Commit Graph

9855 Commits

Author SHA1 Message Date
djm@openbsd.org 2a9c9f7272 upstream: sshsig: lightweight signature and verification ability
for OpenSSH

This adds a simple manual signature scheme to OpenSSH.
Signatures can be made and verified using ssh-keygen -Y sign|verify

Signatures embed the key used to make them. At verification time, this
is matched via principal name against an authorized_keys-like list
of allowed signers.

Mostly by Sebastian Kinne w/ some tweaks by me

ok markus@

OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb
2019-09-03 18:40:23 +10:00
djm@openbsd.org 5485f8d50a upstream: move authorized_keys option parsing helpsers to misc.c
and make them public; ok markus@

OpenBSD-Commit-ID: c18bcb2a687227b3478377c981c2d56af2638ea2
2019-09-03 18:39:31 +10:00
djm@openbsd.org f8df0413f0 upstream: make get_sigtype public as sshkey_get_sigtype(); ok
markus@

OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8
2019-09-03 18:39:31 +10:00
djm@openbsd.org dd8002fbe6 upstream: move advance_past_options to authfile.c and make it
public; ok markus@

OpenBSD-Commit-ID: edda2fbba2c5b1f48e60f857a2010479e80c5f3c
2019-09-03 18:39:31 +10:00
djm@openbsd.org c72d78ccbe upstream: move skip_space() to misc.c and make it public; ok
markus@

OpenBSD-Commit-ID: caa77e8a3b210948e29ad3e28c5db00852961eae
2019-09-03 18:39:31 +10:00
djm@openbsd.org 06af3583f4 upstream: authfd: add function to check if key is in agent
This commit adds a helper function which allows the caller to
check if a given public key is present in ssh-agent.

work by Sebastian Kinne; ok markus@

OpenBSD-Commit-ID: d43c5826353e1fdc1af71eb42961b30782c7bd13
2019-09-03 18:39:31 +10:00
djm@openbsd.org 2ab5a84648 upstream: fix memleak in ssh_free_identitylist(); ok markus@
OpenBSD-Commit-ID: aa51f77ae2c5330a1f61b2d22933f24a443f9abf
2019-09-03 18:39:31 +10:00
djm@openbsd.org 85443f165b upstream: factor out confirm_overwrite(); ok markus@
OpenBSD-Commit-ID: 304e95381b39c774c8fced7e5328b106a3ff0400
2019-09-03 18:39:31 +10:00
djm@openbsd.org 9a396e3368 upstream: constify an argument
OpenBSD-Commit-ID: 724bafc9f993746ad4303e95bede2c030de6233b
2019-09-03 18:39:31 +10:00
djm@openbsd.org b52c0c2e64 upstream: downgrade PKCS#11 "provider returned no slots" warning
from log level error to debug. This is common when attempting to enumerate
keys on smartcard readers with no cards plugged in. bz#3058 ok dtucker@

OpenBSD-Commit-ID: bb8839ddeb77c271390488af1b771041d43e49c6
2019-09-02 10:32:43 +10:00
djm@openbsd.org 0713322e18 upstream: print comment when printing pubkey from private
bz#3052; ok dtucker

OpenBSD-Commit-ID: a91b2a8d5f1053d34d7fce44523c53fb534ba914
2019-09-02 10:32:42 +10:00
Damien Miller 368f1cc2fb fixed test in OSX closefrom() replacement
from likan_999.student AT sina.com
2019-09-02 10:28:42 +10:00
Damien Miller 6b7c53498d retain Solaris PRIV_FILE_LINK_ANY in sftp-server
Dropping this privilege removes the ability to create hard links to
files owned by other users. This is required for the legacy sftp rename
operation.

bz#3036; approach ok Alex Wilson (the original author of the Solaris
sandbox/pledge replacement code)
2019-09-02 10:22:02 +10:00
dtucker@openbsd.org e50f808712 upstream: Use ed25519 for most hostkey rotation tests since it's
supported even when built without OpenSSL.  Use RSA for the secondary type
test if supported, otherwise skip it.  Fixes this test for !OpenSSL builds.

OpenBSD-Regress-ID: 101cb34a84fd974c623bdb2e496f25a6e91be109
2019-08-30 15:56:42 +10:00
bluhm@openbsd.org 5e4796c47d upstream: Test did not compile due to missing symbols. Add source
sshbuf-misc.c to regress as it was done in ssh make file. from Moritz Buhl

OpenBSD-Regress-ID: 9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5
2019-08-30 15:56:42 +10:00
Damien Miller e0e7e3d0e2 tweak warning flags
Enable -Wextra if compiler supports it

Set -Wno-error=format-truncation if available to prevent expected
string truncations in openbsd-compat from breaking -Werror builds
2019-08-30 14:26:19 +10:00
Damien Miller 28744182cf proc_pidinfo()-based closefrom() for OS X
Refactor closefrom() to use a single brute-force close() loop fallback.

Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@
2019-08-30 13:23:04 +10:00
kn@openbsd.org dc2ca58814 upstream: Call comma-separated lists as such to clarify semantics
Options such as Ciphers take values that may be a list of ciphers;  the
complete list, not indiviual elements, may be prefixed with a dash or plus
character to remove from or append to the default list respectively.

Users might read the current text as if each elment took an optional prefix,
so tweak the wording from "values" to "list" to prevent such ambiguity for
all options supporting this semantics (those that provide a list of
available elements via "ssh -Q ...").

Input and OK jmc

OpenBSD-Commit-ID: 4fdd175b0e5f5cb10ab3f26ccc38a93bb6515d57
2019-08-29 19:21:42 +10:00
djm@openbsd.org c4736f39e6 upstream: include sshbuf-misc.c in SRCS_BASE
OpenBSD-Commit-ID: 99dd10e72c04e93849981d43d64c946619efa474
2019-08-29 19:21:42 +10:00
Darren Tucker d0e51810f3 Fix pasto in fallback code.
There is no parameter called "pathname", it should simply be "path".
bz#3059, patch from samuel at cendio.se.
2019-08-24 15:12:11 +10:00
Damien Miller e83c989bfd use SC_ALLOW_ARG_MASK to limit mmap protections
Restrict to PROT_(READ|WRITE|NONE), i.e. exclude PROT_EXEC
2019-08-23 10:19:30 +10:00
Damien Miller f6906f9bf1 allow mprotect(2) with PROT_(READ|WRITE|NONE) only
Used by some hardened heap allocators. Requested by Yegor
Timoshenko in https://github.com/openssh/openssh-portable/pull/142
2019-08-23 10:10:03 +10:00
djm@openbsd.org e3b6c966b7 upstream: switch percent_expand() to use sshbuf instead of a limited
fixed buffer; ok markus@

OpenBSD-Commit-ID: 3f9ef20bca5ef5058b48c1cac67c53b9a1d15711
2019-08-16 16:14:30 +10:00
djm@openbsd.org 9ab5b94747 upstream: produce a useful error message if the user's shell is set
incorrectly during "match exec" processing. bz#2791 reported by Dario
Bertini; ok dtucker

OpenBSD-Commit-ID: cf9eddd6a6be726cb73bd9c3936f3888cd85c03d
2019-08-09 15:11:30 +10:00
dtucker@openbsd.org 8fdbc7247f upstream: Change description of TCPKeepAlive from "inactive" to
"unresponsive" to clarify what it checks for.  Patch from jblaine at
kickflop.net via github pr#129, ok djm@.

OpenBSD-Commit-ID: 3682f8ec7227f5697945daa25d11ce2d933899e9
2019-08-09 15:11:30 +10:00
dtucker@openbsd.org 7afc45c3ed upstream: Allow the maximimum uint32 value for the argument passed to
-b which allows better error messages from later validation.  bz#3050, ok
djm@

OpenBSD-Commit-ID: 10adf6876b2401b3dc02da580ebf67af05861673
2019-08-08 20:01:39 +10:00
naddy@openbsd.org c31e4f5fb3 upstream: Many key types are supported now, so take care to check
the size restrictions and apply the default size only to the matching key
type. tweak and ok dtucker@

OpenBSD-Commit-ID: b825de92d79cc4cba19b298c61e99909488ff57e
2019-08-08 16:40:09 +10:00
dtucker@openbsd.org 6b39a7b49e upstream: Remove now-redundant perm_ok arg since
sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that
case.  Patch from jitendra.sharma at intel.com, ok djm@

OpenBSD-Commit-ID: 07916a17ed0a252591b71e7fb4be2599cb5b0c77
2019-08-08 16:40:09 +10:00
Darren Tucker d46075b923 Fix mem leak in unit test.
Patch from jitendra.sharma at intel.com.
2019-08-05 21:36:48 +10:00
djm@openbsd.org c4ffb72593 upstream: fix some memleaks in test_helper code
bz#3037 from Jitendra Sharma

OpenBSD-Regress-ID: 71440fa9186f5842a65ce9a27159385c6cb6f751
2019-08-02 11:42:26 +10:00
djm@openbsd.org 6e76e69dc0 upstream: typo; from Christian Hesse
OpenBSD-Commit-ID: 82f6de7438ea7ee5a14f44fdf5058ed57688fdc3
2019-08-02 11:25:46 +10:00
djm@openbsd.org 49fa065a1b upstream: let sshbuf_find/cmp take a void* for the
search/comparison argument, instead of a u_char*. Saves callers needing to
cast.

OpenBSD-Commit-ID: d63b69b7c5dd570963e682f758f5a47b825605ed
2019-07-30 15:06:27 +10:00
mestre@openbsd.org 7adf6c430d upstream: When using a combination of a Yubikey+GnuPG+remote
forwarding the gpg-agent (and options ControlMaster+RemoteForward in
ssh_config(5)) then the codepath taken will call mux_client_request_session
-> mm_send_fd -> sendmsg(2). Since sendmsg(2) is not allowed in that codepath
then pledge(2) kills the process.

The solution is to add "sendfd" to pledge(2), which is not too bad considering
a little bit later we reduce pledge(2) to only "stdio proc tty" in that
codepath.

Problem reported and diff provided by Timothy Brown <tbrown at freeshell.org>

OK deraadt@

OpenBSD-Commit-ID: 7ce38b6542bbec00e441595d0a178e970a9472ac
2019-07-30 15:06:27 +10:00
dtucker@openbsd.org 0e2fe18acc upstream: Fix typo in CASignatureAlgorithms wherein what should be
a comma is a dot. Patch from hnj2 via github pr#141.

OpenBSD-Commit-ID: 01f5a460438ff1af09aab483c0a70065309445f0
2019-07-30 15:06:27 +10:00
Darren Tucker e93ffd1a19 Report success of individual tests as well as all.
This puts the "all tests passed" message back at the end where the
test harnesses can find it.
2019-07-29 16:34:19 +10:00
Damien Miller 2ad5b36b18 convert to UTF-8; from Mike Frysinger 2019-07-29 09:49:23 +10:00
dtucker@openbsd.org d31e7c937b upstream: Restrict limit-keytype to types supported by build. This
means we have to skip a couple tests when only one key type is supported.

OpenBSD-Regress-ID: 22d05befb9c7ce21ce8dc22acf1ffe9e2ef2e95e
2019-07-26 14:51:25 +10:00
Darren Tucker 0967a233b8 Remove override disabling DH-GEX.
The DH-GEX override doesn't work when build without OpenSSL, and
we'll prefer curve25519 these days, removing the need for it.
2019-07-25 20:11:45 +10:00
dtucker@openbsd.org 061407efc1 upstream: Only use supported key types during KRL test, preferring
ed25519 since it's supported by both OpenSSL and non-OpenSSL builds.

OpenBSD-Regress-ID: 9f2bb3eadd50fcc8245b1bd8fd6f0e53602f71aa
2019-07-25 20:09:06 +10:00
dtucker@openbsd.org 47f8ff1fa5 upstream: Switch keys-command test from rsa to ed25519 since it's
supported for both OpenSSL and non-OpenSSL builds.

OpenBSD-Regress-ID: 174be4be876edd493e4a5c851e5bc579885e7a0a
2019-07-25 20:01:19 +10:00
dtucker@openbsd.org 1e94afdfa8 upstream: Make certificate tests work with the supported key
algorithms.  Allows tests to pass when built without OpenSSL.

OpenBSD-Regress-ID: 617169a6dd9d06db3697a449d9a26c284eca20fc
2019-07-25 20:01:19 +10:00
dtucker@openbsd.org 26bf693661 upstream: Construct list of key types to test based on the types
supported by the binaries.

OpenBSD-Regress-ID: fcbd115efacec8ab0ecbdb3faef79ac696cb1d62
2019-07-24 16:51:17 +10:00
dtucker@openbsd.org 773c55b3d1 upstream: Only use DSA key type in tests if binaries support it.
OpenBSD-Regress-ID: 770e31fe61dc33ed8eea9c04ce839b33ddb4dc96
2019-07-24 16:47:58 +10:00
Darren Tucker 159e987a54 Split test targets further.
Splits test into file-tests, t-exec, unit and interop-tests and their
respective dependencies.  Should allow running any set individually
without having to build the other dependencies that are not needed
for that specific test.
2019-07-24 14:21:19 +10:00
Darren Tucker 520d4550a2 Add lib dependencies for regress binary targets. 2019-07-24 11:20:18 +10:00
Darren Tucker 4e8d0dd78d Make "unit" a dependency of "test". 2019-07-24 00:12:51 +10:00
Darren Tucker 4317b2a048 upstream rev 1.28: fix comment typo. 2019-07-23 23:24:47 +10:00
Darren Tucker e0055af2bd Split regress-binaries into two targets.
Split the binaries for the unit tests out into a regress-unit-binaries
target, and add a dependency on it for only the unit tests.  This allows
us to run the integration tests only ("make t-exec") without building
the unit tests, which allows us to run a subset of the tests when
building --without-openssl without trying (and failing) to build the
unit tests.

This means there are two targets for "unit" which I *think* is valid
(it works in testing, and makedepend will generate Makefiles of this
form)a but I could be wrong.
2019-07-23 23:18:17 +10:00
dtucker@openbsd.org 7cdf9fdcf1 upstream: Skip DH group generation test if binaries don't support
DH-GEX.

OpenBSD-Regress-ID: 7c918230d969ecf7656babd6191a74526bffbffd
2019-07-23 22:51:22 +10:00
dtucker@openbsd.org 3a3eab8bb0 upstream: Only test conversion of key types supported by the
binaries.

OpenBSD-Regress-ID: e3f0938a0a7407e2dfbb90abc3ec979ab6e8eeea
2019-07-23 22:51:22 +10:00