summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* put back some portable bits for sshd-auth.cDamien Miller2024-10-141-3/+20
|
* there's only one sandbox, move to a static globalDamien Miller2024-10-141-2/+5
|
* dependDamien Miller2024-10-141-3/+3
|
* upstream: regress support for split sshd-auth binarydjm@openbsd.org2024-10-141-1/+6
| | | | OpenBSD-Regress-ID: df7d18a87b475f70004770f0f4e404adba5f6ab7
* upstream: test some more Match syntax, including criteria=arg anddjm@openbsd.org2024-10-143-48/+50
| | | | | | negations OpenBSD-Regress-ID: 67476baccc60bf1a255fd4e329ada950047b8b8d
* upstream: Split per-connection sshd-session binarydjm@openbsd.org2024-10-1422-633/+1193
| | | | | | | | | | | | | | | | | | | This splits the user authentication code from the sshd-session binary into a separate sshd-auth binary. This will be executed by sshd-session to complete the user authentication phase of the protocol only. Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after thhe authentication phase completes. Joint work with markus@ feedback deraadt@ Tested in snaps since last week OpenBSD-Commit-ID: 9c3b2087ae08626ec31b4177b023db600e986d9c
* upstream: don't start the ObscureKeystrokeTiming mitigations ifdjm@openbsd.org2024-10-143-5/+26
| | | | | | | | | there has been traffic on a X11 forwarding channel recently. Should fix X11 forwarding performance problems when this setting is enabled. Patch from Antonio Larrosa via bz3655 OpenBSD-Commit-ID: 820284a92eb4592fcd3d181a62c1b86b08a4a7ab
* upstream: remove duplicate misc.h include ok dtucker@jsg@openbsd.org2024-10-141-2/+1
| | | | OpenBSD-Commit-ID: fdd056e7854294834d54632b4282b877cfe4c12e
* upstream: Turn off finite field (a.k.a modp) Diffie-Hellman keydjm@openbsd.org2024-10-142-10/+7
| | | | | | | | | | | | | | | | | | exchange in sshd by default. Specifically, this removes the diffie-hellman-group* and diffie-hellman-group-exchange-* methods. The client is unchanged and continues to support these methods by default. Finite field Diffie Hellman is slow and computationally expensive for the same security level as Elliptic Curve DH or PQ key agreement while offering no redeeming advantages. ECDH has been specified for the SSH protocol for 15 years and some form of ECDH has been the default key exchange in OpenSSH for the last 14 years. ok markus@ OpenBSD-Commit-ID: 4e238ad480a33312667cc10ae0eb6393abaec8da
* upstream: fix previous change to ssh_config Match, which broken ondjm@openbsd.org2024-09-271-7/+7
| | | | | | negated Matches; spotted by phessler@ ok deraadt@ OpenBSD-Commit-ID: b1c6acec66cd5bd1252feff1d02ad7129ced37c7
* upstream: remove some unused defines; ok djm@jsg@openbsd.org2024-09-272-16/+4
| | | | OpenBSD-Commit-ID: 3a63e4e11d455704f684c28715d61b17f91e0996
* upstream: remove some unneeded Xo/Xc calls; from evan silberman thejmc@openbsd.org2024-09-271-5/+3
| | | | | | original diff had a couple of errors, which i've fixed OpenBSD-Commit-ID: f37ad5888adbc0d4e1cd6b6de237841f4b1e650d
* upstream: fix regression introduced when I switched the "Match"djm@openbsd.org2024-09-254-22/+89
| | | | | | | | | | | | | criteria tokeniser to a more shell-like one. Apparently the old tokeniser (accidentally?) allowed "Match criteria=argument" as well as the "Match criteria argument" syntax that we tested for. People were using this syntax so this adds back support for "Match criteria=argument" bz3739 ok dtucker OpenBSD-Commit-ID: d1eebedb8c902002b75b75debfe1eeea1801f58a
* upstream: some extra paranoia, reminded by jsg@djm@openbsd.org2024-09-251-1/+5
| | | | OpenBSD-Commit-ID: 22072bfa1df1391858ae7768a6c627e08593a91e
* gss-serv.c needs sys/param.hDamien Miller2024-09-251-0/+1
| | | | From Void Linux
* build construct_utmp() when USE_BTMP is setDamien Miller2024-09-251-2/+2
| | | | Fixes compile error on Void Linux/Musl
* Test the flags from OpenWRT's package.Darren Tucker2024-09-241-0/+8
|
* fix utmpx ifdefChristoph Ostarek2024-09-241-2/+2
| | | | | 02e16ad95fb1f56ab004b01a10aab89f7103c55d did a copy-paste for utmpx, but forgot to change the ifdef appropriately
* upstream: remove some unused defines; ok djm@jsg@openbsd.org2024-09-244-12/+4
| | | | OpenBSD-Commit-ID: 81869ee6356fdbff19dae6ff757095e6b24de712
* upstream: remove unneeded semicolons; checked by millert@jsg@openbsd.org2024-09-242-5/+5
| | | | OpenBSD-Commit-ID: 3fb621a58e04b759a875ad6a33f35bb57ca80231
* Add 9.9 branch to CI status console.Darren Tucker2024-09-231-0/+4
|
* update version numbersDamien Miller2024-09-203-3/+3
|
* upstream: openssh-9.9djm@openbsd.org2024-09-201-2/+2
| | | | OpenBSD-Commit-ID: 303417285f1a73b9cb7a2ae78d3f493bbbe31f98
* include openbsd-compat/base64.c license in LICENSEDamien Miller2024-09-181-0/+41
|
* conditionally include mman.h in arc4random codeDamien Miller2024-09-182-2/+4
|
* fix bug in recently-added sntrup761 fuzzerDamien Miller2024-09-171-2/+2
| | | | | key values need to be static to persist across invocations; spotted by the Qualys Security Advisory team.
* upstream: use 64 bit math to avoid signed underflow. upstream codedjm@openbsd.org2024-09-162-8/+13
| | | | | | | relies on using -fwrapv to provide defined over/underflow behaviour, but we use -ftrapv to catch integer errors and abort the program. ok dtucker@ OpenBSD-Commit-ID: 8933369b33c17b5f02479503d0a92d87bc3a574b
* upstream: minor grammar/sort fixes for refuseconnection; ok djmjmc@openbsd.org2024-09-161-4/+4
| | | | OpenBSD-Commit-ID: 1c81f37b138b8b66abba811fec836388a0f3e6da
* avoid gcc warning in fuzz testDamien Miller2024-09-151-1/+1
|
* upstream: bad whitespace in config dump outputdjm@openbsd.org2024-09-151-2/+2
| | | | OpenBSD-Commit-ID: d899c13b0e8061d209298eaf58fe53e3643e967c
* use construct_utmp to construct btmp recordsDamien Miller2024-09-151-63/+26
| | | | Simpler and removes some code with the old-style BSD license.
* upstream: update the Streamlined NTRU Prime code from the "ref"djm@openbsd.org2024-09-153-1022/+1925
| | | | | | | | | | | implementation in SUPERCOP 20201130 to the "compact" implementation in SUPERCOP 20240808. The new version is substantially faster. Thanks to Daniel J Bernstein for pointing out the new implementation (and of course for writing it). tested in snaps/ok deraadt@ OpenBSD-Commit-ID: bf1a77924c125ecdbf03e2f3df8ad13bd3dafdcb
* upstream: document Match invalid-userdjm@openbsd.org2024-09-151-2/+6
| | | | OpenBSD-Commit-ID: 2c84a9b517283e9711e2812c1f268081dcb02081
* upstream: add a "Match invalid-user" predicate to sshd_config Matchdjm@openbsd.org2024-09-154-8/+25
| | | | | | | | | | | | | | | | | | options. This allows writing Match conditions that trigger for invalid username. E.g. PerSourcePenalties refuseconnection:90s Match invalid-user RefuseConnection yes Will effectively penalise bots try to guess passwords for bogus accounts, at the cost of implicitly revealing which accounts are invalid. feedback markus@ OpenBSD-Commit-ID: 93d3a46ca04bbd9d84a94d1e1d9d3a21073fbb07
* upstream: Add a "refuseconnection" penalty class to sshd_configdjm@openbsd.org2024-09-156-11/+42
| | | | | | | | | PerSourcePenalties This allows penalising connection sources that have had connections dropped by the RefuseConnection option. ok markus@ OpenBSD-Commit-ID: 3c8443c427470bb3eac1880aa075cb4864463cb6
* upstream: Add a sshd_config "RefuseConnection" optiondjm@openbsd.org2024-09-155-6/+38
| | | | | | | | | If set, this will terminate the connection at the first authentication request (this is the earliest we can evaluate sshd_config Match blocks) ok markus@ OpenBSD-Commit-ID: 43cc2533984074c44d0d2f92eb93f661e7a0b09c
* upstream: switch sshd_config Match processing to the argv tokeniserdjm@openbsd.org2024-09-151-20/+16
| | | | | | too; ok markus@ OpenBSD-Commit-ID: b74b5b0385f2e0379670e2b869318a65b0bc3923
* upstream: switch "Match" directive processing over to the argvdjm@openbsd.org2024-09-151-21/+14
| | | | | | | string tokeniser, making it possible to use shell-like quoting in Match directives, particularly "Match exec". ok markus@ OpenBSD-Commit-ID: 0877309650b76f624b2194c35dbacaf065e769a5
* upstream: include pathname in some of the ssh-keygen passphrasedjm@openbsd.org2024-09-151-9/+17
| | | | | | | prompts. Helps the user know what's going on when ssh-keygen is invoked via other tools. Requested in GHPR503 OpenBSD-Commit-ID: 613b0bb6cf845b7e787d69a5b314057ceda6a8b6
* upstream: Do not apply authorized_keys options when signaturedjm@openbsd.org2024-09-151-2/+2
| | | | | | | verification fails. Prevents restrictive key options being incorrectly applied to subsequent keys in authorized_keys. bz3733, ok markus@ OpenBSD-Commit-ID: ba3776d9da4642443c19dbc015a1333622eb5a4e
* Fix without_openssl always being set to 1Wu Weixin2024-09-131-2/+2
| | | | | In Fedora systems, %{?rhel} is empty. In RHEL systems, %{?fedora} is empty. Therefore, the original code always sets without_openssl to 1.
* upstream: Relax absolute path requirement back to what it was prior todjm@openbsd.org2024-09-121-2/+2
| | | | | | | OpenSSH 9.8, which incorrectly required that sshd was started with an absolute path in inetd mode. bz3717, patch from Colin Wilson OpenBSD-Commit-ID: 25c57f22764897242d942853f8cccc5e991ea058
* upstream: document the mlkem768x25519-sha256 key exchange algorithmnaddy@openbsd.org2024-09-112-4/+8
| | | | OpenBSD-Commit-ID: fa18dccdd9753dd287e62ecab189b3de45672521
* Spell omnios test host correctly.Darren Tucker2024-09-101-1/+1
|
* Add omnios test target.Darren Tucker2024-09-101-0/+2
|
* Wrap stdint.h in ifdef.Darren Tucker2024-09-101-0/+2
|
* Also test PAM on dfly64.Darren Tucker2024-09-101-0/+1
|
* stubs for ML-KEM KEX functionsDamien Miller2024-09-091-2/+23
| | | | used for C89 compilers
* declare defeat trying to detect C89 compilersDamien Miller2024-09-092-18/+2
| | | | | | | I can't find a reliable way to detect the features the ML-KEM code requires in configure. Give up for now and use VLA support (that we can detect) as a proxy for "old compiler" and turn off ML-KEM if it isn't supported.
* fix previous; check for C99 compound literalsDamien Miller2024-09-092-8/+9
| | | | | The previous commit was incorrect (or at least insufficient), the ML-KEM code is actually using compound literals, so test for them.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 12:37:11 +0100