Age | Commit message (Collapse) | Author |
|
This patch has been rejected upstream: "None of the OpenSSH developers are
in favour of adding this, and this situation has not changed for several
years. This is not a slight on Simon's patch, which is of fine quality, but
just that a) we don't trust GSSAPI implementations that much and b) we don't
like adding new KEX since they are pre-auth attack surface. This one is
particularly scary, since it requires hooks out to typically root-owned
system resources."
However, quite a lot of people rely on this in Debian, and it's better to
have it merged into the main openssh package rather than having separate
-krb5 packages (as we used to have). It seems to have a generally good
security history.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
Last-Updated: 2016-12-28
Patch-Name: gssapi.patch
|
|
Check for utf8 local support and if not found, do not attempt to run the
utf8 tests. Suggested by djm@
|
|
Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.
Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.
Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@
NB. pre-auth authentication has been disabled by default in sshd
for >10 years.
Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
|
|
|
|
remove ssh1 server code; ok djm@
Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
|
|
Since adding $(REGRESSLIBS), $? is wrong because it includes only the
changed source files. $< seems like it'd be right however it doesn't
seem to work on some non-GNU makes, so do what works everywhere.
|
|
Makes "./configure && make tests" work again. ok djm@
|
|
|
|
Prevents size mismatch linker warnings on Solaris 11.
|
|
Prevents link errors resolving the extern "options" when platform.o
gets linked into ssh-agent when building --with-pam.
|
|
This should make it easier to add additional platform support such as
Solaris (bz#2584).
|
|
|
|
To prevent screwing up terminal settings when printing to
the terminal, for ASCII and UTF-8, escape bytes not forming characters and
bytes forming non-printable characters with vis(3) VIS_OCTAL. For other
character sets, abort printing of the current string in these cases. In
particular, * let scp(1) respect the local user's LC_CTYPE locale(1); *
sanitize data received from the remote host; * sanitize filenames, usernames,
and similar data even locally; * take character display widths into account
for the progressmeter.
This is believed to be sufficient to keep the local terminal safe
on OpenBSD, but bad things can still happen on other systems with
state-dependent locales because many places in the code print
unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@,
various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
|
|
This allows us to activate only the supported options during the malloc
option portion of the connect-privsep test.
|
|
Easier to build all the regression/unit test binaries in one pass
than going through all of ${REGRESS_BINARIES}
|
|
|
|
Some tests have strict requirements on the filesystem permissions
for certain files and directories. This adds a regress/check-perm
tool that copies the relevant logic from sshd to exactly test
the paths in question. This lets us skip tests when the local
filesystem doesn't conform to our expectations rather than
continuing and failing the test run.
ok dtucker@
|
|
remove roaming support; ok djm@
Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
|
|
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.
ok dtucker@
|
|
remove slogin links; ok deraadt markus djm
Upstream-ID: 39ba08548acde4c54f2d4520c202c2a863a3c730
|
|
Change all tame callers to namechange to pledge(2).
Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
|
|
OpenBSD only for now
|
|
Use ssh-keygen -A instead of per-keytype invocations when generating host
keys. Add tests when doing host-key-force since we can't use ssh-keygen -A
since it can't specify alternate locations. bz#2459, ok djm@
|
|
This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b.
No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3
|
|
|
|
|
|
|
|
|
|
|
|
finally enable the KEX tests I wrote some years ago...
|
|
add experimental api for packet layer; ok djm@
|
|
update packet.c & isolate, introduce struct ssh a) switch
packet.c to buffer api and isolate per-connection info into struct ssh b)
(de)serialization of the state is moved from monitor to packet.c c) the old
packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and
integrated into packet.c with and ok djm@
|
|
|
|
unit tests for KRL bitmap
|
|
Disables and removes dependency on OpenSSL. Many features don't
work and the set of crypto options is greatly restricted. This
will only work on system with native arc4random or /dev/urandom.
Considered highly experimental for now.
|
|
avoid BIGNUM in KRL code by using a simple bitmap;
feedback and ok markus
|
|
|
|
|
|
|
|
-L/-l; fixes linking problems on some platforms
|
|
tests.
|
|
[Makefile.in regress/Makefile regress/unittests/Makefile]
[regress/unittests/sshkey/Makefile]
[regress/unittests/sshkey/common.c]
[regress/unittests/sshkey/common.h]
[regress/unittests/sshkey/mktestdata.sh]
[regress/unittests/sshkey/test_file.c]
[regress/unittests/sshkey/test_fuzz.c]
[regress/unittests/sshkey/test_sshkey.c]
[regress/unittests/sshkey/tests.c]
[regress/unittests/sshkey/testdata/dsa_1]
[regress/unittests/sshkey/testdata/dsa_1-cert.fp]
[regress/unittests/sshkey/testdata/dsa_1-cert.pub]
[regress/unittests/sshkey/testdata/dsa_1.fp]
[regress/unittests/sshkey/testdata/dsa_1.fp.bb]
[regress/unittests/sshkey/testdata/dsa_1.param.g]
[regress/unittests/sshkey/testdata/dsa_1.param.priv]
[regress/unittests/sshkey/testdata/dsa_1.param.pub]
[regress/unittests/sshkey/testdata/dsa_1.pub]
[regress/unittests/sshkey/testdata/dsa_1_pw]
[regress/unittests/sshkey/testdata/dsa_2]
[regress/unittests/sshkey/testdata/dsa_2.fp]
[regress/unittests/sshkey/testdata/dsa_2.fp.bb]
[regress/unittests/sshkey/testdata/dsa_2.pub]
[regress/unittests/sshkey/testdata/dsa_n]
[regress/unittests/sshkey/testdata/dsa_n_pw]
[regress/unittests/sshkey/testdata/ecdsa_1]
[regress/unittests/sshkey/testdata/ecdsa_1-cert.fp]
[regress/unittests/sshkey/testdata/ecdsa_1-cert.pub]
[regress/unittests/sshkey/testdata/ecdsa_1.fp]
[regress/unittests/sshkey/testdata/ecdsa_1.fp.bb]
[regress/unittests/sshkey/testdata/ecdsa_1.param.curve]
[regress/unittests/sshkey/testdata/ecdsa_1.param.priv]
[regress/unittests/sshkey/testdata/ecdsa_1.param.pub]
[regress/unittests/sshkey/testdata/ecdsa_1.pub]
[regress/unittests/sshkey/testdata/ecdsa_1_pw]
[regress/unittests/sshkey/testdata/ecdsa_2]
[regress/unittests/sshkey/testdata/ecdsa_2.fp]
[regress/unittests/sshkey/testdata/ecdsa_2.fp.bb]
[regress/unittests/sshkey/testdata/ecdsa_2.param.curve]
[regress/unittests/sshkey/testdata/ecdsa_2.param.priv]
[regress/unittests/sshkey/testdata/ecdsa_2.param.pub]
[regress/unittests/sshkey/testdata/ecdsa_2.pub]
[regress/unittests/sshkey/testdata/ecdsa_n]
[regress/unittests/sshkey/testdata/ecdsa_n_pw]
[regress/unittests/sshkey/testdata/ed25519_1]
[regress/unittests/sshkey/testdata/ed25519_1-cert.fp]
[regress/unittests/sshkey/testdata/ed25519_1-cert.pub]
[regress/unittests/sshkey/testdata/ed25519_1.fp]
[regress/unittests/sshkey/testdata/ed25519_1.fp.bb]
[regress/unittests/sshkey/testdata/ed25519_1.pub]
[regress/unittests/sshkey/testdata/ed25519_1_pw]
[regress/unittests/sshkey/testdata/ed25519_2]
[regress/unittests/sshkey/testdata/ed25519_2.fp]
[regress/unittests/sshkey/testdata/ed25519_2.fp.bb]
[regress/unittests/sshkey/testdata/ed25519_2.pub]
[regress/unittests/sshkey/testdata/pw]
[regress/unittests/sshkey/testdata/rsa1_1]
[regress/unittests/sshkey/testdata/rsa1_1.fp]
[regress/unittests/sshkey/testdata/rsa1_1.fp.bb]
[regress/unittests/sshkey/testdata/rsa1_1.param.n]
[regress/unittests/sshkey/testdata/rsa1_1.pub]
[regress/unittests/sshkey/testdata/rsa1_1_pw]
[regress/unittests/sshkey/testdata/rsa1_2]
[regress/unittests/sshkey/testdata/rsa1_2.fp]
[regress/unittests/sshkey/testdata/rsa1_2.fp.bb]
[regress/unittests/sshkey/testdata/rsa1_2.param.n]
[regress/unittests/sshkey/testdata/rsa1_2.pub]
[regress/unittests/sshkey/testdata/rsa_1]
[regress/unittests/sshkey/testdata/rsa_1-cert.fp]
[regress/unittests/sshkey/testdata/rsa_1-cert.pub]
[regress/unittests/sshkey/testdata/rsa_1.fp]
[regress/unittests/sshkey/testdata/rsa_1.fp.bb]
[regress/unittests/sshkey/testdata/rsa_1.param.n]
[regress/unittests/sshkey/testdata/rsa_1.param.p]
[regress/unittests/sshkey/testdata/rsa_1.param.q]
[regress/unittests/sshkey/testdata/rsa_1.pub]
[regress/unittests/sshkey/testdata/rsa_1_pw]
[regress/unittests/sshkey/testdata/rsa_2]
[regress/unittests/sshkey/testdata/rsa_2.fp]
[regress/unittests/sshkey/testdata/rsa_2.fp.bb]
[regress/unittests/sshkey/testdata/rsa_2.param.n]
[regress/unittests/sshkey/testdata/rsa_2.param.p]
[regress/unittests/sshkey/testdata/rsa_2.param.q]
[regress/unittests/sshkey/testdata/rsa_2.pub]
[regress/unittests/sshkey/testdata/rsa_n]
[regress/unittests/sshkey/testdata/rsa_n_pw]
unit and fuzz tests for new key API
|
|
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
[cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
[digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
[hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
[ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
[ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
[sshconnect2.c sshd.c sshkey.c sshkey.h
[openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review a few months ago.
NB. This commit also removes portable OpenSSH support for OpenSSL
<0.9.8e.
|
|
|
|
[regress/unittests/sshbuf/test_sshbuf.c
[regress/unittests/sshbuf/test_sshbuf_fixed.c]
[regress/unittests/sshbuf/test_sshbuf_fuzz.c]
[regress/unittests/sshbuf/test_sshbuf_getput_basic.c]
[regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
[regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
[regress/unittests/sshbuf/test_sshbuf_misc.c]
[regress/unittests/sshbuf/tests.c]
[regress/unittests/test_helper/fuzz.c]
[regress/unittests/test_helper/test_helper.c]
Hook new unit tests into the build and "make tests"
|
|
[sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes
|
|
[Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
[monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
[schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
remove experimental, never-enabled JPAKE code; ok markus@
|
|
[digest.c digest-openssl.c digest-libc.c Makefile.in]
rename digest.c to digest-openssl.c and add libc variant; ok djm@
|
|
[Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h]
replace openssl HMAC with an implementation based on our ssh_digest_*
ok and feedback djm@
|
|
|