summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Skip hostbased during Valgrind tests.Darren Tucker2022-08-111-2/+3
| | | | | | | | | Valgrind doesn't let ssh exec ssh-keysign (because it's setuid) so skip it during the Valgrind based tests. See https://bugs.kde.org/show_bug.cgi?id=119404 for a discussion of this (ironically there the problematic binary was ssh(1) back when it could still be setuid).
* upstream: add some tests for parse_absolute_time(), including casesdjm@openbsd.org2022-08-111-1/+63
| | | | | | where it is forced to the UTC timezone. bz3468 ok dtucker OpenBSD-Regress-ID: ea07ca31c2f3847a38df028ca632763ae44e8759
* upstream: allow certificate validity intervals, sshsig verificationdjm@openbsd.org2022-08-114-35/+113
| | | | | | | | | | | | | | | | times and authorized_keys expiry-time options to accept dates in the UTC time zone in addition to the default of interpreting them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed with a 'Z' character. Also allow certificate validity intervals to be specified in raw seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is intended for use by regress tests and other tools that call ssh-keygen as part of a CA workflow. bz3468 ok dtucker OpenBSD-Commit-ID: 454db1cdffa9fa346aea5211223a2ce0588dfe13
* Fix conditional for running hostbased tests.Darren Tucker2022-08-111-1/+1
|
* fix SANDBOX_SECCOMP_FILTER_DEBUGDamien Miller2022-08-111-6/+9
|
* Test hostbased auth on github runners.Darren Tucker2022-08-102-0/+15
|
* Rename our getentropy to prevent possible loops.Darren Tucker2022-08-103-2/+11
| | | | | | | | Since arc4random seeds from getentropy, and we use OpenSSL for that if enabled, there's the possibility that if we build on a system that does not have getentropy then run on a system that does have it, then OpenSSL could end up calling our getentropy and getting stuck in a loop. Pointed out by deraadt@, ok djm@
* Actually put HAVE_STDINT_H around the stdint.h.Darren Tucker2022-08-081-2/+2
|
* Give unused param a name.Darren Tucker2022-08-084-5/+70
| | | | | Fixes builds on platforms that do have fido2 but don't have fido_dev_is_winhello.
* upstream: don't prompt for FIDO passphrase before attempting to enrolldjm@openbsd.org2022-08-051-9/+2
| | | | | | | | | the credential, just let the enroll operating fail and we'll attempt to get a PIN anyway. Might avoid some unneccessary PIN prompts. Part of GHPR#302 from Corinna Vinschen; ok dtucker@ OpenBSD-Commit-ID: bd5342ffc353ee37d39617906867c305564d1ce2
* sk_sign: set FIDO2 uv attribute explicitely for WinHelloCorinna Vinschen2022-08-051-0/+8
| | | | | | | | | | WinHello via libfido2 performs user verification by default. However, if we stick to that, there's no way to differentiate between keys created with or without "-O verify-required". Set FIDO2 uv attribute explicitely to FIDO_OPT_FALSE, then check if user verification has been requested. Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
* check_sk_options: add temporary WinHello workaroundCorinna Vinschen2022-08-051-0/+9
| | | | | | | | Up to libfido 1.10.0, WinHello advertises "clientPin" rather than "uv" capability. This is fixed in 1.11.0. For the time being, workaround it here. Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
* compat code for fido_dev_is_winhello()Corinna Vinschen2022-08-052-0/+9
| | | | Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
* Factor out getrnd() and rename to getentropy().Darren Tucker2022-08-055-55/+91
| | | | | | | Factor out the arc4random seeding into its own file and change the interface to match getentropy. Use native getentropy if available. This will make it easier to resync OpenBSD changes to arc4random. Prompted by bz#3467, ok djm@.
* Include CHANNEL and FIDO2 libs in configure outputDarren Tucker2022-08-041-0/+6
|
* upstream: avoid double-free in error path introduced in r1.70; reportdjm@openbsd.org2022-08-011-4/+2
| | | | | | and fix based on GHPR#332 by v-rzh ok dtucker@ OpenBSD-Commit-ID: 3d21aa127b1f37cfc5bdc21461db369a663a951f
* Remove deprecated MacOS 10.15 runners.Darren Tucker2022-07-271-2/+1
|
* Move stale-configure check as early as possible.Darren Tucker2022-07-272-6/+9
| | | | | | | We added a check in Makefile to catch the case where configure needs to be rebuilt, however this did not happen until a build was attempted in which case all of the work done by configure was wasted. Move this check to the start of configure to catch it as early as possible. ok djm@
* Move libcrypto into CHANNELLIBS.Darren Tucker2022-07-272-24/+26
| | | | | This will result in sftp, sftp-server and scp no longer being linked against libcrypto. ok djm@
* Remove seed_rng calls from scp, sftp, sftp-server.Darren Tucker2022-07-273-6/+0
| | | | | These binaries don't use OpenSSL's random functions. The next step will be to stop linking them against libcrypto. ok djm@
* Group libcrypto and PRNGD checks together.Darren Tucker2022-07-271-20/+20
| | | | | They're related more than the libcrypt or libiaf checks which are currently between them. ok djm@
* Do not link scp, sftp and sftp-server w/ zlib.Darren Tucker2022-07-272-10/+15
| | | | | | | | Some of our binaries (eg sftp, sftp-server, scp) do not interact with the channels code and thus do use libraries such as zlib and libcrypto although they are linked with them. This adds a CHANNELLIBS and starts by moving zlib into it, which means the aformentioned binaries are no longer linked against zlib. ok djm@
* Remove workarounds for OpenSSL missing AES-CTR.Darren Tucker2022-07-256-189/+1
| | | | | | | We have some compatibility hacks that were added to support OpenSSL versions that do not support AES CTR mode. Since that time, however, the minimum OpenSSL version that we support has moved to 1.0.1 which *does* have CTR, so this is no longer needed. ok djm@
* Remove workarounds for OpenSSL missing AES-GCM.Darren Tucker2022-07-253-49/+0
| | | | | | | We have some compatibility hacks that were added to support OpenSSL versions that do not support AES GCM mode. Since that time, however, the minimum OpenSSL version that we support has moved to 1.0.1 which *does* have GCM, so this is no longer needed. ok djm@
* upstream: Restore missing "!" in TEST_SSH_ELAPSED_TIMES test.dtucker@openbsd.org2022-07-251-2/+2
| | | | OpenBSD-Regress-ID: 38783f9676ec348c5a792caecee9a16e354b37b0
* upstream: Test TEST_SSH_ELAPSED_TIMES for empty string notdtucker@openbsd.org2022-07-251-2/+2
| | | | | | | executable. No-op on most platforms but should prevent warnings in -portable on systems that don't have 'date %s'. OpenBSD-Regress-ID: e39d79867b8065e33d0c5926fa1a31f85659d2a4
* Convert "have_prog" function into "which".Darren Tucker2022-07-231-1/+9
| | | | | | | "which" and its behaviour is not standardized, so convert the existing have_prog function into "which" so we can rely on it being available and what its semantics are. Add a have_prog wrapper that maintains the existing behaviour.
* Skip scp3 test if there's no scp on remote path.Darren Tucker2022-07-231-0/+6
| | | | | scp -3 ends up using the scp that's in the remote path and will fail if one is not available. Based on a patch from rapier at psc.edu.
* crank SSH_SK_VERSION_MAJOR in sk-dummy.soDamien Miller2022-07-201-1/+1
|
* upstream: ssh-keygen: fix touch prompt, pin retries;djm@openbsd.org2022-07-201-13/+10
| | | | | | part of GHPR329 from Pedro Martelletto OpenBSD-Commit-ID: 75d1005bd2ef8f29fa834c90d2684e73556fffe8
* upstream: sk-usbhid: preserve error code returned by key_lookup()djm@openbsd.org2022-07-201-2/+2
| | | | | | | | it conveys useful information, such as the supplied pin being wrong. Part of GHPR329 from Pedro Martelletto OpenBSD-Commit-ID: c0647eb9290f793add363d81378439b273756c1b
* upstream: when enrolling a resident key on a security token, checkdjm@openbsd.org2022-07-204-6/+102
| | | | | | | | | | | | if a credential with matching application and user ID strings already exists. if so, prompt the user for confirmation before overwriting the credential. patch from Pedro Martelletto via GHPR329 NB. cranks SSH_SK_VERSION_MAJOR, so any third-party FIDO middleware implementations will need to adjust OpenBSD-Commit-ID: e45e9f1bf2b2f32d9850669e7a8dbd64acc5fca4
* upstream: pull passphrase reading and confirmation into a separatedjm@openbsd.org2022-07-201-28/+37
| | | | | | function so it can be used for FIDO2 PINs; no functional change OpenBSD-Commit-ID: bf34f76b8283cc1d3f54633e0d4f13613d87bb2f
* Move vmshutdown to first step.Darren Tucker2022-07-151-2/+2
| | | | | | If a previous run on a physical runner has failed to clean up, the next run will fail because it'll try to check out the code to a broken directory mount. Make cleanup the first step.
* Rename bbone test target to ARM.Darren Tucker2022-07-151-1/+1
|
* Add AUDIT_ARCH_PPC to supported seccomp arches.Darren Tucker2022-07-151-0/+3
| | | | Patch from dries.deschout at dodeco.eu.
* Remove unintended changes.Darren Tucker2022-07-142-13/+2
| | | | | | I inadvertently included a couple of local changes with the OpenSSL 3.0.4 change. Revert, anything that should be there will be committed separately.
* Return ERANGE from getcwd() if buffer size is 1.Darren Tucker2022-07-141-1/+4
| | | | | | | | | | | | | If getcwd() is supplied a buffer size of exactly 1 and a path of "/", it could result in a nul byte being written out of array bounds. POSIX says it should return ERANGE if the path will not fit in the available buffer (with terminating nul). 1 byte cannot fit any possible path with its nul, so immediately return ERANGE in that case. OpenSSH never uses getcwd() with this buffer size, and all current (and even quite old) platforms that we are currently known to work on have a native getcwd() so this code is not used on those anyway. Reported by Qualys, ok djm@
* Split README.platform into its own line.Darren Tucker2022-07-141-1/+3
| | | | | | README.platform has general platform-specific information, having it following text about FIDO2 on the same line could imply that it only has information about FIDO2.
* Clarify README.md text.Darren Tucker2022-07-141-2/+2
| | | | | | Clarify the text about the implications of building without OpenSSL, and prefix the "configure --help" example command with a "./" so it's likely to work as-is in more shells. From bz#3461.
* Remove special casing of crypt().Darren Tucker2022-07-131-24/+11
| | | | | | | | | | | Configure goes to some lengths to pick crypt() from either libcrypt or OpenSSL's libcrypto because they can more or less featureful (eg supporting md5-style passwords). OpenSSL removed its crypt() interface in 2002: https://github.com/openssl/openssl/commit/69deec58 so these hijinks should no longer be necessary. This also only links sshd with libcrypt which is the only thing that needs it. ok djm@
* Only refuse to use OpenSSL 3.0.4 on x86_64.Darren Tucker2022-07-133-3/+22
| | | | | The potential RCE only impacts x86_64, so only refuse to use it if we're targetting a potentially impacted architecture. ok djm@
* Capture stderr output from configure.Darren Tucker2022-07-121-1/+1
|
* Refuse to use OpenSSL 3.0.4 due to potential RCE.Darren Tucker2022-07-121-0/+1
| | | | | OpenSSL has a potential RCE in its RSA implementation (CVE-2022-2274) so refuse to use that specific version.
* Move unset to before we set anything.Darren Tucker2022-07-121-2/+3
|
* Test against openssl-3.0.5.Darren Tucker2022-07-061-1/+1
|
* Update sanitizer test targets:Darren Tucker2022-07-052-2/+3
| | | | | | - remove clang-sanitize-memory for now. It takes so long that the test times out. - add gcc sanitize-address and sanitize-undefined test targets.
* Add GCC address sanitizer build/test.Darren Tucker2022-07-052-9/+18
|
* Move sanitizer logs into regress for collection.Darren Tucker2022-07-052-4/+6
|
* upstream: Add TEST_REGRESS_CACHE_DIR.dtucker@openbsd.org2022-07-041-1/+28
| | | | | | | If set, it is used to cache regress test names that have succeeded and skip those on a re-run. OpenBSD-Regress-ID: a7570dd29a58df59f2cca647c3c2ec989b49f247
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 03:37:40 +0100