| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
request. This is already constrained by the maximum SSH packet size but this
makes it explicit. Prompted by Coverity CID 291868, ok djm@ markus@
OpenBSD-Commit-ID: aea023819aa44a2dcb9dd0fbec10561896fc3a09
|
|
|
|
|
|
| |
ok miod@ millert@
OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c
|
|
|
|
|
|
|
|
|
|
| |
This adds kex_proposal_populate_entries (and corresponding free) which
populates the KEX proposal array with dynamically allocated strings.
This replaces the previous mix of static and dynamic that has been the
source of previous leaks and bugs. Remove unused compat functions.
With & ok djm@.
OpenBSD-Commit-ID: f2f99da4aae2233cb18bf9c749320c5e040a9c7b
|
|
|
|
|
|
| |
potential null deref later in sscanf. Spotted by Coverity, ok deraadt@
OpenBSD-Commit-ID: 74e8d228ac00552e96e9e968dfcccf8dd1f46ad5
|
|
|
|
|
|
|
| |
to set this was removed in OpenSSH 7.7 when support for SSH implementations
dating back to before RFC standardization were removed. "burn it all" djm@
OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda
|
|
|
|
|
|
| |
in -portable by clang 16's -Wunused-but-set-variable. ok djm@
OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982
|
|
|
|
|
|
| |
const char *array => static const char * const array from Mike Frysinger
OpenBSD-Commit-ID: a664e31ea6a795d7c81153274a5f47b22bdc9bc1
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2
for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2
signatures for RSA keys if the client proposed these algorithms in initial
KEX. bz3375
Mostly by Dmitry Belyavskiy with some tweaks by me.
ok markus@
OpenBSD-Commit-ID: c17ba0c3236340d2c6a248158ebed042ac6a8029
|
|
|
|
|
|
|
|
|
|
|
|
| |
the EXT_INFO packet gets a new publickey-hostbound@openssh.com to
advertise the hostbound public key method.
Client side support to parse this feature flag and set the kex->flags
indicator if the expected version is offered (currently "0").
ok markus@
OpenBSD-Commit-ID: 4cdb2ca5017ec1ed7a9d33bda95c1d6a97b583b0
|
|
|
|
|
|
|
|
| |
These will be used later for agent session ID / hostkey binding
ok markus@
OpenBSD-Commit-ID: a9af29e33772b18e3e867c6fa8ab35e1694a81fe
|
|
|
|
|
|
| |
and bad indentation on continuation lines. Prompted by GHPR#185
OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
|
|
|
|
|
|
|
|
|
|
| |
types once they are received. Fixes memleak caused by duplicate
SSH2_MSG_KEX_DH_GEX_REQUEST (spotted by portable OpenSSH kex_fuzz via
oss-fuzz #30078).
ok markus@
OpenBSD-Commit-ID: 87331c715c095b587d5c88724694cdeb701c9def
|
|
|
|
| |
OpenBSD-Commit-ID: 3765f4cc3ae1df874dba9102a3588ba7b48b8183
|
|
|
|
|
|
|
| |
and use that instead of global variables containing copies of it. feedback/ok
markus@
OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68
|
|
|
|
|
|
| |
purpose-built ssh->compat variable instead; feedback/ok markus@
OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
|
|
|
|
|
|
|
|
|
|
|
| |
The sntrup761 code sourced from supercop uses variable length
arrays. Although widely supported, they are not part of the ANSI
C89 spec so if the compiler does not support VLAs, disable the
sntrup761x25519-sha512@openssh.com KEX method by replacing the kex
functions with no-op ones similar to what we do in kexecdh.c.
This should allow OpenSSH to build with a plain C89 compiler again.
Spotted by tim@, ok djm@.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
exchange method based on Streamlined NTRU Prime (coupled with X25519).
The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.
The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).
Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself
(note this both the updated method and the one that it replaced are
disabled by default)
OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
|
|
|
|
| |
OpenBSD-Commit-ID: 2c3969c74966d4ccdfeff5e5f0df0791919aef50
|
|
|
|
| |
OpenBSD-Commit-ID: 43a026c9571dd779ec148de1829cf5a6b6651905
|
|
|
|
|
|
| |
__func__ and appending ssh_err(r) manually; ok markus@
OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
|
|
|
|
| |
OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
|
|
|
|
|
|
|
|
| |
errors. This ensures that the logged errors are consistent with other
transport- layer errors and that the relevant IP addresses are logged. bz3129
ok dtucker@
OpenBSD-Commit-ID: 2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab
|
|
|
|
|
|
|
|
|
|
| |
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
|
|
|
|
|
|
|
| |
that allows building without zlib compression and associated options. With
feedback from markus@, ok djm@
OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910
|
| |
|
|
|
|
|
|
| |
warnings on some platforms. ok deraadt.
OpenBSD-Commit-ID: a990dbc2dac25bdfa07e79321349c73fd991efa2
|
|
|
|
|
|
|
|
|
|
|
| |
by starting the list with the '^' character, e.g.
HostKeyAlgorithms ^ssh-ed25519
Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com
ok djm@ dtucker@
OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
|
|
|
|
| |
OpenBSD-Commit-ID: dfc263b6041de7f0ed921a1de0b81ddebfab1e0a
|
|
|
|
|
|
|
|
|
| |
percolate all the way up to dispatch_run_fatal() and lose all meaninful
context
to help with bz#3063; ok dtucker@
OpenBSD-Commit-ID: 5b2da83bb1c4a3471444b7910b2120ae36438a0a
|
|
|
|
| |
OpenBSD-Commit-ID: 00f5c6062f6863769f5447c6346f78c05d2e4a63
|
|
|
|
|
|
| |
errors in cert-hostkey.sh regress failures.
OpenBSD-Commit-ID: 12dab63850b844f84d5a67e86d9e21a42fba93ba
|
|
|
|
|
|
|
|
| |
KEM has been renamed to kexgen
from markus@ ok djm@
OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
|
|
|
|
|
|
|
|
| |
DH-like KEX methods have moved to KEM
from markus@ ok djm@
OpenBSD-Commit-ID: bde9809103832f349545e4f5bb733d316db9a060
|
|
|
|
|
|
|
|
|
|
|
|
| |
sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime
4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not
enabled by default.
introduce KEM API; a simplified framework for DH-ish KEX methods.
from markus@ feedback & ok djm@
OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
|
|
|
|
|
|
|
|
| |
almost exactly across client and server for several KEX methods.
from markus@ ok djm@
OpenBSD-Commit-ID: 4e4a16d949dadde002a0aacf6d280a684e20829c
|
|
|
|
|
|
|
|
| |
both the client and server implementations for most KEX methods.
from markus@ ok djm@
OpenBSD-Commit-ID: 8232fa7c21fbfbcaf838313b0c166dc6c8762f3c
|
|
|
|
|
|
|
|
| |
than making each kex method implementation do it.
from markus@ ok djm@
OpenBSD-Commit-ID: d61ade9c8d1e13f665f8663c552abff8c8a30673
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.
Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).
Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@
OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
|
|
|
|
|
|
|
|
|
|
| |
KEX. It shouldn't be sent in subsequent ones, but if it is present we should
ignore it.
This prevents sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy
these clients. Reported by Jakub Jelen via bz2929; ok dtucker@
OpenBSD-Commit-ID: 91564118547f7807030ec537480303e2371902f9
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:
date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE;
Rename COMP_DELAYED to COMP_ZLIB
Only delayed compression is supported nowadays.
ok markus@
date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP;
Remove leftovers from pre-authentication compression
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772
|
|
|
|
|
|
|
|
| |
Only delayed compression is supported nowadays.
ok markus@
OpenBSD-Commit-ID: 5b1dbaf3d9a4085aaa10fec0b7a4364396561821
|
|
|
|
|
|
|
|
|
| |
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
signature work - returns ability to add/remove/specify algorithms by
wildcard.
Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.
Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.
(lots of) feedback, ok markus@
OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove all guards for calls to OpenSSL free functions -
all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at
openssh-portable pr#84 on github.
ok deraadt@ dtucker@
OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.
ok markus@
OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
|
|
|
|
|
|
|
|
|
|
| |
Do not require that unknown EXT_INFO extension values not
contain \0 characters. This would cause fatal connection errors if an
implementation sent e.g. string-encoded sub-values inside a value.
Reported by Denis Bider; ok markus@
Upstream-ID: 030e10fdc605563c040244c4b4f1d8ae75811a5c
|
|
|
|
|
|
| |
protocol handlers all get struct ssh passed; ok djm@
Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
|
|
|
|
|
|
| |
unifdef WITH_SSH1 ok markus@
Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
|
|
|
|
|
| |
All supported versions of OpenSSL should now have SHA256 so remove our
EVP wrapper implementaion. ok djm@
|