summaryrefslogtreecommitdiffstats
path: root/ed25519.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2024-09-16upstream: minor grammar/sort fixes for refuseconnection; ok djmjmc@openbsd.org1-4/+4
OpenBSD-Commit-ID: 1c81f37b138b8b66abba811fec836388a0f3e6da
2024-09-15avoid gcc warning in fuzz testDamien Miller1-1/+1
2024-09-15upstream: bad whitespace in config dump outputdjm@openbsd.org1-2/+2
OpenBSD-Commit-ID: d899c13b0e8061d209298eaf58fe53e3643e967c
2024-09-15use construct_utmp to construct btmp recordsDamien Miller1-63/+26
Simpler and removes some code with the old-style BSD license.
2024-09-15upstream: update the Streamlined NTRU Prime code from the "ref"djm@openbsd.org3-1022/+1925
implementation in SUPERCOP 20201130 to the "compact" implementation in SUPERCOP 20240808. The new version is substantially faster. Thanks to Daniel J Bernstein for pointing out the new implementation (and of course for writing it). tested in snaps/ok deraadt@ OpenBSD-Commit-ID: bf1a77924c125ecdbf03e2f3df8ad13bd3dafdcb
2024-09-15upstream: document Match invalid-userdjm@openbsd.org1-2/+6
OpenBSD-Commit-ID: 2c84a9b517283e9711e2812c1f268081dcb02081
2024-09-15upstream: add a "Match invalid-user" predicate to sshd_config Matchdjm@openbsd.org4-8/+25
options. This allows writing Match conditions that trigger for invalid username. E.g. PerSourcePenalties refuseconnection:90s Match invalid-user RefuseConnection yes Will effectively penalise bots try to guess passwords for bogus accounts, at the cost of implicitly revealing which accounts are invalid. feedback markus@ OpenBSD-Commit-ID: 93d3a46ca04bbd9d84a94d1e1d9d3a21073fbb07
2024-09-15upstream: Add a "refuseconnection" penalty class to sshd_configdjm@openbsd.org6-11/+42
PerSourcePenalties This allows penalising connection sources that have had connections dropped by the RefuseConnection option. ok markus@ OpenBSD-Commit-ID: 3c8443c427470bb3eac1880aa075cb4864463cb6
2024-09-15upstream: Add a sshd_config "RefuseConnection" optiondjm@openbsd.org5-6/+38
If set, this will terminate the connection at the first authentication request (this is the earliest we can evaluate sshd_config Match blocks) ok markus@ OpenBSD-Commit-ID: 43cc2533984074c44d0d2f92eb93f661e7a0b09c
2024-09-15upstream: switch sshd_config Match processing to the argv tokeniserdjm@openbsd.org1-20/+16
too; ok markus@ OpenBSD-Commit-ID: b74b5b0385f2e0379670e2b869318a65b0bc3923
2024-09-15upstream: switch "Match" directive processing over to the argvdjm@openbsd.org1-21/+14
string tokeniser, making it possible to use shell-like quoting in Match directives, particularly "Match exec". ok markus@ OpenBSD-Commit-ID: 0877309650b76f624b2194c35dbacaf065e769a5
2024-09-15upstream: include pathname in some of the ssh-keygen passphrasedjm@openbsd.org1-9/+17
prompts. Helps the user know what's going on when ssh-keygen is invoked via other tools. Requested in GHPR503 OpenBSD-Commit-ID: 613b0bb6cf845b7e787d69a5b314057ceda6a8b6
2024-09-15upstream: Do not apply authorized_keys options when signaturedjm@openbsd.org1-2/+2
verification fails. Prevents restrictive key options being incorrectly applied to subsequent keys in authorized_keys. bz3733, ok markus@ OpenBSD-Commit-ID: ba3776d9da4642443c19dbc015a1333622eb5a4e
2024-09-13Fix without_openssl always being set to 1Wu Weixin1-2/+2
In Fedora systems, %{?rhel} is empty. In RHEL systems, %{?fedora} is empty. Therefore, the original code always sets without_openssl to 1.
2024-09-12upstream: Relax absolute path requirement back to what it was prior todjm@openbsd.org1-2/+2
OpenSSH 9.8, which incorrectly required that sshd was started with an absolute path in inetd mode. bz3717, patch from Colin Wilson OpenBSD-Commit-ID: 25c57f22764897242d942853f8cccc5e991ea058
2024-09-11upstream: document the mlkem768x25519-sha256 key exchange algorithmnaddy@openbsd.org2-4/+8
OpenBSD-Commit-ID: fa18dccdd9753dd287e62ecab189b3de45672521
2024-09-10Spell omnios test host correctly.Darren Tucker1-1/+1
2024-09-10Add omnios test target.Darren Tucker1-0/+2
2024-09-10Wrap stdint.h in ifdef.Darren Tucker1-0/+2
2024-09-10Also test PAM on dfly64.Darren Tucker1-0/+1
2024-09-09stubs for ML-KEM KEX functionsDamien Miller1-2/+23
used for C89 compilers
2024-09-09declare defeat trying to detect C89 compilersDamien Miller2-18/+2
I can't find a reliable way to detect the features the ML-KEM code requires in configure. Give up for now and use VLA support (that we can detect) as a proxy for "old compiler" and turn off ML-KEM if it isn't supported.
2024-09-09fix previous; check for C99 compound literalsDamien Miller2-8/+9
The previous commit was incorrect (or at least insufficient), the ML-KEM code is actually using compound literals, so test for them.
2024-09-09test for compiler feature needed for ML-KEMDamien Miller5-1/+25
The ML-KEM implementation we uses need the compiler to support C99-style named struct initialisers (e.g foo = {.bar = 1}). We still support (barely) building OpenSSH with older compilers, so add a configure test for this.
2024-09-09upstream: test mlkem768x25519-sha256djm@openbsd.org2-2/+5
OpenBSD-Regress-ID: 7baf6bc39ae55648db1a2bfdc55a624954847611
2024-09-09upstream: pull post-quantum ML-KEM/x25519 key exchange out fromdjm@openbsd.org10-40/+9
compile-time flag now than an IANA codepoint has been assigned for the algorithm. Add mlkem768x25519-sha256 in 2nd KexAlgorithms preference slot. ok markus@ OpenBSD-Commit-ID: 9f50a0fae7d7ae8b27fcca11f8dc6f979207451a
2024-09-06upstream: make parsing user@host consistently look for the last '@' indjm@openbsd.org2-6/+6
the string rather than the first. This makes it possible to use usernames that contain '@' characters. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Prompted by Max Zettlmeißl; feedback/ok millert@ OpenBSD-Commit-ID: 0b16eec246cda15469ebdcf3b1e2479810e394c5
2024-09-04upstream: be more strict in parsing key type names. Only allowdjm@openbsd.org4-13/+28
shortnames (e.g "rsa") in user-interface code and require full SSH protocol names (e.g. "ssh-rsa") everywhere else. Prompted by bz3725; ok markus@ OpenBSD-Commit-ID: b3d8de9dac37992eab78adbf84fab2fe0d84b187
2024-09-04upstream: fix RCSID in outputdjm@openbsd.org1-2/+2
OpenBSD-Commit-ID: 889ae07f2d2193ddc4351711919134664951dd76
2024-09-04upstream: envrionment -> environment;jmc@openbsd.org1-2/+2
OpenBSD-Commit-ID: b719f39c20e8c671ec6135c832d6cc67a595af9c
2024-09-04add basic fuzzers for our import of sntrup761Damien Miller6-16/+265
2024-09-03upstream: regression test for Include variable expansiondjm@openbsd.org1-2/+24
OpenBSD-Regress-ID: 35477da3ba1abd9ca64bc49080c50a9c1350c6ca
2024-09-03upstream: allow the "Include" directive to expand the same set ofdjm@openbsd.org2-47/+95
%-tokens that "Match Exec" and environment variables. ok dtucker@ OpenBSD-Commit-ID: 12ef521eaa966a9241e684258564f52f1f3c5d37
2024-09-02upstream: missing ifdefdjm@openbsd.org1-2/+4
OpenBSD-Commit-ID: 85f09da957dd39fd0abe08fe5ee19393f25c2021
2024-09-02upstream: Add experimental support for hybrid post-quantum key exchangedjm@openbsd.org16-12/+12812
ML-KEM768 with ECDH/X25519 from the Internet-draft: https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This is based on previous patches from markus@ but adapted to use the final FIPS203 standard ML-KEM using a formally-verified implementation from libcrux. Note this key exchange method is still a draft and thus subject to change. It is therefore disabled by default; set MLKEM=yes to build it. We're making it available now to make it easy for other SSH implementations to test against it. ok markus@ deraadt@ OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c
2024-08-28Don't skip audit before exitting cleanup_exitAntonio Larrosa1-3/+3
This fixes an issue where the SSH_CONNECTION_ABANDON event is not audited because cleanup_exit overrides the regular _exit too soon and as a result, failed auth attempts are not logged correctly. The problem was introduced in 81c1099d22b81ebfd20a334ce986c4f753b0db29 where the code from upstream was merged before the audit_event call when it should have been merged right before the _exit call in order to honor the comment that just mentions an override of the exit value.
2024-08-28upstream: fix test: -F is the argument to specify a non-defaultdjm@openbsd.org1-3/+3
ssh_config, not -f (this is sadly not a new bug) OpenBSD-Regress-ID: 45a7bda4cf33f2cea218507d8b6a55cddbcfb322
2024-08-27upstream: As defined in the RFC, the SSH protocol has negotiablederaadt@openbsd.org5-15/+10
compression support (which is requested as the name "zlib"). Compression starts very early in the session. Relative early in OpenSSH lifetime, privsep was added to sshd, and this required a shared-memory hack so the two processes could see what was going on in the dataflow. This shared-memory hack was soon recognized as a tremendous complexity risk, because it put libz (which very much trusts it's memory) in a dangerous place, and a new option ("zlib@openssh.com") was added begins compression after authentication (aka delayed-compression). That change also permitted removal of the shared-memory hack. Despite removal from the server, the old "zlib" support remained in the client, to allow negotiation with non-OpenSSH daemons which lack the delayed-compression option. This commit deletes support for the older "zlib" option in the client. It reduces our featureset in a small way, and encourages other servers to move to a better design. The SSH protocol is different enough that compressed-key-material attacks like BEAST are unlikely, but who wants to take the chance? We encourage other ssh servers who care about optional compression support to add delayed-zlib support. (Some already do "zlib@openssh.com") ok djm markus OpenBSD-Commit-ID: 6df986f38e4ab389f795a6e39e7c6857a763ba72
2024-08-23upstream: sntrup761x25519-sha512 now has an IANA codepoint assigned, sodjm@openbsd.org5-10/+16
we can make the algorithm available without the @openssh.com suffix too. ok markus@ deraadt@ OpenBSD-Commit-ID: eeed8fcde688143a737729d3d56d20ab4353770f
2024-08-22Move rekey test into valgrind-2.Darren Tucker2-7/+2
Now that the rekey test has been optimized it's fast enough to not be in its own valgrind test, so move it into valgrind-2, which is currently the quickest of the others, bringing all of them to roughly the same runtime of ~1.1 hours.
2024-08-22upstream: Use aes128-ctr for MAC tests since default has implicit MAC.dtucker@openbsd.org1-8/+19
Also verify that the Cipher or MAC we intended to use is actually the one selected during the test. OpenBSD-Regress-ID: ff43fed30552afe23d1364526fe8cf88cbfafe1d
2024-08-22fix incorrect default for PasswordAuthenticationDamien Miller1-1/+1
merge botch spotted by gsgleason
2024-08-21upstream: Some awks won't match on the \r so delete it instead. Fixesdtucker@openbsd.org1-3/+3
regress in portable on, eg Solaris. OpenBSD-Regress-ID: 44a96d6d2f8341d89b7d5fff777502b92ac9e9ba
2024-08-21upstream: Import regenerated moduli.dtucker@openbsd.org1-468/+411
OpenBSD-Commit-ID: 5db7049ad5558dee5b2079d3422e8ddab187c1cc
2024-08-21upstream: Use curve25519-sha256 kex where possible.dtucker@openbsd.org1-2/+13
Except where we're explicitly testing a different kex, use curve25519-sha256 since it's faster than the default and supported even when configured without OpenSSL. Add a check to ensure that the kex we intended to test is the one we actually tested. Speeds test up by ~5%. OpenBSD-Regress-ID: 3b27fcc2ae953cb08fd82a0d3155c498b226d6e0
2024-08-21upstream: Send only as much data as needed to trigger rekeying. Speedsdtucker@openbsd.org1-14/+23
up tests by about 10% in the common case, hopefully more when instrumented with something like valgrind. OpenBSD-Regress-ID: 7bf9292b4803357efcf0baf7cfbdc8521f212da1
2024-08-21simplify sshkey_prekey_alloc(); always use mmapDamien Miller1-17/+10
2024-08-20upstream: Merge AEAD test into main test loop.dtucker@openbsd.org1-12/+10
Removes 3 duplicate tests and speeds overall test up by about 1%. OpenBSD-Regress-ID: 5e5c9ff3f7588091ed369e34ac28520490ad2619
2024-08-20upstream: Set a default RekeyLimit of 256k.dtucker@openbsd.org1-3/+4
Used unless overridden by a command-line flag, which simplifies some of the ssh command lines. OpenBSD-Regress-ID: e7cffa57027088e10336e412b34113969f88cb87
2024-08-20upstream: Add Compression=no to default ssh_config.dtucker@openbsd.org1-7/+9
All of the rekey tests use it (otherwise the encrypted byte counts would not match) so this lets us simplify the command lines. OpenBSD-Regress-ID: dab7ce10f4cf6c68827eb8658141272aab3ea262