Commit Graph

11593 Commits

Author SHA1 Message Date
deraadt@openbsd.org 7eec76793d upstream: Convert from select() to ppoll(). Along the way, I
observed that the select() code was using exceptfds incorrectly.. ok millert

OpenBSD-Commit-ID: 548e05bfc31b2af02319eb3d051286d4128dec96
2021-11-18 08:58:54 +11:00
Darren Tucker e665ed2d0c Switch from LibreSSL 3.4.0 to 3.4.1.
The LibreSSL 3.4.0 release has an OPENBSD_BRANCH that points to
"master" and that branch no longer has the files LibreSSL expects
and thus it will no longer build, breaking the test.
2021-11-12 22:57:51 +11:00
djm@openbsd.org 21b6b5a06c upstream: add the sntrup761x25519-sha512@openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default
KEXAlgorithms list (after the ECDH methods but before the prime-group DH
ones).

ok markus@

OpenBSD-Commit-ID: 22b77e27a04e497a10e22f138107579652854210
2021-11-10 17:32:18 +11:00
djm@openbsd.org 239da797cb upstream: fix ssh-keysign for KEX algorithms that use SHA384/512
exchange hashes; feedback/ok markus@

OpenBSD-Commit-ID: 09a8fda1c081f5de1e3128df64f28b7bdadee239
2021-11-10 17:32:18 +11:00
djm@openbsd.org 6997a592ec upstream: improve error message when trying to expand a ~user path
for a user that doesn't exist; better matches what the shell does

ok deraadt@

OpenBSD-Commit-ID: 1ddefa3c3a78b69ce13d1b8f67bc9f2cefd23ad6
2021-11-10 17:32:18 +11:00
Darren Tucker 10b899a15c Don't trust closefrom() on Linux.
glibc's closefrom implementation does not work in a chroot when the kernel
does not have close_range.  It tries to read from /proc/self/fd and when
that fails dies with an assertion of sorts.  Instead, call close_range
ourselves from our compat code and fall back if that fails.  bz#3349,
with william.wilson at canonical.com and fweimer at redhat.com.
2021-11-10 12:34:25 +11:00
dtucker@openbsd.org eb1f63195a upstream: Plug a couple of minor mem leaks. From beldmit at
gmail.com via github PR#283, ok markus@

OpenBSD-Commit-ID: ec1fa7d305d46226861c3ca6fb9c9beb2ada2892
2021-11-06 21:56:09 +11:00
djm@openbsd.org e4f501bf1d upstream: move cert_filter_principals() to earlier in the file for
reuse; no code change

OpenBSD-Commit-ID: 598fa9528b656b2f38bcc3cf5b6f3869a8c115cf
2021-11-06 21:56:09 +11:00
deraadt@openbsd.org 59c60f96fe upstream: Many downstreams expect ssh to compile as non-C99...
OpenBSD-Commit-ID: e6aa3e08bda68e5fb838fc8a49b1d2dfc38ee783
2021-11-06 21:56:09 +11:00
Darren Tucker 7a78fe63b0 Skip getline() on HP-UX 10.x.
HP-UX 10.x has a getline() implementation in libc that does not behave
as we expect so don't use it.  With correction from Thorsten Glaser and
typo fix from Larkin Nickle.
2021-11-06 21:09:48 +11:00
Damien Miller 343ae252eb basic SECURITY.md (refers people to the website) 2021-11-03 12:08:21 +11:00
djm@openbsd.org ed45a01686 upstream: crank SSH_SK_VERSION_MAJOR to match recent change in
usr/bin/ssh

OpenBSD-Regress-ID: 113d181c7e3305e138db9b688cdb8b0a0019e552
2021-11-03 10:10:09 +11:00
djm@openbsd.org f3c34df860 upstream: Better handle FIDO keys on tokens that provide user
verification (UV) on the device itself, including biometric keys.

Query the token during key creation to determine whether it supports
on-token UV and, if so, clear the SSH_SK_USER_VERIFICATION_REQD flag
in the key so that ssh(1) doesn't automatically prompty for PIN later.

When making signatures with the key, query the token's capabilities
again and check whether the token is able (right now) to perform user-
verification without a PIN. If it is then the PIN prompt is bypassed
and user verification delegated to the token. If not (e.g. the token
is biometric capable, but no biometric are enrolled), then fall back
to user verification via the usual PIN prompt.

Work by Pedro Martelletto; ok myself and markus@

NB. cranks SSH_SK_VERSION_MAJOR

OpenBSD-Commit-ID: e318a8c258d9833a0b7eb0236cdb68b5143b2f27
2021-11-03 10:07:23 +11:00
djm@openbsd.org 0328a081f3 upstream: sshsig: add tests for signing key validity and
find-principals

- adds generic find-principals tests (this command had none before)
- tests certs with a timeboxed validity both with and without a
 restriced lifetime for the CA
- test for a revoked CA cert

by Fabian Stelzer

OpenBSD-Regress-ID: 9704b2c6df5b8ccfbdf2c06c5431f5f8cad280c9
2021-10-29 14:25:32 +11:00
djm@openbsd.org ccd358e1e2 upstream: avoid signedness warning; spotted in -portable
OpenBSD-Regress-ID: 4cacc126086487c0ea7f3d86b42dec458cf0d0c6
2021-10-29 14:25:32 +11:00
djm@openbsd.org 2741f52beb upstream: ssh-keygen: make verify-time argument parsing optional
From Fabian Stelzer

OpenBSD-Commit-ID: 1ff35e4c366a45a073663df90381be6a8ef4d370
2021-10-29 14:25:23 +11:00
Damien Miller a1217d363b unbreak fuzz harness for recent changes 2021-10-29 13:48:59 +11:00
Darren Tucker 68e522ed81 Use -Wbitwise-instead-of-logical if supported. 2021-10-29 13:32:24 +11:00
Damien Miller be28b23012 use -Wmisleading-indentation cflag if available
ok dtucker@
2021-10-28 16:24:53 +11:00
Damien Miller 2e6f5f24dd depend 2021-10-28 16:24:44 +11:00
Damien Miller a5ab488234 remove built-in support for md5crypt()
Users of MD5-hashed password should arrange for ./configure to link
against libxcrypt or similar. Though it would be better to avoid use
of MD5 password hashing entirely, it's arguably worse than DEScrypt.

feedback and ok dtucker@
2021-10-28 16:16:13 +11:00
djm@openbsd.org c5de1fffa6 upstream: increment SSH_SK_VERSION_MAJOR to match last change
OpenBSD-Regress-ID: 17873814d1cbda97f49c8528d7b5ac9cadf6ddc0
2021-10-28 13:57:52 +11:00
djm@openbsd.org 0001d04e55 upstream: When downloading resident keys from a FIDO token, pass
back the user ID that was used when the key was created and append it to the
filename the key is written to (if it is not the default).

Avoids keys being clobbered if the user created multiple
resident keys with the same application string but different
user IDs.

feedback Pedro Martelletto; ok markus

NB. increments SSH_SK_VERSION_MAJOR

OpenBSD-Commit-ID: dbd658b5950f583106d945641a634bc6562dd3a3
2021-10-28 13:56:59 +11:00
deraadt@openbsd.org d4bed54456 upstream: For open/openat, if the flags parameter does not contain
O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant.  Many developers
in the past have passed mode_t (0, 044, 0644, or such), which might lead
future people to copy this broken idiom, and perhaps even believe this
parameter has some meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from mode_t on
a number of system calls as a safety factor, and his bewilderment that this
appeared to be happening against valid modes (at least visually), but no
sorry, they are all irrelevant junk.  They could all be 0xdeafbeef. ok
millert

OpenBSD-Commit-ID: 503d11633497115688c0c6952686524f01f53121
2021-10-28 13:56:59 +11:00
Darren Tucker d575cf4489 kitchensink test target now needs krb5. 2021-10-22 23:27:41 +11:00
Darren Tucker 4ae39cada2 Test both MIT KRB5 and Heimdal. 2021-10-22 22:54:33 +11:00
dtucker@openbsd.org 22b2681d88 upstream: Plug mem addrinfo mem leaks.
Prevent mem leaks in the (unlikely) event that getaddrinfo returns
no addresses.  ALso, remove an unneeded NULL check in addr_ntop. From
khaleesicodes via github PR#281, ok deraadt@

OpenBSD-Commit-ID: e8a5afc686376637c355c5f7e122dc4b080b9c1a
2021-10-22 22:03:05 +11:00
dtucker@openbsd.org 27c8c343b6 upstream: Remove unnecessary semicolons
... in case statements. From khaleesicodes via github PR#280.

OpenBSD-Commit-ID: e1e89360b65775cff83e77ce040b342015caf4ed
2021-10-22 22:02:43 +11:00
dtucker@openbsd.org e7eb73b8d1 upstream: Fix typos in comments.
From khaleesicodes via github PR#280.

OpenBSD-Commit-ID: 26fdd83652c40f098bf7c685e8ebb9eb72cc45fc
2021-10-22 22:02:26 +11:00
deraadt@openbsd.org 052a9d8494 upstream: switch scp(1) back to sftp protocol.
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP
protocol for copying.  Let's get back to testing the SFTP protocol.

OpenBSD-Commit-ID: 9eaa35d95fd547b78b0a043b3f518e135f151f30
2021-10-22 22:01:46 +11:00
Darren Tucker a07664646b Source configs script so setup_ci can use settings 2021-10-22 14:00:05 +11:00
Darren Tucker 34df52c201 Install libedit and pam based on config flags. 2021-10-22 09:42:14 +11:00
Darren Tucker 8c626cc563 Don't use 'here string", it's not POSIX. 2021-10-21 16:53:39 +11:00
Darren Tucker 086a4b5977 Remove -Werror from compiler package to install. 2021-10-21 15:33:27 +11:00
Darren Tucker 5a7a468750 Build with -Werror on most recent gcc and clang. 2021-10-21 15:18:34 +11:00
Darren Tucker 4d2cbdb525 Include string.h and stdio.h for strerror. 2021-10-15 12:59:06 +11:00
Darren Tucker fff13aaa26 Include error reason if trace disabling fails. 2021-10-15 12:43:36 +11:00
Darren Tucker d4b38144c0 Add tcmalloc test target. 2021-10-12 23:01:40 +11:00
dtucker@openbsd.org 002d65b0a3 upstream: Document that CASignatureAlgorithms, ExposeAuthInfo and
PubkeyAuthOptions can be used in a Match block.  Patch from eehakkin via
github PR#277.

OpenBSD-Commit-ID: c0a63f5f52e918645967ac022b28392da4b866aa
2021-10-09 22:01:49 +11:00
Darren Tucker 40bd3709dd Skip SK unit tests when built without security-key 2021-10-07 15:55:49 +11:00
Darren Tucker 482f73be10 Include relevant env vars on command line.
Makes it easier to reproduce a build by cut/pasting the configure line.
2021-10-07 15:55:04 +11:00
Darren Tucker ef5916b8ac Only enable sk-* key types if ENABLE_SK is defined 2021-10-07 14:28:02 +11:00
Darren Tucker 52d4232b49 Disable security key on minix3.
The test doesn't work so disable.
2021-10-06 18:14:37 +11:00
Darren Tucker 7cd062c3a2 Add USE_LIBC_SHA2 for (at least) NetBSD 9. 2021-10-06 17:45:28 +11:00
Darren Tucker 639c440f6c Define OPENSSL_NO_SHA including OpenSSL from test.
We don't use SHA256 from OpenSSL in the sk-dummy module and the
definitions can conflict with system sha2.h (eg on NetBSD) so define
OPENSSL_NO_SHA so we don't attempt to redefine them.
2021-10-06 17:09:31 +11:00
Darren Tucker 8f4be526a3 Disable security key on NetBSD4 test.
sk-dummy used for the security key test includes both sha2.h and OpenSSL
causing the definitions conflict so disable security key support on this
platform.
2021-10-06 15:40:58 +11:00
Damien Miller 3b353ae58a clean regress/misc/sk-dummy in cleandir target 2021-10-06 15:07:01 +11:00
dtucker@openbsd.org 57680a2ab4 upstream: Dynamically allocate encoded HashKnownHosts and free as
appropriate. Saves 1k of static storage and prevents snprintf "possible
truncation" warnings from newer compilers (although in this case it's false
positive since the actual sizes are limited by the output size of the SHA1).
ok djm@

OpenBSD-Commit-ID: e254ae723f7e3dce352c7d5abc4b6d87faf61bf4
2021-10-06 14:40:32 +11:00
djm@openbsd.org e3e62deb54 upstream: use libc SHA256 functions; make this work when compiled
!WITH_OPENSSL

OpenBSD-Regress-ID: fda0764c1097cd42f979ace29b07eb3481259890
2021-10-06 14:40:26 +11:00
dtucker@openbsd.org 12937d8670 upstream: Add test for ssh hashed known_hosts handling.
OpenBSD-Regress-ID: bcef3b3cd5a1ad9899327b4b2183de2541aaf9cf
2021-10-06 14:39:32 +11:00