to disable some login recording features AC_ARG_ENABLE([lastlog], [ --disable-lastlog disable use of lastlog even if detected [no]], From 91898bf786b0f149f962c4c96c08a46f29888c10 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 6 Feb 2024 16:21:05 +1100 Subject: [PATCH 33/64] Put privsep dir on OS X on /usr/local. On some runners we can't create /var/empty, so put it some place we can write. Should fix test breakage on Max OS X 11. --- .github/configs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/configs b/.github/configs index 1b1e7aacc..963e87719 100755 --- a/.github/configs +++ b/.github/configs @@ -322,6 +322,10 @@ case "$host" in # modern versions don't ship with libcrypto. LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET=t-exec + + # On some OS X runners we can't write to /var/empty. + CONFIGFLAGS="${CONFIGFLAGS} --with-privsep-path=/usr/local/empty" + case "$host" in *-darwin22.*) # sudo -S nobody doesn't work on macos 13 for some reason. From cbbdf868bce431a59e2fa36ca244d5739429408d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 7 Feb 2024 13:45:02 +1100 Subject: [PATCH 34/64] Interop test against PuTTY snapshot and releases. --- .github/configs | 5 +++++ .github/setup_ci.sh | 26 ++++++++++++++++++++++++++ .github/workflows/c-cpp.yml | 11 +++++++++++ 3 files changed, 42 insertions(+) diff --git a/.github/configs b/.github/configs index 963e87719..370fe29a3 100755 --- a/.github/configs +++ b/.github/configs @@ -164,6 +164,11 @@ case "$config" in libressl-*) LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath," ;; + putty-*) + CONFIGFLAGS="--with-plink=/usr/local/bin/plink --with-puttygen=/usr/local/bin/puttygen" + # We don't need to rerun the regular tests, just the interop ones. + TEST_TARGET=interop-tests + ;; openssl-*) LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath," # OpenSSL 1.1.1 specifically has a bug in its RNG that breaks reexec diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh index d0ba7b472..f0f2761c7 100755 --- a/.github/setup_ci.sh +++ b/.github/setup_ci.sh @@ -142,6 +142,10 @@ for TARGET in $TARGETS; do INSTALL_BORINGSSL=1 PACKAGES="${PACKAGES} cmake ninja-build" ;; + putty-*) + INSTALL_PUTTY=$(echo "${TARGET}" | cut -f2 -d-) + PACKAGES="${PACKAGES} cmake" + ;; valgrind*) PACKAGES="$PACKAGES valgrind" ;; @@ -241,3 +245,25 @@ if [ ! -z "${INSTALL_ZLIB}" ]; then cd ${HOME}/zlib && ./configure && make && sudo make install prefix=/opt/zlib) fi + +if [ ! -z "${INSTALL_PUTTY}" ]; then + ver="${INSTALL_PUTTY}" + case "${INSTALL_PUTTY}" in + snapshot) + tarball=putty.tar.gz + (cd /tmp && wget https://tartarus.org/~simon/putty-snapshots/${tarball}) + ;; + *) + tarball=putty-${ver}.tar.gz + (cd /tmp && wget https://the.earth.li/~sgtatham/putty/${ver}/${tarball}) + ;; + esac + (cd ${HOME} && tar xfz /tmp/${tarball} && cd putty-* + if [ -f CMakeLists.txt ]; then + cmake . && cmake --build . && sudo cmake --build . --target install + else + ./configure && make && sudo make install + fi + ) + /usr/local/bin/plink -V +fi diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml index 8f624d210..f4423dfa9 100644 --- a/.github/workflows/c-cpp.yml +++ b/.github/workflows/c-cpp.yml @@ -76,6 +76,17 @@ jobs: - { target: ubuntu-latest, config: openssl-1.1.1_stable } - { target: ubuntu-latest, config: openssl-3.0 } # stable branch - { target: ubuntu-latest, config: openssl-3.2 } # stable branch + - { target: ubuntu-latest, config: putty-0.71 } + - { target: ubuntu-latest, config: putty-0.72 } + - { target: ubuntu-latest, config: putty-0.73 } + - { target: ubuntu-latest, config: putty-0.74 } + - { target: ubuntu-latest, config: putty-0.75 } + - { target: ubuntu-latest, config: putty-0.76 } + - { target: ubuntu-latest, config: putty-0.77 } + - { target: ubuntu-latest, config: putty-0.78 } + - { target: ubuntu-latest, config: putty-0.79 } + - { target: ubuntu-latest, config: putty-0.80 } + - { target: ubuntu-latest, config: putty-snapshot } - { target: ubuntu-latest, config: zlib-develop } - { target: ubuntu-22.04, config: pam } - { target: ubuntu-22.04, config: krb5 } From efde85dda2130272af24cc346f6c3cd326182ff1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 19 Feb 2024 17:29:31 +1100 Subject: [PATCH 35/64] Improve error message for OpenSSL header check. bz#3668, ok djm@ --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 6371b386d..5f69213a4 100644 --- a/configure.ac +++ b/configure.ac @@ -2802,8 +2802,8 @@ if test "x$openssl" = "xyes" ; then AC_MSG_RESULT([$ssl_header_ver]) ], [ - AC_MSG_RESULT([not found]) - AC_MSG_ERROR([OpenSSL version header not found.]) + AC_MSG_RESULT([failed]) + AC_MSG_ERROR([OpenSSL version test program failed.]) ], [ AC_MSG_WARN([cross compiling: not checking]) From 4dbc5a363ff53a2fcecf6bc3bcc038badc12f118 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 2 Feb 2024 00:13:34 +0000 Subject: [PATCH 36/64] upstream: whitespace OpenBSD-Commit-ID: b24680bc755b621ea801ff8edf6f0f02b68edae1 --- kex.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/kex.h b/kex.h index ba3a6a4ea..0caf42b50 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.121 2023/12/18 14:45:49 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.122 2024/02/02 00:13:34 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -109,10 +109,10 @@ enum kex_exchange { #define KEX_INIT_SENT 0x0001 #define KEX_INITIAL 0x0002 #define KEX_HAS_PUBKEY_HOSTBOUND 0x0004 -#define KEX_RSA_SHA2_256_SUPPORTED 0x0008 /* only set in server for now */ -#define KEX_RSA_SHA2_512_SUPPORTED 0x0010 /* only set in server for now */ -#define KEX_HAS_PING 0x0020 -#define KEX_HAS_EXT_INFO_IN_AUTH 0x0040 +#define KEX_RSA_SHA2_256_SUPPORTED 0x0008 /* only set in server for now */ +#define KEX_RSA_SHA2_512_SUPPORTED 0x0010 /* only set in server for now */ +#define KEX_HAS_PING 0x0020 +#define KEX_HAS_EXT_INFO_IN_AUTH 0x0040 struct sshenc { char *name; From d31c21c57fb4245271680a1e5043cf6470a96766 Mon Sep 17 00:00:00 2001 From: "naddy@openbsd.org" Date: Sat, 10 Feb 2024 11:28:52 +0000 Subject: [PATCH 37/64] upstream: clean sshd random relinking kit; ok miod@ OpenBSD-Commit-ID: 509bb19bb9762a4b3b589af98bac2e730541b6d4 --- .skipped-commit-ids | 1 + 1 file changed, 1 insertion(+) diff --git a/.skipped-commit-ids b/.skipped-commit-ids index 5839cc3ba..06303955c 100644 --- a/.skipped-commit-ids +++ b/.skipped-commit-ids @@ -1,3 +1,4 @@ +509bb19bb9762a4b3b589af98bac2e730541b6d4 clean sshd random relinking kit 5317f294d63a876bfc861e19773b1575f96f027d remove libssh from makefiles a337e886a49f96701ccbc4832bed086a68abfa85 Makefile changes f2c9feb26963615c4fece921906cf72e248b61ee more Makefile From bbf541ee2afe07b08a8b56fa0dc6f38fcfceef2a Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 9 Feb 2024 08:47:42 +0000 Subject: [PATCH 38/64] upstream: Factor out PuTTY setup. Factor out PuTTY and call only when needed. This allows us to avoid PuTTY key setup when it's not needed, which speeds up the overall test run by a couple of percent. OpenBSD-Regress-ID: c25eaccc3c91bc874400f7c85ce40e9032358c1c --- regress/test-exec.sh | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 089ef73c4..4576930ca 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.105 2023/10/31 04:15:40 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.106 2024/02/09 08:47:42 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -762,6 +762,11 @@ case "$SCRIPT" in esac if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then + puttysetup() { + if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then + skip "putty interop tests not enabled" + fi + mkdir -p ${OBJ}/.putty # Add a PuTTY key to authorized_keys @@ -794,8 +799,24 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then echo "ProxyTelnetCommand=${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy + PUTTYVER="`${PLINK} --version | awk '/plink: Release/{print $3}'`" + PUTTYMINORVER="`echo ${PUTTYVER} | cut -f2 -d.`" + verbose "plink version ${PUTTYVER} minor ${PUTTYMINORVER}" + + # Re-enable ssh-rsa on older PuTTY versions since they don't do newer + # key types. + if [ "$PUTTYMINORVER" -lt "76" ]; then + echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy + echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy + fi + + if [ "$PUTTYMINORVER" -le "64" ]; then + echo "KexAlgorithms +diffie-hellman-group14-sha1" \ + >>${OBJ}/sshd_proxy + fi PUTTYDIR=${OBJ}/.putty export PUTTYDIR + } fi REGRESS_INTEROP_DROPBEAR=no From 84046f9991abef5f46b040b10cf3d494f933a17b Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 9 Feb 2024 08:56:59 +0000 Subject: [PATCH 39/64] upstream: Exapnd PuTTY test coverage. Expand the set of ciphers, MACs and KEX methods in the PuTTY interop tests. OpenBSD-Regress-ID: dd28d97d48efe7329a396d0d505ee2907bf7fc57 --- regress/putty-ciphers.sh | 51 ++++++++++++++++++++++++++++----------- regress/putty-kex.sh | 44 +++++++++++++++++++-------------- regress/putty-transfer.sh | 13 ++-------- 3 files changed, 65 insertions(+), 43 deletions(-) diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh index 5b8e25a27..30f6461cc 100644 --- a/regress/putty-ciphers.sh +++ b/regress/putty-ciphers.sh @@ -1,24 +1,47 @@ -# $OpenBSD: putty-ciphers.sh,v 1.11 2021/09/01 03:16:06 dtucker Exp $ +# $OpenBSD: putty-ciphers.sh,v 1.13 2024/02/09 08:56:59 dtucker Exp $ # Placed in the Public Domain. tid="putty ciphers" -if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then - skip "putty interop tests not enabled" -fi +puttysetup -# Re-enable ssh-rsa on older PuTTY versions. -oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`" -if [ "x$oldver" = "xyes" ]; then - echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy - echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy -fi +cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy_bak -for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do - verbose "$tid: cipher $c" +# Since there doesn't seem to be a way to set MACs on the PuTTY client side, +# we force each in turn on the server side, omitting the ones PuTTY doesn't +# support. Grepping the binary is pretty janky, but AFAIK there's no way to +# query for supported algos. +macs="" +for m in `${SSH} -Q MACs`; do + if strings "${PLINK}" | grep -E "^${m}$" >/dev/null; then + macs="${macs} ${m}" + else + trace "omitting unsupported MAC ${m}" + fi +done + +ciphers="" +for c in `${SSH} -Q Ciphers`; do + if strings "${PLINK}" | grep -E "^${c}$" >/dev/null; then + ciphers="${ciphers} ${c}" + else + trace "omitting unsupported cipher ${c}" + fi +done + +for c in default $ciphers; do + for m in default ${macs}; do + verbose "$tid: cipher $c mac $m" cp ${OBJ}/.putty/sessions/localhost_proxy \ ${OBJ}/.putty/sessions/cipher_$c - echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c + if [ "${c}" != "default" ]; then + echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c + fi + + cp ${OBJ}/sshd_proxy_bak ${OBJ}/sshd_proxy + if [ "${m}" != "default" ]; then + echo "MACs $m" >> ${OBJ}/sshd_proxy + fi rm -f ${COPY} env HOME=$PWD ${PLINK} -load cipher_$c -batch -i ${OBJ}/putty.rsa2 \ @@ -27,6 +50,6 @@ for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do fail "ssh cat $DATA failed" fi cmp ${DATA} ${COPY} || fail "corrupted copy" + done done rm -f ${COPY} - diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh index c75802a06..22f8bd706 100644 --- a/regress/putty-kex.sh +++ b/regress/putty-kex.sh @@ -1,28 +1,36 @@ -# $OpenBSD: putty-kex.sh,v 1.9 2021/09/01 03:16:06 dtucker Exp $ +# $OpenBSD: putty-kex.sh,v 1.11 2024/02/09 08:56:59 dtucker Exp $ # Placed in the Public Domain. tid="putty KEX" -if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then - skip "putty interop tests not enabled" -fi +puttysetup -# Re-enable ssh-rsa on older PuTTY versions. -oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`" -if [ "x$oldver" = "xyes" ]; then - echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy - echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy -fi +cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy_bak -for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do - verbose "$tid: kex $k" - cp ${OBJ}/.putty/sessions/localhost_proxy \ - ${OBJ}/.putty/sessions/kex_$k - echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k +# Enable group1, which PuTTY now disables by default +echo "KEX=dh-group1-sha1" >>${OBJ}/.putty/sessions/localhost_proxy - env HOME=$PWD ${PLINK} -load kex_$k -batch -i ${OBJ}/putty.rsa2 true - if [ $? -ne 0 ]; then - fail "KEX $k failed" +# Grepping algos out of the binary is pretty janky, but AFAIK there's no way +# to query supported algos. +kex="" +for k in `$SSH -Q kex`; do + if strings "${PLINK}" | grep -E "^${k}$" >/dev/null; then + kex="${kex} ${k}" + else + trace "omitting unsupported KEX ${k}" fi done +for k in ${kex}; do + verbose "$tid: kex $k" + cp ${OBJ}/sshd_proxy_bak ${OBJ}/sshd_proxy + echo "KexAlgorithms ${k}" >>${OBJ}/sshd_proxy + + env HOME=$PWD ${PLINK} -v -load localhost_proxy -batch -i ${OBJ}/putty.rsa2 true \ + 2>${OBJ}/log/putty-kex-$k.log + if [ $? -ne 0 ]; then + fail "KEX $k failed" + fi + kexmsg=`grep -E '^Doing.* key exchange' ${OBJ}/log/putty-kex-$k.log` + trace putty: ${kexmsg} +done diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh index a6864f951..1920f49ac 100644 --- a/regress/putty-transfer.sh +++ b/regress/putty-transfer.sh @@ -1,18 +1,9 @@ -# $OpenBSD: putty-transfer.sh,v 1.11 2021/09/01 03:16:06 dtucker Exp $ +# $OpenBSD: putty-transfer.sh,v 1.12 2024/02/09 08:47:42 dtucker Exp $ # Placed in the Public Domain. tid="putty transfer data" -if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then - skip "putty interop tests not enabled" -fi - -# Re-enable ssh-rsa on older PuTTY versions. -oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`" -if [ "x$oldver" = "xyes" ]; then - echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy - echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy -fi +puttysetup if [ "`${SSH} -Q compression`" = "none" ]; then comp="0" From e27f032aa8fcbae9b2e7c451baaf4b8ac6fa3d45 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Mon, 19 Feb 2024 09:25:52 +0000 Subject: [PATCH 40/64] upstream: Always define puttysetup function. OpenBSD-Regress-ID: b4c0ccfa4006a1bc5dfd99ccf21c854d3ce2aee0 --- regress/test-exec.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 4576930ca..5ab4cb5d5 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.106 2024/02/09 08:47:42 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.107 2024/02/19 09:25:52 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -761,8 +761,7 @@ case "$SCRIPT" in *) REGRESS_INTEROP_PUTTY=no ;; esac -if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then - puttysetup() { +puttysetup() { if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then skip "putty interop tests not enabled" fi @@ -816,8 +815,7 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then fi PUTTYDIR=${OBJ}/.putty export PUTTYDIR - } -fi +} REGRESS_INTEROP_DROPBEAR=no if test -x "$DROPBEARKEY" -a -x "$DBCLIENT" -a -x "$DROPBEARCONVERT"; then From ee6d932acb532f80b11bb7cf161668c70ec8a117 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 20 Feb 2024 04:10:03 +0000 Subject: [PATCH 41/64] upstream: don't append a gratuitous space to the end of subsystem arguments; bz3667 OpenBSD-Commit-ID: e11023aeb3f30b77a674e37b8292c862926d5dc6 --- servconf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/servconf.c b/servconf.c index 86c297936..fc873195d 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.403 2023/10/11 22:42:26 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.404 2024/02/20 04:10:03 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1945,7 +1945,7 @@ process_server_config_line_depth(ServerOptions *options, char *line, arg = argv_assemble(1, &arg); /* quote command correctly */ arg2 = argv_assemble(ac, av); /* rest of command */ xasprintf(&options->subsystem_args[options->num_subsystems], - "%s %s", arg, arg2); + "%s%s%s", arg, *arg2 == '\0' ? "" : " ", arg2); free(arg2); argv_consume(&ac); options->num_subsystems++; From 9844aa2521ccfb1a2d73745680327b79e0574445 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 21 Feb 2024 05:57:34 +0000 Subject: [PATCH 42/64] upstream: fix proxy multiplexing mode, broken when keystroke timing obfuscation was added. GHPR#463 from montag451 OpenBSD-Commit-ID: 4e412d59b3f557d431f1d81c715a3bc0491cc677 --- clientloop.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clientloop.c b/clientloop.c index eb4902905..8ec36af94 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.402 2023/11/24 00:31:30 dtucker Exp $ */ +/* $OpenBSD: clientloop.c,v 1.403 2024/02/21 05:57:34 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -517,7 +517,7 @@ send_chaff(struct ssh *ssh) { int r; - if ((ssh->kex->flags & KEX_HAS_PING) == 0) + if (ssh->kex == NULL || (ssh->kex->flags & KEX_HAS_PING) == 0) return 0; /* XXX probabilistically send chaff? */ /* From ab73f9678ebf06b32d6361b88b50b42775e0565b Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 21 Feb 2024 06:01:13 +0000 Subject: [PATCH 43/64] upstream: fix typo in match directive predicate (s/tagged/tag) GHPR#462 from Tobias Manske OpenBSD-Commit-ID: 05b23b772677d48aa82eefd7ebebd369ae758908 --- ssh_config.5 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ssh_config.5 b/ssh_config.5 index 35aa2c0cc..2931d807e 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.393 2024/01/10 06:33:13 jmc Exp $ -.Dd $Mdocdate: January 10 2024 $ +.\" $OpenBSD: ssh_config.5,v 1.394 2024/02/21 06:01:13 djm Exp $ +.Dd $Mdocdate: February 21 2024 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -144,7 +144,7 @@ The available criteria keywords are: .Cm localnetwork , .Cm host , .Cm originalhost , -.Cm Tag , +.Cm tagged , .Cm user , and .Cm localuser . From d410e17d186552d0717f18217d0d049486754365 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 21 Feb 2024 06:05:06 +0000 Subject: [PATCH 44/64] =?UTF-8?q?upstream:=20.Cm=20for=20a=20keyword.=20Pa?= =?UTF-8?q?rt=20of=20GHPR#454=20from=20Niklas=20Hamb=C3=BCchen?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: d59c52559f926fa82859035d79749fbb4a3ce18a --- sshd_config.5 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/sshd_config.5 b/sshd_config.5 index 3e0befab1..5fe5ea929 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.352 2024/01/10 06:33:13 jmc Exp $ -.Dd $Mdocdate: January 10 2024 $ +.\" $OpenBSD: sshd_config.5,v 1.353 2024/02/21 06:05:06 djm Exp $ +.Dd $Mdocdate: February 21 2024 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1126,7 +1126,8 @@ DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level violates the privacy of users and is not recommended. .It Cm LogVerbose -Specify one or more overrides to LogLevel. +Specify one or more overrides to +.Cm LogLevel . An override consists of a pattern lists that matches the source file, function and line number to force detailed logging for. For example, an override pattern of: From d1164cb1001dd208fee88aaa9b43d5e6fd917274 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 21 Feb 2024 06:06:43 +0000 Subject: [PATCH 45/64] upstream: clarify permissions requirements for ChrootDirectory Part MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit of GHPR#454 from Niklas Hambüchen MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: d37bc8786317a11649c62ff5e2936441186ef7a0 --- sshd_config.5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sshd_config.5 b/sshd_config.5 index 5fe5ea929..57da2c25d 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.353 2024/02/21 06:05:06 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.354 2024/02/21 06:06:43 djm Exp $ .Dd $Mdocdate: February 21 2024 $ .Dt SSHD_CONFIG 5 .Os @@ -485,7 +485,7 @@ to after authentication. At session startup .Xr sshd 8 checks that all components of the pathname are root-owned directories -which are not writable by any other user or group. +which are not writable by group or others. After the chroot, .Xr sshd 8 changes the working directory to the user's home directory. From 9ee335aacc9f5bdc4cc2c19fafb45e27be7d234e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 21 Feb 2024 06:17:29 +0000 Subject: [PATCH 46/64] upstream: explain arguments of internal-sftp GHPR#454 from Niklas MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Hambüchen MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 0335d641ae6b5b6201b9ffd5dd06345ebbd0a3f3 --- sshd_config.5 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/sshd_config.5 b/sshd_config.5 index 57da2c25d..a0f16874f 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.354 2024/02/21 06:06:43 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.355 2024/02/21 06:17:29 djm Exp $ .Dd $Mdocdate: February 21 2024 $ .Dt SSHD_CONFIG 5 .Os @@ -1792,6 +1792,14 @@ implements an in-process SFTP server. This may simplify configurations using .Cm ChrootDirectory to force a different filesystem root on clients. +It accepts the same command line arguments as +.Cm sftp-server +and even though it is in-process, settings such as +.Cm LogLevel +or +.Cm SyslogFacility +do not apply to it and must be set explicitly via +command line arguments. .Pp By default no subsystems are defined. .It Cm SyslogFacility From d86bf8a3f6ea4fa7887406c2aa9959db71fa41be Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 22 Feb 2024 12:06:10 +1100 Subject: [PATCH 47/64] more descriptive configure test name --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 5f69213a4..fda092830 100644 --- a/configure.ac +++ b/configure.ac @@ -3006,7 +3006,7 @@ if test "x$openssl" = "xyes" ; then fi # Check for OpenSSL without EVP_aes_{192,256}_cbc - AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) + AC_MSG_CHECKING([whether OpenSSL lacks support for AES 192/256]) AC_LINK_IFELSE( [AC_LANG_PROGRAM([[ #include From 6886e1b1f55c90942e4e6deed930f8ac32e0f938 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 22 Feb 2024 17:59:35 +1100 Subject: [PATCH 48/64] Add nbsd10 test target. --- .github/workflows/selfhosted.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/selfhosted.yml b/.github/workflows/selfhosted.yml index be0b4ffec..4f1c587a5 100644 --- a/.github/workflows/selfhosted.yml +++ b/.github/workflows/selfhosted.yml @@ -73,6 +73,7 @@ jobs: - { target: fbsd14, config: pam, host: libvirt } - { target: nbsd8, config: pam, host: libvirt } - { target: nbsd9, config: pam, host: libvirt } + - { target: nbsd10, config: pam, host: libvirt } # VMs with persistent disks that have their own runner. - { target: win10, config: default, host: win10 } - { target: win10, config: cygwin-release, host: win10 } From 65a44a8a4f7d902a64d4e60eda84384b2e2a24a2 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 4 Mar 2024 02:16:11 +0000 Subject: [PATCH 49/64] upstream: Separate parsing of string array options from applying them to the active configuration. This fixes the config parser from erroneously rejecting cases like: AuthenticationMethods password Match User ivy AuthenticationMethods any bz3657 ok markus@ OpenBSD-Commit-ID: 7f196cba634c2a3dba115f3fac3c4635a2199491 --- misc.c | 15 ++++- misc.h | 3 +- readconf.c | 147 +++++++++++++++++++++++++++-------------------- readconf.h | 6 +- servconf.c | 166 +++++++++++++++++++++++++++++++++++------------------ 5 files changed, 215 insertions(+), 122 deletions(-) diff --git a/misc.c b/misc.c index 3db2e4d0b..5dc9d54a2 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.189 2023/10/12 03:36:32 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.190 2024/03/04 02:16:11 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005-2020 Damien Miller. All rights reserved. @@ -2644,6 +2644,19 @@ opt_array_append(const char *file, const int line, const char *directive, opt_array_append2(file, line, directive, array, NULL, lp, s, 0); } +void +opt_array_free2(char **array, int **iarray, u_int l) +{ + u_int i; + + if (array == NULL || l == 0) + return; + for (i = 0; i < l; i++) + free(array[i]); + free(array); + free(iarray); +} + sshsig_t ssh_signal(int signum, sshsig_t handler) { diff --git a/misc.h b/misc.h index 74c6f832c..9bacce520 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.106 2023/10/11 22:42:26 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.107 2024/03/04 02:16:11 djm Exp $ */ /* * Author: Tatu Ylonen @@ -210,6 +210,7 @@ void opt_array_append(const char *file, const int line, void opt_array_append2(const char *file, const int line, const char *directive, char ***array, int **iarray, u_int *lp, const char *s, int i); +void opt_array_free2(char **array, int **iarray, u_int l); struct timespec; void ptimeout_init(struct timespec *pt); diff --git a/readconf.c b/readconf.c index 7b3754283..804fcca2f 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.384 2024/01/11 01:45:36 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.385 2024/03/04 02:16:11 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1032,21 +1032,24 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, { char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *p; char **cpptr, ***cppptr, fwdarg[256]; - u_int i, *uintptr, uvalue, max_entries = 0; + u_int i, *uintptr, max_entries = 0; int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0; - int remotefwd, dynamicfwd, ca_only = 0; + int remotefwd, dynamicfwd, ca_only = 0, found = 0; LogLevel *log_level_ptr; SyslogFacility *log_facility_ptr; long long val64; size_t len; struct Forward fwd; const struct multistate *multistate_ptr; - struct allowed_cname *cname; glob_t gl; const char *errstr; char **oav = NULL, **av; int oac = 0, ac; int ret = -1; + struct allowed_cname *cnames = NULL; + u_int ncnames = 0; + char **strs = NULL; /* string array arguments; freed implicitly */ + u_int nstrs = 0; if (activep == NULL) { /* We are processing a command line directive */ cmdline = 1; @@ -1662,14 +1665,13 @@ parse_pubkey_algos: case oPermitRemoteOpen: uintptr = &options->num_permitted_remote_opens; cppptr = &options->permitted_remote_opens; - uvalue = *uintptr; /* modified later */ - i = 0; + found = *uintptr == 0; while ((arg = argv_next(&ac, &av)) != NULL) { arg2 = xstrdup(arg); /* Allow any/none only in first position */ if (strcasecmp(arg, "none") == 0 || strcasecmp(arg, "any") == 0) { - if (i > 0 || ac > 0) { + if (nstrs > 0 || ac > 0) { error("%s line %d: keyword %s \"%s\" " "argument must appear alone.", filename, linenum, keyword, arg); @@ -1695,17 +1697,20 @@ parse_pubkey_algos: lookup_opcode_name(opcode)); } } - if (*activep && uvalue == 0) { - opt_array_append(filename, linenum, - lookup_opcode_name(opcode), - cppptr, uintptr, arg2); - } + opt_array_append(filename, linenum, + lookup_opcode_name(opcode), + &strs, &nstrs, arg2); free(arg2); - i++; } - if (i == 0) + if (nstrs == 0) fatal("%s line %d: missing %s specification", filename, linenum, lookup_opcode_name(opcode)); + if (found && *activep) { + *cppptr = strs; + *uintptr = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; + } break; case oClearAllForwardings: @@ -1823,12 +1828,14 @@ parse_pubkey_algos: goto parse_int; case oSendEnv: + /* XXX appends to list; doesn't respect first-match-wins */ while ((arg = argv_next(&ac, &av)) != NULL) { if (*arg == '\0' || strchr(arg, '=') != NULL) { error("%s line %d: Invalid environment name.", filename, linenum); goto out; } + found = 1; if (!*activep) continue; if (*arg == '-') { @@ -1840,27 +1847,38 @@ parse_pubkey_algos: lookup_opcode_name(opcode), &options->send_env, &options->num_send_env, arg); } + if (!found) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } break; case oSetEnv: - value = options->num_setenv; + found = options->num_setenv == 0; while ((arg = argv_next(&ac, &av)) != NULL) { if (strchr(arg, '=') == NULL) { error("%s line %d: Invalid SetEnv.", filename, linenum); goto out; } - if (!*activep || value != 0) - continue; - if (lookup_setenv_in_list(arg, options->setenv, - options->num_setenv) != NULL) { + if (lookup_setenv_in_list(arg, strs, nstrs) != NULL) { debug2("%s line %d: ignoring duplicate env " "name \"%.64s\"", filename, linenum, arg); continue; } opt_array_append(filename, linenum, lookup_opcode_name(opcode), - &options->setenv, &options->num_setenv, arg); + &strs, &nstrs, arg); + } + if (nstrs == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->setenv = strs; + options->num_setenv = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; } break; @@ -2069,52 +2087,46 @@ parse_pubkey_algos: goto parse_flag; case oCanonicalDomains: - value = options->num_canonical_domains != 0; - i = 0; + found = options->num_canonical_domains == 0; while ((arg = argv_next(&ac, &av)) != NULL) { - if (*arg == '\0') { - error("%s line %d: keyword %s empty argument", - filename, linenum, keyword); - goto out; - } /* Allow "none" only in first position */ if (strcasecmp(arg, "none") == 0) { - if (i > 0 || ac > 0) { + if (nstrs > 0 || ac > 0) { error("%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); goto out; } } - i++; if (!valid_domain(arg, 1, &errstr)) { error("%s line %d: %s", filename, linenum, errstr); goto out; } - if (!*activep || value) - continue; - if (options->num_canonical_domains >= - MAX_CANON_DOMAINS) { - error("%s line %d: too many hostname suffixes.", - filename, linenum); - goto out; - } - options->canonical_domains[ - options->num_canonical_domains++] = xstrdup(arg); + opt_array_append(filename, linenum, keyword, + &strs, &nstrs, arg); + } + if (nstrs == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->canonical_domains = strs; + options->num_canonical_domains = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; } break; case oCanonicalizePermittedCNAMEs: - value = options->num_permitted_cnames != 0; - i = 0; + found = options->num_permitted_cnames == 0; while ((arg = argv_next(&ac, &av)) != NULL) { /* * Either 'none' (only in first position), '*' for * everything or 'list:list' */ if (strcasecmp(arg, "none") == 0) { - if (i > 0 || ac > 0) { + if (ncnames > 0 || ac > 0) { error("%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); @@ -2135,19 +2147,25 @@ parse_pubkey_algos: *arg2 = '\0'; arg2++; } - i++; - if (!*activep || value) - continue; - if (options->num_permitted_cnames >= - MAX_CANON_DOMAINS) { - error("%s line %d: too many permitted CNAMEs.", - filename, linenum); - goto out; + cnames = xrecallocarray(cnames, ncnames, ncnames + 1, + sizeof(*cnames)); + cnames[ncnames].source_list = xstrdup(arg); + cnames[ncnames].target_list = xstrdup(arg2); + ncnames++; + } + if (ncnames == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->permitted_cnames = cnames; + options->num_permitted_cnames = ncnames; + } else { + for (i = 0; i < ncnames; i++) { + free(cnames[i].source_list); + free(cnames[i].target_list); } - cname = options->permitted_cnames + - options->num_permitted_cnames++; - cname->source_list = xstrdup(arg); - cname->target_list = xstrdup(arg2); + free(cnames); } break; @@ -2329,12 +2347,11 @@ parse_pubkey_algos: break; case oChannelTimeout: - uvalue = options->num_channel_timeouts; - i = 0; + found = options->num_channel_timeouts == 0; while ((arg = argv_next(&ac, &av)) != NULL) { /* Allow "none" only in first position */ if (strcasecmp(arg, "none") == 0) { - if (i > 0 || ac > 0) { + if (nstrs > 0 || ac > 0) { error("%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); @@ -2345,11 +2362,18 @@ parse_pubkey_algos: fatal("%s line %d: invalid channel timeout %s", filename, linenum, arg); } - if (!*activep || uvalue != 0) - continue; opt_array_append(filename, linenum, keyword, - &options->channel_timeouts, - &options->num_channel_timeouts, arg); + &strs, &nstrs, arg); + } + if (nstrs == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->channel_timeouts = strs; + options->num_channel_timeouts = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; } break; @@ -2381,6 +2405,7 @@ parse_pubkey_algos: /* success */ ret = 0; out: + opt_array_free2(strs, NULL, nstrs); argv_free(oav, oac); return ret; } diff --git a/readconf.h b/readconf.h index b18536ab9..9447d5d6e 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.155 2024/01/11 01:45:36 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.156 2024/03/04 02:16:11 djm Exp $ */ /* * Author: Tatu Ylonen @@ -155,12 +155,12 @@ typedef struct { int proxy_use_fdpass; int num_canonical_domains; - char *canonical_domains[MAX_CANON_DOMAINS]; + char **canonical_domains; int canonicalize_hostname; int canonicalize_max_dots; int canonicalize_fallback_local; int num_permitted_cnames; - struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS]; + struct allowed_cname *permitted_cnames; char *revoked_host_keys; diff --git a/servconf.c b/servconf.c index fc873195d..4b434909a 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.404 2024/02/20 04:10:03 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.405 2024/03/04 02:16:11 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1298,12 +1298,12 @@ process_server_config_line_depth(ServerOptions *options, char *line, struct include_list *includes) { char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword; - int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found; - int ca_only = 0; + int cmdline = 0, *intptr, value, value2, n, port, oactive, r; + int ca_only = 0, found = 0; SyslogFacility *log_facility_ptr; LogLevel *log_level_ptr; ServerOpCodes opcode; - u_int i, *uintptr, uvalue, flags = 0; + u_int i, *uintptr, flags = 0; size_t len; long long val64; const struct multistate *multistate_ptr; @@ -1313,6 +1313,8 @@ process_server_config_line_depth(ServerOptions *options, char *line, char **oav = NULL, **av; int oac = 0, ac; int ret = -1; + char **strs = NULL; /* string array arguments; freed implicitly */ + u_int nstrs = 0; /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ if ((len = strlen(line)) == 0) @@ -1775,7 +1777,6 @@ process_server_config_line_depth(ServerOptions *options, char *line, case sLogVerbose: found = options->num_log_verbose == 0; - i = 0; while ((arg = argv_next(&ac, &av)) != NULL) { if (*arg == '\0') { error("%s line %d: keyword %s empty argument", @@ -1784,19 +1785,25 @@ process_server_config_line_depth(ServerOptions *options, char *line, } /* Allow "none" only in first position */ if (strcasecmp(arg, "none") == 0) { - if (i > 0 || ac > 0) { + if (nstrs > 0 || ac > 0) { error("%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); goto out; } } - i++; - if (!found || !*activep) - continue; opt_array_append(filename, linenum, keyword, - &options->log_verbose, &options->num_log_verbose, - arg); + &strs, &nstrs, arg); + } + if (nstrs == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->log_verbose = strs; + options->num_log_verbose = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; } break; @@ -1822,16 +1829,22 @@ process_server_config_line_depth(ServerOptions *options, char *line, chararrayptr = &options->allow_users; uintptr = &options->num_allow_users; parse_allowdenyusers: + /* XXX appends to list; doesn't respect first-match-wins */ while ((arg = argv_next(&ac, &av)) != NULL) { if (*arg == '\0' || match_user(NULL, NULL, NULL, arg) == -1) fatal("%s line %d: invalid %s pattern: \"%s\"", filename, linenum, keyword, arg); + found = 1; if (!*activep) continue; opt_array_append(filename, linenum, keyword, chararrayptr, uintptr, arg); } + if (!found) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } break; case sDenyUsers: @@ -1842,16 +1855,22 @@ process_server_config_line_depth(ServerOptions *options, char *line, case sAllowGroups: chararrayptr = &options->allow_groups; uintptr = &options->num_allow_groups; + /* XXX appends to list; doesn't respect first-match-wins */ parse_allowdenygroups: while ((arg = argv_next(&ac, &av)) != NULL) { if (*arg == '\0') fatal("%s line %d: empty %s pattern", filename, linenum, keyword); + found = 1; if (!*activep) continue; opt_array_append(filename, linenum, keyword, chararrayptr, uintptr, arg); } + if (!found) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } break; case sDenyGroups: @@ -2035,7 +2054,7 @@ process_server_config_line_depth(ServerOptions *options, char *line, * AuthorizedKeysFile /etc/ssh_keys/%u */ case sAuthorizedKeysFile: - uvalue = options->num_authkeys_files; + found = options->num_authkeys_files == 0; while ((arg = argv_next(&ac, &av)) != NULL) { if (*arg == '\0') { error("%s line %d: keyword %s empty argument", @@ -2043,13 +2062,20 @@ process_server_config_line_depth(ServerOptions *options, char *line, goto out; } arg2 = tilde_expand_filename(arg, getuid()); - if (*activep && uvalue == 0) { - opt_array_append(filename, linenum, keyword, - &options->authorized_keys_files, - &options->num_authkeys_files, arg2); - } + opt_array_append(filename, linenum, keyword, + &strs, &nstrs, arg2); free(arg2); } + if (nstrs == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->authorized_keys_files = strs; + options->num_authkeys_files = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; + } break; case sAuthorizedPrincipalsFile: @@ -2075,34 +2101,47 @@ process_server_config_line_depth(ServerOptions *options, char *line, goto parse_int; case sAcceptEnv: + /* XXX appends to list; doesn't respect first-match-wins */ while ((arg = argv_next(&ac, &av)) != NULL) { if (*arg == '\0' || strchr(arg, '=') != NULL) fatal("%s line %d: Invalid environment name.", filename, linenum); + found = 1; if (!*activep) continue; opt_array_append(filename, linenum, keyword, &options->accept_env, &options->num_accept_env, arg); } + if (!found) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } break; case sSetEnv: - uvalue = options->num_setenv; + found = options->num_setenv == 0; while ((arg = argv_next(&ac, &av)) != NULL) { if (*arg == '\0' || strchr(arg, '=') == NULL) fatal("%s line %d: Invalid environment.", filename, linenum); - if (!*activep || uvalue != 0) - continue; - if (lookup_setenv_in_list(arg, options->setenv, - options->num_setenv) != NULL) { + if (lookup_setenv_in_list(arg, strs, nstrs) != NULL) { debug2("%s line %d: ignoring duplicate env " "name \"%.64s\"", filename, linenum, arg); continue; } opt_array_append(filename, linenum, keyword, - &options->setenv, &options->num_setenv, arg); + &strs, &nstrs, arg); + } + if (nstrs == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->setenv = strs; + options->num_setenv = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; } break; @@ -2253,21 +2292,20 @@ process_server_config_line_depth(ServerOptions *options, char *line, uintptr = &options->num_permitted_opens; chararrayptr = &options->permitted_opens; } - arg = argv_next(&ac, &av); - if (!arg || *arg == '\0') - fatal("%s line %d: %s missing argument.", - filename, linenum, keyword); - uvalue = *uintptr; /* modified later */ - if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { - if (*activep && uvalue == 0) { - *uintptr = 1; - *chararrayptr = xcalloc(1, - sizeof(**chararrayptr)); - (*chararrayptr)[0] = xstrdup(arg); + found = *uintptr == 0; + while ((arg = argv_next(&ac, &av)) != NULL) { + if (strcmp(arg, "any") == 0 || + strcmp(arg, "none") == 0) { + if (nstrs != 0) { + fatal("%s line %d: %s must appear " + "alone on a %s line.", + filename, linenum, arg, keyword); + } + opt_array_append(filename, linenum, keyword, + &strs, &nstrs, arg); + continue; } - break; - } - for (; arg != NULL && *arg != '\0'; arg = argv_next(&ac, &av)) { + if (opcode == sPermitListen && strchr(arg, ':') == NULL) { /* @@ -2289,12 +2327,20 @@ process_server_config_line_depth(ServerOptions *options, char *line, fatal("%s line %d: %s bad port number", filename, linenum, keyword); } - if (*activep && uvalue == 0) { - opt_array_append(filename, linenum, keyword, - chararrayptr, uintptr, arg2); - } + opt_array_append(filename, linenum, keyword, + &strs, &nstrs, arg2); free(arg2); } + if (nstrs == 0) { + fatal("%s line %d: %s missing argument.", + filename, linenum, keyword); + } + if (found && *activep) { + *chararrayptr = strs; + *uintptr = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; + } break; case sForceCommand: @@ -2419,10 +2465,9 @@ process_server_config_line_depth(ServerOptions *options, char *line, case sAuthenticationMethods: found = options->num_auth_methods == 0; value = 0; /* seen "any" pseudo-method */ - value2 = 0; /* successfully parsed any method */ while ((arg = argv_next(&ac, &av)) != NULL) { if (strcmp(arg, "any") == 0) { - if (options->num_auth_methods > 0) { + if (nstrs > 0) { fatal("%s line %d: \"any\" must " "appear alone in %s", filename, linenum, keyword); @@ -2435,17 +2480,19 @@ process_server_config_line_depth(ServerOptions *options, char *line, fatal("%s line %d: invalid %s method list.", filename, linenum, keyword); } - value2 = 1; - if (!found || !*activep) - continue; opt_array_append(filename, linenum, keyword, - &options->auth_methods, - &options->num_auth_methods, arg); + &strs, &nstrs, arg); } - if (value2 == 0) { + if (nstrs == 0) { fatal("%s line %d: no %s specified", filename, linenum, keyword); } + if (found && *activep) { + options->auth_methods = strs; + options->num_auth_methods = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; + } break; case sStreamLocalBindMask: @@ -2505,12 +2552,11 @@ process_server_config_line_depth(ServerOptions *options, char *line, goto parse_int; case sChannelTimeout: - uvalue = options->num_channel_timeouts; - i = 0; + found = options->num_channel_timeouts == 0; while ((arg = argv_next(&ac, &av)) != NULL) { /* Allow "none" only in first position */ if (strcasecmp(arg, "none") == 0) { - if (i > 0 || ac > 0) { + if (nstrs > 0 || ac > 0) { error("%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); @@ -2521,11 +2567,18 @@ process_server_config_line_depth(ServerOptions *options, char *line, fatal("%s line %d: invalid channel timeout %s", filename, linenum, arg); } - if (!*activep || uvalue != 0) - continue; opt_array_append(filename, linenum, keyword, - &options->channel_timeouts, - &options->num_channel_timeouts, arg); + &strs, &nstrs, arg); + } + if (nstrs == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->channel_timeouts = strs; + options->num_channel_timeouts = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; } break; @@ -2565,6 +2618,7 @@ process_server_config_line_depth(ServerOptions *options, char *line, /* success */ ret = 0; out: + opt_array_free2(strs, NULL, nstrs); argv_free(oav, oac); return ret; } From 3deb501f86fc47e175ef6a3eaba9b9846a80d444 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 4 Mar 2024 04:13:18 +0000 Subject: [PATCH 50/64] upstream: fix leak of CanonicalizePermittedCNAMEs on error path; spotted by Coverity (CID 438039) OpenBSD-Commit-ID: 208839699939721f452a4418afc028a9f9d3d8af --- readconf.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/readconf.c b/readconf.c index 804fcca2f..3a64a0441 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.385 2024/03/04 02:16:11 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.386 2024/03/04 04:13:18 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -890,6 +890,20 @@ parse_token(const char *cp, const char *filename, int linenum, return oBadOption; } +static void +free_canon_cnames(struct allowed_cname *cnames, u_int n) +{ + u_int i; + + if (cnames == NULL || n == 0) + return; + for (i = 0; i < n; i++) { + free(cnames[i].source_list); + free(cnames[i].target_list); + } + free(cnames); +} + /* Multistate option parsing */ struct multistate { char *key; @@ -2160,13 +2174,10 @@ parse_pubkey_algos: if (found && *activep) { options->permitted_cnames = cnames; options->num_permitted_cnames = ncnames; - } else { - for (i = 0; i < ncnames; i++) { - free(cnames[i].source_list); - free(cnames[i].target_list); - } - free(cnames); + cnames = NULL; /* transferred */ + ncnames = 0; } + /* un-transferred cnames is cleaned up before exit */ break; case oCanonicalizeHostname: @@ -2405,6 +2416,7 @@ parse_pubkey_algos: /* success */ ret = 0; out: + free_canon_cnames(cnames, ncnames); opt_array_free2(strs, NULL, nstrs); argv_free(oav, oac); return ret; From 668d270a6c77e8b5a1da26ecad2e6de9f62c8fe4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 6 Mar 2024 10:33:20 +1100 Subject: [PATCH 51/64] add a --without-retpoline configure option discussed with deraadt and dtucker a while ago --- configure.ac | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index fda092830..c1af4b423 100644 --- a/configure.ac +++ b/configure.ac @@ -149,6 +149,7 @@ fi use_stack_protector=1 use_toolchain_hardening=1 +use_retpoline=1 AC_ARG_WITH([stackprotect], [ --without-stackprotect Don't use compiler's stack protection], [ if test "x$withval" = "xno"; then @@ -159,6 +160,11 @@ AC_ARG_WITH([hardening], if test "x$withval" = "xno"; then use_toolchain_hardening=0 fi ]) +AC_ARG_WITH([retpoline], + [ --without-retpoline Enable retpoline spectre mitigation], [ + if test "x$withval" = "xno"; then + use_retpoline=0 + fi ]) # We use -Werror for the tests only so that we catch warnings like "this is # on by default" for things like -fPIE. @@ -216,8 +222,6 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) if test "x$use_toolchain_hardening" = "x1"; then - OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang - OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) @@ -240,6 +244,10 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then esac OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) fi + if test "x$use_retpoline" = "x1"; then + OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang + OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) + fi AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) saved_CFLAGS="$CFLAGS" From d52b6509210e2043f33e5a1de58dd4a0d5d48c2a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 6 Mar 2024 11:31:36 +1100 Subject: [PATCH 52/64] disable RSA tests when algorithm is not supported Unbreaks "make test" when compiled --without-openssl. Similar treatment to how we do DSA and ECDSA. --- regress/Makefile | 55 ++++++++++++++++++++++++++++++------------------ 1 file changed, 35 insertions(+), 20 deletions(-) diff --git a/regress/Makefile b/regress/Makefile index ca9c66e19..8628ddd28 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -156,29 +156,38 @@ TEST_SSH_SSHKEYGEN?=ssh-keygen CPPFLAGS=-I.. t1: - ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv - tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv - ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_cr.prv | diff - ${.CURDIR}/rsa_openssh.prv - awk '{print $$0 "\r"}' ${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_crnl.prv - ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_crnl.prv | diff - ${.CURDIR}/rsa_openssh.prv + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-rsa ; then \ + ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv ; \ + tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv ; \ + ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_cr.prv | diff - ${.CURDIR}/rsa_openssh.prv ; \ + awk '{print $$0 "\r"}' ${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_crnl.prv ; \ + ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_crnl.prv | diff - ${.CURDIR}/rsa_openssh.prv ; \ + fi t2: - cat ${.CURDIR}/rsa_openssh.prv > $(OBJ)/t2.out - chmod 600 $(OBJ)/t2.out - ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t2.out | diff - ${.CURDIR}/rsa_openssh.pub + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-rsa ; then \ + cat ${.CURDIR}/rsa_openssh.prv > $(OBJ)/t2.out ; \ + chmod 600 $(OBJ)/t2.out ; \ + ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t2.out | diff - ${.CURDIR}/rsa_openssh.pub ; \ + fi t3: - ${TEST_SSH_SSHKEYGEN} -ef ${.CURDIR}/rsa_openssh.pub >$(OBJ)/t3.out - ${TEST_SSH_SSHKEYGEN} -if $(OBJ)/t3.out | diff - ${.CURDIR}/rsa_openssh.pub + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-rsa ; then \ + ${TEST_SSH_SSHKEYGEN} -ef ${.CURDIR}/rsa_openssh.pub >$(OBJ)/t3.out ; \ + ${TEST_SSH_SSHKEYGEN} -if $(OBJ)/t3.out | diff - ${.CURDIR}/rsa_openssh.pub ; \ + fi t4: - ${TEST_SSH_SSHKEYGEN} -E md5 -lf ${.CURDIR}/rsa_openssh.pub |\ - awk '{print $$2}' | diff - ${.CURDIR}/t4.ok + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-rsa ; then \ + ${TEST_SSH_SSHKEYGEN} -E md5 -lf ${.CURDIR}/rsa_openssh.pub |\ + awk '{print $$2}' | diff - ${.CURDIR}/t4.ok ; \ + fi t5: - ${TEST_SSH_SSHKEYGEN} -Bf ${.CURDIR}/rsa_openssh.pub |\ - awk '{print $$2}' | diff - ${.CURDIR}/t5.ok - + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-rsa ; then \ + ${TEST_SSH_SSHKEYGEN} -Bf ${.CURDIR}/rsa_openssh.pub |\ + awk '{print $$2}' | diff - ${.CURDIR}/t5.ok ; \ + fi t6: set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-dss ; then \ ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 ; \ @@ -188,11 +197,15 @@ t6: fi $(OBJ)/t7.out: - ${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@ + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-dss ; then \ + ${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@ ; \ + fi t7: $(OBJ)/t7.out - ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t7.out > /dev/null - ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-dss ; then \ + ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t7.out > /dev/null ; \ + ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null ; \ + fi $(OBJ)/t8.out: set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \ @@ -224,8 +237,10 @@ t10: $(OBJ)/t10.out ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t10.out > /dev/null t11: - ${TEST_SSH_SSHKEYGEN} -E sha256 -lf ${.CURDIR}/rsa_openssh.pub |\ - awk '{print $$2}' | diff - ${.CURDIR}/t11.ok + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-dss ; then \ + ${TEST_SSH_SSHKEYGEN} -E sha256 -lf ${.CURDIR}/rsa_openssh.pub |\ + awk '{print $$2}' | diff - ${.CURDIR}/t11.ok ; \ + fi $(OBJ)/t12.out: ${TEST_SSH_SSHKEYGEN} -q -t ed25519 -N '' -C 'test-comment-1234' -f $@ From 242742827fea4508e68097c128e802edc79addb5 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 6 Mar 2024 00:31:04 +0000 Subject: [PATCH 53/64] upstream: wrap a few PKCS#11-specific bits in ENABLE_PKCS11 OpenBSD-Commit-ID: 463e4a69eef3426a43a2b922c4e7b2011885d923 --- ssh-agent.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ssh-agent.c b/ssh-agent.c index 7347aaee5..4f2af3caf 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.304 2023/12/18 15:58:56 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.305 2024/03/06 00:31:04 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -250,6 +250,7 @@ free_dest_constraints(struct dest_constraint *dcs, size_t ndcs) free(dcs); } +#ifdef ENABLE_PKCS11 static void dup_dest_constraint_hop(const struct dest_constraint_hop *dch, struct dest_constraint_hop *out) @@ -289,6 +290,7 @@ dup_dest_constraints(const struct dest_constraint *dcs, size_t ndcs) } return ret; } +#endif /* ENABLE_PKCS11 */ #ifdef DEBUG_CONSTRAINTS static void @@ -1522,6 +1524,7 @@ no_identities(SocketEntry *e) sshbuf_free(msg); } +#ifdef ENABLE_PKCS11 /* Add an identity to idlist; takes ownership of 'key' and 'comment' */ static void add_p11_identity(struct sshkey *key, char *comment, const char *provider, @@ -1548,7 +1551,6 @@ add_p11_identity(struct sshkey *key, char *comment, const char *provider, idtab->nentries++; } -#ifdef ENABLE_PKCS11 static void process_add_smartcard_key(SocketEntry *e) { From c47e1c9c7911f38b2fc2fb01b1f6ae3a3121a838 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 6 Mar 2024 02:59:59 +0000 Subject: [PATCH 54/64] upstream: fix memory leak in mux proxy mode when requesting forwarding. found by RASU JSC, reported by Maks Mishin in GHPR#467 OpenBSD-Commit-ID: 97d96a166b1ad4b8d229864a553e3e56d3116860 --- channels.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/channels.c b/channels.c index 6862556be..ece8d30d6 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.436 2024/01/09 22:19:00 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.437 2024/03/06 02:59:59 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -3245,9 +3245,8 @@ channel_proxy_downstream(struct ssh *ssh, Channel *downstream) goto out; } /* Record that connection to this host/port is permitted. */ - permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL, "", -1, - listen_host, NULL, (int)listen_port, downstream); - listen_host = NULL; + permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL, "", + -1, listen_host, NULL, (int)listen_port, downstream); break; case SSH2_MSG_CHANNEL_CLOSE: if (have < 4) From 9b3f0beb4007a7e01dfedabb429097fb593deae6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 7 Mar 2024 17:18:14 +1100 Subject: [PATCH 55/64] Prefer openssl binary from --with-ssl-dir directory. Use openssl in the directory specified by --with-ssl-dir as long as it's functional. Reported by The Doctor. --- configure.ac | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index c1af4b423..82e8bb7c1 100644 --- a/configure.ac +++ b/configure.ac @@ -2743,7 +2743,15 @@ AC_ARG_WITH([ssl-dir], else CPPFLAGS="-I${withval} ${CPPFLAGS}" fi - openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps" + dnl Ensure specified openssl binary works, eg it can + dnl find its runtime libraries, before trying to use. + if test -x "${withval}/bin/openssl" && \ + "${withval}/bin/openssl" version >/dev/null 2>&1; then + openssl_bin_PATH="${withval}/bin${PATH_SEPARATOR}${PATH}" + elif test -x "${withval}/apps/openssl" && \ + "${withval}/apps/openssl" version >/dev/null 2>&1; then + openssl_bin_PATH="${withval}/apps${PATH_SEPARATOR}${PATH}" + fi fi ] ) From 2f9d2af5cb19905d87f37d1e11c9f035ac5daf3b Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 8 Mar 2024 11:34:10 +0000 Subject: [PATCH 56/64] upstream: Invoke ProxyCommand that uses stderr redirection via $TEST_SHELL. Fixes test when run by a user whose login shell is tcsh. Found by vinschen at redhat.com. OpenBSD-Regress-ID: f68d79e7f00caa8d216ebe00ee5f0adbb944062a --- regress/dynamic-forward.sh | 9 +++++---- regress/test-exec.sh | 5 ++++- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh index 5a4aa6d8e..85901eaa6 100644 --- a/regress/dynamic-forward.sh +++ b/regress/dynamic-forward.sh @@ -1,4 +1,4 @@ -# $OpenBSD: dynamic-forward.sh,v 1.15 2023/01/06 08:50:33 dtucker Exp $ +# $OpenBSD: dynamic-forward.sh,v 1.17 2024/03/08 11:34:10 dtucker Exp $ # Placed in the Public Domain. tid="dynamic forwarding" @@ -20,6 +20,7 @@ start_ssh() { arg="$2" n=0 error="1" + # Use a multiplexed ssh so we can control its lifecycle. trace "start dynamic -$direction forwarding, fork to background" (cat $OBJ/ssh_config.orig ; echo "$arg") > $OBJ/ssh_config ${REAL_SSH} -vvvnNfF $OBJ/ssh_config -E$TEST_SSH_LOGFILE \ @@ -56,9 +57,9 @@ check_socks() { for s in 4 5; do for h in 127.0.0.1 localhost; do trace "testing ssh socks version $s host $h (-$direction)" - ${REAL_SSH} -q -F $OBJ/ssh_config \ - -o "ProxyCommand ${proxycmd}${s} $h $PORT 2>/dev/null" \ - somehost cat ${DATA} > ${COPY} + ${REAL_SSH} -q -F $OBJ/ssh_config -o \ + "ProxyCommand ${TEST_SHELL} -c '${proxycmd}${s} $h $PORT 2>/dev/null'" \ + somehost cat ${DATA} > ${COPY} r=$? if [ "x$expect_success" = "xY" ] ; then if [ $r -ne 0 ] ; then diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 5ab4cb5d5..ad627941f 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.107 2024/02/19 09:25:52 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.108 2024/03/08 11:34:10 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -104,6 +104,9 @@ DBCLIENT=/usr/local/bin/dbclient DROPBEARKEY=/usr/local/bin/dropbearkey DROPBEARCONVERT=/usr/local/bin/dropbearconvert +# So we can override this in Portable. +TEST_SHELL="${TEST_SHELL:-/bin/sh}" + # Tools used by multiple tests NC=$OBJ/netcat # Always use the one configure tells us to, even if that's empty. From cd82f7526e0481720567ae41db7849ab1c27e27b Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 8 Mar 2024 22:16:32 +0000 Subject: [PATCH 57/64] upstream: skip more whitespace, fixes find-principals on allowed_signers files with blank lines; reported by Wiktor Kwapisiewicz OpenBSD-Commit-ID: b3a22a2afd753d70766f34bc7f309c03706b5298 --- sshsig.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sshsig.c b/sshsig.c index d50d65fe2..470b286a3 100644 --- a/sshsig.c +++ b/sshsig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshsig.c,v 1.34 2023/12/08 09:18:39 markus Exp $ */ +/* $OpenBSD: sshsig.c,v 1.35 2024/03/08 22:16:32 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -746,7 +746,7 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line, *keyp = NULL; cp = line; - cp = cp + strspn(cp, " \t"); /* skip leading whitespace */ + cp = cp + strspn(cp, " \t\n\r"); /* skip leading whitespace */ if (*cp == '#' || *cp == '\0') return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */ From a6a740a4948d10a622b505135bb485c10f21db5e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 9 Mar 2024 05:12:13 +0000 Subject: [PATCH 58/64] upstream: avoid logging in signal handler by converting mainloop to ppoll() bz3670, reported by Ben Hamilton; ok dtucker@ OpenBSD-Commit-ID: e58f18042b86425405ca09e6e9d7dfa1df9f5f7f --- ssh-agent.c | 42 +++++++++++++++++++++++++----------------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/ssh-agent.c b/ssh-agent.c index 4f2af3caf..d35741a86 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.305 2024/03/06 00:31:04 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.306 2024/03/09 05:12:13 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -162,6 +162,8 @@ int max_fd = 0; pid_t parent_pid = -1; time_t parent_alive_interval = 0; +sig_atomic_t signalled = 0; + /* pid of process for which cleanup_socket is applicable */ pid_t cleanup_pid = 0; @@ -2062,7 +2064,7 @@ after_poll(struct pollfd *pfd, size_t npfd, u_int maxfds) } static int -prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp, u_int maxfds) +prepare_poll(struct pollfd **pfdp, size_t *npfdp, struct timespec *timeoutp, u_int maxfds) { struct pollfd *pfd = *pfdp; size_t i, j, npfd = 0; @@ -2128,14 +2130,8 @@ prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp, u_int maxfds) if (parent_alive_interval != 0) deadline = (deadline == 0) ? parent_alive_interval : MINIMUM(deadline, parent_alive_interval); - if (deadline == 0) { - *timeoutp = -1; /* INFTIM */ - } else { - if (deadline > INT_MAX / 1000) - *timeoutp = INT_MAX / 1000; - else - *timeoutp = deadline * 1000; - } + if (deadline != 0) + ptimeout_deadline_sec(timeoutp, deadline); return (1); } @@ -2155,17 +2151,16 @@ void cleanup_exit(int i) { cleanup_socket(); +#ifdef ENABLE_PKCS11 + pkcs11_terminate(); +#endif _exit(i); } static void cleanup_handler(int sig) { - cleanup_socket(); -#ifdef ENABLE_PKCS11 - pkcs11_terminate(); -#endif - _exit(2); + signalled = sig; } static void @@ -2209,10 +2204,11 @@ main(int ac, char **av) char pidstrbuf[1 + 3 * sizeof pid]; size_t len; mode_t prev_mask; - int timeout = -1; /* INFTIM */ + struct timespec timeout; struct pollfd *pfd = NULL; size_t npfd = 0; u_int maxfds; + sigset_t nsigset, osigset; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -2448,13 +2444,25 @@ skip: ssh_signal(SIGHUP, cleanup_handler); ssh_signal(SIGTERM, cleanup_handler); + sigemptyset(&nsigset); + sigaddset(&nsigset, SIGINT); + sigaddset(&nsigset, SIGHUP); + sigaddset(&nsigset, SIGTERM); + if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1) fatal("%s: pledge: %s", __progname, strerror(errno)); platform_pledge_agent(); while (1) { + sigprocmask(SIG_BLOCK, &nsigset, &osigset); + if (signalled != 0) { + logit("exiting on signal %d", (int)signalled); + cleanup_exit(2); + } + ptimeout_init(&timeout); prepare_poll(&pfd, &npfd, &timeout, maxfds); - result = poll(pfd, npfd, timeout); + result = ppoll(pfd, npfd, ptimeout_get_tsp(&timeout), &osigset); + sigprocmask(SIG_SETMASK, &osigset, NULL); saved_errno = errno; if (parent_alive_interval != 0) check_parent_exists(); From 26b09b45fec7b88ba09042c09be4157e58e231e2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 10 Mar 2024 16:24:57 +1100 Subject: [PATCH 59/64] quote regexes used to test for algorithm support Fixes test failures on Solaris 8 reported by Tom G. Christensen --- regress/Makefile | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/regress/Makefile b/regress/Makefile index 8628ddd28..c9a495f6f 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -156,7 +156,7 @@ TEST_SSH_SSHKEYGEN?=ssh-keygen CPPFLAGS=-I.. t1: - set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-rsa ; then \ + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv ; \ tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv ; \ ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_cr.prv | diff - ${.CURDIR}/rsa_openssh.prv ; \ @@ -165,31 +165,31 @@ t1: fi t2: - set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-rsa ; then \ + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ cat ${.CURDIR}/rsa_openssh.prv > $(OBJ)/t2.out ; \ chmod 600 $(OBJ)/t2.out ; \ ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t2.out | diff - ${.CURDIR}/rsa_openssh.pub ; \ fi t3: - set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-rsa ; then \ + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ ${TEST_SSH_SSHKEYGEN} -ef ${.CURDIR}/rsa_openssh.pub >$(OBJ)/t3.out ; \ ${TEST_SSH_SSHKEYGEN} -if $(OBJ)/t3.out | diff - ${.CURDIR}/rsa_openssh.pub ; \ fi t4: - set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-rsa ; then \ + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ ${TEST_SSH_SSHKEYGEN} -E md5 -lf ${.CURDIR}/rsa_openssh.pub |\ awk '{print $$2}' | diff - ${.CURDIR}/t4.ok ; \ fi t5: - set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-rsa ; then \ + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ ${TEST_SSH_SSHKEYGEN} -Bf ${.CURDIR}/rsa_openssh.pub |\ awk '{print $$2}' | diff - ${.CURDIR}/t5.ok ; \ fi t6: - set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-dss ; then \ + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \ ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 ; \ ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 ; \ chmod 600 $(OBJ)/t6.out1 ; \ @@ -197,23 +197,23 @@ t6: fi $(OBJ)/t7.out: - set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-dss ; then \ + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \ ${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@ ; \ fi t7: $(OBJ)/t7.out - set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-dss ; then \ + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \ ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t7.out > /dev/null ; \ ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null ; \ fi $(OBJ)/t8.out: - set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \ + set -xe ; if ssh -Q key | grep -q "^ssh-dss" ; then \ ${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $@ ; \ fi t8: $(OBJ)/t8.out - set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \ + set -xe ; if ssh -Q key | grep -q "^ssh-dss" ; then \ ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t8.out > /dev/null ; \ ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t8.out > /dev/null ; \ fi @@ -237,7 +237,7 @@ t10: $(OBJ)/t10.out ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t10.out > /dev/null t11: - set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-dss ; then \ + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \ ${TEST_SSH_SSHKEYGEN} -E sha256 -lf ${.CURDIR}/rsa_openssh.pub |\ awk '{print $$2}' | diff - ${.CURDIR}/t11.ok ; \ fi From 8fc109cc614954a8eb2738c48c0db36a62af9a06 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 11 Mar 2024 12:59:26 +1100 Subject: [PATCH 60/64] Test against current OpenSSL and LibreSSL releases. Add LibreSSL 3.9.0, bump older branches to their respective current releases. --- .github/workflows/c-cpp.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml index f4423dfa9..edb88f23c 100644 --- a/.github/workflows/c-cpp.yml +++ b/.github/workflows/c-cpp.yml @@ -62,17 +62,18 @@ jobs: - { target: ubuntu-latest, config: libressl-3.5.3 } - { target: ubuntu-latest, config: libressl-3.6.1 } - { target: ubuntu-latest, config: libressl-3.7.2 } - - { target: ubuntu-latest, config: libressl-3.8.2 } + - { target: ubuntu-latest, config: libressl-3.8.3 } + - { target: ubuntu-latest, config: libressl-3.9.0 } - { target: ubuntu-latest, config: openssl-master } - { target: ubuntu-latest, config: openssl-noec } - { target: ubuntu-latest, config: openssl-1.1.1 } - { target: ubuntu-latest, config: openssl-1.1.1t } - { target: ubuntu-latest, config: openssl-1.1.1w } - { target: ubuntu-latest, config: openssl-3.0.0 } - - { target: ubuntu-latest, config: openssl-3.0.12 } + - { target: ubuntu-latest, config: openssl-3.0.13 } - { target: ubuntu-latest, config: openssl-3.1.0 } - - { target: ubuntu-latest, config: openssl-3.1.4 } - - { target: ubuntu-latest, config: openssl-3.2.0 } + - { target: ubuntu-latest, config: openssl-3.1.5 } + - { target: ubuntu-latest, config: openssl-3.2.1 } - { target: ubuntu-latest, config: openssl-1.1.1_stable } - { target: ubuntu-latest, config: openssl-3.0 } # stable branch - { target: ubuntu-latest, config: openssl-3.2 } # stable branch From 3876a3bbd2ca84d23ba20f8b69ba83270c04ce3a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 11 Mar 2024 04:59:47 +0000 Subject: [PATCH 61/64] upstream: openssh-9.7 OpenBSD-Commit-ID: 618ececf58b8cdae016b149787af06240f7b0cbc --- version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/version.h b/version.h index a4b7b594c..052a5817b 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.100 2023/12/18 14:48:44 djm Exp $ */ +/* $OpenBSD: version.h,v 1.101 2024/03/11 04:59:47 djm Exp $ */ -#define SSH_VERSION "OpenSSH_9.6" +#define SSH_VERSION "OpenSSH_9.7" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE From 282721418e6465bc39ccfd39bb0133e670ee4423 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 11 Mar 2024 16:20:08 +1100 Subject: [PATCH 62/64] crank RPM spec versions --- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 0524a72b4..b2309716f 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%global ver 9.6p1 +%global ver 9.7p1 %global rel 1%{?dist} # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index b5082f0d5..7dbe4db6e 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 9.6p1 +Version: 9.7p1 URL: https://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz From 86bdd3853f4d32c85e295e6216a2fe0953ad93f0 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 11 Mar 2024 16:20:49 +1100 Subject: [PATCH 63/64] version number in README --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 327562671..89981ef6f 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -See https://www.openssh.com/releasenotes.html#9.6p1 for the release +See https://www.openssh.com/releasenotes.html#9.7p1 for the release notes. Please read https://www.openssh.com/report.html for bug reporting From 03ae1035d1238480cb4d35a6c4f174afb0a1e2ab Mon Sep 17 00:00:00 2001 From: Tess Gauthier Date: Tue, 20 Aug 2024 13:29:41 -0400 Subject: [PATCH 64/64] change comment to ifdef --- misc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/misc.c b/misc.c index c6e0f8871..a87920c63 100644 --- a/misc.c +++ b/misc.c @@ -22,7 +22,9 @@ #include #include -//#include +#ifndef WINDOWS +#include +#endif /* WINDOWS */ #include #include #include