Darren Tucker [Fri, 8 Nov 2024 18:14:16 +0000 (05:14 +1100)]
Reshuffle OpenWRT test configs.
Move the the flags used by the OpenWRT distro to mipsel target and
enable OpenSSL on all targets to improve coverage.
Explicitly disable security key and openssl on mips target so that host
end of the bigendian interop tests don't attempt them and fail (since
they're not enabled on the target side).
Darren Tucker [Sat, 2 Nov 2024 07:05:41 +0000 (18:05 +1100)]
Test bigendian interop.
Where our test target is a bigendian system, do an additional build on
the runner host (which is little endian) and test interop between the two.
Should hopefully catch obvious endianness bugs.
djm@openbsd.org [Wed, 6 Nov 2024 22:51:26 +0000 (22:51 +0000)]
upstream: ssh-agent implemented an all-or-nothing allow-list of
FIDO application IDs for security key-backed keys, to prevent web key handles
from being used remotely as this would likely lead to unpleasant surprises.
By default, only application IDs that start with "ssh:*" are allowed.
This adds a -Owebsafe-allow=... argument that can override the default
list with a more or less restrictive one. The default remains unchanged.
jca@openbsd.org [Mon, 4 Nov 2024 21:59:15 +0000 (21:59 +0000)]
upstream: Ignore extra groups that don't fit in the buffer passed
to getgrouplist(3)
Our kernel supports 16 groups (NGROUPS_MAX), but nothing prevents
an admin from adding a user to more groups. With that tweak we'll keep
on ignoring them instead of potentially reading past the buffer passed to
getgrouplist(3). That behavior is explicitely described in initgroups(3).
Darren Tucker [Fri, 25 Oct 2024 08:04:30 +0000 (19:04 +1100)]
Retire the minix3 test config.
It got broken by the sshd-auth change, it's not obvious why, and the
platform lacks the debugging tools (eg gdb, strace) to figure it out.
The upstream project seems effectively dead (6 years since the last
commit, 10 since the last release). It was useful while it lasted
(we found a real bug because of it) but its time seems to have passed.
Darren Tucker [Fri, 25 Oct 2024 08:01:02 +0000 (19:01 +1100)]
Simplify pselect shim and remove side effects.
Instead of maintaing state (pipe descriptors, signal handlers) across
pselect-on-select invocations, set up and restore them each call.
This prevents outside factors (eg a closefrom or signal handler
installation) from potentially causing problems. This does result in a
drop in throughput of a couple of percent on geriatric platforms without
a native pselect due to the extra overhead. Tweaks & ok djm@
... and ssh and sshd log wrappers before recreating them. Prevents "can't
create" errors during tests when running tests without SUDO after having
run them with SUDO.
... to run all of the subprograms from the build directory while
developing and debugging. Should help prevent accidentally testing
against unchanged installed sshd-auth and sshd-session binaries. ok djm@
Darren Tucker [Thu, 17 Oct 2024 09:50:29 +0000 (20:50 +1100)]
Seed RNG when starting up sshd-auth.
Makes builds configured --without-openssl work again since otherwise
the first use of the RNG comes after the sandbox init and it can't
open /dev/random.
This splits the user authentication code from the sshd-session
binary into a separate sshd-auth binary. This will be executed by
sshd-session to complete the user authentication phase of the
protocol only.
Splitting this code into a separate binary ensures that the crucial
pre-authentication attack surface has an entirely disjoint address
space from the code used for the rest of the connection. It also
yields a small runtime memory saving as the authentication code will
be unloaded after thhe authentication phase completes.
djm@openbsd.org [Sun, 6 Oct 2024 23:37:17 +0000 (23:37 +0000)]
upstream: Turn off finite field (a.k.a modp) Diffie-Hellman key
exchange in sshd by default. Specifically, this removes the
diffie-hellman-group* and diffie-hellman-group-exchange-* methods. The client
is unchanged and continues to support these methods by default.
Finite field Diffie Hellman is slow and computationally expensive for
the same security level as Elliptic Curve DH or PQ key agreement while
offering no redeeming advantages.
ECDH has been specified for the SSH protocol for 15 years and some
form of ECDH has been the default key exchange in OpenSSH for the last
14 years.
upstream: fix regression introduced when I switched the "Match"
criteria tokeniser to a more shell-like one. Apparently the old tokeniser
(accidentally?) allowed "Match criteria=argument" as well as the "Match
criteria argument" syntax that we tested for.
People were using this syntax so this adds back support for
"Match criteria=argument"
upstream: update the Streamlined NTRU Prime code from the "ref"
implementation in SUPERCOP 20201130 to the "compact" implementation in
SUPERCOP 20240808. The new version is substantially faster. Thanks to Daniel
J Bernstein for pointing out the new implementation (and of course for
writing it).
Damien Miller [Mon, 9 Sep 2024 07:30:38 +0000 (17:30 +1000)]
declare defeat trying to detect C89 compilers
I can't find a reliable way to detect the features the ML-KEM code
requires in configure. Give up for now and use VLA support (that we
can detect) as a proxy for "old compiler" and turn off ML-KEM if
it isn't supported.
Damien Miller [Mon, 9 Sep 2024 06:06:21 +0000 (16:06 +1000)]
test for compiler feature needed for ML-KEM
The ML-KEM implementation we uses need the compiler to support
C99-style named struct initialisers (e.g foo = {.bar = 1}). We
still support (barely) building OpenSSH with older compilers, so
add a configure test for this.
upstream: make parsing user@host consistently look for the last '@' in
the string rather than the first. This makes it possible to use usernames
that contain '@' characters.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
projects / thirdparty / openssh-portable.git / log
