Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge release candidate for 18.4.0 into master #75

Merged
merged 69 commits into from
Apr 10, 2024
Merged

Merge release candidate for 18.4.0 into master #75

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
69 commits
Select commit Hold shift + click to select a range
1036d77
better detection of broken -fzero-call-used-regs
djmdjm Dec 22, 2023
430ef86
upstream: match flag type (s/int/u_int)
djmdjm Dec 18, 2023
5413b1c
upstream: correct section numbers; from Ed Maste
djmdjm Dec 19, 2023
503fbe9
upstream: sort -C, and add to usage(); ok djm
Dec 19, 2023
64ddf77
upstream: spelling; ok markus@
jonathangray Dec 20, 2023
f0cbd26
upstream: Import regenerated moduli.
daztucker Jan 4, 2024
86f9e96
upstream: fix typo; spotted by Albert Chin
djmdjm Jan 8, 2024
a72833d
upstream: remove ext-info-* in the kex.c code, not in callers;
djmdjm Jan 8, 2024
9ea0a45
unbreak fuzzers for clang16
djmdjm Jan 8, 2024
fc332cb
unbreak fuzzers - missing pkcs11_make_cert()
djmdjm Jan 8, 2024
698fe6f
update fuzzer example makefile to clang16
djmdjm Jan 8, 2024
f64cede
upstream: make kex-strict section more explicit about its intent:
djmdjm Jan 8, 2024
4c3cf36
upstream: fix missing field in users-groups-by-id@openssh.com reply
djmdjm Jan 8, 2024
219c813
upstream: Remove outdated note from PROTOCOL.mux
djmdjm Jan 8, 2024
6b8be2c
Fix compilation error in ssh-pcks11-client.c
AZero13 Dec 19, 2023
690bc12
README.platform: update tuntap url
sevan Dec 27, 2023
42ba34a
nite that recent OSX tun/tap is unsupported
djmdjm Jan 8, 2024
602f4be
upstream: adapt ssh_api.c code for kex-strict
djmdjm Jan 9, 2024
b31b12d
upstream: add a "global" ChannelTimeout type to ssh(1) and sshd(8)
djmdjm Jan 9, 2024
9707c81
upstream: extend ChannelTimeout regression test to exercise multiplexed
djmdjm Jan 9, 2024
afcc902
upstream: fix incorrect capitalisation;
Jan 10, 2024
4e83812
upstream: make DSA key support compile-time optional, defaulting to
djmdjm Jan 11, 2024
f9311e8
upstream: ensure key_fd is filled when DSA is disabled; spotted by
djmdjm Jan 11, 2024
415c94c
upstream: make DSA testing optional, defaulting to on
djmdjm Jan 11, 2024
50080fa
upstream: don't disable RSA test when DSA is disabled; bug introduced
djmdjm Jan 11, 2024
0d96b15
skip tests that use multiplexing on Windows
djmdjm Jan 16, 2024
c283f29
upstream: whitespace
djmdjm Feb 1, 2024
3ad669f
ignore some vim droppings
djmdjm Feb 1, 2024
0f6a8a0
Use "skip" function instead doing it ourselves.
daztucker Feb 6, 2024
be5ed8e
Add --disable-fd-passing option.
daztucker Feb 6, 2024
91898bf
Put privsep dir on OS X on /usr/local.
daztucker Feb 6, 2024
cbbdf86
Interop test against PuTTY snapshot and releases.
daztucker Feb 7, 2024
efde85d
Improve error message for OpenSSL header check.
daztucker Feb 19, 2024
4dbc5a3
upstream: whitespace
djmdjm Feb 2, 2024
d31c21c
upstream: clean sshd random relinking kit; ok miod@
Feb 10, 2024
bbf541e
upstream: Factor out PuTTY setup.
daztucker Feb 9, 2024
84046f9
upstream: Exapnd PuTTY test coverage.
daztucker Feb 9, 2024
e27f032
upstream: Always define puttysetup function.
daztucker Feb 19, 2024
ee6d932
upstream: don't append a gratuitous space to the end of subsystem
djmdjm Feb 20, 2024
9844aa2
upstream: fix proxy multiplexing mode, broken when keystroke timing
djmdjm Feb 21, 2024
ab73f96
upstream: fix typo in match directive predicate (s/tagged/tag) GHPR#462
djmdjm Feb 21, 2024
d410e17
upstream: .Cm for a keyword. Part of GHPR#454 from Niklas Hambüchen
djmdjm Feb 21, 2024
d1164cb
upstream: clarify permissions requirements for ChrootDirectory Part
djmdjm Feb 21, 2024
9ee335a
upstream: explain arguments of internal-sftp GHPR#454 from Niklas
djmdjm Feb 21, 2024
d86bf8a
more descriptive configure test name
djmdjm Feb 22, 2024
6886e1b
Add nbsd10 test target.
daztucker Feb 22, 2024
65a44a8
upstream: Separate parsing of string array options from applying them
djmdjm Mar 4, 2024
3deb501
upstream: fix leak of CanonicalizePermittedCNAMEs on error path;
djmdjm Mar 4, 2024
668d270
add a --without-retpoline configure option
djmdjm Mar 5, 2024
d52b650
disable RSA tests when algorithm is not supported
djmdjm Mar 6, 2024
2427428
upstream: wrap a few PKCS#11-specific bits in ENABLE_PKCS11
djmdjm Mar 6, 2024
c47e1c9
upstream: fix memory leak in mux proxy mode when requesting forwarding.
djmdjm Mar 6, 2024
9b3f0be
Prefer openssl binary from --with-ssl-dir directory.
daztucker Mar 7, 2024
2f9d2af
upstream: Invoke ProxyCommand that uses stderr redirection via
daztucker Mar 8, 2024
cd82f75
upstream: skip more whitespace, fixes find-principals on
djmdjm Mar 8, 2024
a6a740a
upstream: avoid logging in signal handler by converting mainloop to
djmdjm Mar 9, 2024
26b09b4
quote regexes used to test for algorithm support
djmdjm Mar 10, 2024
8fc109c
Test against current OpenSSL and LibreSSL releases.
daztucker Mar 11, 2024
3876a3b
upstream: openssh-9.7
djmdjm Mar 11, 2024
2827214
crank RPM spec versions
djmdjm Mar 11, 2024
86bdd38
version number in README
djmdjm Mar 11, 2024
065e63d
This is a staging commit for merging HPN-SSH to OpenSSH 9.7
rapier1 Mar 11, 2024
ebcdb90
Working merge of OpenSSH 9.7 into HPN-SSH. This is tentatively
rapier1 Mar 11, 2024
44937cd
Neglected to apply two fixes from another branches.
rapier1 Mar 12, 2024
90127cd
binn.[c|h] are no lnoger C89 compliant so we are removing the C89 tes…
rapier1 Mar 12, 2024
41ebf6e
I seem to have forgotten to actually remove the C89 test so this
rapier1 Mar 12, 2024
196110f
Documentation update for FallbackPort switch and to explicitly state …
rapier1 Mar 14, 2024
9d2f537
Merge branch 'dev_minor' of github.com:rapier1/hpn-ssh into dev_minor
rapier1 Mar 14, 2024
6112792
Merge pull request #69 from rapier1/dev_minor
dorrellmw Mar 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
upstream: remove ext-info-* in the kex.c code, not in callers; 
with/ok markus@

OpenBSD-Commit-ID: c06fe2d3a0605c517ff7d65e38ec7b2d1b0b2799
  • Loading branch information
@djmdjm
djmdjm committed Jan 8, 2024
commit a72833d00788ef91100c643536ac08ada46440e1
31 changes: 27 additions & 4 deletions kex.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* $OpenBSD: kex.c,v 1.184 2023/12/18 14:45:49 djm Exp $ */
/* $OpenBSD: kex.c,v 1.185 2024/01/08 00:34:33 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
Expand Down Expand Up @@ -772,21 +772,44 @@ static int
kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh)
{
struct kex *kex = ssh->kex;
int r;
int r, initial = (kex->flags & KEX_INITIAL) != 0;
char *cp, **prop;

debug("SSH2_MSG_NEWKEYS received");
if (kex->ext_info_c && (kex->flags & KEX_INITIAL) != 0)
if (kex->ext_info_c && initial)
ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_input_ext_info);
ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error);
ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
if ((r = sshpkt_get_end(ssh)) != 0)
return r;
if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
return r;
if (initial) {
/* Remove initial KEX signalling from proposal for rekeying */
if ((r = kex_buf2prop(kex->my, NULL, &prop)) != 0)
return r;
if ((cp = match_filter_denylist(prop[PROPOSAL_KEX_ALGS],
kex->server ?
"ext-info-s,kex-strict-s-v00@openssh.com" :
"ext-info-c,kex-strict-c-v00@openssh.com")) == NULL) {
error_f("match_filter_denylist failed");
goto fail;
}
free(prop[PROPOSAL_KEX_ALGS]);
prop[PROPOSAL_KEX_ALGS] = cp;
if ((r = kex_prop2buf(ssh->kex->my, prop)) != 0) {
error_f("kex_prop2buf failed");
fail:
kex_proposal_free_entries(prop);
free(prop);
return SSH_ERR_INTERNAL_ERROR;
}
kex_proposal_free_entries(prop);
free(prop);
}
kex->done = 1;
kex->flags &= ~KEX_INITIAL;
sshbuf_reset(kex->peer);
/* sshbuf_reset(kex->my); */
kex->flags &= ~KEX_INIT_SENT;
free(kex->name);
kex->name = NULL;
Expand Down
21 changes: 6 additions & 15 deletions sshconnect2.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.371 2023/12/18 14:45:49 djm Exp $ */
/* $OpenBSD: sshconnect2.c,v 1.372 2024/01/08 00:34:34 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
Expand Down Expand Up @@ -221,7 +221,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
const struct ssh_conn_info *cinfo)
{
char *myproposal[PROPOSAL_MAX];
char *s, *all_key, *hkalgs = NULL;
char *all_key, *hkalgs = NULL;
int r, use_known_hosts_order = 0;

xxx_host = host;
Expand Down Expand Up @@ -249,14 +249,12 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
fatal_fr(r, "kex_assemble_namelist");
free(all_key);

if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
fatal_f("kex_names_cat");

if (use_known_hosts_order)
hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo);

kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers,
options.macs, compression_alg_list(options.compression),
kex_proposal_populate_entries(ssh, myproposal,
options.kex_algorithms, options.ciphers, options.macs,
compression_alg_list(options.compression),
hkalgs ? hkalgs : options.hostkeyalgorithms);

free(hkalgs);
Expand All @@ -281,13 +279,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
ssh->kex->verify_host_key=&verify_host_key_callback;

ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);

/* remove ext-info from the KEX proposals for rekeying */
free(myproposal[PROPOSAL_KEX_ALGS]);
myproposal[PROPOSAL_KEX_ALGS] =
compat_kex_proposal(ssh, options.kex_algorithms);
if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
fatal_r(r, "kex_prop2buf");
kex_proposal_free_entries(myproposal);

#ifdef DEBUG_KEXDH
/* send 1st encrypted/maced/compressed message */
Expand All @@ -297,7 +289,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
(r = ssh_packet_write_wait(ssh)) != 0)
fatal_fr(r, "send packet");
#endif
kex_proposal_free_entries(myproposal);
}

/*
Expand Down
4 changes: 2 additions & 2 deletions sshd.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.601 2023/12/18 14:45:49 djm Exp $ */
/* $OpenBSD: sshd.c,v 1.602 2024/01/08 00:34:34 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
Expand Down Expand Up @@ -2428,6 +2428,7 @@ do_ssh2_kex(struct ssh *ssh)
kex->sign = sshd_hostkey_sign;

ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done);
kex_proposal_free_entries(myproposal);

#ifdef DEBUG_KEXDH
/* send 1st encrypted/maced/compressed message */
Expand All @@ -2437,7 +2438,6 @@ do_ssh2_kex(struct ssh *ssh)
(r = ssh_packet_write_wait(ssh)) != 0)
fatal_fr(r, "send test");
#endif
kex_proposal_free_entries(myproposal);
debug("KEX done");
}

Expand Down