Commit Graph

10830 Commits

Author SHA1 Message Date
jmc@openbsd.org 7a57adb8b0 upstream: add a comma to previous;
OpenBSD-Commit-ID: 9139433701c0aa86a0d3a6c7afe10d1c9c2e0869
2021-01-11 15:04:12 +11:00
dtucker@openbsd.org 3a92312953 upstream: Add PerSourceMaxStartups and PerSourceNetBlockSize
options which provide more fine grained MaxStartups limits.  Man page help
jmc@, feedback & ok djm@

OpenBSD-Commit-ID: e2f68664e3d02c0895b35aa751c48a2af622047b
2021-01-11 15:04:12 +11:00
dtucker@openbsd.org d9a2bc7169 upstream: Move address handling functions out into their own file
in order to reuse them for per-source maxstartups limiting.  Supplement with
some additional functions from djm's flowtools that we'll also need.  ok djm@
(as part of a larger diff).

OpenBSD-Commit-ID: e3e7d9ccc6c9b82e25cfef0ec83598e8e2327cbf
2021-01-11 15:04:12 +11:00
Darren Tucker b744914fcb Add test against Graphene hardened malloc. 2021-01-09 00:36:05 +11:00
djm@openbsd.org 6cb52d5bf7 upstream: make CheckHostIP default to 'no'. It doesn't provide any
perceptible value and makes it much harder for hosts to change host keys,
particularly ones that use IP-based load-balancing.

ok dtucker@

OpenBSD-Commit-ID: 0db98413e82074f78c7d46784b1286d08aee78f0
2021-01-08 16:01:30 +11:00
Darren Tucker 309b642e14 Run tests with sudo for better coverage. 2021-01-08 15:50:41 +11:00
Darren Tucker c336644351 Add Ubuntu 16.04 and 20.04 test targets. 2021-01-08 15:49:06 +11:00
djm@openbsd.org 4c7af01f9d upstream: If a signature operation on a FIDO key fails with a
"incorrect PIN" reason and no PIN was initially requested from the user, then
request a PIN and retry the operation.

This smoothes over a few corner cases including FIDO devices that
require PINs for all hosted credentials, biometric FIDO devices that
fall back to requiring PIN when reading the biometric failed, devices
that don't implement reading credProtect status for downloaded keys
and probably a few more cases that I haven't though of yet.

ok dtucker@

OpenBSD-Commit-ID: 176db8518933d6a5bbf81a2e3cf62447158dc878
2021-01-08 13:58:27 +11:00
djm@openbsd.org 64ddd0fe68 upstream: don't try to use timespeccmp(3) directly as a qsort(3)
comparison function - it returns 0/1 and not the -1/0/1 that qsort expectes.

fixes sftp "ls -ltr" under some circumstances.

Based on patch by Masahiro Matsuya via bz3248.

OpenBSD-Commit-ID: 65b5e9f18bb0d10573868c3516de6e5170adb163
2021-01-08 13:50:46 +11:00
dtucker@openbsd.org 599df78f30 upstream: Update the sntrup761 creation script and generated code:
- remove unneeded header files and typedefs and rely on crypto_api.h  - add
defines to map types used to the crypto_api ones instead of typedefs.  This
 prevents typedef name collisions in -portable.  - remove CRYPTO_NAMESPACE
entirely instead of making it a no-op  - delete unused functions and make the
remaining ones that aren't exported static.

ok djm@

OpenBSD-Commit-ID: 7b9d0cf3acd5a3c1091da8afe00c904d38cf5783
2021-01-08 13:49:49 +11:00
djm@openbsd.org 16448ff529 upstream: mention that DisableForwarding is valid in a sshd_config
Match block reported by Fredrik Eriksson in bz3239

OpenBSD-Commit-ID: 3a71c3d84b597f5e43e4b40d5232797daf0993f6
2021-01-08 13:46:35 +11:00
dtucker@openbsd.org 91bac5e95b upstream: estructure sntrup761.sh to process all files in a single
list, which will make it easier to reorder.  Re-inline int32_MINMAX.  ok
tobhe@

OpenBSD-Commit-ID: d145c6c19b08bb93c9e14bfaa7af589d90f144c0
2021-01-08 13:46:35 +11:00
tobhe@openbsd.org 4d96a3ebab upstream: Prevent redefinition of `crypto_int32' error with gcc3.
Fixes compilation on luna88k.

Feedback millert@
Found by and ok aoyama@

OpenBSD-Commit-ID: f305ddfe575a26cc53431af3fde3f4aeebed9ba6
2021-01-08 13:45:46 +11:00
Darren Tucker a23954eeb9 Undef int32 after sort routines.
This prevents typedef'ing crypto_int32 twice, in sntrup761.c and
crypto_api.h, which some compilers (at least some GCCs) don't accept.
2021-01-01 22:00:49 +11:00
Damien Miller 148b8a661c fix: missing pieces of previous commit 2020-12-31 12:47:22 +11:00
tobhe@openbsd.org 3d999be7b9 upstream: Use int64_t for intermediate values in int32_MINMAX to
prevent signed 32-bit integer overflow.

Found by and ok djm@
ok markus@

OpenBSD-Commit-ID: 4f0704768e34cf45fdd792bac4011c6971881bb3
2020-12-31 12:42:16 +11:00
Damien Miller 5c1953bf98 adapt KEX fuzzer to PQ kex change 2020-12-29 12:40:54 +11:00
djm@openbsd.org 659864fe81 upstream: Adapt to replacement of
sntrup4591761x25519-sha512@tinyssh.org with
sntrup761x25519-sha512@openssh.com.

Also test sntrup761x25519-sha512@openssh.com in unittests/kex

OpenBSD-Regress-ID: cfa3506b2b077a9cac1877fb521efd2641b6030c
2020-12-29 12:39:40 +11:00
djm@openbsd.org 2c71cec020 upstream: Update/replace the experimental post-quantim hybrid key
exchange method based on Streamlined NTRU Prime (coupled with X25519).

The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.

The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).

Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself

(note this both the updated method and the one that it replaced are
disabled by default)

OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
2020-12-29 12:38:53 +11:00
jmc@openbsd.org 09d070ccc3 upstream: tweak the description of KnownHostsCommand in ssh_conf.5,
and add entries for it to the -O list in scp.1 and sftp.1;

ok djm

OpenBSD-Commit-ID: aba31ebea03f38f8d218857f7ce16a500c3e4aff
2020-12-29 12:02:51 +11:00
Damien Miller 931c93389a whitespace at EOL 2020-12-22 19:43:55 +11:00
Damien Miller 397b1c4d39 whitespace at EOL 2020-12-22 19:42:52 +11:00
Darren Tucker 33fa3ac547 Improve AIX text. 2020-12-22 19:21:26 +11:00
Darren Tucker 0f2e21c9dc Include stdio.h for FILE in misc.h.
Fixes build on at least OpenBSD.
2020-12-22 18:56:54 +11:00
Damien Miller 3e9811e57b ensure $LOGNAME is set in tests 2020-12-22 18:31:50 +11:00
djm@openbsd.org 3eb647cbb3 upstream: more detail for failing tests
OpenBSD-Regress-ID: c68c0e5a521cad7e7f68e54c54ebf86d6c10ee1d
2020-12-22 17:48:31 +11:00
djm@openbsd.org 2873f19570 upstream: regress test for KnownHostsCommand
OpenBSD-Regress-ID: ffc77464320b6dabdcfa0a72e0df02659233a38a
2020-12-22 17:07:38 +11:00
tb@openbsd.org 0121aa87ba upstream: Remove lines accidentally left behind in the ProxyJump
parsing fix r1.345.

ok djm

OpenBSD-Commit-ID: fe767c108c8117bea33767b080ff62eef2c55f5c
2020-12-22 15:43:59 +11:00
djm@openbsd.org da4bf0db94 upstream: add a ssh_config KnownHostsCommand that allows the client
to obtain known_hosts data from a command in addition to the usual files.

The command accepts bunch of %-expansions, including details of the
connection and the offered server host key. Note that the command may
be invoked up to three times per connection (see the manpage for
details).

ok markus@

OpenBSD-Commit-ID: 2433cff4fb323918ae968da6ff38feb99b4d33d0
2020-12-22 15:43:59 +11:00
djm@openbsd.org a34e14a5a0 upstream: move subprocess() from auth.c to misc.c
make privilege dropping optional but allow it via callbacks (to avoid
need to link uidswap.c everywhere)

add some other flags (keep environment, disable strict path safety check)
that make this more useful for client-side use.

feedback & ok markus@

OpenBSD-Commit-ID: a80ea9fdcc156f1a18e9c166122c759fae1637bf
2020-12-22 15:43:59 +11:00
dtucker@openbsd.org 649205fe38 upstream: Remove explicit rijndael-cbc@lysator.liu.se test since the
cipher was removed.

OpenBSD-Regress-ID: aa93cddb4ecd9bc21446a79008a1a53050e64f17
2020-12-22 10:30:23 +11:00
dtucker@openbsd.org 03e93c753d upstream: Remove the pre-standardization cipher
rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc which was
standardized in RFC4253 (2006), has been deprecated and disabled by default
since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001.

This will reduce the amount of work the cipher/kex regression tests need
to do by a little bit.  ok markus@ djm@

OpenBSD-Commit-ID: fb460acc18290a998fd70910b19c29b4e4f199ad
2020-12-21 22:35:41 +11:00
djm@openbsd.org a11ca01587 upstream: properly fix ProxyJump parsing; Thanks to tb@ for
pointing out my error (parse_ssh_uri() can return -1/0/1, that I missed).
Reported by Raf Czlonka via bugs@

ok tb@

OpenBSD-Commit-ID: a2991a3794bcaf1ca2b025212cce11cdb5f6b7d6
2020-12-21 22:35:41 +11:00
djm@openbsd.org d97fb87972 upstream: adapt to API change in hostkeys_foreach()/load_hostkeys()
OpenBSD-Regress-ID: dcb468514f32da49a446372453497dc6eeafdbf3
2020-12-21 14:04:08 +11:00
djm@openbsd.org bf7eb3c266 upstream: few more things needs match.c and addrmatch.c now that
log.c calls match_pattern_list()

OpenBSD-Regress-ID: f7c95c76b150d0aeb00a67858b9579b7d1b2db74
2020-12-21 14:04:08 +11:00
Darren Tucker 2c64f24e27 Pull in missing rev 1.2. 2020-12-21 14:02:56 +11:00
djm@openbsd.org 0f504f592d upstream: plumb ssh_conn_info through to sshconnect.c; feedback/ok
markus@

OpenBSD-Commit-ID: e8d14a09cda3f1dc55df08f8a4889beff74e68b0
2020-12-21 10:52:28 +11:00
djm@openbsd.org 729b05f59d upstream: allow UserKnownHostsFile=none; feedback and ok markus@
OpenBSD-Commit-ID: c46d515eac94a35a1d50d5fd71c4b1ca53334b48
2020-12-21 10:52:28 +11:00
djm@openbsd.org b4c7cd1185 upstream: load_hostkeys()/hostkeys_foreach() variants for FILE*
Add load_hostkeys_file() and hostkeys_foreach_file() that accept a
FILE* argument instead of opening the file directly.

Original load_hostkeys() and hostkeys_foreach() are implemented using
these new interfaces.

Add a u_int note field to the hostkey_entry and hostkey_foreach_line
structs that is passed directly from the load_hostkeys() and
hostkeys_foreach() call. This is a lightweight way to annotate results
between different invocations of load_hostkeys().

ok markus@

OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20
2020-12-21 10:52:28 +11:00
tobhe@openbsd.org 06fbb386be upstream: Print client kem key with correct length.
ok markus@

OpenBSD-Commit-ID: 91689e14a4fc6c270e265a32d1c8faba63a45755
2020-12-21 10:52:28 +11:00
djm@openbsd.org 0ebead6593 upstream: fix possible error("%s", NULL) on error paths
OpenBSD-Commit-ID: 0b3833c2cb985453ecca1d76803ebb8f3b736a11
2020-12-21 10:52:27 +11:00
djm@openbsd.org d060bc7f6e upstream: refactor client percent_expand() argument passing;
consolidate the common arguments into a single struct and pass that around
instead of using a bunch of globals. ok markus@

OpenBSD-Commit-ID: 035e6d7ca9145ad504f6af5a021943f1958cd19b
2020-12-21 10:52:27 +11:00
djm@openbsd.org 43026da035 upstream: prepare readconf.c for fuzzing; remove fatal calls and
fix some (one-off) memory leaks; ok markus@

OpenBSD-Commit-ID: 91c6aec57b0e7aae9190de188e9fe8933aad5ec5
2020-12-21 10:52:22 +11:00
djm@openbsd.org bef92346c4 upstream: use _PATH_SSH_USER_DIR instead of hardcoded .ssh in path
OpenBSD-Commit-ID: 5c1048468813107baa872f5ee33ba51623630e01
2020-12-14 15:38:50 +11:00
Damien Miller a5ab499bd2 basic KEX fuzzer; adapted from Markus' unittest 2020-12-04 14:01:27 +11:00
Damien Miller 021ff33e38 use options that work with recent clang 2020-12-04 13:57:43 +11:00
djm@openbsd.org e4d1a0b40a upstream: shuffle a few utility functions into sftp-client.c; from
Jakub Jelen

OpenBSD-Commit-ID: fdeb1aae1f6149b193f12cd2af158f948c514a2a
2020-12-04 13:43:01 +11:00
djm@openbsd.org ace12dc64f upstream: make ssh_free(NULL) a no-op
OpenBSD-Commit-ID: 42cb285d94789cefe6608db89c63040ab0a80fa0
2020-12-04 13:43:01 +11:00
djm@openbsd.org 3b98b6e27f upstream: memleak of DH public bignum; found with libfuzzer
OpenBSD-Commit-ID: 0e913b542c3764b100b1571fdb0d0e5cc086fe97
2020-12-04 13:43:01 +11:00
djm@openbsd.org 553b90feed upstream: fix minor memleak of kex->hostkey_alg on rekex
OpenBSD-Commit-ID: 2c3969c74966d4ccdfeff5e5f0df0791919aef50
2020-12-04 13:43:01 +11:00