| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This splits the user authentication code from the sshd-session
binary into a separate sshd-auth binary. This will be executed by
sshd-session to complete the user authentication phase of the
protocol only.
Splitting this code into a separate binary ensures that the crucial
pre-authentication attack surface has an entirely disjoint address
space from the code used for the rest of the connection. It also
yields a small runtime memory saving as the authentication code will
be unloaded after thhe authentication phase completes.
Joint work with markus@ feedback deraadt@
Tested in snaps since last week
OpenBSD-Commit-ID: 9c3b2087ae08626ec31b4177b023db600e986d9c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ML-KEM768 with ECDH/X25519 from the Internet-draft:
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This is based on previous patches from markus@ but adapted to use the
final FIPS203 standard ML-KEM using a formally-verified implementation
from libcrux.
Note this key exchange method is still a draft and thus subject to
change. It is therefore disabled by default; set MLKEM=yes to build it.
We're making it available now to make it easy for other SSH
implementations to test against it.
ok markus@ deraadt@
OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c
|
| | |
|
| |
|
|
|
| |
This will let us remove some -portable specific changes from
test-exec.sh.
|
| |
|
|
|
|
| |
similar to what we do for the PuTTY ones.
OpenBSD-Regress-ID: 7de0e00518fb0c8fdc5f243b7f82f523c936049c
|
| |
|
|
|
|
| |
This exposes the t-extra regress tests (including agent-pkcs11.sh) as
a new extra-tests target in the top level Makefile and runs them by
default. ok dtucker@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we would log to ssh.log and sshd.log, but that is insufficient
for tests that have more than one concurent ssh/sshd.
Instead, we'll log to separate datestamped files in a $OBJ/log/ and
leave a symlink at the previous location pointing at the most recent
instance with an entry in regress.log showing which files were created
at each point. This should be sufficient to reconstruct what happened
even for tests that use multiple instances of each program. If the test
fails, tar up all of the logs for later analysis.
This will let us also capture the output from some of the other tools
which was previously sent to /dev/null although most of those will be
in future commits.
OpenBSD-Regress-ID: f802aa9e7fa51d1a01225c05fb0412d015c33e24
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
(20221122) and change the import approach to the same one we use for
Streamlined NTRUPrime: use a shell script to extract the bits we need from
SUPERCOP, make some minor adjustments and squish them all into a single file.
ok tb@ tobhe@
OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b
|
| | |
|
| |
|
|
| |
OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94
|
| |
|
|
|
|
|
| |
(when available) to fill in user/group names for directory listings.
Implement a client-side cache of see uid/gid=>user/group names. ok markus@
OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e
|
| |
|
|
|
|
|
| |
We added a check in Makefile to catch the case where configure needs to
be rebuilt, however this did not happen until a build was attempted in
which case all of the work done by configure was wasted. Move this check
to the start of configure to catch it as early as possible. ok djm@
|
| |
|
|
|
| |
This will result in sftp, sftp-server and scp no longer being linked
against libcrypto. ok djm@
|
| |
|
|
|
|
|
|
| |
Some of our binaries (eg sftp, sftp-server, scp) do not interact with
the channels code and thus do use libraries such as zlib and libcrypto
although they are linked with them. This adds a CHANNELLIBS and starts
by moving zlib into it, which means the aformentioned binaries are no
longer linked against zlib. ok djm@
|
| |
|
|
|
|
|
| |
We have some compatibility hacks that were added to support OpenSSL
versions that do not support AES CTR mode. Since that time, however,
the minimum OpenSSL version that we support has moved to 1.0.1 which
*does* have CTR, so this is no longer needed. ok djm@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
auth2-pubkey.c
Put them in a new auth2-pubkeyfile.c to make it easier to refer to them
(e.g. in unit/fuzz tests) without having to refer to everything else
pubkey auth brings in.
ok dtucker@
OpenBSD-Commit-ID: 3fdca2c61ad97dc1b8d4a7346816f83dc4ce2217
|
| |
|
|
|
|
|
| |
This should improve compatibility for users with non-POSIX shells. If
using Makefile.in directly (eg make -f Makefile.in distprep) then SHELL
will need to be specified on the command line (along with MANFMT in that
particular case). ok djm@
|
| | |
|
| |
|
|
| |
OpenBSD-Regress-ID: be97b85c19895e6a1ce13c639765a3b48fd95018
|
| |
|
|
|
|
|
|
| |
Users of MD5-hashed password should arrange for ./configure to link
against libxcrypt or similar. Though it would be better to avoid use
of MD5 password hashing entirely, it's arguably worse than DEScrypt.
feedback and ok dtucker@
|
| | |
|
| |
|
|
| |
Convert the only remaining user of it to runtime detection using ssh -Q.
|
| | |
|
| | |
|
| |
|
|
| |
Use this to replace `pwd`s in regress test command line.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to
provide bug-compatibility with scp's weird "double shell" quoting
rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@
Thanks jmc@ for improving the scp.1 bits.
OpenBSD-Commit-ID: 6ce4c9157ff17b650ace571c9f7793d92874051c
|
| |
|
|
|
|
|
| |
When building --without-openssl the recent port-prngd.c change adds
a dependency on atomicio, but since nothing else in sftp-server uses
it, the linker may not find it. Add a second -lssh similar to other
binaries.
|
| |
|
|
|
|
| |
highlight its inconsistencies
OpenBSD-Regress-ID: 8d2bf970fcc01ccc6e36a5065f89b9c7fa934195
|
| |
|
|
| |
At least the Valgrind unit tests uses $OBJ.
|
| |
|
|
|
| |
Neither were wired into the build, both required some build
adaptations for -portable
|
| |
|
|
|
| |
This will allow the test to run without requiring a moduli file
installed at the configured default path.
|
| |
|
|
|
|
|
| |
nice with popular fuzzing drivers like libfuzzer. AFAIK nobody has used it
but me.
OpenBSD-Regress-ID: cad919522b3ce90c147c95abaf81b0492ac296c9
|
| |
|
|
|
|
|
| |
options which provide more fine grained MaxStartups limits. Man page help
jmc@, feedback & ok djm@
OpenBSD-Commit-ID: e2f68664e3d02c0895b35aa751c48a2af622047b
|
| |
|
|
|
|
|
|
| |
in order to reuse them for per-source maxstartups limiting. Supplement with
some additional functions from djm's flowtools that we'll also need. ok djm@
(as part of a larger diff).
OpenBSD-Commit-ID: e3e7d9ccc6c9b82e25cfef0ec83598e8e2327cbf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
exchange method based on Streamlined NTRU Prime (coupled with X25519).
The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.
The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).
Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself
(note this both the updated method and the one that it replaced are
disabled by default)
OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The `aclocal' step is skipped during `autoreconf' because aclocal.m4 is
present.
Move the current aclocal.m4 which contains local macros into the m4/
folder. With this change the aclocal.m4 will be re-created during
changes to the m4/ macro.
This is needed so the `aclocal' can fetch m4 macros from the system if
they are references in the configure script. This is a prerequisite to
use PKG_CHECK_MODULES.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
|
| |
|
|
|
| |
It was added in 8d1fd57a9 for measuring entropy of ssh_prng_cmds which
has long since been removed and there are no other references to it.
|
| |
|
|
|
|
| |
outside ~/.ssh; with dtucker@
OpenBSD-Commit-ID: ac0c662d44607e00ec78c266ee60752beb1c7e08
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Bring back removal of .depend to give the file a known state before
running makedepend, but manually move aside the current .depend file
and restore it as .depend.bak afterwards so the stale .depend check
works as expected.
|
| |
|
|
|
|
|
|
|
| |
Commit 83657eac4 started removing .depend before running makedepend
to reset the contents of .depend to a known state. Unfortunately
this broke the depend-check step as now .depend.bak would only ever
be created as an empty file.
ok dtucker
|
| |
|
|
|
| |
Not every tail supports +N and we can do with out it so just remove it.
Prompted by mforney at mforney.org.
|
| |
|
|
|
| |
This merges the values from the recently removed environment into make's
command line arguments since we actually need those.
|
| |
|
|
|
|
| |
Use it to create a wrapper function to call it from tests. Fixes the
keygen-comment test on platforms with impoverished default egrep (eg
Solaris).
|
| | |
|
| | |
|
| |
|
|
|
|
| |
functions; feedback and ok markus@
OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d
|
