Damien Miller [Thu, 4 Nov 2010 23:19:49 +0000 (10:19 +1100)]
- djm@cvs.openbsd.org 2010/10/28 11:22:09
[authfile.c key.c key.h ssh-keygen.c]
fix a possible NULL deref on loading a corrupt ECDH key
store ECDH group information in private keys files as "named groups"
rather than as a set of explicit group parameters (by setting
the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
retrieves the group's OpenSSL NID that we need for various things.
Damien Miller [Thu, 7 Oct 2010 11:06:42 +0000 (22:06 +1100)]
- djm@cvs.openbsd.org 2010/10/01 23:05:32
[cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
adapt to API changes in openssl-1.0.0a
NB. contains compat code to select correct API for older OpenSSL
Damien Miller [Thu, 7 Oct 2010 10:40:17 +0000 (21:40 +1100)]
- djm@cvs.openbsd.org 2010/09/30 11:04:51
[servconf.c]
prevent free() of string in .rodata when overriding AuthorizedKeys in
a Match block; patch from rein AT basefarm.no
Damien Miller [Thu, 7 Oct 2010 10:39:55 +0000 (21:39 +1100)]
- djm@cvs.openbsd.org 2010/09/26 22:26:33
[sftp.c]
when performing an "ls" in columnated (short) mode, only call
ioctl(TIOCGWINSZ) once to get the window width instead of per-
filename
Damien Miller [Thu, 7 Oct 2010 10:39:17 +0000 (21:39 +1100)]
- djm@cvs.openbsd.org 2010/09/25 09:30:16
[sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
rountrips to fetch per-file stat(2) information.
NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
match.
Damien Miller [Thu, 7 Oct 2010 10:25:27 +0000 (21:25 +1100)]
- matthew@cvs.openbsd.org 2010/09/24 13:33:00
[misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
[openbsd-compat/timingsafe_bcmp.c]
Add timingsafe_bcmp(3) to libc, mention that it's already in the
kernel in kern(9), and remove it from OpenSSH.
ok deraadt@, djm@
NB. re-added under openbsd-compat/ for portable OpenSSH
Damien Miller [Fri, 24 Sep 2010 12:11:53 +0000 (22:11 +1000)]
- jmc@cvs.openbsd.org 2010/09/22 08:30:08
[ssh.1 ssh_config.5]
ssh.1: add kexalgorithms to the -o list
ssh_config.5: format the kexalgorithms in a more consistent
(prettier!) way
ok djm
Damien Miller [Fri, 24 Sep 2010 12:11:14 +0000 (22:11 +1000)]
- djm@cvs.openbsd.org 2010/09/22 05:01:30
[kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
[servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
add a KexAlgorithms knob to the client and server configuration to allow
selection of which key exchange methods are used by ssh(1) and sshd(8)
and their order of preference.
ok markus@
Damien Miller [Fri, 24 Sep 2010 12:07:55 +0000 (22:07 +1000)]
- djm@cvs.openbsd.org 2010/09/20 07:19:27
[mux.c]
"atomically" create the listening mux socket by binding it on a temorary
name and then linking it into position after listen() has succeeded.
this allows the mux clients to determine that the server socket is
either ready or stale without races. stale server sockets are now
automatically removed
ok deraadt
Damien Miller [Fri, 24 Sep 2010 12:03:24 +0000 (22:03 +1000)]
- djm@cvs.openbsd.org 2010/09/20 04:50:53
[jpake.c schnorr.c]
check that received values are smaller than the group size in the
disabled and unfinished J-PAKE code.
avoids catastrophic security failure found by Sebastien Martini
Damien Miller [Fri, 24 Sep 2010 12:00:54 +0000 (22:00 +1000)]
- naddy@cvs.openbsd.org 2010/09/10 15:19:29
[ssh-keygen.1]
* mention ECDSA in more places
* less repetition in FILES section
* SSHv1 keys are still encrypted with 3DES
help and ok jmc@
Damien Miller [Fri, 10 Sep 2010 01:23:34 +0000 (11:23 +1000)]
- djm@cvs.openbsd.org 2010/09/09 10:45:45
[kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
ECDH/ECDSA compliance fix: these methods vary the hash function they use
(SHA256/384/512) depending on the length of the curve in use. The previous
code incorrectly used SHA256 in all cases.
This fix will cause authentication failure when using 384 or 521-bit curve
keys if one peer hasn't been upgraded and the other has. (256-bit curve
keys work ok). In particular you may need to specify HostkeyAlgorithms
when connecting to a server that has not been upgraded from an upgraded
client.
Damien Miller [Fri, 10 Sep 2010 01:20:59 +0000 (11:20 +1000)]
- deraadt@cvs.openbsd.org 2010/09/08 04:13:31
[compress.c]
work around name-space collisions some buggy compilers (looking at you
gcc, at least in earlier versions, but this does not forgive your current
transgressions) seen between zlib and openssl
ok djm
Damien Miller [Fri, 10 Sep 2010 01:17:38 +0000 (11:17 +1000)]
- naddy@cvs.openbsd.org 2010/09/02 17:21:50
[ssh-keygen.c]
Switch ECDSA default key size to 256 bits, which according to RFC5656
should still be better than our current RSA-2048 default.
ok djm@, markus@
Damien Miller [Fri, 10 Sep 2010 01:12:09 +0000 (11:12 +1000)]
- djm@cvs.openbsd.org 2010/08/31 12:33:38
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
reintroduce commit from tedu@, which I pulled out for release
engineering:
OpenSSL_add_all_algorithms is the name of the function we have a
man page for, so use that. ok djm
Darren Tucker [Fri, 10 Sep 2010 00:30:25 +0000 (10:30 +1000)]
- (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
return code since it can apparently return -1 under some conditions. From
openssh bugs werbittewas de, ok djm@
Damien Miller [Tue, 31 Aug 2010 12:41:14 +0000 (22:41 +1000)]
- djm@cvs.openbsd.org 2010/08/31 11:54:45
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
[authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
[monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
[ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
[ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
[ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
[uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
better performance than plain DH and DSA at the same equivalent symmetric
key length, as well as much shorter keys.
Only the mandatory sections of RFC5656 are implemented, specifically the
three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
ECDSA. Point compression (optional in RFC5656 is NOT implemented).
Certificate host and user keys using the new ECDSA key types are supported.
Note that this code has not been tested for interoperability and may be
subject to change.
Damien Miller [Tue, 31 Aug 2010 12:36:39 +0000 (22:36 +1000)]
- djm@cvs.openbsd.org 2010/08/31 09:58:37
[auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
[packet.h ssh-dss.c ssh-rsa.c]
Add buffer_get_cstring() and related functions that verify that the
string extracted from the buffer contains no embedded \0 characters*
This prevents random (possibly malicious) crap from being appended to
strings where it would not be noticed if the string is used with
a string(3) function.
Use the new API in a few sensitive places.
* actually, we allow a single one at the end of the string for now because
we don't know how many deployed implementations get this wrong, but don't
count on this to remain indefinitely.
Damien Miller [Tue, 31 Aug 2010 12:31:37 +0000 (22:31 +1000)]
- tedu@cvs.openbsd.org 2010/08/12 23:34:39
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
OpenSSL_add_all_algorithms is the name of the function we have a man page
for, so use that. ok djm
Damien Miller [Tue, 31 Aug 2010 12:31:14 +0000 (22:31 +1000)]
- jmc@cvs.openbsd.org 2010/08/08 19:36:30
[ssh-keysign.8 ssh.1 sshd.8]
use the same template for all FILES sections; i.e. -compact/.Pp where we
have multiple items, and .Pa for path names;
Damien Miller [Mon, 16 Aug 2010 15:59:31 +0000 (01:59 +1000)]
- djm@cvs.openbsd.org 2010/08/12 21:49:44
[ssh.c]
close any extra file descriptors inherited from parent at start and
reopen stdin/stdout to /dev/null when forking for ControlPersist.
prevents tools that fork and run a captive ssh for communication from
failing to exit when the ssh completes while they wait for these fds to
close. The inherited fds may persist arbitrarily long if a background
mux master has been started by ControlPersist. cvs and scp were effected
by this.
Darren Tucker [Mon, 16 Aug 2010 03:15:23 +0000 (13:15 +1000)]
- (dtucker) [configure.ac openbsd-compat/Makefile.in
openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
the compat library which helps on platforms like old IRIX. Based on work
by djm, tested by Tom Christensen.
Tim Rice [Thu, 12 Aug 2010 16:43:13 +0000 (09:43 -0700)]
- (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh
regress/test-exec.sh] Under certain conditions when testing with sudo
tests would fail because the pidfile could not be read by a regular user.
"cat: cannot open ...../regress/pidfile: Permission denied (error 13)"
Make sure cat is run by $SUDO. no objection from me. djm@
Damien Miller [Tue, 10 Aug 2010 02:47:40 +0000 (12:47 +1000)]
- (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is
already set. Makes FreeBSD user openable tunnels useful; patch from
richard.burakowski+ossh AT mrburak.net, ok dtucker@
Damien Miller [Thu, 5 Aug 2010 13:09:48 +0000 (23:09 +1000)]
- djm@cvs.openbsd.org 2010/08/05 13:08:42
[channels.c]
Fix a trio of bugs in the local/remote window calculation for datagram
data channels (i.e. TunnelForward):
Calculate local_consumed correctly in channel_handle_wfd() by measuring
the delta to buffer_len(c->output) from when we start to when we finish.
The proximal problem here is that the output_filter we use in portable
modified the length of the dequeued datagram (to futz with the headers
for !OpenBSD).
In channel_output_poll(), don't enqueue datagrams that won't fit in the
peer's advertised packet size (highly unlikely to ever occur) or which
won't fit in the peer's remaining window (more likely).
In channel_input_data(), account for the 4-byte string header in
datagram packets that we accept from the peer and enqueue in c->output.
report, analysis and testing 2/3 cases from wierbows AT us.ibm.com;
"looks good" markus@
Damien Miller [Thu, 5 Aug 2010 03:05:15 +0000 (13:05 +1000)]
- djm@cvs.openbsd.org 2010/08/04 05:49:22
[authfile.c]
commited the wrong version of the hostbased certificate diff; this
version replaces some strlc{py,at} verbosity with xasprintf() at
the request of markus@
Damien Miller [Thu, 5 Aug 2010 03:03:51 +0000 (13:03 +1000)]
- djm@cvs.openbsd.org 2010/08/04 05:40:39
[PROTOCOL.certkeys ssh-keygen.c]
tighten the rules for certificate encoding by requiring that options
appear in lexical order and make our ssh-keygen comply. ok markus@
Damien Miller [Thu, 5 Aug 2010 03:03:13 +0000 (13:03 +1000)]
- djm@cvs.openbsd.org 2010/08/04 05:37:01
[ssh.1 ssh_config.5 sshd.8]
Remove mentions of weird "addr/port" alternate address format for IPv6
addresses combinations. It hasn't worked for ages and we have supported
the more commen "[addr]:port" format for a long time. ok jmc@ markus@
Damien Miller [Tue, 3 Aug 2010 06:04:46 +0000 (16:04 +1000)]
- djm@cvs.openbsd.org 2010/07/19 09:15:12
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
add a "ControlPersist" option that automatically starts a background
ssh(1) multiplex master when connecting. This connection can stay alive
indefinitely, or can be set to automatically close after a user-specified
duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
Damien Miller [Tue, 3 Aug 2010 06:04:22 +0000 (16:04 +1000)]
- djm@cvs.openbsd.org 2010/07/19 03:16:33
[sftp-client.c]
bz#1797: fix swapped args in upload_dir_internal(), breaking recursive
upload depth checks and causing verbose printing of transfers to always
be turned on; patch from imorgan AT nas.nasa.gov
Damien Miller [Tue, 3 Aug 2010 06:04:03 +0000 (16:04 +1000)]
- djm@cvs.openbsd.org 2010/07/16 14:07:35
[ssh-rsa.c]
more timing paranoia - compare all parts of the expected decrypted
data before returning. AFAIK not exploitable in the SSH protocol.
"groovy" deraadt@
Darren Tucker [Tue, 3 Aug 2010 05:50:16 +0000 (15:50 +1000)]
- (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from
PAM to sane values in case the PAM method doesn't write to them. Spotted by
Bitman Zhou, ok djm@.
Darren Tucker [Mon, 19 Jul 2010 11:24:13 +0000 (21:24 +1000)]
- (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more
details about its behaviour WRT existing directories. Patch from
asguthrie at gmail com, ok djm.
Damien Miller [Fri, 16 Jul 2010 03:59:59 +0000 (13:59 +1000)]
- schwarze@cvs.openbsd.org 2010/07/15 21:20:38
[ssh-keygen.1]
repair incorrect block nesting, which screwed up indentation;
problem reported and fix OK by jmc@
Damien Miller [Fri, 16 Jul 2010 03:59:11 +0000 (13:59 +1000)]
- jmc@cvs.openbsd.org 2010/07/14 17:06:58
[ssh.1]
finally ssh synopsis looks nice again! this commit just removes a ton of
hacks we had in place to make it work with old groff;
Damien Miller [Fri, 16 Jul 2010 03:57:51 +0000 (13:57 +1000)]
- djm@cvs.openbsd.org 2010/07/13 11:52:06
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
[packet.c ssh-rsa.c]
implement a timing_safe_cmp() function to compare memory without leaking
timing information by short-circuiting like memcmp() and use it for
some of the more sensitive comparisons (though nothing high-value was
readily attackable anyway); "looks ok" markus@
Damien Miller [Fri, 16 Jul 2010 03:56:43 +0000 (13:56 +1000)]
- djm@cvs.openbsd.org 2010/07/12 22:41:13
[ssh.c ssh_config.5]
expand %h to the hostname in ssh_config Hostname options. While this
sounds useless, it is actually handy for working with unqualified
hostnames:
Damien Miller [Fri, 16 Jul 2010 03:56:01 +0000 (13:56 +1000)]
- djm@cvs.openbsd.org 2010/07/02 04:32:44
[misc.c]
unbreak strdelim() skipping past quoted strings, e.g.
AllowUsers "blah blah" blah
was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
ok dtucker;
projects / thirdparty / openssh-portable.git / log
