summaryrefslogtreecommitdiffstats
path: root/regress/misc/kexfuzz/kexfuzz.c (unfollow)
Commit message (Collapse)AuthorFilesLines
3 daysInherit DESTDIR from the environment.Jonas 'Sortie' Termansen1-1/+0
autoconf packages conventionally inherit the DESTDIR variable from the environment.
3 daysDefine u_short and u_long if needed.Jonas 'Sortie' Termansen1-0/+2
3 daysupstream: support FIDO tokens that return no attestation data, e.g.djm@openbsd.org1-2/+4
recent WinHello. From Michael Braun via GHPR542 OpenBSD-Commit-ID: a71b0542f2f7819ba0e33a88908e01b6fc49e4ce
3 daysAdd wtmpdb support as Y2038 safe wtmp replacementThorsten Kukuk4-5/+119
3 daysupstream: unbreakdjm@openbsd.org1-3/+3
OpenBSD-Commit-ID: 05b6c31f4a6e385338f43cc0e08776cea75802a1
3 daysupstream: prefer AES-GCM to AES-CTR; ok deraadt markusdjm@openbsd.org1-3/+3
OpenBSD-Commit-ID: 8366a72e0f300ee31c5dab2c95025387ec15bbc9
4 daysFix compilation with DEBUG_SK enabledShiva Kaul1-1/+1
In `ssh_ecdsa_sk_verify`, the `datalen` variable was renamed to `dlen` -- but not in this debugging block.
7 daysupstream: Import regenerated moduli.dtucker@openbsd.org1-411/+433
OpenBSD-Commit-ID: 311d271bf0fab8a119e84f4f696d8cd40731692f
7 daysAdd make target for standalone sk-libfido2Jeremy Stott5-3/+38
Add a Makefile target for sk-libfido2, the standalone fido2 security key shared library, suitable for use with the SecurityKeyProvider option. Add a new configure option `--with-security-key-standalone` that optionally sets the shared library target sk-libfido2$(SHLIBEXT), and adds it to $(TARGETS). misc.h is required when SK_STANDALONE is defined, because of the use of `monotime_tv` in `sk_select_by_touch`. Sets the shared library extension for sk-libfido2 is by setting `SHLIBEXT` depending on the platform in configure.ac. Add the shared library to the CI builds in the `sk` target config to make sure it can compile under the same conditions as `--with-security-key-builtin`. Add a libssh-pic.a static library that compiles with `-fPIC` reusing .c.lo method in sk-dummy.so for use in the shared library sk-libfido2. Note, a separate static library libssh-pic.a is needed, since defining -DSK_STANDALONE excludes some symbols needed in sshkey.lo.
8 daysmdoc2man: balance nested square bracketsArnout Engelen1-2/+2
I noticed the square brackets in `destination [command [argument...]` in the synopsis for the `ssh.1` manpage were not balanced, this balances them. Signed-off-by: Arnout Engelen <arnout@bzzt.net>
8 daysupstream: fix argument of "Compression" directive in ssh -G configdjm@openbsd.org1-1/+3
dump, which used to work but broke in 9.8 OpenBSD-Commit-ID: c79936242d29c70d01941b28d2d07fd0b85fe46f
8 daysupstream: new name/link for agent I-Ddjm@openbsd.org1-2/+2
OpenBSD-Commit-ID: e3420f3925a297a1b2ab7dfe7c7d274cfc8e1193
8 daysupstream: mention that biometrics may be used for FIDO key userdjm@openbsd.org1-5/+3
verification as well as PIN. Prompted by Zack Newman, ok jmc@ OpenBSD-Commit-ID: b774a4438c9be70012661ee278450790d21277b8
9 daysupstream: g/c outdated XXX commentsdjm@openbsd.org1-3/+3
OpenBSD-Commit-ID: 74d0c0b74994d9a4343c4d7ea4948cb34f609a6c
9 daysupstream: regression test for UpdateHostkeys with multiple keys backeddjm@openbsd.org1-1/+25
by ssh-agent. Patch from Maxime Rey. OpenBSD-Regress-ID: 1777ab6e639e57c0e20cbcb6df60455b49fd8bb3
9 daysupstream: Explicitly specify the signature algorithm when signingdjm@openbsd.org1-2/+3
hostkeys-prove requests. Fixes a corner-case triggered by UpdateHostKeys with one or more unknown host keys stored in ssh-agent where sshd refuses to accept the signature coming back from the agent. Report/fix from Maxime Rey OpenBSD-Commit-ID: 460c7d527a24f92b7e5f68ca1a2fa242ebf0d086
9 daysupstream: when using RSA keys to sign messages, select thedjm@openbsd.org1-2/+7
signature algorithm based on the requested hash algorithm ("-Ohashalg=xxx"). This allows using something other than rsa-sha2-512, which may not be supported on all signing backends, e.g. some smartcards only support SHA256. Patch from Morten Linderud; ok markus@ OpenBSD-Commit-ID: 246353fac24e92629263996558c6788348363ad7
9 daysupstream: turn off CDIAGFLAGS and turn back on INSTALL_STRIPdjm@openbsd.org1-0/+1
accidentally changed in last commit OpenBSD-Commit-ID: 6d07e4606997e36b860621a14dd41975f2902f8f
2024-11-10Disable security key for bigendian interop.Darren Tucker1-0/+4
It doesn't currently work. It's not clear why, but I suspect sk-dummy.so ends up being built for the wrong architecture.
2024-11-09Reshuffle OpenWRT test configs.Darren Tucker1-7/+11
Move the the flags used by the OpenWRT distro to mipsel target and enable OpenSSL on all targets to improve coverage. Explicitly disable security key and openssl on mips target so that host end of the bigendian interop tests don't attempt them and fail (since they're not enabled on the target side).
2024-11-08Add keytype to bigendian interop test.Darren Tucker1-1/+1
2024-11-08Ignore chown failure, eg due to dangling symlinks.Darren Tucker1-1/+1
2024-11-08Test bigendian interop.Darren Tucker1-1/+52
Where our test target is a bigendian system, do an additional build on the runner host (which is little endian) and test interop between the two. Should hopefully catch obvious endianness bugs.
2024-11-08Allow overridding TEST_SSH_SSHD.Darren Tucker1-1/+3
This will allow tests to specify an alternative sshd, eg on a remote machine with different endianness.
2024-11-07upstream: ssh-agent implemented an all-or-nothing allow-list ofdjm@openbsd.org2-10/+35
FIDO application IDs for security key-backed keys, to prevent web key handles from being used remotely as this would likely lead to unpleasant surprises. By default, only application IDs that start with "ssh:*" are allowed. This adds a -Owebsafe-allow=... argument that can override the default list with a more or less restrictive one. The default remains unchanged. ok markus@ OpenBSD-Commit-ID: 957c1ed92a8d7c87453b9341f70cb3f4e6b23e8d
2024-11-07upstream: Ignore extra groups that don't fit in the buffer passedjca@openbsd.org2-1/+2
to getgrouplist(3) Our kernel supports 16 groups (NGROUPS_MAX), but nothing prevents an admin from adding a user to more groups. With that tweak we'll keep on ignoring them instead of potentially reading past the buffer passed to getgrouplist(3). That behavior is explicitely described in initgroups(3). ok millert@ gilles@ OpenBSD-Commit-ID: a959fc45ea3431b36f52eda04faefc58bcde00db
2024-11-04Add git signing key for Tim RiceDamien Miller1-0/+3
2024-11-01Correct path to c-cpp.yml file in workflow config.Darren Tucker1-2/+2
2024-11-01Test new OpenSSL and LibreSSL releases.`Darren Tucker1-5/+7
2024-11-01Add nbsd10 default test config.Darren Tucker1-0/+1
2024-10-30fix uint64_t types; reported by Tom G. ChristensenDamien Miller1-8/+8
2024-10-27htole64() etc for systems without endian.hDamien Miller2-1/+26
2024-10-27upstream: explicitly include endian.hdjm@openbsd.org1-1/+4
OpenBSD-Commit-ID: 13511fdef7535bdbc35b644c90090013da43a318
2024-10-27upstream: fix ML-KEM768x25519 KEX on big-endian systems; spotted bydjm@openbsd.org2-8/+17
jsg@ feedback/ok deraadt@ OpenBSD-Commit-ID: 26d81a430811672bc762687166986cad40d28cc0
2024-10-27upstream: mlkem768x25519-sha256 has been promoted to default keynaddy@openbsd.org2-6/+6
exchange OpenBSD-Commit-ID: 5a3259a193fd42108a869ebf650b95b5f2d08dcf
2024-10-25Retire the minix3 test config.Darren Tucker1-1/+0
It got broken by the sshd-auth change, it's not obvious why, and the platform lacks the debugging tools (eg gdb, strace) to figure it out. The upstream project seems effectively dead (6 years since the last commit, 10 since the last release). It was useful while it lasted (we found a real bug because of it) but its time seems to have passed.
2024-10-25Updated gitignore to ignore sshd-session and sshd-auth targetsPreetish Amballi1-0/+2
2024-10-25Simplify pselect shim and remove side effects.Darren Tucker1-55/+51
Instead of maintaing state (pipe descriptors, signal handlers) across pselect-on-select invocations, set up and restore them each call. This prevents outside factors (eg a closefrom or signal handler installation) from potentially causing problems. This does result in a drop in throughput of a couple of percent on geriatric platforms without a native pselect due to the extra overhead. Tweaks & ok djm@
2024-10-25upstream: promote mlkem768x25519-sha256 to be the default key exchange;djm@openbsd.org1-2/+2
ok markus@ OpenBSD-Commit-ID: fc673065e6505bb06b2e2b9362f78ccb4200a828
2024-10-24upstream: test SIGUSR1 dropping all keys from ssh-agentdjm@openbsd.org1-2/+25
OpenBSD-Regress-ID: 8654b9aa8eb695b1499fffc408c25319592bf0e0
2024-10-24upstream: amake ssh-agent drop all keys when it receives SIGUSR1;djm@openbsd.org2-8/+33
let's users zap keys without access to $SSH_AUTH_SOCK ok deraadt@ OpenBSD-Commit-ID: dae9db0516b1011e5ba8c655ac702fce42e6c023
2024-10-24upstream: relax valid_domain() checks to allow an underscore as thedjm@openbsd.org1-2/+3
first character. ok deraadt@ OpenBSD-Commit-ID: 3f8be6d32496e5596dd8b14e19cb067ddd7969ef
2024-10-22upstream: Remove sshd logfile in start_sshddtucker@openbsd.org1-1/+4
... and ssh and sshd log wrappers before recreating them. Prevents "can't create" errors during tests when running tests without SUDO after having run them with SUDO. OpenBSD-Regress-ID: 2f0a83532e3dccd673a9bf0291090277268c69a6