Commit Graph

338 Commits

Author SHA1 Message Date
dtucker@openbsd.org
e9f78d6b06 upstream: Rename HostbasedKeyTypes (ssh) and
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more
accurately reflects its effect. This matches a previous change to
PubkeyAcceptedAlgorithms.  The previous names are retained as aliases.  ok
djm@

OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
2021-01-26 22:50:40 +11:00
djm@openbsd.org
d1e578afe7 upstream: make ssh hostbased authentication send the signature
algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
This make HostbasedAcceptedAlgorithms do what it is supposed to - filter on
signature algorithm and not key type.

spotted with dtucker@ ok markus@

OpenBSD-Commit-ID: 25bffe19f0326972f5728170f7da81d5f45c78c6
2021-01-25 17:04:40 +11:00
dtucker@openbsd.org
ee9c0da803 upstream: Rename PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. While the two were originally equivalent, this
actually specifies the signature algorithms that are accepted.  Some key
types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512)
so the old name is becoming increasingly misleading.  The old name is
retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@

OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
2021-01-22 15:03:56 +11:00
djm@openbsd.org
4c7af01f9d upstream: If a signature operation on a FIDO key fails with a
"incorrect PIN" reason and no PIN was initially requested from the user, then
request a PIN and retry the operation.

This smoothes over a few corner cases including FIDO devices that
require PINs for all hosted credentials, biometric FIDO devices that
fall back to requiring PIN when reading the biometric failed, devices
that don't implement reading credProtect status for downloaded keys
and probably a few more cases that I haven't though of yet.

ok dtucker@

OpenBSD-Commit-ID: 176db8518933d6a5bbf81a2e3cf62447158dc878
2021-01-08 13:58:27 +11:00
djm@openbsd.org
2c71cec020 upstream: Update/replace the experimental post-quantim hybrid key
exchange method based on Streamlined NTRU Prime (coupled with X25519).

The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.

The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).

Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself

(note this both the updated method and the one that it replaced are
disabled by default)

OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
2020-12-29 12:38:53 +11:00
djm@openbsd.org
da4bf0db94 upstream: add a ssh_config KnownHostsCommand that allows the client
to obtain known_hosts data from a command in addition to the usual files.

The command accepts bunch of %-expansions, including details of the
connection and the offered server host key. Note that the command may
be invoked up to three times per connection (see the manpage for
details).

ok markus@

OpenBSD-Commit-ID: 2433cff4fb323918ae968da6ff38feb99b4d33d0
2020-12-22 15:43:59 +11:00
djm@openbsd.org
0f504f592d upstream: plumb ssh_conn_info through to sshconnect.c; feedback/ok
markus@

OpenBSD-Commit-ID: e8d14a09cda3f1dc55df08f8a4889beff74e68b0
2020-12-21 10:52:28 +11:00
djm@openbsd.org
b4c7cd1185 upstream: load_hostkeys()/hostkeys_foreach() variants for FILE*
Add load_hostkeys_file() and hostkeys_foreach_file() that accept a
FILE* argument instead of opening the file directly.

Original load_hostkeys() and hostkeys_foreach() are implemented using
these new interfaces.

Add a u_int note field to the hostkey_entry and hostkey_foreach_line
structs that is passed directly from the load_hostkeys() and
hostkeys_foreach() call. This is a lightweight way to annotate results
between different invocations of load_hostkeys().

ok markus@

OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20
2020-12-21 10:52:28 +11:00
djm@openbsd.org
04088725ec upstream: scrub keyboard-interactive authentication prompts coming
from the server through asmprintf() prior to display; suggested by and ok
dtucker@

OpenBSD-Commit-ID: 31fe93367645c37fbfe4691596bf6cf1e3972a58
2020-11-13 18:32:24 +11:00
djm@openbsd.org
5442b491d0 upstream: prefix keyboard interactive prompts with (user@host) to
make it easier to determine which connection they are associated with in
cases like scp -3, ProxyJump, etc. bz#3224 ok dtucker

OpenBSD-Commit-ID: 67e6189b04b46c867662f8a6759cf3ecb5f59170
2020-11-13 18:32:24 +11:00
djm@openbsd.org
d5a0cd4fc4 upstream: when requesting a security key touch on stderr, inform the
user once the touch has been recorded; requested by claudio@ ok markus@

OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233
2020-11-09 09:39:22 +11:00
djm@openbsd.org
7d680448db upstream: print reason in fatal error message when
kex_assemble_namelist() fails

OpenBSD-Commit-ID: a9975ee8db6c98d6f32233d88051b2077ca63dab
2020-11-04 10:09:25 +11:00
djm@openbsd.org
1a14c13147 upstream: whitespace; no code change
OpenBSD-Commit-ID: efefc1c47e880887bdee8cd2127ca93177eaad79
2020-10-29 13:54:13 +11:00
djm@openbsd.org
816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
djm@openbsd.org
acadbb3402 upstream: use do_log2 instead of function pointers to different log
functions

OpenBSD-Commit-ID: 88077b826d348c58352a6b394755520f4e484480
2020-10-17 00:37:13 +11:00
djm@openbsd.org
aa623142e4 upstream: revert kex->flags cert hostkey downgrade back to a plain
key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less
plumbing.

ok markus@

OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed
2020-10-07 13:34:11 +11:00
djm@openbsd.org
af889a40ff upstream: when ordering host key algorithms in the client, consider
the ECDSA key subtype; ok markus@

OpenBSD-Commit-ID: 3097686f853c61ff61772ea35f8b699931392ece
2020-10-07 13:33:12 +11:00
djm@openbsd.org
13cee44ef9 upstream: record when the host key checking code downgrades a
certificate host key to a plain key. This occurs when the user connects to a
host with a certificate host key but no corresponding CA key configured in
known_hosts; feedback and ok markus@

OpenBSD-Commit-ID: 2ada81853ff9ee7824c62f440bcf4ad62030c901
2020-10-03 18:31:49 +10:00
djm@openbsd.org
b3855ff053 upstream: tweak the client hostkey preference ordering algorithm to
prefer the default ordering if the user has a key that matches the
best-preference default algorithm.

feedback and ok markus@

OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f
2020-09-18 15:25:01 +10:00
djm@openbsd.org
9b8ad93824 upstream: support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is
required to demonstrate their identity to the token before particular
operations (e.g. signing). Typically this is done by authenticating
themselves using a PIN that has been set on the token.

This adds support for generating and using user verified keys where
the verification happens via PIN (other options might be added in the
future, but none are in common use now). Practically, this adds
another key generation option "verify-required" that yields a key that
requires a PIN before each authentication.

feedback markus@ and Pedro Martelletto; ok markus@

OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
2020-08-27 11:28:36 +10:00
bket@openbsd.org
e1c401109b upstream: Replace TAILQ concatenation loops with TAILQ_CONCAT
OK djm@

OpenBSD-Commit-ID: 454b40e09a117ddb833794358970a65b14c431ef
2020-07-03 15:12:31 +10:00
djm@openbsd.org
6704288957 upstream: wrap long line
OpenBSD-Commit-ID: ed405a12bd27bdc9c52e169bc5ff3529b4ebbbb2
2020-06-05 13:28:29 +10:00
djm@openbsd.org
05a651400d upstream: when ordering the hostkey algorithms to request from a
server, prefer certificate types if the known_hosts files contain a key
marked as a @cert-authority; bz#3157 ok markus@

OpenBSD-Commit-ID: 8f194573e5bb7c01b69bbfaabc68f27c9fa5e0db
2020-05-27 10:09:18 +10:00
djm@openbsd.org
54688e937a upstream: fix reversed test that caused IdentitiesOnly=yes to not
apply to keys loaded from a PKCS11Provider; bz3141, ok dtucker@

OpenBSD-Commit-ID: e3dd6424b94685671fe84c9b9dbe352fb659f677
2020-04-17 14:03:36 +10:00
djm@openbsd.org
96bd895a0a upstream: When using HostkeyAlgorithms to merely append or remove
algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the
default behaviour of preferring those algorithms that have existing keys in
known_hosts; ok markus

OpenBSD-Commit-ID: 040e7fcc38ea00146b5d224ce31ce7a1795ee6ed
2020-02-07 09:53:00 +11:00
naddy@openbsd.org
a47f6a6c0e upstream: Replace "security key" with "authenticator" in program
messages.

This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".

ok djm@

OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
2020-02-07 09:52:59 +11:00
dtucker@openbsd.org
7f8e66fea8 upstream: Make zlib optional. This adds a "ZLIB" build time option
that allows building without zlib compression and associated options.  With
feedback from markus@, ok djm@

OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910
2020-01-23 21:53:54 +11:00
dtucker@openbsd.org
3bf2a6ac79 upstream: Replace all calls to signal(2) with a wrapper around
sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.

OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
2020-01-23 18:51:25 +11:00
dtucker@openbsd.org
c4b3a12895 upstream: Remove unsupported algorithms from list of defaults at run
time and remove ifdef and distinct settings for OPENSSL=no case.

This will make things much simpler for -portable where the exact set
of algos depends on the configuration of both OpenSSH and the libcrypto
it's linked against (if any).  ok djm@

OpenBSD-Commit-ID: e0116d0183dcafc7a9c40ba5fe9127805c5dfdd2
2020-01-23 14:40:15 +11:00
djm@openbsd.org
881aded038 upstream: a little more verbosity in sign_and_send_pubkey() debug
messages

OpenBSD-Commit-ID: 6da47a0e6373f6683006f49bc2a516d197655508
2020-01-21 18:09:09 +11:00
djm@openbsd.org
49dc9fa928 upstream: close the "touch your security key" notifier on the error
path too

OpenBSD-Commit-ID: c7628bf80505c1aefbb1de7abc8bb5ee51826829
2019-11-15 13:41:40 +11:00
deraadt@openbsd.org
72687c8e7c upstream: stdarg.h required more broadly; ok djm
OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513
2019-11-15 08:50:10 +11:00
djm@openbsd.org
e44bb61824 upstream: security keys typically need to be tapped/touched in
order to perform a signature operation. Notify the user when this is expected
via the TTY (if available) or $SSH_ASKPASS if we can.

ok markus@

OpenBSD-Commit-ID: 0ef90a99a85d4a2a07217a58efb4df8444818609
2019-11-13 10:15:47 +11:00
markus@openbsd.org
2c55744a56 upstream: enable ed25519 support; ok djm
OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
2019-11-13 08:54:09 +11:00
djm@openbsd.org
9a14c64c38 upstream: Refactor signing - use sshkey_sign for everything,
including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
2019-11-01 09:46:10 +11:00
djm@openbsd.org
884416bdb1 upstream: ssh client support for U2F/FIDO keys
OpenBSD-Commit-ID: eb2cfa6cf7419a1895e06e398ea6d41516c5b0bc
2019-11-01 09:46:09 +11:00
dtucker@openbsd.org
6b39a7b49e upstream: Remove now-redundant perm_ok arg since
sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that
case.  Patch from jitendra.sharma at intel.com, ok djm@

OpenBSD-Commit-ID: 07916a17ed0a252591b71e7fb4be2599cb5b0c77
2019-08-08 16:40:09 +10:00
dtucker@openbsd.org
696fb4298e upstream: Remove some set but never used variables. ok daraadt@
OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7
2019-07-08 11:45:51 +10:00
deraadt@openbsd.org
4d28fa78ab upstream: When system calls indicate an error they return -1, not
some arbitrary value < 0.  errno is only updated in this case.  Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-07-05 11:10:39 +10:00
djm@openbsd.org
c586d2d312 upstream: fix ssh-keysign fd handling problem introduced in r1.304
caused by a typo (STDIN_FILENO vs STDERR_FILENO)

OpenBSD-Commit-ID: 57a0b4be7bef23963afe24150e24bf014fdd9cb0
2019-06-08 00:20:01 +10:00
deraadt@openbsd.org
a1d29cc36a upstream: When doing the fork+exec'ing for ssh-keysign, rearrange
the socket into fd3, so as to not mistakenly leak other fd forward
accidentally. ok djm

OpenBSD-Commit-ID: 24cc753f5aa2c6a7d0fbf62766adbc75cd785296
2019-05-17 10:07:43 +10:00
djm@openbsd.org
38e83e4f21 upstream: fix regression in r1.302 reported by naddy@ - only the first
public key from the agent was being attempted for use.

OpenBSD-Commit-ID: 07116aea521a04888718b2157f1ca723b2f46c8d
2019-02-13 10:55:44 +11:00
djm@openbsd.org
5c68ea8da7 upstream: cleanup GSSAPI authentication context after completion of the
authmethod. Move function-static GSSAPI state to the client Authctxt
structure. Make static a bunch of functions that aren't used outside this
file.

Based on patch from Markus Schmidt <markus@blueflash.cc>; ok markus@

OpenBSD-Commit-ID: 497fb792c0ddb4f1ba631b6eed526861f115dbe5
2019-02-11 20:48:16 +11:00
djm@openbsd.org
aaca72d6f1 upstream: rename kex->kem_client_pub -> kex->client_pub now that
KEM has been renamed to kexgen

from markus@ ok djm@

OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
2019-01-21 23:13:03 +11:00
djm@openbsd.org
92dda34e37 upstream: use KEM API for vanilla ECDH
from markus@ ok djm@

OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c
2019-01-21 23:13:02 +11:00
djm@openbsd.org
9c9c97e14f upstream: use KEM API for vanilla DH KEX
from markus@ ok djm@

OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9
2019-01-21 22:08:47 +11:00
djm@openbsd.org
2f6a9ddbbf upstream: use KEM API for vanilla c25519 KEX
OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
2019-01-21 22:08:04 +11:00
djm@openbsd.org
dfd591618c upstream: Add support for a PQC KEX/KEM:
sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime
4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not
enabled by default.

introduce KEM API; a simplified framework for DH-ish KEX methods.

from markus@ feedback & ok djm@

OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
2019-01-21 22:07:02 +11:00
djm@openbsd.org
0a5f2ea356 upstream: GSSAPI code got missed when converting to new packet API
OpenBSD-Commit-ID: 37e4f06ab4a0f4214430ff462ba91acba28b7851
2019-01-21 12:05:49 +11:00
djm@openbsd.org
64c9598ac0 upstream: convert the remainder of sshconnect2.c to new packet
API

with & ok markus@

OpenBSD-Commit-ID: 0986d324f2ceb5e8a12ac21c1bb10b3b4b1e0f71
2019-01-20 09:45:17 +11:00