356 Commits

Author SHA1 Message Date
djm@openbsd.org
e44bb61824 upstream: security keys typically need to be tapped/touched in
order to perform a signature operation. Notify the user when this is expected
via the TTY (if available) or $SSH_ASKPASS if we can.

ok markus@

OpenBSD-Commit-ID: 0ef90a99a85d4a2a07217a58efb4df8444818609
2019-11-13 10:15:47 +11:00
markus@openbsd.org
2c55744a56 upstream: enable ed25519 support; ok djm
OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
2019-11-13 08:54:09 +11:00
djm@openbsd.org
9a14c64c38 upstream: Refactor signing - use sshkey_sign for everything,
including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
2019-11-01 09:46:10 +11:00
djm@openbsd.org
884416bdb1 upstream: ssh client support for U2F/FIDO keys
OpenBSD-Commit-ID: eb2cfa6cf7419a1895e06e398ea6d41516c5b0bc
2019-11-01 09:46:09 +11:00
dtucker@openbsd.org
6b39a7b49e upstream: Remove now-redundant perm_ok arg since
sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that
case.  Patch from jitendra.sharma at intel.com, ok djm@

OpenBSD-Commit-ID: 07916a17ed0a252591b71e7fb4be2599cb5b0c77
2019-08-08 16:40:09 +10:00
dtucker@openbsd.org
696fb4298e upstream: Remove some set but never used variables. ok daraadt@
OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7
2019-07-08 11:45:51 +10:00
deraadt@openbsd.org
4d28fa78ab upstream: When system calls indicate an error they return -1, not
some arbitrary value < 0.  errno is only updated in this case.  Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-07-05 11:10:39 +10:00
djm@openbsd.org
c586d2d312 upstream: fix ssh-keysign fd handling problem introduced in r1.304
caused by a typo (STDIN_FILENO vs STDERR_FILENO)

OpenBSD-Commit-ID: 57a0b4be7bef23963afe24150e24bf014fdd9cb0
2019-06-08 00:20:01 +10:00
deraadt@openbsd.org
a1d29cc36a upstream: When doing the fork+exec'ing for ssh-keysign, rearrange
the socket into fd3, so as to not mistakenly leak other fd forward
accidentally. ok djm

OpenBSD-Commit-ID: 24cc753f5aa2c6a7d0fbf62766adbc75cd785296
2019-05-17 10:07:43 +10:00
djm@openbsd.org
38e83e4f21 upstream: fix regression in r1.302 reported by naddy@ - only the first
public key from the agent was being attempted for use.

OpenBSD-Commit-ID: 07116aea521a04888718b2157f1ca723b2f46c8d
2019-02-13 10:55:44 +11:00
djm@openbsd.org
5c68ea8da7 upstream: cleanup GSSAPI authentication context after completion of the
authmethod. Move function-static GSSAPI state to the client Authctxt
structure. Make static a bunch of functions that aren't used outside this
file.

Based on patch from Markus Schmidt <markus@blueflash.cc>; ok markus@

OpenBSD-Commit-ID: 497fb792c0ddb4f1ba631b6eed526861f115dbe5
2019-02-11 20:48:16 +11:00
djm@openbsd.org
aaca72d6f1 upstream: rename kex->kem_client_pub -> kex->client_pub now that
KEM has been renamed to kexgen

from markus@ ok djm@

OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
2019-01-21 23:13:03 +11:00
djm@openbsd.org
92dda34e37 upstream: use KEM API for vanilla ECDH
from markus@ ok djm@

OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c
2019-01-21 23:13:02 +11:00
djm@openbsd.org
9c9c97e14f upstream: use KEM API for vanilla DH KEX
from markus@ ok djm@

OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9
2019-01-21 22:08:47 +11:00
djm@openbsd.org
2f6a9ddbbf upstream: use KEM API for vanilla c25519 KEX
OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
2019-01-21 22:08:04 +11:00
djm@openbsd.org
dfd591618c upstream: Add support for a PQC KEX/KEM:
sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime
4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not
enabled by default.

introduce KEM API; a simplified framework for DH-ish KEX methods.

from markus@ feedback & ok djm@

OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
2019-01-21 22:07:02 +11:00
djm@openbsd.org
0a5f2ea356 upstream: GSSAPI code got missed when converting to new packet API
OpenBSD-Commit-ID: 37e4f06ab4a0f4214430ff462ba91acba28b7851
2019-01-21 12:05:49 +11:00
djm@openbsd.org
64c9598ac0 upstream: convert the remainder of sshconnect2.c to new packet
API

with & ok markus@

OpenBSD-Commit-ID: 0986d324f2ceb5e8a12ac21c1bb10b3b4b1e0f71
2019-01-20 09:45:17 +11:00
djm@openbsd.org
ed1df7226c upstream: convert sshconnect2.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 1cb869e0d6e03539f943235641ea070cae2ebc58
2019-01-20 09:02:36 +11:00
djm@openbsd.org
0fa174ebe1 upstream: begin landing remaining refactoring of packet parsing
API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-20 09:02:10 +11:00
djm@openbsd.org
4a526941d3 upstream: eliminate function-static attempt counters for
passwd/kbdint authmethods by moving them to the client authctxt; Patch from
Markus Schmidt, ok markus@

OpenBSD-Commit-ID: 4df4404a5d5416eb056f68e0e2f4fa91ba3b3f7f
2019-01-04 14:29:37 +11:00
djm@openbsd.org
0a843d9a0e upstream: move client/server SSH-* banners to buffers under
ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).

Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@

OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
2018-12-27 14:38:22 +11:00
djm@openbsd.org
91b19198c3 upstream: don't truncate user or host name in "user@host's
OpenBSD-Commit-ID: e6ca01a8d58004b7f2cac0b1b7ce8f87e425e360
2018-12-07 13:10:57 +11:00
djm@openbsd.org
aaed635e3a upstream: fix bug in client that was keeping a redundant ssh-agent
socket around for the life of the connection; bz#2912; reported by Simon
Tatham; ok dtucker@

OpenBSD-Commit-ID: 4ded588301183d343dce3e8c5fc1398e35058478
2018-11-16 13:52:18 +11:00
djm@openbsd.org
1a4a9cf80f upstream: don't send new-style rsa-sha2-*-cert-v01@openssh.com names to
older OpenSSH that can't handle them. spotted by Adam Eijdenberg; ok dtucker

OpenBSD-Commit-ID: 662bbc402e3d7c9b6c322806269698106a6ae631
2018-10-12 09:43:30 +11:00
djm@openbsd.org
beb9e522dc upstream: second try, deals properly with missing and private-only
Use consistent format in debug log for keys readied, offered and
received during public key authentication.

This makes it a little easier to see what is going on, as each message
now contains (where available) the key filename, its type and fingerprint,
and whether the key is hosted in an agent or a token.

OpenBSD-Commit-ID: f1c6a8e9cfc4e108c359db77f24f9a40e1e25ea7
2018-09-14 15:27:43 +10:00
djm@openbsd.org
6c8b82fc69 upstream: revert following; deals badly with agent keys
revision 1.285
date: 2018/09/14 04:17:12;  author: djm;  state: Exp;  lines: +47 -26;  commitid: lflGFcNb2X2HebaK;
Use consistent format in debug log for keys readied, offered and
received during public key authentication.

This makes it a little easier to see what is going on, as each message
now contains the key filename, its type and fingerprint, and whether
the key is hosted in an agent or a token.

OpenBSD-Commit-ID: e496bd004e452d4b051f33ed9ae6a54ab918f56d
2018-09-14 14:45:07 +10:00
djm@openbsd.org
1f24ac5fc0 upstream: Use consistent format in debug log for keys readied,
offered and received during public key authentication.

This makes it a little easier to see what is going on, as each message
now contains the key filename, its type and fingerprint, and whether
the key is hosted in an agent or a token.

OpenBSD-Commit-ID: 2a01d59285a8a7e01185bb0a43316084b4f06a1f
2018-09-14 14:18:48 +10:00
djm@openbsd.org
c3903c38b0 upstream: revert compat.[ch] section of the following change. It
causes double-free under some circumstances.

--

date: 2018/07/31 03:07:24;  author: djm;  state: Exp;  lines: +33 -18;  commitid: f7g4UI8eeOXReTPh;
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
feedback and ok dtucker@

OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137
2018-08-13 12:42:13 +10:00
djm@openbsd.org
1a66079c06 upstream: fix some memory leaks spotted by Coverity via Jakub Jelen
in bz#2366 feedback and ok dtucker@

OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563
2018-07-31 13:13:26 +10:00
dtucker@openbsd.org
258dc8bb07 upstream: Remove support for running ssh(1) setuid and fatal if
attempted. Do not link uidwap.c into ssh any more.  Neuters
UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@
djm@

OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42
2018-07-19 21:41:42 +10:00
dtucker@openbsd.org
26efc2f5df upstream: Remove support for loading HostBasedAuthentication keys
directly in ssh(1) and always use ssh-keysign.  This removes one of the few
remaining reasons why ssh(1) might be setuid.  ok markus@

OpenBSD-Commit-ID: 97f01e1448707129a20d75f86bad5d27c3cf0b7d
2018-07-19 20:17:33 +10:00
markus@openbsd.org
394a842e60 upstream: treat ssh_packet_write_wait() errors as fatal; ok djm@
OpenBSD-Commit-ID: f88ba43c9d54ed2d911218aa8d3f6285430629c3
2018-07-12 13:18:25 +10:00
markus@openbsd.org
5467fbcb09 upstream: remove legacy key emulation layer; ok djm@
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-12 13:18:25 +10:00
markus@openbsd.org
cecee2d607 upstream: client: switch to sshbuf API; ok djm@
OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05
2018-07-10 15:14:26 +10:00
sf@openbsd.org
168b46f405 upstream: Revert previous two commits
It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:

date: 2018/07/06 09:06:14;  author: sf;  commitid: yZVYKIRtUZWD9CmE;
 Rename COMP_DELAYED to COMP_ZLIB

 Only delayed compression is supported nowadays.

 ok markus@

date: 2018/07/06 09:05:01;  author: sf;  commitid: rEGuT5UgI9f6kddP;
 Remove leftovers from pre-authentication compression

 Support for this has been removed in 2016.
 COMP_DELAYED will be renamed in a later commit.

 ok markus@

OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772
2018-07-10 15:13:41 +10:00
sf@openbsd.org
95db395d2e upstream: Remove leftovers from pre-authentication compression
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.

ok markus@

OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58
2018-07-10 15:13:40 +10:00
djm@openbsd.org
312d2f2861 upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA
signature work - returns ability to add/remove/specify algorithms by
wildcard.

Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.

Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.

(lots of) feedback, ok markus@

OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
2018-07-04 23:51:52 +10:00
djm@openbsd.org
b4d4eda633 upstream: some finesse to fix RSA-SHA2 certificate authentication
for certs hosted in ssh-agent

OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f
2018-07-03 23:26:47 +10:00
djm@openbsd.org
d78b75df4a upstream: check correct variable; unbreak agent keys
OpenBSD-Commit-ID: c36981fdf1f3ce04966d3310826a3e1e6233d93e
2018-07-03 23:26:47 +10:00
djm@openbsd.org
4ba0d54794 upstream: Improve strictness and control over RSA-SHA2 signature
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.

In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.

Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.

Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.

feedback and ok markus@

OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
2018-07-03 23:26:36 +10:00
djm@openbsd.org
84623e0037 upstream: whitespace
OpenBSD-Commit-ID: 9276951caf4daf555f6d262e95720e7f79244572
2018-06-26 12:03:25 +10:00
markus@openbsd.org
9efcaaac31 upstream: fix bogus warning when signing cert keys using agent;
from djm; ok deraadt dtucker

OpenBSD-Commit-ID: 12e50836ba2040042383a8b71e12d7ea06e9633d
2018-03-25 09:47:30 +11:00
djm@openbsd.org
2607438076 upstream: warn when the agent returns a signature type that was
different to what was requested. This might happen when an old/non-OpenSSH
agent is asked to make a rsa-sha2-256/512 signature but only supports
ssh-rsa. bz#2799 feedback and ok markus@

OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce
2018-03-03 14:20:47 +11:00
dtucker@openbsd.org
f1f047fb03 upstream commit
ssh_free checks for and handles NULL args, remove NULL
checks from remaining callers.  ok djm@

OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b
2018-02-09 20:00:18 +11:00
djm@openbsd.org
14b5c635d1 upstream commit
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.

ok markus@

OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
2018-01-23 16:40:29 +11:00
dtucker@openbsd.org
a54eb27dd6 upstream commit
Increase the buffer sizes for user prompts to ensure that
they won't be truncated by snprintf.  Based on patch from cjwatson at
debian.org via bz#2768, ok djm@

Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e
2017-09-04 09:38:57 +10:00
djm@openbsd.org
c4972d0a9b upstream commit
refuse to a private keys when its corresponding .pub key
does not match. bz#2737 ok dtucker@

Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913
2017-08-12 16:47:10 +10:00
dtucker@openbsd.org
4626e39c70 upstream commit
Add user@host prefix to client's "Permisison denied"
messages, useful in particular when using "stacked" connections where it's
not clear which host is denying.  bz#2720, ok djm@ markus@

Upstream-ID: de88e1e9dcb050c98e85377482d1287a9fe0d2be
2017-06-16 10:51:46 +10:00
markus@openbsd.org
92e9fe6331 upstream commit
remove now obsolete ctx from ssh_dispatch_run; ok djm@

Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
2017-06-01 14:53:33 +10:00