Commit Graph

11820 Commits

Author SHA1 Message Date
Darren Tucker
c83e467ead
Remove arc4random_uniform from arc4random.c
This was previously moved into its own file (matching OpenBSD) which
prematurely committed in commit 73541f2.
2022-09-02 14:30:38 +10:00
djm@openbsd.org
5f45c2395c
upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV
explicitly test whether the token performs built-in UV (e.g. biometric
tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388

OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd
2022-09-02 14:21:06 +10:00
Darren Tucker
03277a4aa4
Move sftp from valgrind-2 to 3 to rebalance. 2022-08-31 20:26:30 +10:00
djm@openbsd.org
fcf5365da6
upstream: whitespace
OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232
2022-08-31 12:57:42 +10:00
Damien Miller
e60136a3d7
additional keys 2022-08-29 13:27:45 +10:00
Damien Miller
2b02dcb505
cross-sign allowed_signers with PGP key
Provides continuity of trust from legacy PGP release key to
the SSHSIG signing keys that we will use henceforth for git
signing.
2022-08-29 13:23:43 +10:00
Darren Tucker
51b345f177
Add libcrypt-devel to cygwin-release deps.
Based on feedback from vinschen at redhat.com.
2022-08-27 21:49:27 +10:00
Darren Tucker
9f81736cf1
Add Windows 2022 test targets. 2022-08-27 09:37:40 +10:00
Darren Tucker
85e1a69243
Add cygwin-release test target.
This also moves the cygwin package install from the workflow file to
setup_ci.sh so that we can install different sets of Cygwin packages
for different test configs.
2022-08-26 19:22:25 +10:00
djm@openbsd.org
92382dbe8b
upstream: whitespace
OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8
2022-08-26 18:17:57 +10:00
djm@openbsd.org
70a5de0a50
upstream: whitespace
OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538
2022-08-26 18:14:02 +10:00
Damien Miller
3a683a19fd
initial list of allowed signers 2022-08-26 14:23:55 +10:00
Darren Tucker
6851f4b8c3 Install Cygwin packages based on OS not config. 2022-08-19 17:22:18 +10:00
djm@openbsd.org
f964809068 upstream: attemp FIDO key signing without PIN and use the error
code returned to fall back only if necessary. Avoids PIN prompts for FIDO
tokens that don't require them; part of GHPR#302

OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e
2022-08-19 16:34:06 +10:00
djm@openbsd.org
5453333b5d upstream: remove incorrect check that can break enrolling a
resident key (introduced in r1.40)

OpenBSD-Commit-ID: 4cab364d518470e29e624af3d3f9ffa9c92b6f01
2022-08-19 16:34:06 +10:00
dtucker@openbsd.org
ff89b1bed8 upstream: Strictly enforce the maximum allowed SSH2 banner size in
ssh-keyscan and prevent a one-byte buffer overflow.  Patch from Qualys, ok
djm@

OpenBSD-Commit-ID: 6ae664f9f4db6e8a0589425f74cd0bbf3aeef4e4
2022-08-19 16:34:06 +10:00
Darren Tucker
1b470b9036 Fix cygwin conditional steps. 2022-08-19 15:19:19 +10:00
Darren Tucker
fd6ee741ab Add a bit more debug output. 2022-08-19 15:12:57 +10:00
Darren Tucker
a9305c4c73 Add Cygwin (on windows-2019) test target.
In addition to installing the requisite Cygwin packages, we also need to
explicitly invoke "sh" for steps that run other scripts since the runner
environment doesn't understand #! paths.
2022-08-19 15:08:57 +10:00
djm@openbsd.org
5062ad4881 upstream: double free() in error path; from Eusgor via GHPR333
OpenBSD-Commit-ID: 39f35e16ba878c8d02b4d01d8826d9b321be26d4
2022-08-19 13:13:53 +10:00
Darren Tucker
5a5c580b48 Check for perms to run agent-getpeereid test.
Ubuntu 22.04 defaults to private home dirs which prevents "nobody"
running ssh-add during the agent-getpeereid test.  Check for this and
add the necessary permissions.
2022-08-18 21:36:39 +10:00
Damien Miller
cd06a76b7c on Cygwin, prefer WinHello FIDO device
If no FIDO device was explictly specified, then prefer the
windows://hello FIDO device. An exception to this is when
probing resident FIDO keys, in which case hardware FIDO
devices are preferred.
2022-08-17 16:04:16 +10:00
djm@openbsd.org
47f72f534a upstream: add an extra flag to sk_probe() to indicate whether we're
probing for a FIDO resident key or not. Unused here, but will make like
easier for portable

OpenBSD-Commit-ID: 432c8ff70e270378df9dbceb9bdeaa5b43b5a832
2022-08-17 16:03:01 +10:00
jmc@openbsd.org
edb0bcb3c7 upstream: use .Cm for "sign"; from josiah frentsos
OpenBSD-Commit-ID: 7f80a53d54857ac6ae49ea6ad93c5bd12231d1e4
2022-08-17 16:03:01 +10:00
Corinna Vinschen
cccb011e13 Revert "check_sk_options: add temporary WinHello workaround"
Cygwin now comes with libfido2 1.11.0, so this workaround
isn't required anymore.

This reverts commit 242c044ab1.

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2022-08-12 15:34:47 +10:00
Corinna Vinschen
9468cd7cf9 fido_dev_is_winhello: return 0, not "false"
"false" is not used anywhere in OpenSSH, so return 0 like
everywhere else.

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2022-08-12 15:34:01 +10:00
djm@openbsd.org
730a806094 upstream: sftp-server: support home-directory request
Add support to the sftp-server for the home-directory extension defined
in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the
existing expand-path@openssh.com, but uses a more official protocol name,
and so is a bit more likely to be implemented by non-OpenSSH clients.

From Mike Frysinger, ok dtucker@

OpenBSD-Commit-ID: bfc580d05cc0c817831ae7ecbac4a481c23566ab
2022-08-12 15:22:37 +10:00
Darren Tucker
5e820bf79c Replace deprecated ubuntu-18.04 runners with 22.04 2022-08-12 14:56:55 +10:00
Darren Tucker
87b0d9c1b7 Add a timegm implementation from Heimdal via Samba.
Fixes build on (at least Solaris 10).
2022-08-11 22:51:10 +10:00
Darren Tucker
d0c4fa5859 Rerun tests if any .github config file changes. 2022-08-11 14:23:58 +10:00
Darren Tucker
113fe6c77a Skip hostbased during Valgrind tests.
Valgrind doesn't let ssh exec ssh-keysign (because it's setuid) so skip
it during the Valgrind based tests.

See https://bugs.kde.org/show_bug.cgi?id=119404 for a discussion of this
(ironically there the problematic binary was ssh(1) back when it could
still be setuid).
2022-08-11 13:50:05 +10:00
djm@openbsd.org
b98a42afb6 upstream: add some tests for parse_absolute_time(), including cases
where it is forced to the UTC timezone. bz3468 ok dtucker

OpenBSD-Regress-ID: ea07ca31c2f3847a38df028ca632763ae44e8759
2022-08-11 12:01:50 +10:00
djm@openbsd.org
ec1ddb72a1 upstream: allow certificate validity intervals, sshsig verification
times and authorized_keys expiry-time options to accept dates in the UTC time
zone in addition to the default of interpreting them in the system time zone.
YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if
suffixed with a 'Z' character.

Also allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
is intended for use by regress tests and other tools that call
ssh-keygen as part of a CA workflow.

bz3468 ok dtucker

OpenBSD-Commit-ID: 454db1cdffa9fa346aea5211223a2ce0588dfe13
2022-08-11 12:00:49 +10:00
Darren Tucker
4df246ec75 Fix conditional for running hostbased tests. 2022-08-11 10:24:56 +10:00
Damien Miller
2580916e48 fix SANDBOX_SECCOMP_FILTER_DEBUG 2022-08-11 08:58:28 +10:00
Darren Tucker
fdbd5bf507 Test hostbased auth on github runners. 2022-08-10 17:37:58 +10:00
Darren Tucker
7e2f51940b Rename our getentropy to prevent possible loops.
Since arc4random seeds from getentropy, and we use OpenSSL for that
if enabled, there's the possibility that if we build on a system that
does not have getentropy then run on a system that does have it, then
OpenSSL could end up calling our getentropy and getting stuck in a loop.
Pointed out by deraadt@, ok djm@
2022-08-10 17:36:44 +10:00
Darren Tucker
7a01f61be8 Actually put HAVE_STDINT_H around the stdint.h. 2022-08-08 12:17:04 +10:00
Darren Tucker
73541f29f0 Give unused param a name.
Fixes builds on platforms that do have fido2 but don't have
fido_dev_is_winhello.
2022-08-08 10:32:27 +10:00
djm@openbsd.org
2a108c0ea9 upstream: don't prompt for FIDO passphrase before attempting to enroll
the credential, just let the enroll operating fail and we'll attempt to get a
PIN anyway. Might avoid some unneccessary PIN prompts.

Part of GHPR#302 from Corinna Vinschen; ok dtucker@

OpenBSD-Commit-ID: bd5342ffc353ee37d39617906867c305564d1ce2
2022-08-05 15:03:40 +10:00
Corinna Vinschen
2886975c0a sk_sign: set FIDO2 uv attribute explicitely for WinHello
WinHello via libfido2 performs user verification by default.
However, if we stick to that, there's no way to differentiate
between keys created with or without "-O  verify-required".
Set FIDO2 uv attribute explicitely to FIDO_OPT_FALSE, then check
if user verification has been requested.

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2022-08-05 14:44:03 +10:00
Corinna Vinschen
242c044ab1 check_sk_options: add temporary WinHello workaround
Up to libfido 1.10.0, WinHello advertises "clientPin" rather
than "uv" capability.  This is fixed in 1.11.0.  For the time
being, workaround it here.

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2022-08-05 14:42:10 +10:00
Corinna Vinschen
78774c08cc compat code for fido_dev_is_winhello()
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2022-08-05 14:39:05 +10:00
Darren Tucker
3d3a932a01 Factor out getrnd() and rename to getentropy().
Factor out the arc4random seeding into its own file and change the
interface to match getentropy.  Use native getentropy if available.
This will make it easier to resync OpenBSD changes to arc4random.
Prompted by bz#3467, ok djm@.
2022-08-05 13:12:27 +10:00
Darren Tucker
9385d277b7 Include CHANNEL and FIDO2 libs in configure output 2022-08-04 22:02:04 +10:00
djm@openbsd.org
141535b904 upstream: avoid double-free in error path introduced in r1.70; report
and fix based on GHPR#332 by v-rzh ok dtucker@

OpenBSD-Commit-ID: 3d21aa127b1f37cfc5bdc21461db369a663a951f
2022-08-01 21:11:33 +10:00
Darren Tucker
dba7099ffc Remove deprecated MacOS 10.15 runners. 2022-07-27 18:40:12 +10:00
Darren Tucker
722a56439a Move stale-configure check as early as possible.
We added a check in Makefile to catch the case where configure needs to
be rebuilt, however this did not happen until a build was attempted in
which case all of the work done by configure was wasted.  Move this check
 to the start of configure to catch it as early as possible.  ok djm@
2022-07-27 18:31:14 +10:00
Darren Tucker
099d6b5628 Move libcrypto into CHANNELLIBS.
This will result in sftp, sftp-server and scp no longer being linked
against libcrypto.  ok djm@
2022-07-27 16:22:39 +10:00
Darren Tucker
1bdf86725b Remove seed_rng calls from scp, sftp, sftp-server.
These binaries don't use OpenSSL's random functions.  The next step
will be to stop linking them against libcrypto.  ok djm@
2022-07-27 16:22:30 +10:00