Commit Graph

100 Commits

Author SHA1 Message Date
djm@openbsd.org
b30d32159d upstream: add a ssh_packet_process_read() function that reads from
a fd directly into the transport input buffer.

Use this in the client and server mainloops to avoid unnecessary
copying. It also lets us use a more greedy read size without penalty.

Yields a 2-3% performance gain on cipher-speed.sh (in a fairly
unscientific test tbf)

feedback dtucker@ ok markus@

OpenBSD-Commit-ID: df4112125bf79d8e38e79a77113e1b373078e632
2022-01-25 12:18:35 +11:00
djm@openbsd.org
073f45c236 upstream: Explicitly check for and start time-based rekeying in the
client and server mainloops.

Previously the rekey timeout could expire but rekeying would not start
until a packet was sent or received. This could cause us to spin in
select() on the rekey timeout if the connection was quiet.

ok markus@

OpenBSD-Commit-ID: 4356cf50d7900f3df0a8f2117d9e07c91b9ff987
2021-07-16 19:21:04 +10:00
markus@openbsd.org
714e1cbca1 upstream: sshpkt_fatal() does not return; ok djm
OpenBSD-Commit-ID: 7dfe847e28bd78208eb227b37f29f4a2a0929929
2020-03-13 13:13:30 +11:00
djm@openbsd.org
670104b923 upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@
OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
2019-09-06 17:54:21 +10:00
djm@openbsd.org
71e67fff94 upstream: pass values used in KEX hash computation as sshbuf
rather than pointer+len

suggested by me; implemented by markus@ ok me

OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0
2019-01-21 23:13:03 +11:00
djm@openbsd.org
7be8572b32 upstream: Make sshpkt_get_bignum2() allocate the bignum it is
parsing rather than make the caller do it. Saves a lot of boilerplate code.

from markus@ ok djm@

OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9
2019-01-21 21:47:28 +11:00
djm@openbsd.org
ad60b1179c upstream: allow sshpkt_fatal() to take a varargs format; we'll
use this to give packet-related fatal error messages more context (esp. the
remote endpoint) ok markus@

OpenBSD-Commit-ID: de57211f9543426b515a8a10a4f481666b2b2a50
2019-01-20 09:02:20 +11:00
djm@openbsd.org
0fa174ebe1 upstream: begin landing remaining refactoring of packet parsing
API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-20 09:02:10 +11:00
markus@openbsd.org
89dd615b8b upstream: ttymodes: switch to sshbuf API; ok djm@
OpenBSD-Commit-ID: 5df340c5965e822c9da21e19579d08dea3cbe429
2018-07-10 15:19:12 +10:00
sf@openbsd.org
f28a4d5cd2 upstream: Remove unused ssh_packet_start_compression()
ok markus@

OpenBSD-Commit-ID: 9d34cf2f59aca5422021ae2857190578187dc2b4
2018-07-10 15:13:40 +10:00
dtucker@openbsd.org
48c23a39a8 upstream commit
Put remote client info back into the ClientAlive
connection termination message.  Based in part on diff from  lars.nooden at
gmail, ok djm

OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb5297a69978a0e05d0ee0
2017-12-12 10:32:04 +11:00
djm@openbsd.org
35eb33fb95 upstream commit
add sshd_config RDomain keyword to place sshd and the
subsequent user session (including the shell and any TCP/IP forwardings) into
the specified rdomain(4)

ok markus@

Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
2017-10-25 12:26:13 +11:00
djm@openbsd.org
dbee4119b5 upstream commit
refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace use of the legacy packet APIs in channels.c.

Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.

ok markus@

Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
2017-09-12 17:37:02 +10:00
markus@openbsd.org
1e0cdf8efb upstream commit
clear session keys from memory; ok djm@

Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f
2017-06-01 14:54:46 +10:00
markus@openbsd.org
5f4082d886 upstream commit
sshd: pass struct ssh to auth functions; ok djm@

Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488
2017-05-31 10:49:50 +10:00
naddy@openbsd.org
768405fddf upstream commit
remove miscellaneous SSH1 leftovers; ok markus@

Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c
2017-05-08 09:18:27 +10:00
djm@openbsd.org
3d6d09f2e9 upstream commit
remove SSHv1 support from packet and buffer APIs

ok markus@

Upstream-ID: bfc290053d40b806ecac46317d300677d80e1dc9
2017-05-01 10:05:02 +10:00
djm@openbsd.org
97f4d3083b upstream commit
remove compat20/compat13/compat15 variables

ok markus@

Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
2017-05-01 09:42:37 +10:00
djm@openbsd.org
07edd7e953 upstream commit
add ssh_packet_set_log_preamble() to allow inclusion of a
preamble string in disconnect messages; ok markus@

Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead
2017-02-04 10:08:15 +11:00
dtucker@openbsd.org
c998bf0afa upstream commit
Make ssh_packet_set_rekey_limits take u32 for the number of
seconds until rekeying (negative values are rejected at config parse time).
This allows the removal of some casts and a signed vs unsigned comparison
warning.

rekey_time is cast to int64 for the comparison which is a no-op
on OpenBSD, but should also do the right thing in -portable on
anything still using 32bit time_t (until the system time actually
wraps, anyway).

some early guidance deraadt@, ok djm@

Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c
2017-02-03 14:34:25 +11:00
djm@openbsd.org
39af7b444d upstream commit
Add a per-packet input hook that is called with the
decrypted packet contents. This will be used for fuzzing; ok markus@

Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc
2016-10-13 18:55:25 +11:00
markus@openbsd.org
8d05784785 upstream commit
ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux
client speaks the ssh-packet protocol directly over unix-domain socket. - mux
server acts as a proxy, translates channel IDs and relays to the server. - no
filedescriptor passing necessary. - combined with unix-domain forwarding it's
even possible to run mux client   and server on different machines. feedback
& ok djm@

Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
2016-10-01 02:45:10 +10:00
djm@openbsd.org
0082fba4ef upstream commit
Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.

Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.

Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@

NB. pre-auth authentication has been disabled by default in sshd
for >10 years.

Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
2016-09-29 03:11:32 +10:00
djm@openbsd.org
95767262ca upstream commit
refactor canohost.c: move functions that cache results closer
 to the places that use them (authn and session code). After this, no state is
 cached in canohost.c

feedback and ok markus@

Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
2016-03-08 06:20:35 +11:00
djm@openbsd.org
19bcf2ea2d upstream commit
refactor activation of rekeying

This makes automatic rekeying internal to the packet code (previously
the server and client loops needed to assist). In doing to it makes
application of rekey limits more accurate by accounting for packets
about to be sent as well as packets queued during rekeying events
themselves.

Based on a patch from dtucker@ which was in turn based on a patch
Aleksander Adamowski in bz#2521; ok markus@

Upstream-ID: a441227fd64f9739850ca97b4cf794202860fcd8
2016-02-08 21:58:32 +11:00
dtucker@openbsd.org
921ff00b0a upstream commit
Allow RekeyLimits in excess of 4G up to 2**63 bits
 (limited by the return type of scan_scaled).  Part of bz#2521, ok djm.

Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979
2016-01-30 11:19:13 +11:00
markus@openbsd.org
a306863831 upstream commit
remove roaming support; ok djm@

Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
2016-01-27 16:54:10 +11:00
djm@openbsd.org
a4b9e0f4e4 upstream commit
include remote port number in a few more messages; makes
 tying log messages together into a session a bit easier; bz#2503 ok dtucker@

Upstream-ID: 9300dc354015f7a7368d94a8ff4a4266a69d237e
2015-12-18 14:50:10 +11:00
Tim Rice
910209203d cleaner way fix dispatch.h portion of commit
a88dd1da11
(some systems have sig_atomic_t in signal.h, some in sys/signal.h)
Sounds good to me djm@
2015-02-23 22:06:56 -08:00
Damien Miller
62f678dd51 nother sys/queue.h -> sys-queue.h fix
spotted by Tom Christensen
2015-02-24 09:02:54 +11:00
Damien Miller
773dda25e8 repair --without-openssl; broken in refactor 2015-02-18 22:29:32 +11:00
djm@openbsd.org
4509b5d4a4 upstream commit
avoid more fatal/exit in the packet.c paths that
 ssh-keyscan uses; feedback and "looks good" markus@
2015-01-30 12:18:59 +11:00
djm@openbsd.org
fae7bbe544 upstream commit
avoid fatal() calls in packet code makes ssh-keyscan more
 reliable against server failures ok dtucker@ markus@
2015-01-29 09:08:07 +11:00
markus@openbsd.org
f582f0e917 upstream commit
add experimental api for packet layer; ok djm@
2015-01-20 09:23:46 +11:00
markus@openbsd.org
3fdc88a0de upstream commit
move dispatch to struct ssh; ok djm@
2015-01-20 09:14:16 +11:00
markus@openbsd.org
091c302829 upstream commit
update packet.c & isolate, introduce struct ssh a) switch
 packet.c to buffer api and isolate per-connection info into struct ssh b)
 (de)serialization of the state is moved from monitor to packet.c c) the old
 packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and
 integrated into packet.c with and ok djm@
2015-01-20 09:13:01 +11:00
Damien Miller
c31a0cd5b3 - markus@cvs.openbsd.org 2014/05/03 17:20:34
[monitor.c packet.c packet.h]
     unbreak compression, by re-init-ing the compression code in the
     post-auth child. the new buffer code is more strict, and requires
     buffer_init() while the old code was happy after a bzero();
     originally from djm@
2014-05-15 14:37:39 +10:00
Damien Miller
633de33b19 - djm@cvs.openbsd.org 2014/04/28 03:09:18
[authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h]
     [ssh-keygen.c]
     buffer_get_string_ptr's return should be const to remind
     callers that futzing with it will futz with the actual buffer
     contents
2014-05-15 13:48:26 +10:00
Damien Miller
ce98654674 - djm@cvs.openbsd.org 2013/07/12 00:19:59
[auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
     [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
     fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2013-07-18 16:12:44 +10:00
Darren Tucker
c53c2af173 - dtucker@cvs.openbsd.org 2013/05/16 02:00:34
[ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
     ssh_config.5 packet.h]
     Add an optional second argument to RekeyLimit in the client to allow
     rekeying based on elapsed time in addition to amount of traffic.
     with djm@ jmc@, ok djm
2013-05-16 20:28:16 +10:00
Damien Miller
72de982def - markus@cvs.openbsd.org 2012/01/25 19:40:09
[packet.c packet.h]
     packet_read_poll() is not used anymore.
2012-02-11 08:19:21 +11:00
Damien Miller
d2ac5d74b4 - djm@cvs.openbsd.org 2011/05/06 21:14:05
[packet.c packet.h]
     set traffic class for IPv6 traffic as we do for IPv4 TOS;
     patch from lionel AT mamane.lu via Colin Watson in bz#1855;
     ok markus@
2011-05-15 08:43:13 +10:00
Damien Miller
0dac6fb6b2 - djm@cvs.openbsd.org 2010/11/13 23:27:51
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
     [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
     allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
     hardcoding lowdelay/throughput.

     bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-11-20 15:19:38 +11:00
Darren Tucker
8ccb7392e7 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
for missing headers and compiler warnings.
2010-09-10 12:28:24 +10:00
Damien Miller
eb8b60e320 - djm@cvs.openbsd.org 2010/08/31 11:54:45
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
     [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
     [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
     [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
     [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
     [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
     [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
     Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
     host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
     better performance than plain DH and DSA at the same equivalent symmetric
     key length, as well as much shorter keys.

     Only the mandatory sections of RFC5656 are implemented, specifically the
     three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
     ECDSA. Point compression (optional in RFC5656 is NOT implemented).

     Certificate host and user keys using the new ECDSA key types are supported.

     Note that this code has not been tested for interoperability and may be
     subject to change.

     feedback and ok markus@
2010-08-31 22:41:14 +10:00
Damien Miller
da108ece68 - djm@cvs.openbsd.org 2010/08/31 09:58:37
[auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
     [packet.h ssh-dss.c ssh-rsa.c]
     Add buffer_get_cstring() and related functions that verify that the
     string extracted from the buffer contains no embedded \0 characters*
     This prevents random (possibly malicious) crap from being appended to
     strings where it would not be noticed if the string is used with
     a string(3) function.

     Use the new API in a few sensitive places.

     * actually, we allow a single one at the end of the string for now because
     we don't know how many deployed implementations get this wrong, but don't
     count on this to remain indefinitely.
2010-08-31 22:36:39 +10:00
Darren Tucker
e841eb0654 - andreas@cvs.openbsd.org 2009/06/27 09:29:06
[packet.h packet.c]
     packet_bacup_state() and packet_restore_state() will be used to
     temporarily save the current state ren resuming a suspended connection.
     ok markus@
2009-07-06 07:11:13 +10:00
Darren Tucker
761c38918a - andreas@cvs.openbsd.org 2009/05/27 06:38:16
[sshconnect.h sshconnect.c]
     Un-static ssh_exchange_identification(), part of a larger change from
     Martin Forssen and needed for upcoming changes.
     ok markus@
2009-06-21 18:16:26 +10:00
Darren Tucker
f7288d77e4 - andreas@cvs.openbsd.org 2009/05/27 06:31:25
[canohost.h canohost.c]
     Add clear_cached_addr(), needed for upcoming changes allowing the peer
     address to change.
     ok markus@
2009-06-21 18:12:20 +10:00
Damien Miller
b61f3fc31f - markus@cvs.openbsd.org 2008/07/10 18:08:11
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h sshd.c]
     sync v1 and v2 traffic accounting; add it to sshd, too;
     ok djm@, dtucker@
2008-07-11 17:36:48 +10:00