[servconf.c servconf.h]
bz#2161 - fix AuthorizedKeysCommand inside a Match block and
rearrange things so the same error is harder to make next time;
with and ok dtucker@
[cipher.c]
correct bzero of chacha20+poly1305 key context. bz#2177 from
Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
[ssh.1 ssh.c]
- put -Q in the right place
- Ar was a poor choice for the arguments to -Q. i've chosen an
admittedly equally poor Cm, at least consistent with the rest
of the docs. also no need for multiple instances
- zap a now redundant Nm
- usage() sync
[regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
[regress/try-ciphers.sh]
use new "ssh -Q cipher-auth" query to obtain lists of authenticated
encryption ciphers instead of specifying them manually; ensures that
the new chacha20poly1305@openssh.com mode is tested;
ok markus@ and naddy@ as part of the diff to add
chacha20poly1305@openssh.com
[regress/forward-control.sh]
bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164)
to successfully run this; ok djm@
(ID sync only; our timeouts are already longer)
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
[chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
[dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
[ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
cipher "chacha20-poly1305@openssh.com" that combines Daniel
Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS:
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
but differs in layout used for the MAC calculation and the use of a
second ChaCha20 instance to separately encrypt packet lengths.
Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
ok markus@ naddy@
[sshd.c]
delay closure of in/out fds until after "Bad protocol version
identification..." message, as get_remote_ipaddr/get_remote_port
require them open.
NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
latter actually works before using it. Fedora (at least) has NID_secp521r1
that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
[cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c]
Output the effective values of Ciphers, MACs and KexAlgorithms when
the default has not been overridden. ok markus@
[kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
use curve25519 for default key exchange (curve25519-sha256@libssh.org);
initial patch from Aris Adamantiadis; ok djm@
[ssh.c]
fix crash when using ProxyCommand caused by previous commit - was calling
freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
unnecessary arc4random_stir() calls. The only ones left are to ensure
that the PRNG gets a different state after fork() for platforms that
have broken the API.
[ssh.c]
fix bug introduced in hostname canonicalisation commit: don't try to
resolve hostnames when a ProxyCommand is set unless the user has forced
canonicalisation; spotted by Iain Morgan
[readconf.c servconf.c ssh_config.5 sshd_config.5]
Disallow empty Match statements and add "Match all" which matches
everything. ok djm, man page help jmc@
[ssh-keygen.c]
Make code match documentation: relative-specified certificate expiry time
should be relative to current time and not the validity start time.
Reported by Petr Lautrbach; ok deraadt@
[readconf.c ssh_config.5]
rename "command" subclause of the recently-added "Match" keyword to
"exec"; it's shorter, clearer in intent and we might want to add the
ability to match against the command being executed at the remote end in
the future.
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
fsync@openssh.com protocol extension for sftp-server
client support to allow calling fsync() faster successful transfer
patch mostly by imorgan AT nas.nasa.gov; bz#1798
"fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
s/canonicalise/canonicalize/ for consistency with existing spelling,
e.g. authorized_keys; pointed out by naddy@
[readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
[sshconnect.c sshconnect.h]
Implement client-side hostname canonicalisation to allow an explicit
search path of domain suffixes to use to convert unqualified host names
to fully-qualified ones for host key matching.
This is particularly useful for host certificates, which would otherwise
need to list unqualified names alongside fully-qualified ones (and this
causes a number of problems).
"looks fine" markus@
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
refactor client config code a little:
add multistate option partsing to readconf.c, similar to servconf.c's
existing code.
move checking of options that accept "none" as an argument to readconf.c
add a lowercase() function and use it instead of explicit tolower() in
loops
part of a larger diff that was ok markus@
[readconf.c readconf.h ssh-keysign.c ssh.c ssh_config.5]
add a "Match" keyword to ssh_config that allows matching on hostname,
user and result of arbitrary commands. "nice work" markus@
[sftp-client.c]
rename flag arguments to be more clear and consistent.
reorder some internal function arguments to make adding additional flags
easier.
no functional change
[sftp-server.8 sftp-server.c]
Add ability to whitelist and/or blacklist sftp protocol requests by name.
Refactor dispatch loop and consolidate read-only mode checks.
Make global variables static, since sftp-server is linked into sshd(8).
ok dtucker@
[dh.c dh.h]
Increase the size of the Diffie-Hellman groups requested for a each
symmetric key size. New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
djm@.
[channels.c]
bz#1297 - tell the client (via packet_send_debug) when their preferred
listen address has been overridden by the server's GatewayPorts;
ok dtucker@
[progressmeter.c]
store the initial file offset so the progress meter doesn't freak out
when resuming sftp transfers. bz#2137; patch from Iain Morgan; ok dtucker@
[ssh_config]
Remove gssapi config parts from ssh_config, as was already done for
sshd_config. Req by/ok ajacoutot@
ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
[channels.c]
avoid unaligned access in code that reused a buffer to send a
struct in_addr in a reply; simpler just use use buffer_put_int();
from portable; spotted by and ok dtucker@
[sshd_config]
Remove commented-out kerberos/gssapi config options from sample config,
kerberos support is currently not enabled in ssh in OpenBSD. Discussed with
various people; ok deraadt@
ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
[ssh-keygen.c sshconnect1.c sshd.c]
All the instances of arc4random_stir() are bogus, since arc4random()
does this itself, inside itself, and has for a very long time.. Actually,
this was probably reducing the entropy available.
ok djm
ID SYNC ONLY for portable; we don't trust other arc4random implementations
to do this right.
[ssh-keygen.c]
improve batch processing a bit by making use of the quite flag a bit
more often and exit with a non zero code if asked to find a hostname
in a known_hosts file and it wasn't there;
originally from reyk@, ok djm
[sshd.c]
Stir PRNG after post-accept fork. The child gets a different PRNG state
anyway via rexec and explicit privsep reseeds, but it's good to be sure.
ok markus@
[readconf.c readconf.h ssh_config.5 sshconnect.c]
Add a ssh_config ProxyUseFDPass option that supports the use of
ProxyCommands that establish a connection and then pass a connected
file descriptor back to ssh(1). This allows the ProxyCommand to exit
rather than have to shuffle data back and forth and enables ssh to use
getpeername, etc. to obtain address information just like it does with
regular directly-connected sockets. ok markus@
[sftp-client.c]
two problems found by a to-be-committed regress test: 1) msg_id was not
being initialised so was starting at a random value from the heap
(harmless, but confusing). 2) some error conditions were not being
propagated back to the caller
[sftp-client.c sftp-client.h sftp.c]
add a "-l" flag for the rename command to force it to use the silly
standard SSH_FXP_RENAME command instead of the POSIX-rename- like
posix-rename@openssh.com extension.
intended for use in regress tests, so no documentation.
CLOCK_MONOTONIC...) fails. Some older versions of RHEL have the
CLOCK_MONOTONIC define but don't actually support it. Found and tested
by Kevin Brott, ok djm.
blocking connecting socket will clear any stored errno that might
otherwise have been retrievable via getsockopt(). A hack to limit writes
to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap
it in an #ifdef. Diagnosis and patch from Ivo Raisr.
Damien Miller
Darren Tucker
Tim Rice