Age | Commit message (Collapse) | Author |
|
We no longer need to wrap/replace mmap for portability now that
pre-auth compression has been removed from OpenSSH.
|
|
Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.
Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.
Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@
NB. pre-auth authentication has been disabled by default in sshd
for >10 years.
Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
|
|
Avoid a theoretical signed integer overflow should
BN_num_bytes() ever violate its manpage and return a negative value. Improve
order of tests to avoid confusing increasingly pedantic compilers.
Reported by Guido Vranken from stack (css.csail.mit.edu/stack)
unstable optimisation analyser output. ok deraadt@
Upstream-ID: f8508c830c86d8f36c113985e52bf8eedae23505
|
|
Reported by Glenn Golden
Diagnosis and fix from Ingo Schwarze
|
|
missing bit from previous commit
Upstream-ID: 438d5ed6338b28b46e822eb13eee448aca31df37
|
|
organise the token stuff into a separate section; ok
markus for an earlier version of the diff ok/tweaks djm
Upstream-ID: 81a6daa506a4a5af985fce7cf9e59699156527c8
|
|
mention curve25519-sha256 KEX
Upstream-ID: 33ae1f433ce4795ffa6203761fbdf86e0d7ffbaf
|
|
support plain curve25519-sha256 KEX algorithm now that it
is approaching standardisation (same algorithm is currently supported as
curve25519-sha256@libssh.org)
Upstream-ID: 5e2b6db2e72667048cf426da43c0ee3fc777baa2
|
|
If ssh receives a PACKET_DISCONNECT during userauth it
will cause ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the
session being authenticated. Check for this and exit if necessary. ok djm@
Upstream-ID: b3afe126c0839d2eae6cddd41ff2ba317eda0903
|
|
correctly return errors from kex_send_ext_info(). Fix from
Sami Farin via https://github.com/openssh/openssh-portable/pull/50
Upstream-ID: c85999af28aaecbf92cfa2283381df81e839b42c
|
|
cast uint64_t for printf
Upstream-ID: 76d23e89419ccbd2320f92792a6d878211666ac1
|
|
disable tests for affirmative negated match after backout of
match change
Upstream-Regress-ID: acebb8e5042f03d66d86a50405c46c4de0badcfd
|
|
Revert two recent changes to negated address matching. The
new behaviour offers unintuitive surprises. We'll find a better way to deal
with single negated matches.
match.c 1.31:
> fix matching for pattern lists that contain a single negated match,
> e.g. "Host !example"
>
> report and patch from Robin Becker. bz#1918 ok dtucker@
addrmatch.c 1.11:
> fix negated address matching where the address list consists of a
> single negated match, e.g. "Match addr !192.20.0.1"
>
> Report and patch from Jakub Jelen. bz#2397 ok dtucker@
Upstream-ID: ec96c770f0f5b9a54e5e72fda25387545e9c80c6
|
|
test all the AuthorizedPrincipalsCommand % expansions
Upstream-Regress-ID: 0a79a84dfaa59f958e46b474c3db780b454d30e3
|
|
add a way for principals command to get see key ID and serial
too
Upstream-ID: 0d30978bdcf7e8eaeee4eea1b030eb2eb1823fcb
|
|
add a note on kexfuzz' limitations
Upstream-Regress-ID: 03804d4a0dbc5163e1a285a4c8cc0a76a4e864ec
|
|
fix for newer modp DH groups
(diffie-hellman-group14-sha256 etc)
Upstream-Regress-ID: fe942c669959462b507516ae1634fde0725f1c68
|
|
move inbound NEWKEYS handling to kex layer; otherwise
early NEWKEYS causes NULL deref; found by Robert Swiecki/honggfuzz; fixed
with & ok djm@
Upstream-ID: 9a68b882892e9f51dc7bfa9f5a423858af358b2f
|
|
Replace two more arc4random() loops with
arc4random_buf().
tweaks and ok dtucker
ok deraadt
Upstream-ID: 738d3229130ccc7eac975c190276ca6fcf0208e4
|
|
replace two arc4random loops with arc4random_buf ok
deraadt natano
Upstream-ID: e18ede972d1737df54b49f011fa4f3917a403f48
|
|
take fingerprint of correct key for
AuthorizedPrincipalsCommand
Upstream-ID: 553581a549cd6a3e73ce9f57559a325cc2cb1f38
|
|
add %-escapes to AuthorizedPrincipalsCommand to match those
supported for AuthorizedKeysCommand (key, key type, fingerprint, etc) and a
few more to provide access to the certificate's CA key; 'looks ok' dtucker@
Upstream-ID: 6b00fd446dbebe67f4e4e146d2e492d650ae04eb
|
|
Improve test coverage of ssh-keygen -T a bit.
Upstream-Regress-ID: 8851668c721bcc2b400600cfc5a87644cc024e72
|
|
Add testcase for ssh-keygen -j, -J and -K options for
moduli screening. Does not currently test generation as that is extremely
slow.
Upstream-Regress-ID: 9de6ce801377ed3ce0a63a1413f1cd5fd3c2d062
|
|
add tests for addr_match_list()
Upstream-Regress-ID: fae2d1fef84687ece584738a924c7bf969616c8e
|
|
handle certs in rsa_hash_alg_from_ident(), saving an
unnecessary special case elsewhere.
Upstream-ID: 901cb081c59d6d2698b57901c427f3f6dc7397d4
|
|
list all supported signature algorithms in the
server-sig-algs Reported by mb AT smartftp.com in bz#2547 and (independantly)
Ron Frederick; ok markus@
Upstream-ID: ddf702d721f54646b11ef2cee6d916666cb685cd
|
|
|
|
|
|
|
|
|
|
|
|
Spaces->tabs.
Upstream-ID: f4829dfc3f36318273f6082b379ac562eead70b7
|
|
Style whitespace fix. Also happens to remove a no-op
diff with portable.
Upstream-ID: 45d90f9a62ad56340913a433a9453eb30ceb8bf3
|
|
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
use those definitions rather than pulling <sys/param.h> and unknown namespace
pollution. ok djm markus dtucker
Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
|
|
sort; from matthew martin
Upstream-ID: 73cec7f7ecc82d37a4adffad7745e4684de67ce7
|
|
ssh_set_newkeys: print correct block counters on
rekeying; ok djm@
Upstream-ID: 32bb7a9cb9919ff5bab28d50ecef3a2b2045dd1e
|
|
update ext_info_c every time we receive a kexinit msg;
fixes sending of ext_info if privsep is disabled; report Aris Adamantiadis &
Mancha; ok djm@
Upstream-ID: 2ceaa1076e19dbd3542254b4fb8e42d608f28856
|
|
remove 3des-cbc from the client's default proposal;
64-bit block ciphers are not safe in 2016 and we don't want to wait until
attacks like sweet32 are extended to SSH.
As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may
cause problems connecting to older devices using the defaults, but
it's highly likely that such devices already need explicit
configuration for KEX and hostkeys anyway.
ok deraadt, markus, dtucker
Upstream-ID: a505dfe65c6733af0f751b64cbc4bb7e0761bc2f
|
|
enforce expected request flow for GSSAPI calls; thanks to
Jakub Jelen for testing; ok markus@
Upstream-ID: d4bc0e70e1be403735d3d9d7e176309b1fd626b9
|
|
These were incorrectly removed in the 1d9a2e28 sync commit.
|
|
only allow kbd-interactive ones when that authentication method is
enabled. Prompted by Solar Designer
|
|
restrict monitor auth calls to be allowed only when their
respective authentication methods are enabled in the configuration.
prompted by Solar Designer; ok markus dtucker
Upstream-ID: 6eb3f89332b3546d41d6dbf5a8e6ff920142b553
|
|
(attack surface reduction)
|
|
fix uninitialised optlen in getsockopt() call; harmless
on Unix/BSD but potentially crashy on Cygwin. Reported by James Slepicka ok
deraadt@
Upstream-ID: 1987ccee508ba5b18f016c85100d7ac3f70ff965
|
|
Pull in <sys/time.h> for struct timeval
ok deraadt@
Upstream-ID: ae34525485a173bccd61ac8eefeb91c57e3b7df6
|
|
Pull in <stdlib.h> for NULL
ok deraadt@
Upstream-ID: 7baa6a0f1e049bb3682522b4b95a26c866bfc043
|
|
add a sIgnore opcode that silently ignores options and
use it to suppress noisy deprecation warnings for the Protocol directive.
req henning, ok markus
Upstream-ID: 9fe040aca3d6ff393f6f7e60045cdd821dc4cbe0
|
|
remove superfluous NOTREACHED comment
Upstream-ID: a7485c1f1be618e8c9e38fd9be46c13b2d03b90c
|
|
fix previous, a condition was modified incorrectly; ok
markus@ deraadt@
Upstream-ID: c443e339768e7ed396dff3bb55f693e7d3641453
|