64 Commits

Author SHA1 Message Date
Tess Gauthier
0db6f3e486 resolve merge conflicts 2023-08-21 16:35:13 -04:00
Damien Miller
9a97cd1064
BoringSSL doesn't support EC_POINT_point2bn()
so don't invoke it in unittest
2023-03-24 15:39:48 +11:00
Tess Gauthier
f71f81eb0f
Merge 9.2 (#657)
* upstream: attemp FIDO key signing without PIN and use the error

code returned to fall back only if necessary. Avoids PIN prompts for FIDO
tokens that don't require them; part of GHPR#302

OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e

* Install Cygwin packages based on OS not config.

* initial list of allowed signers

* upstream: whitespace

OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538

* upstream: whitespace

OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8

* Add cygwin-release test target.

This also moves the cygwin package install from the workflow file to
setup_ci.sh so that we can install different sets of Cygwin packages
for different test configs.

* Add Windows 2022 test targets.

* Add libcrypt-devel to cygwin-release deps.

Based on feedback from vinschen at redhat.com.

* cross-sign allowed_signers with PGP key

Provides continuity of trust from legacy PGP release key to
the SSHSIG signing keys that we will use henceforth for git
signing.

* additional keys

* upstream: whitespace

OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232

* Move sftp from valgrind-2 to 3 to rebalance.

* upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV

explicitly test whether the token performs built-in UV (e.g. biometric
tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388

OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd

* Remove arc4random_uniform from arc4random.c

This was previously moved into its own file (matching OpenBSD) which
prematurely committed in commit 73541f2.

* Move OPENBSD ORIGINAL marker.

Putting this after the copyright statement (which doesn't change)
instead of before the version identifier (which does) prevents merge
conflicts when resyncing changes.

* Resync arc4random with OpenBSD.

This brings us up to current, including djm's random-reseeding change,
as prompted by logan at cyberstorm.mu in bz#3467.  It brings the
platform-specific hooks from LibreSSL Portable, simplified to match our
use case.  ok djm@.

* Remove DEF_WEAK, it's already in defines.h.

* openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf

Fixes the following build failure with Clang 15 on musl:
```
bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline  -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE   -I. -I.  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
 do not support
      implicit function declarations [-Wimplicit-function-declaration]
        ret = vsnprintf(string, INIT_SZ, fmt, ap2);
              ^
bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
1 error generated.
```

* upstream: notifier_complete(NULL, ...) is a noop, so no need to test

that ctx!=NULL; from Corinna Vinschen

OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a

* upstream: fix repeated words ok miod@ jmc@

OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7

* upstream: .Li -> .Vt where appropriate; from josiah frentsos,

tweaked by schwarze

ok schwarze

OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed

* upstream: ssh-agent: attempt FIDO key signing without PIN and use

the error to determine whether a PIN is required and prompt only if
necessary. from Corinna Vinschen

OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd

* upstream: a little extra debugging

OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a

* upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag

from response

Now that all FIDO signing calls attempt first without PIN and then
fall back to trying PIN only if that attempt fails, we can remove the
hack^wtrick that removed the UV flag from the keys returned during
enroll.

By Corinna Vinschen

OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f

* upstream: sftp: Don't attempt to complete arguments for

non-existent commands

If user entered a non-existent command (e.g. because they made a
typo) there is no point in trying to complete its arguments. Skip
calling complete_match() if that's the case.

From Michal Privoznik

OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a

* upstream: sftp: Be a bit more clever about completions

There are commands (e.g. "get" or "put") that accept two
arguments, a local path and a remote path. However, the way
current completion is written doesn't take this distinction into
account and always completes remote or local paths.

By expanding CMD struct and "cmds" array this distinction can be
reflected and with small adjustment to completer code the correct
path can be completed.

By Michal Privoznik, ok dtucker@

OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b

* upstream: correct error value

OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4

* upstream: actually hook up restrict_websafe; the command-line flag

was never actually used. Spotted by Matthew Garrett

OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1

* upstream: Add a sshkey_check_rsa_length() call for checking the

length of an RSA key; ok markus@

OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134

* upstream: add a RequiredRSASize for checking RSA key length in

ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).

feedback deraadt, Dmitry Belyavskiy; ok markus@

OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a

* upstream: Add RequiredRSASize for sshd(8); RSA keys that fall

beneath this limit will be ignored for user and host-based authentication.

Feedback deraadt@ ok markus@

OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1

* upstream: better debugging for connect_next()

OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640

* upstream: sftp-server(8): add a "users-groups-by-id@openssh.com"

extension request that allows the client to obtain user/group names that
correspond to a set of uids/gids.

Will be used to make directory listings more useful and consistent
in sftp(1).

ok markus@

OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3

* upstream: extend sftp-common.c:extend ls_file() to support supplied

user/group names; ok markus@

OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0

* upstream: sftp client library support for

users-groups-by-id@openssh.com; ok markus@

OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de

* upstream: use users-groups-by-id@openssh.com sftp-server extension

(when available) to fill in user/group names for directory listings.
Implement a client-side cache of see uid/gid=>user/group names. ok markus@

OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e

* avoid Wuninitialized false positive in gcc-12ish

* no need for glob.h here

it also causes portability problems

* upstream: add RequiredRSASize to the list of keywords accepted by

-o; spotted by jmc@

OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e

* upstream: Fix typo. From AlexanderStohr via github PR#343.

OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497

* upstream: openssh-9.1

OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56

* crank versions in RPM spec files

* update release notes URL

* update .depend

* remove mention of --with-security-key-builtin

it is enabled by default when libfido2 is installed

* mention libfido2 autodetection

* whitespace at EOL

* Test commits to all branches of portable.

Only test OpenBSD upstream on commits to master since that's what it
tracks.

* Add 9.1 branch to CI status page.

* Add LibreSSL 3.6.0 to test suite.

While there, bump OpenSSL to latest 1.1.1q release.

* upstream: honour user's umask if it is more restrictive then the ssh

default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@

OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d

* skip bsd-poll.h if poll.h found; ok dtucker

* Fix snprintf configure test for clang 15

Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
A handful of tests have "main(..." and not "int main(..." which caused
the tests to produce incorrect results.

* undef _get{short,long} before redefining

* revert c64b62338b4 and guard POLL* defines instead

c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2)
Spotted by dtucker

* OpenSSL dev branch now identifies as 3.2.0.

* upstream: document "-O no-restrict-websafe"; spotted by Ross L

Richardson

OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b

* upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,

wrap a long line

ssh-agent.c:
- add -O to usage()

OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389

* upstream: use correct type with sizeof ok djm@

OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143

* upstream: when scp(1) is using the SFTP protocol for transport (the

default), better match scp/rcp's handling of globs that don't match the
globbed characters but do match literally (e.g. trying to transfer
"foo.[1]").

Previously scp(1) in SFTP mode would not match these pathnames but
legacy scp/rcp mode would.

Reported by Michael Yagliyan in bz3488; ok dtucker@

OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11

* upstream: regress test for unmatched glob characters; fails before

previous commit but passes now. bz3488; prodded by dtucker@

OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd

* upstream: Be more paranoid with host/domain names coming from the

never write a name with bad characters to a known_hosts file.

reported by David Leadbeater, ok deraadt@

OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad

* upstream: begin big refactor of sshkey

Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.

lots of feedback + ok markus@

OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec

* upstream: factor out sshkey_equal_public()

feedback/ok markus@

OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94

* upstream: factor out public key serialization

feedback/ok markus@

OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033

* upstream: refactor and simplify sshkey_read()

feedback/ok markus@

OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971

* upstream: factor out key generation

feedback/ok markus@

OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb

* upstream: refactor sshkey_from_private()

feedback/ok markus@

OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53

* upstream: refactor sshkey_from_blob_internal()

feedback/ok markus@

OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283

* upstream: refactor sshkey_sign() and sshkey_verify()

feedback/ok markus@

OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc

* upstream: refactor certify

feedback/ok markus@

OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6

* upstream: refactor sshkey_private_serialize_opt()

feedback/ok markus@

OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd

* upstream: refactor sshkey_private_deserialize

feedback/ok markus@

OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f

* fix merge botch

* upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.

ssh-keyscan 192.168.0.0/24

If a CIDR range is passed, then it will be expanded to all possible
addresses in the range including the all-0s and all-1s addresses.

bz#976 feedback/ok markus@

OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b

* upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak

OPENSSL=no builds

OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e

* OpenSSL dev branch is 302 not 320.

While there, also accept 301 which it shat it was previously.

* upstream: Use variable for diff options

instead of unconditionally specifying "-rN". This will make life easier
in -portable where not all diff's understand -N.

OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3

* Check for sockaddr_in.sin_len.

If found, set SOCK_HAS_LEN which is used in addr.c.  Should fix keyscan
tests on platforms with this (eg old NetBSD).

* Always use compat getentropy.

Have it call native getentropy and fall back as required.  Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel.  Based on github PR#354 from simsergey.

* Include time.h when defining timegm.

Fixes build on some platforms eg recent AIX.

* Compat tests need libcrypto.

This was moved to CHANNELLIBS during the libs refactor.  Spotted by
rapier at psc.edu.

* Run compat regress tests too.

* Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1.

* Only run opensslver tests if built with OpenSSL.

* Increase selfhosted job timeout.

The default job timeout of 360 (6h) is not enough to complete the
regress tests for some of the slow VMs depending on the load on the host.
Increase to 600 (10h).

* Fix compat regress to work with non-GNU make.

* Link libssh into compat tests.

The cygwin compat code uses xmalloc, so add libssh.a so pick up that.

* Rerun tests on changes to Makefile.in in any dir.

* upstream: replace recently-added valid_domain() check for hostnames

going to known_hosts with a more relaxed check for bad characters; previous
commit broke address literals. Reported by/feedback from florian@

OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0

* Don't run openbsd-compat tests on Cygwin.

Add "compat-tests" to the default TEST_TARGET so we can override as
necessary.  Override TEST_TARGET for Cygwin as the tests don't currently
compile there.

* Fix broken zlib link.

* configure.ac: Add <pty.h> include for openpty

Another Clang 16ish fix (which makes -Wimplicit-function-declaration
an error by default).  github PR#355.

See: 2efd71da49b9cfeab7987058cf5919e473ff466b
See: be197635329feb839865fdc738e34e24afd1fca8

* configure.ac: Fix -Wstrict-prototypes

Clang 16 now warns on this and it'll be removed in C23, so let's
just be future proof. It also reduces noise when doing general
Clang 16 porting work (which is a big job as it is).  github PR#355.

Signed-off-by: Sam James <sam@gentoo.org>

* Fix setres*id checks to work with clang-16.

glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE,
and clang 16 will error out on implicit function definitions, so add
_GNU_SOURCE and the required headers to the configure checks.  From
sam at @gentoo.org via bz#3497.

* Fix tracing disable on FreeBSD.

Some versions of FreeBSD do not support using id 0 to refer to the
current pid for procctl, so pass getpid() explicitly.  From
emaste at freebsd.org.

* Use "prohibit-password" in -portable comments.

"without-password" is the deprecated alias for "prohibit-password",
so we should reference the latter. From emaste at freebsd.org.

* Link to branch-specific queries for V_9_1 status.

* upstream: Fix typo. From pablomh via -portable github PR#344.

OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827

* upstream: Import regenerated moduli.

OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f

* Add CIFuzz integration

* Run cifuzz workflow on the actions as regular CI.

* Whitespace change to trigger CIFuzz workflow.

* Do not run CIFuzz on selfhosted tree.

We already run it on the regular tree, no need to double up.

* Add CIFuzz status badge.

* Branch-specific links for master status badges.

* Fix merge conflict.

* upstream: fix parsing of hex cert expiry time; was checking whether the

start time began with "0x", not the expiry time.

from Ed Maste

OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739

* upstream: Check for and disallow MaxStartups values less than or

equal to zero during config parsing, rather than faling later at runtime.
bz#3489, ok djm@

OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b

* upstream: Remove some set but otherwise unused variables, spotted

in -portable by clang 16's -Wunused-but-set-variable.  ok djm@

OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982

* upstream: The IdentityFile option in ssh_config can also be used to

specify a public key file, as documented in ssh.1 for the -i option. Document
this also for IdentityFile in ssh_config.5, for documentation completeness.
From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@

OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b

* Split out rekey test since it runs the longest.

* Update checkout and upload actions.

Update actions/checkout and actions/upload-artifact to main branch for
compatibility with node.js v16.

* Add valrind-5 test here too.

* Run vm startup and shutdown from runner temp dir.

Should work even if the github workspace dir is on a stale sshfs mount.

* Shutdown any VM before trying to check out repo.

In the case where the previous run did not clean up, the checkout will
fail as it'll leave a stale mount.

* Avoid assuming layout of fd_set

POSIX doesn't specify the internal layout of the fd_set object, so let's
not assume it is just a bit mask. This increases compatibility with
systems that have a different layout.

The assumption is also worthless as we already refuse to use file
descriptors over FD_SETSIZE anyway. Meaning that the default size of
fd_set is quite sufficient.

* Fix comment text.  From emaste at freebsd.org.

* Defer seed_rng until after closefrom call.

seed_rng will initialize OpenSSL, and some engine providers (eg Intel's
QAT) will open descriptors for their own use.  bz#3483, patch from
joel.d.schuetze at intel.com, ok djm@

* upstream: typo in comment

OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a

* upstream: rename client_global_hostkeys_private_confirm() to

client_global_hostkeys_prove_confirm(), as it handles the
"hostkeys-prove00@openssh.com" message; no functional change

OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d

* upstream: Remove errant colon and simplify format

string in error messages. Patch from vapier at chromium.org.

OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3

* upstream: Fix typo in fatal error message.

Patch from vapier at chromium.org.

OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf

* Skip reexec test on OpenSSL 1.1.1 specifically.

OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip
that test.  See bz#3483 for details.

* Remove seed passing over reexec.

This was added for the benefit of platforms using ssh-rand-helper to
prevent a delay on each connection as sshd reseeded itself.

ssh-random-helper is long gone, and since the re-exec happens before the
chroot the re-execed sshd can reseed itself normally. ok djm@

* upstream: Handle dynamic remote port forwarding in escape commandline's

-R processing. bz#3499, ok djm@

OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208

* Add dfly62 test target.

* If we haven't found it yet, recheck for sys/stat.h.

On some very old platforms, sys/stat.h needs sys/types.h, however
autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the
opposite order, which in combination with modern autoconf's
"present but cannot be compiled" behaviour causes it to not be
detected.

* Add fallback for old platforms w/out MAP_ANON.

* Remove explicit "default" test config argument.

Not specifying the test config implicitly selects default args.

* Remove unused self-hosted test targets.

* Rename "os" in matrix to "target".

This is in preparation to distinguish this from the host that the runner
runs on in case where they are separate (eg VMs).

* Add "libvirt" label to dfly30.

* Make "config" in matrix singular and pass in env.

This will allow the startup scripts to adapt their behaviour based on
the type and config.

* Run vmstartup from temp dir.

This will allow us to create ephemeral disk images per-runner.

* Rework how selfhosted tests interact with runners.

Previously there was one runner per test target (mostly VMs).  This had
a few limitations:
 - multiple tests that ran on the same target (eg multiple build
   configs) were serialized on availability or that runner.
 - it needed manual balancing of VMs over host machines.

To address this, make VMs that use ephemeral disks (ie most of them)
all use a pool of runners with the "libvirt" label.  This requires that
we distinguish between "host" and "target" for those.  Native runners
and VMs with persistent disks (eg the constantly-updated snapshot ones)
specify the same host and target.

This should improve test throughput.

* Skip unit tests on slow riscv64 hardware.

* Use -fzero-call-used-regs=used on clang 15.

clang 15 seems to have a problem with -fzero-call-used-reg=all which
causes spurious "incorrect signature" failures with ED25519.  On those
versions, use -fzero-call-used-regs=used instead.  (We may add exceptions
later if specific versions prove to be OK).  Also move the GCC version
check to match.

Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround
suggested by Bill Wendling (morbo at google com).  bz#3475, ok djm@

* upstream: In channel_request_remote_forwarding the parameters for

permission_set_add are leaked as they are also duplicated in the call. Found
by CodeChecker. ok djm

OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e

* upstream: New EnableEscapeCommandline ssh_config(5) option

This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.

feedback deraadt@ dtucker@; tested in snaps for a while

OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a

* upstream: tighten pledge(2) after session establishment

feedback, ok & testing in snaps deraadt@

OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58

* upstream: Add void to client_repledge args to fix compiler warning. ok djm@

OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866

* upstream: Log output of ssh-agent and ssh-add

This should  make debugging easier.

OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8

* upstream: Clean up ssh-add and ssh-agent logs.

OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c

* Restore ssh-agent permissions on exit.

...enough that subsequent builds can overwrite ssh-agent if necessary.

* upstream: make struct sshbuf private

and remove an unused field; ok dtucker

OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3

* upstream: Remove duplicate includes.

 Patch from AtariDreams via github PR#364.

OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea

* Fix typo in comment.  Spotted by tim@

* Update autotools

Regenerate config files using latest autotools

* disable SANDBOX_SECCOMP_FILTER_DEBUG

It was mistakenly enabled in 2580916e4872

Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net

* Add SANDBOX_DEBUG to the kitchensink test build.

* upstream: Fix comment typo.

OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03

* upstream: remove '?' from getopt(3) loops

userspace: remove vestigial '?' cases from top-level getopt(3) loops

getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument.  We can
handle this case with the "default" failure case with no loss of
legibility.  Hence, remove all the redundant "case '?':" lines.

Prompted by dlg@.  With help from dlg@ and millert@.

Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2

ok naddy@ millert@ dlg@

OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e

* upstream: Add server debugging for hostbased auth.

auth_debug_add queues messages about the auth process which is sent to
the client after successful authentication.  This also sends those to
the server debug log to aid in debugging.  From bz#3507, ok djm@

OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a

* upstream: Warn if no host keys for hostbased auth can be loaded.

OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977

* use calloc for allocating arc4random structs

ok dtucker

* Move obsdsnap test VMs to ephemeral runners.

* Run upstream obsdsnap tests on ephemeral runners.

* obsdsnap test VMs runs-on libvirt too.

* Fetch regress logs from obj dir.

* Set group perms on regress dir.

This ensures that the tests don't fail due to StrictMode checks.

* Use sudo when resetting perms on directories.

* Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s.

* Simply handling of SSH_CONNECTION PAM env var.

Prompted by bz#3508: there's no need to cache the value of
sshpam_conninfo so remove the global.  While there, add check of
return value from pam_putenv.  ok djm@

* upstream: The idiomatic way of coping with signed char vs unsigned

char (which did not come from stdio read functions) in the presence of
ctype macros, is to always cast to (unsigned char).  casting to (int)
for a "macro" which is documented to take int, is weird.  And sadly wrong,
because of the sing extension risk.. same diff from florian

OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea

* upstream: add a -X option to both scp(1) and sftp(1) to allow

control over some SFTP protocol knobs: the copy buffer length and
the number of inflight requests, both of which are used during
upload/download.

Previously these could be controlled in sftp(1) using the -b/-R options.
This makes them available in both SFTP protocol clients using the same
option character sequence.

ok dtucker@

OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c

* upstream: add -X to usage();

OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0

* upstream: Clear signal mask early in main(); sshd may have been

started with one or more signals masked (sigprocmask(2) is not cleared
on fork/exec) and this could interfere with various things, e.g. the
login grace timer.

Execution environments that fail to clear the signal mask before running
sshd are clearly broken, but apparently they do exist.

Reported by Sreedhar Balasubramanian; ok dtucker@

OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae

* upstream: Mention that scp uses the SFTP protocol and remove

reference to legacy flag. Spotted by, feedback and ok jmc@

OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3

* upstream: spelling fixes; from paul tagliamonte amendments to his

diff are noted on tech

OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a

* upstream: fix bug in PermitRemoteOpen which caused it to ignore its

first argument unless it was one of the special keywords "any" or "none".

Reported by Georges Chaudy in bz3515; ok dtucker@

OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5

* upstream: regression test for PermitRemoteOpen

OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c

* upstream: suppress "Connection closed" message when in quiet mode

OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f

* upstream: add ptimeout API for keeping track of poll/ppoll

timeouts; ok dtucker markus

OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead

* upstream: replace manual poll/ppoll timeout math with ptimeout API

feedback markus / ok markus dtucker

OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2

* upstream: Add channel_force_close()

This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.

Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.

ok markus dtucker

OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b

* upstream: tweak channel ctype names

These are now used by sshd_config:ChannelTimeouts to specify timeouts by
channel type, so force them all to use a similar format without whitespace.

ok dtucker markus

OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65

* upstream: Add channel_set_xtype()

This sets an "extended" channel type after channel creation (e.g.
"session:subsystem:sftp") that will be used for setting channel inactivity
timeouts.

ok markus dtucker

OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca

* upstream: Implement channel inactivity timeouts

This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.

Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.

ok markus dtucker

OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8

* unbreak scp on NetBSD 4.x

e555d5cad5 effectively increased the default copy buffer size for SFTP
transfers. This caused NetBSD 4.x to hang during the "copy local file to
remote file in place" scp.sh regression test.

This puts back the original 32KB copy buffer size until we can properly
figure out why.

lots of debugging assistance from dtucker@

* upstream: Copy bytes from the_banana[] rather than banana()

Fixes test failure due to segfault seen on arm64 with xonly snap.

ok djm

OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046

* upstream: unit tests for misc.c:ptimeout_* API

OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94

* upstream: fix typo in verbose logging

OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9

* upstream: regression test for ChannelTimeout

OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685

* upstream: Save debug logs from ssh for debugging purposes.

OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0

* Set OPENSSL_BIN from OpenSSL directory.

* Check openssl_bin path is executable before using.

* Use autoconf to find openssl binary.

It's possible to install an OpenSSL in a path not in the system's
default library search path.  OpenSSH can still use this (eg if you
specify an rpath) but the openssl binary there may not work.  If one is
available on the system path just use that.

* Use our own netcat for dynamic-forward test.

That way we can be surer about its behaviour rather than trying to
second-guess the behaviour of various netcat implementations.

* upstream: When OpenSSL is not available, skip parts of percent test

that require it. Based on github pr#368 from ren mingshuai.

OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2

* don't test IPv6 addresses if platform lacks support

* Skip dynamic-forward test on minix3.

This test relies on loopback addresses which minix does not have.
Previously the test would not run at all since it also doesn't have
netcat, but now we use our own netcat it tries and fails.

* try to improve logging for dynamic-forward test

previously the logs from the ssh used to exercise the forwarding
channel would clobber the logs from the ssh actually doing the
forwarding

* upstream: tweak previous; ok djm

OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858

* upstream: Switch scp from using pipes to a socketpair for

communication with it's ssh sub-processes.  We no longer need to reserve two
descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is
handled by sanitise_stdfd() in main(). Based on an original diff from djm@.
OK deraadt@ djm@

OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d

* add back use of pipes in scp.c under USE_PIPES

This matches sftp.c which prefers socketpair but uses pipes on
some older platforms.

* remove buffer len workaround for NetBSD 4.x

Switching to from pipes to a socketpair for communicating with the
ssh process avoids the (kernel bug?) problem.

* upstream: rewrite this test to use a multiplexed ssh session so we can

control its lifecycle without risk of race conditions; fixes some of the
Github integration tests for openssh-portable

OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969

* upstream: remove whitespace at EOL from code extracted from SUPERCOP

OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4

* upstream: ignore bogus upload/download buffer lengths in the limits

extension

OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8

* upstream: clamp the minimum buffer lengths and number of inflight

requests too

OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56

* upstream: avoid printf("%s", NULL) if using ssh

-oUserKnownHostsFile=none and a hostkey in one of the system known hosts file
changes; ok dtucker@

OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614

* upstream: Add a "Host" line to the output of ssh -G showing the

original host arg. Inspired by patch from vincent at bernat.ch via bz#3343,
ok djm@

OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883

* Remove skipping test when scp not in path.

An upcoming change renders this obsolete by adding scp's path to the
test sshd's PATH, and removing this first will make the subsequent sync
easier.

* upstream: Add scp's path to test sshd's PATH.

If the scp we're testing is fully qualified (eg it's not in the system
PATH) then add its path to the under-test sshd's PATH so we can find
it. Prompted by bz#3518.

OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0

* upstream: Move scp path setting to a helper function. The previous

commit to add scp to the test sshd's path causes the t-envpass test to fail
when the test scp is given using a fully qualified path.  Put this in a
helper function and only call it from the scp tests.

OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4

* Retry package installation 3 times.

When setting up the CI environment, retry package installation 3 times
before going up.  Should help prevent spurious failures during
infrastructure issues.

* upstream: Document "UserKnownHostsFile none". ok djm@

OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5

* upstream: fix double phrase in previous;

OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2

* upstream: Instead of skipping the all-tokens test if we don't have

OpenSSL (since we use it to compute the hash), put the hash at the end and
just omit it if we don't have it.  Prompted by bz#3521.

OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea

* upstream: Shell syntax fix. From ren mingshuai vi github PR#369.

OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9

* Allow writev is seccomp sandbox.

This seems to be used by recent glibcs at least in some configurations.
From bz#3512, ok djm@

* upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP

(20221122) and change the import approach to the same one we use for
Streamlined NTRUPrime: use a shell script to extract the bits we need from
SUPERCOP, make some minor adjustments and squish them all into a single file.

ok tb@ tobhe@

OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b

* upstream: adapt to ed25519 changes in src/usr.bin/ssh

OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5

* upstream: Add a sshd_config UnusedConnectionTimeout option to terminate

client connections that have no open channels for some length of time. This
complements the recently-added ChannelTimeout option that terminates inactive
channels after a timeout.

ok markus@

OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9

* upstream: unbreak test: cannot access shell positional parameters

past $9 without wrapping the position in braces (i.e. need ${10}, etc.)

OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac

* upstream: regression test for UnusedConnectionTimeout

OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084

* upstream: also check that an active session inhibits

UnusedConnectionTimeout idea markus@

OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003

* upstream: For "ssh -V" always exit 0, there is no need to check opt

again. This was missed when the fallthrough in the switch case above it was
removed.  OK deraadt@

OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120

* upstream: Add a -V (version) option to sshd like the ssh client

has. OK markus@ deraadt@

OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e

* upstream: when restoring non-blocking mode to stdio fds, restore

exactly the flags that ssh started with and don't just clobber them with
zero, as this could also remove the append flag from the set;

bz3523; ok dtucker@

OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0

* Skip connection-timeout when missing FD passing.

This tests uses multiplexing which uses file descriptor passing, so
skip it if we don't have that.  Fixes test failures on Cygwin.

* Skip connection-timeout test under Valgrind.

Valgrind slows things down so much that the timeout test fails.  Skip
this test until we figure out if we can make it work.

* upstream: tweak previous; ok djm

OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3

* upstream: Create and install sshd random relink kit.

../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't
be too fragile, we'll see if we need a different approach. The resulting sshd
binary is tested with the new sshd -V option before installation.  As the
binary layout is now semi-unknown (meaning relative, fixed, and gadget
offsets are not precisely known), change the filesystem permissions to 511 to
prevent what I call "logged in BROP". I have ideas for improving this further
but this is a first step ok djm

OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8

* upstream: delete useless dependency

OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad

* fix libfido2 detection without pkg-config

Place libfido2 before additional libraries (that it may depend upon)
and not after. bz3530 from James Zhang; ok dtucker@

* Skip connection-timeout test on minix3.

Minix 3's Unix domain sockets don't seem to work the way we expect, so
skip connection-timeout test on that platform.  While there, group
together all similarly skipped tests and explicitly comment.

* upstream: fix double-free caused by compat_kex_proposal(); bz3522

by dtucker@, ok me

OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80

* upstream: openssh-9.2

OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923

* upstream: Check if we can copy sshd or need to use sudo to do so

during reexec test. Skip test if neither can work.  Patch from anton@, tweaks
from me.

OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d

* upstream: test compat_kex_proposal(); by dtucker@

OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2

* adapt compat_kex_proposal() test to portable

* update version in README

* crank versions in RPM specs

* remove files from libssh project

* re-merge arc4random.c

* re-merge misc.c

* remove unused files from libssh.vcxproj

* fix outstanding merge conflicts

* fix build errors

* modify upstream workflows to trigger on workflow dispatch instead of all PRs

* fix scp client hanging with pipes

* fix some failing bash tests

* make bash test compatible with Windows

* address scp's sftp mode buf len limitations

* address review feedback

* address review feedback

* update comment

---------

Signed-off-by: Sam James <sam@gentoo.org>
Co-authored-by: djm@openbsd.org <djm@openbsd.org>
Co-authored-by: Darren Tucker <dtucker@dtucker.net>
Co-authored-by: Damien Miller <djm@mindrot.org>
Co-authored-by: Sam James <sam@gentoo.org>
Co-authored-by: jsg@openbsd.org <jsg@openbsd.org>
Co-authored-by: jmc@openbsd.org <jmc@openbsd.org>
Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org>
Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com>
Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com>
Co-authored-by: David Korczynski <david@adalogics.com>
Co-authored-by: Pierre Ossman <ossman@cendio.se>
Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org>
Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com>
Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org>
Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org>
Co-authored-by: tb@openbsd.org <tb@openbsd.org>
Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 16:57:36 -05:00
djm@openbsd.org
8ec2e31238
upstream: adapt to ed25519 changes in src/usr.bin/ssh
OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5
2023-01-16 10:57:42 +11:00
tb@openbsd.org
018d671d78
upstream: Copy bytes from the_banana[] rather than banana()
Fixes test failure due to segfault seen on arm64 with xonly snap.

ok djm

OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046
2023-01-06 20:25:14 +11:00
Balu Gajjala
ee54e6bd06 Merge upstream V8_9 2022-02-24 16:57:16 -08:00
Darren Tucker
976b9588b4 Wrap OpenSSL includes in unit tests in ifdef.
Fixes unit test on systems that do not have OpenSSL headers installed.
2022-01-14 13:47:27 +11:00
deraadt@openbsd.org
3eead81583 upstream: sys/param.h cleanup, mostly using MINIMUM() and
<limits.h> ok dtucker

OpenBSD-Regress-ID: 172a4c45d3bcf92fa6cdf6c4b9db3f1b3abe4db0
2021-12-20 12:16:49 +11:00
Darren Tucker
40bd3709dd Skip SK unit tests when built without security-key 2021-10-07 15:55:49 +11:00
Balu Gajjala
e2287c5cfa openssh-8.5
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmA+KckACgkQKj9BTnNg
 YLoCExAAqxi83JFNUj+D0HdfM/eKas8dGtCXFzxtOA0yomKeeDUVoz1D96CdNLF8
 07mL78KAMErN2SfXEyzpS/2yoGa8wPflne/ADWJVIGKZK9cj8/fwvMrCUWp9PJOa
 CVQm2W8u3yBoEAxoi81S7WJjR5BY4Sv0LtQJW43VfD4bwYjBz8N72ecnr7LknFNL
 qJXYUu/OWtMLNsSrh2VigXJQgTA9cmJUrItRFamSsfWZGwilL0MpXLrkwcJa5DhO
 25PG3aeJSTX5txI/hl25EY5cyeJPQGX+6Nz9kJag50a7C9ZOCJHIbnle7dFcLsDP
 lCy3VoQnPxEOHe8kmNGLf1tGvv8AIqpJu1a31SlSnbqHEgHFC0XCPXZF0QWDGAaO
 kDt8j6XSCHYDyml5+nkZJBCP6xcx7eXyLJ2CxnNZBabbRGLb/Rj+jeCk9s+jWo/i
 UDgmlibbfjreYVgwuZhQV9QI9GB0Mlv+UjeeK55b2S7WnhuLsMLVrxDVQ1Zl4oR1
 ckOvXBMGrjMaLQTW9Q1xSV6C3PR1oAbVa09YUP0KSAthOu8L/tGY13kT4DwWm1W/
 JBOKzCk/JIfRuOpCrKSftwuj19JKOPYojW8kk10i/48RUq4TiCsCnTtBZI7VvFcB
 B28s/ZGRq/nETqHSRX63/WLr57lU54pq/+7THQA5iUyFhORPYk4=
 =npgJ
 -----END PGP SIGNATURE-----

pull V8.5 changes
2021-04-02 10:14:32 -07:00
dtucker@openbsd.org
b08ef25552 upstream: Update unittests for addr.c/addrmatch.c split.
OpenBSD-Regress-ID: de2b415fb7af084a91c6ef147a90482d8f771eef
2021-01-11 15:24:31 +11:00
djm@openbsd.org
e32479645c upstream: adapt to API changes
OpenBSD-Regress-ID: 5f147990cb67094fe554333782ab268a572bb2dd
2020-08-27 13:58:23 +10:00
Darren Tucker
e684b1ea36 Skip OpenSSL specific tests w/out OpenSSL.
Allows unit tests to pass when configure'ed --without-openssl.
2020-06-19 18:38:39 +10:00
djm@openbsd.org
e95c0a0e96 upstream: basic unit test for FIDO kep parsing
OpenBSD-Regress-ID: 8089b88393dd916d7c95422b442a6fd4cfe00c82
2020-06-19 15:58:10 +10:00
djm@openbsd.org
4da393f87c upstream: sure enough, some of the test data that we though were in
new format were actually in the old format; fix from Michael Forney

OpenBSD-Regress-ID: a41a5c43a61b0f0b1691994dbf16dfb88e8af933
2020-05-04 18:42:13 +10:00
djm@openbsd.org
15bfafc1db upstream: make mktestdata.sh generate old/new format keys that we
expect. This script was written before OpenSSH switched to new-format private
keys by default and was never updated to the change (until now) From Michael
Forney

OpenBSD-Regress-ID: 38cf354715c96852e5b71c2393fb6e7ad28b7ca7
2020-05-04 18:42:13 +10:00
djm@openbsd.org
7882d2eda6 upstream: portability fix for sed that always emil a newline even
if the input does not contain one; from Michael Forney

OpenBSD-Regress-ID: 9190c3ddf0d2562ccc02c4a95fce0e392196bfc7
2020-05-04 18:42:13 +10:00
djm@openbsd.org
8074f9499e upstream: remove obsolete RSA1 test keys; spotted by Michael Forney
OpenBSD-Regress-ID: 6384ba889594e217d166908ed8253718ab0866da
2020-05-04 18:42:13 +10:00
dtucker@openbsd.org
abc3e0a517 upstream: Add utf8.c for asmprintf used by krl.c
OpenBSD-Regress-ID: 433708d11165afdb189fe635151d21659dd37a37
2020-04-10 11:47:40 +10:00
djm@openbsd.org
f73ab8a811 upstream: unbreak unittests for recent API / source file changes
OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0
2020-01-26 14:19:43 +11:00
djm@openbsd.org
c5f1cc9935 upstream: unbreak tests for recent security key changes
OpenBSD-Regress-ID: 2cdf2fcae9962ca4d711338f3ceec3c1391bdf95
2019-11-25 21:34:20 +11:00
Manoj Ampalam
66b040a11e Merge branch 'V_8_1' of https://github.com/openssh/openssh-portable into latestw_all 2019-11-01 11:55:19 -07:00
djm@openbsd.org
dfc8f01b98 upstream: adapt to extra sshkey_sign() argument and additional
dependencies

OpenBSD-Regress-ID: 7a25604968486c4d6f81d06e8fbc7d17519de50e
2019-11-01 13:10:09 +11:00
Damien Miller
f61f29afda make unittests pass for no-openssl case 2019-09-08 10:37:17 +10:00
djm@openbsd.org
1dfadb9b57 upstream: adapt for key shielding API changes (const removal)
OpenBSD-Regress-ID: 298890bc52f0cd09dba76dc1022fabe89bc0ded6
2019-06-21 14:24:44 +10:00
Manoj Ampalam
7ed284f878
Ported v8.0 changes 2019-05-24 23:08:06 -07:00
Damien Miller
42c5ec4b97 refactor libcrypto initialisation
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().

Prompted by patch from Rosen Penev
2018-11-23 10:42:05 +11:00
djm@openbsd.org
35d0e5fefc upstream: add some knobs:
UNITTEST_FAST?= no     # Skip slow tests (e.g. less intensive fuzzing).
UNITTEST_SLOW?= no     # Include slower tests (e.g. more intensive fuzzing).
UNITTEST_VERBOSE?= no  # Verbose test output (inc. per-test names).

useful if you want to run the tests as a smoke test to exercise the
functionality without waiting for all the fuzzers to run.

OpenBSD-Regress-ID: e04d82ebec86068198cd903acf1c67563c57315e
2018-11-22 16:14:31 +11:00
Damien Miller
d64e785265 add compat header 2018-09-13 19:05:48 +10:00
djm@openbsd.org
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
OpenBSD-Regress-ID: a73a54d7f7381856a3f3a2d25947bee7a9a5dbc9
2018-09-13 19:04:10 +10:00
djm@openbsd.org
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
OpenBSD-Regress-ID: ae877064597c349954b1b443769723563cecbc8f
2018-09-13 15:08:27 +10:00
Damien Miller
86112951d6 forgot to stage these test files in commit d70d061 2018-09-13 12:12:42 +10:00
djm@openbsd.org
d70d061828 upstream: Include certs with multiple RSA signature variants in
test data Ensure that cert->signature_key is populated correctly

OpenBSD-Regress-ID: 56e68f70fe46cb3a193ca207385bdb301fd6603a
2018-09-12 16:51:36 +10:00
djm@openbsd.org
2de78bc7da upstream: s/sshkey_demote/sshkey_from_private/g
OpenBSD-Regress-ID: 782bde7407d94a87aa8d1db7c23750e09d4443c4
2018-09-12 16:51:14 +10:00
djm@openbsd.org
dbab02f920 upstream: fix leaks in unit test; with this, all unit tests are
leak free (as far as valgrind can spot anyway)

OpenBSD-Regress-ID: b824d8b27998365379963440e5d18b95ca03aa17
2018-07-13 12:14:38 +10:00
djm@openbsd.org
e6c4134165 upstream commit
unbreak unit tests after removal of src/usr.bin/ssh/lib

OpenBSD-Regress-ID: 3a79760494147b20761cbd2bd5c20e86c63dc8f9
2018-01-03 16:46:49 +11:00
djm@openbsd.org
d757a4b633 upstream commit
fix for new SSH_ERR_KEY_LENGTH error value

Upstream-Regress-ID: c38a6e6174d4c3feca3518df150d4fbae0dca8dc
2017-05-08 16:11:26 +10:00
djm@openbsd.org
557f921aad upstream commit
remove SSHv1 support from unit tests

Upstream-Regress-ID: 395ca2aa48f1f7d23eefff6cb849ea733ca8bbfe
2017-05-01 10:07:19 +10:00
tb@openbsd.org
7da751d8b0 upstream commit
Clean up MALLOC_OPTIONS.  For the unittests, move
MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc.

ok otto

Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12
2016-11-29 17:16:29 +11:00
tb@openbsd.org
36f58e6822 upstream commit
Remove the obsolete A and P flags from MALLOC_OPTIONS.

ok dtucker

Upstream-Regress-ID: 6cc25024c8174a87e5734a0dc830194be216dd59
2016-11-29 17:14:27 +11:00
djm@openbsd.org
67f1459efd upstream commit
unit and regress tests for SHA256/512; ok markus

Upstream-Regress-ID: a0cd1a92dc824067076a5fcef83c18df9b0bf2c6
2016-05-02 20:59:50 +10:00
djm@openbsd.org
da98c11d03 upstream commit
basic unit tests for rsa-sha2-* signature types

Upstream-Regress-ID: 7dc4b9db809d578ff104d591b4d86560c3598d3c
2015-12-07 13:21:30 +11:00
djm@openbsd.org
fdd020e864 upstream commit
adapt to recent sshkey_parse_private_fileblob() API
 change

Upstream-Regress-ID: 5c0d818da511e33e0abf6a92a31bd7163b7ad988
2015-10-06 12:29:03 +11:00
djm@openbsd.org
d85dad8177 upstream commit
adjust for RSA minimum modulus switch; ok deraadt@

Upstream-Regress-ID: 5a72c83431b96224d583c573ca281cd3a3ebfdae
2015-08-06 11:13:25 +10:00
djm@openbsd.org
41e38c4d49 upstream commit
regen RSA1 test keys; the last batch was missing their
 private parts

Upstream-Regress-ID: 7ccf437305dd63ff0b48dd50c5fd0f4d4230c10a
2015-07-15 17:25:10 +10:00
markus@openbsd.org
7a6e3fd7b4 upstream commit
regen test data after mktestdata.sh changes

Upstream-Regress-ID: 3495ecb082b9a7c048a2d7c5c845d3bf181d25a4
2015-07-15 16:04:27 +10:00
markus@openbsd.org
7c8c174c69 upstream commit
adapt tests to new minimum RSA size and default FP format

Upstream-Regress-ID: a4b30afd174ce82b96df14eb49fb0b81398ffd0e
2015-07-15 16:04:26 +10:00
djm@openbsd.org
6a977a4b68 upstream commit
legacy v00 certificates are gone; adapt and don't try to
 test them; "sure" markus@ dtucker@

Upstream-Regress-ID: c57321e69b3cd4a3b3396dfcc43f0803d047da12
2015-07-15 16:04:02 +10:00
djm@openbsd.org
368f83c793 upstream commit
use correct key for nested certificate test
2015-05-10 11:35:12 +10:00
Damien Miller
4df590cf8d make unit tests work for !OPENSSH_HAS_ECC 2015-03-11 10:02:39 +11:00