summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* stubs for ML-KEM KEX functionsDamien Miller2024-09-091-2/+23
| | | | used for C89 compilers
* declare defeat trying to detect C89 compilersDamien Miller2024-09-092-18/+2
| | | | | | | I can't find a reliable way to detect the features the ML-KEM code requires in configure. Give up for now and use VLA support (that we can detect) as a proxy for "old compiler" and turn off ML-KEM if it isn't supported.
* fix previous; check for C99 compound literalsDamien Miller2024-09-092-8/+9
| | | | | The previous commit was incorrect (or at least insufficient), the ML-KEM code is actually using compound literals, so test for them.
* test for compiler feature needed for ML-KEMDamien Miller2024-09-095-1/+25
| | | | | | | The ML-KEM implementation we uses need the compiler to support C99-style named struct initialisers (e.g foo = {.bar = 1}). We still support (barely) building OpenSSH with older compilers, so add a configure test for this.
* upstream: test mlkem768x25519-sha256djm@openbsd.org2024-09-092-2/+5
| | | | OpenBSD-Regress-ID: 7baf6bc39ae55648db1a2bfdc55a624954847611
* upstream: pull post-quantum ML-KEM/x25519 key exchange out fromdjm@openbsd.org2024-09-0910-40/+9
| | | | | | | | | | | compile-time flag now than an IANA codepoint has been assigned for the algorithm. Add mlkem768x25519-sha256 in 2nd KexAlgorithms preference slot. ok markus@ OpenBSD-Commit-ID: 9f50a0fae7d7ae8b27fcca11f8dc6f979207451a
* upstream: make parsing user@host consistently look for the last '@' indjm@openbsd.org2024-09-062-6/+6
| | | | | | | | | | | | the string rather than the first. This makes it possible to use usernames that contain '@' characters. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Prompted by Max Zettlmeißl; feedback/ok millert@ OpenBSD-Commit-ID: 0b16eec246cda15469ebdcf3b1e2479810e394c5
* upstream: be more strict in parsing key type names. Only allowdjm@openbsd.org2024-09-044-13/+28
| | | | | | | | | shortnames (e.g "rsa") in user-interface code and require full SSH protocol names (e.g. "ssh-rsa") everywhere else. Prompted by bz3725; ok markus@ OpenBSD-Commit-ID: b3d8de9dac37992eab78adbf84fab2fe0d84b187
* upstream: fix RCSID in outputdjm@openbsd.org2024-09-041-2/+2
| | | | OpenBSD-Commit-ID: 889ae07f2d2193ddc4351711919134664951dd76
* upstream: envrionment -> environment;jmc@openbsd.org2024-09-041-2/+2
| | | | OpenBSD-Commit-ID: b719f39c20e8c671ec6135c832d6cc67a595af9c
* add basic fuzzers for our import of sntrup761Damien Miller2024-09-046-16/+265
|
* upstream: regression test for Include variable expansiondjm@openbsd.org2024-09-031-2/+24
| | | | OpenBSD-Regress-ID: 35477da3ba1abd9ca64bc49080c50a9c1350c6ca
* upstream: allow the "Include" directive to expand the same set ofdjm@openbsd.org2024-09-032-47/+95
| | | | | | | | %-tokens that "Match Exec" and environment variables. ok dtucker@ OpenBSD-Commit-ID: 12ef521eaa966a9241e684258564f52f1f3c5d37
* upstream: missing ifdefdjm@openbsd.org2024-09-021-2/+4
| | | | OpenBSD-Commit-ID: 85f09da957dd39fd0abe08fe5ee19393f25c2021
* upstream: Add experimental support for hybrid post-quantum key exchangedjm@openbsd.org2024-09-0216-12/+12812
| | | | | | | | | | | | | | | | | | ML-KEM768 with ECDH/X25519 from the Internet-draft: https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This is based on previous patches from markus@ but adapted to use the final FIPS203 standard ML-KEM using a formally-verified implementation from libcrux. Note this key exchange method is still a draft and thus subject to change. It is therefore disabled by default; set MLKEM=yes to build it. We're making it available now to make it easy for other SSH implementations to test against it. ok markus@ deraadt@ OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c
* Don't skip audit before exitting cleanup_exitAntonio Larrosa2024-08-281-3/+3
| | | | | | | | | | | This fixes an issue where the SSH_CONNECTION_ABANDON event is not audited because cleanup_exit overrides the regular _exit too soon and as a result, failed auth attempts are not logged correctly. The problem was introduced in 81c1099d22b81ebfd20a334ce986c4f753b0db29 where the code from upstream was merged before the audit_event call when it should have been merged right before the _exit call in order to honor the comment that just mentions an override of the exit value.
* upstream: fix test: -F is the argument to specify a non-defaultdjm@openbsd.org2024-08-281-3/+3
| | | | | | ssh_config, not -f (this is sadly not a new bug) OpenBSD-Regress-ID: 45a7bda4cf33f2cea218507d8b6a55cddbcfb322
* upstream: As defined in the RFC, the SSH protocol has negotiablederaadt@openbsd.org2024-08-275-15/+10
| | | | | | | | | | | | | | | | | | | | | | compression support (which is requested as the name "zlib"). Compression starts very early in the session. Relative early in OpenSSH lifetime, privsep was added to sshd, and this required a shared-memory hack so the two processes could see what was going on in the dataflow. This shared-memory hack was soon recognized as a tremendous complexity risk, because it put libz (which very much trusts it's memory) in a dangerous place, and a new option ("zlib@openssh.com") was added begins compression after authentication (aka delayed-compression). That change also permitted removal of the shared-memory hack. Despite removal from the server, the old "zlib" support remained in the client, to allow negotiation with non-OpenSSH daemons which lack the delayed-compression option. This commit deletes support for the older "zlib" option in the client. It reduces our featureset in a small way, and encourages other servers to move to a better design. The SSH protocol is different enough that compressed-key-material attacks like BEAST are unlikely, but who wants to take the chance? We encourage other ssh servers who care about optional compression support to add delayed-zlib support. (Some already do "zlib@openssh.com") ok djm markus OpenBSD-Commit-ID: 6df986f38e4ab389f795a6e39e7c6857a763ba72
* upstream: sntrup761x25519-sha512 now has an IANA codepoint assigned, sodjm@openbsd.org2024-08-235-10/+16
| | | | | | | we can make the algorithm available without the @openssh.com suffix too. ok markus@ deraadt@ OpenBSD-Commit-ID: eeed8fcde688143a737729d3d56d20ab4353770f
* Move rekey test into valgrind-2.Darren Tucker2024-08-222-7/+2
| | | | | | | Now that the rekey test has been optimized it's fast enough to not be in its own valgrind test, so move it into valgrind-2, which is currently the quickest of the others, bringing all of them to roughly the same runtime of ~1.1 hours.
* upstream: Use aes128-ctr for MAC tests since default has implicit MAC.dtucker@openbsd.org2024-08-221-8/+19
| | | | | | | Also verify that the Cipher or MAC we intended to use is actually the one selected during the test. OpenBSD-Regress-ID: ff43fed30552afe23d1364526fe8cf88cbfafe1d
* fix incorrect default for PasswordAuthenticationDamien Miller2024-08-221-1/+1
| | | | merge botch spotted by gsgleason
* upstream: Some awks won't match on the \r so delete it instead. Fixesdtucker@openbsd.org2024-08-211-3/+3
| | | | | | regress in portable on, eg Solaris. OpenBSD-Regress-ID: 44a96d6d2f8341d89b7d5fff777502b92ac9e9ba
* upstream: Import regenerated moduli.dtucker@openbsd.org2024-08-211-468/+411
| | | | OpenBSD-Commit-ID: 5db7049ad5558dee5b2079d3422e8ddab187c1cc
* upstream: Use curve25519-sha256 kex where possible.dtucker@openbsd.org2024-08-211-2/+13
| | | | | | | | | Except where we're explicitly testing a different kex, use curve25519-sha256 since it's faster than the default and supported even when configured without OpenSSL. Add a check to ensure that the kex we intended to test is the one we actually tested. Speeds test up by ~5%. OpenBSD-Regress-ID: 3b27fcc2ae953cb08fd82a0d3155c498b226d6e0
* upstream: Send only as much data as needed to trigger rekeying. Speedsdtucker@openbsd.org2024-08-211-14/+23
| | | | | | | up tests by about 10% in the common case, hopefully more when instrumented with something like valgrind. OpenBSD-Regress-ID: 7bf9292b4803357efcf0baf7cfbdc8521f212da1
* simplify sshkey_prekey_alloc(); always use mmapDamien Miller2024-08-211-17/+10
|
* upstream: Merge AEAD test into main test loop.dtucker@openbsd.org2024-08-201-12/+10
| | | | | | Removes 3 duplicate tests and speeds overall test up by about 1%. OpenBSD-Regress-ID: 5e5c9ff3f7588091ed369e34ac28520490ad2619
* upstream: Set a default RekeyLimit of 256k.dtucker@openbsd.org2024-08-201-3/+4
| | | | | | | Used unless overridden by a command-line flag, which simplifies some of the ssh command lines. OpenBSD-Regress-ID: e7cffa57027088e10336e412b34113969f88cb87
* upstream: Add Compression=no to default ssh_config.dtucker@openbsd.org2024-08-201-7/+9
| | | | | | | All of the rekey tests use it (otherwise the encrypted byte counts would not match) so this lets us simplify the command lines. OpenBSD-Regress-ID: dab7ce10f4cf6c68827eb8658141272aab3ea262
* upstream: Remove duplicate curve25519-sha256 kex.dtucker@openbsd.org2024-08-201-4/+10
| | | | | | | curve25519-sha256@libssh.org is the pre-standardization name for the same thing, so remove it as a duplicate. Speeds up test by a tiny amount. OpenBSD-Regress-ID: 5a5ee5fa1595a6e140b1cc16040bedf5996a5715
* upstream: Unnest rekey param parsing test and use ssh not sshd.dtucker@openbsd.org2024-08-201-12/+12
| | | | | | | | | ssh uses the same parsing code, now has "-G" to dump its config and is slightly faster to start up. This speeds up the test slightly (~5%) in the common case but should help more during instrumented tests, eg under valgrind, where startup costs are magnified. OpenBSD-Regress-ID: 07c3acaf4c728e641033071f4441afc88141b0d0
* upstream: actually use the length parameter that was passed in ratherdjm@openbsd.org2024-08-201-4/+4
| | | | | | | than a constant (this makes no difference in practice because the length is always the same); reported by martin AT nmkd.net OpenBSD-Commit-ID: 4aecce232c2fe9b16e9217ff6bcb3c848d853e7e
* private key coredump protection for Linux/FreeBSDDamien Miller2024-08-201-0/+18
| | | | | platforms not supporting coredump exclusion using mmap/madvise flags fall back to plain old malloc(3).
* upstream: place shielded keys (i.e. keys at rest in RAM) into memorydjm@openbsd.org2024-08-201-6/+26
| | | | | | | | | | allocated using mmap(3) with MAP_CONCEAL set. This prevents exposure of the key material in coredumps, etc (this is in addition to other measures we take in this area). ok deraadt@ OpenBSD-Commit-ID: cbbae59f337a00c9858d6358bc65f74e62261369
* upstream: mention that ed25519 is the default key type generated anddjm@openbsd.org2024-08-171-4/+4
| | | | | | | clarify that rsa-sha2-512 is the default signature scheme when RSA is in use. Based on GHPR505 from SebastianRzk OpenBSD-Commit-ID: 1d90df71636a04601685d2a10a8233bcc8d4f4c5
* upstream: fix minor memory leak in Subsystem option parsing; fromdjm@openbsd.org2024-08-171-1/+2
| | | | | | Antonio Larrosa via GHPR515 OpenBSD-Commit-ID: fff3bbefd1b2c45c98cbe45c6b857b15d8a2d364
* upstream: fix swapping of source and destination addresses in some sshddjm@openbsd.org2024-08-171-2/+2
| | | | | | log messages OpenBSD-Commit-ID: 24d4cbb86325275df1f037545aa3b91456e52d25
* Add compat functions for EVP_Digest{Sign,Verify}.Darren Tucker2024-08-174-0/+40
| | | | | This should make LibreSSL 3.1.x through 3.3.x work again. Code from tb@, ok djm@. Restore the test configs covering those.
* make sure that usage & man page matchPhilip Hands2024-08-172-8/+11
| | | | SSH-Copy-ID-Upstream: da5b1abe55b72a16e0430e7598e1573da01779c0
* update copyright noticesPhilip Hands2024-08-172-2/+2
| | | | | | | | Bump the year to 2024, but also reflect the fact that hands.com Ltd. has been wound up in the UK, and its assets (including this copyright) have now reverted to its owner, Philip Hands. SSH-Copy-ID-Upstream: 0e4c4d072747a6568b11a790c29dd1b4ce663d7f
* restore optionality of -i's argumentPhilip Hands2024-08-172-2/+18
| | | | SSH-Copy-ID-Upstream: f70e3abb510e4eeb040b47894e41828246c1b720
* avoid exploring .ssh/id*.pub subdirectoriesPhilip Hands2024-08-171-1/+1
| | | | SSH-Copy-ID-Upstream: 0b9e08b7707ad16de3c8e6a0410d9f42fbd56997
* ensure that we're always told the source of keysPhilip Hands2024-08-171-1/+2
| | | | SSH-Copy-ID-Upstream: 1bee96f4793e8ec3fab9f9361204ae58f5cc7cae
* add $HOME to ERROR if one cannot write to ~/.sshPhilip Hands2024-08-171-1/+1
| | | | SSH-Copy-ID-Upstream: ebef3e9c06e0447bff06e9d84b33023cf592e0ba
* assert that SCRATCH_DIR is a writable directoryPhilip Hands2024-08-171-0/+11
| | | | SSH-Copy-ID-Upstream: ecb2b9d10883b9a16df56c83896c9bb47a80cde2
* quote to avoid potential for word splittingPhilip Hands2024-08-171-6/+6
| | | | SSH-Copy-ID-Upstream: f379adbe06ac2ef1daf0f130752234c7f8b97e3c
* ensure ERROR output goes to STDERRPhilip Hands2024-08-171-4/+4
| | | | SSH-Copy-ID-Upstream: ac394b05eead3b91feb7c2ae4129a3e9b892f1e2
* avoid extra space when no arg given to -i optionPhilip Hands2024-08-171-1/+1
| | | | SSH-Copy-ID-Upstream: feca9e67e6e37c5653445d1c733569d7abb1770e
* put the -i before -[pP] (matching man pages)Philip Hands2024-08-171-1/+1
| | | | | | | | The man pages (ssh, sftp & ssh-copy-id) all list -i before the port setting, so make the output match that order, which also seems more natural with the port being next to the server. SSH-Copy-ID-Upstream: 34d5d614172c78f9a42249466c4b81975b8883a1
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 22:43:42 +0100