This is the 18.1.0 release of HPN-SSH based on OpenSSH 9.4. The major…

… changes included in this release are the introduction of a parallel ChaCha20-Poly1305 cipher called chacha20-poly1305-mt@hpnssh.org. This is now the default cipher used by HPN-SSH. You may use the serial version of the cipher by explcitly calling it with -cchacha20-poly1035@openssh.com if you perfer. However, this will only have an impact on the local instantiation of hpnssh or hpnsshd. To use serial ChaCha20 on both ends of the connection you must run both the server and client with the serial version. We have also imrpoved the efficacy of the Poly1305 MAC by using OpenSSL functions to compute the MAC instead of the portable C implementation included in OpenSSH. Our implemtation of Poly1305 will fall back to the portable implementation if the OpenSSL EVP is not available. There have been other minor changes to improve code readability, improve compatibility with LibreSSL, support Alpine more gracefully, and so forth. Lastly, the versioning scheme as been normalize to Major.Minor.Fix. For example, this version is 18.1.0 meaning that it is the 18th Major release, the 1st minor release, and there 0 fixes/patches applied. In this scheme a minor bug fix will increment the Fix value. A forward port to a new version of OpenSSH or a performance improvement will increment the Minor value (and reset the Fix value). The introduction of a major change or functionality will increment the Major value while resetting both Minor and Fix to 1 and 0 respectively. Okayed by mwd@psc.edu and rapier@psc.edu
rapier1 · Sep 20, 2023 · 5c1ad8d · 5c1ad8d
2 parents ab94957 + e1c4cf3
commit 5c1ad8d
Show file tree

Hide file tree

Showing 123 changed files with 3,688 additions and 2,245 deletions.
diff --git a/.depend b/.depend
diff --git a/.github/ci-status.md b/.github/ci-status.md
@@ -6,6 +6,6 @@ master :
 [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
 [![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable)
 
-9.2 :
-[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_2)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_2)
-[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_2)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_2)
+9.3 :
+[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_3)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_3)
+[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_3)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_3)
diff --git a/.github/configs b/.github/configs
@@ -81,7 +81,8 @@ case "$config" in
 	    CFLAGS="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer"
 	    LDFLAGS="-fsanitize=memory"
 	    CPPFLAGS='-Dchroot=chdir -Dexplicit_bzero=bzero -DMSAN_OPTIONS=\"log_path='$SANLOGS'/msan.log\"'
-	    CONFIGFLAGS="--without-openssl --without-zlib --without-shadow"
+	    CONFIGFLAGS="--without-zlib --without-shadow"
+	    LIBCRYPTOFLAGS="--without-openssl"
 	    TEST_TARGET="t-exec"
 	    ;;
 	*-sanitize-undefined)
@@ -139,6 +140,10 @@ case "$config" in
 	CONFIGFLAGS="--with-pam"
 	SSHD_CONFOPTS="UsePam yes"
 	;;
+    boringssl)
+	CONFIGFLAGS="--disable-pkcs11"
+	LIBCRYPTOFLAGS="--with-ssl-dir=/opt/boringssl --with-rpath=-Wl,-rpath,"
+	;;
     libressl-*)
 	LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath,"
 	;;
@@ -160,7 +165,7 @@ case "$config" in
 	LIBCRYPTOFLAGS="--without-openssl"
 	TEST_TARGET=t-exec
 	;;
-    valgrind-[1-5]|valgrind-unit)
+    valgrind-[1-7]|valgrind-unit)
 	# rlimit sandbox and FORTIFY_SOURCE confuse Valgrind.
 	CONFIGFLAGS="--without-sandbox --without-hardening"
 	CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0"
@@ -171,17 +176,19 @@ case "$config" in
 	# won't reliably pass, and the unit tests run longer than allowed
 	# by github so split into separate tests.
 	tests2="integrity try-ciphers"
-	tests3="krl forward-control sshsig agent-restrict kextype sftp"
-	tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment percent"
+	tests3="krl forward-control sshsig"
+	tests4="cert-userkey cert-hostkey"
 	tests5="rekey"
+	tests6="agent-restrict kextype sftp"
+	tests7="kextype sftp-perm keygen-comment percent"
 	case "$config" in
 	    valgrind-1)
 		# All tests except agent-timeout (which is flaky under valgrind),
 		# connection-timeout (which doesn't work since it's so slow)
 		# and hostbased (since valgrind won't let ssh exec keysign).
 		# Slow ones are run separately to increase parallelism.
 		SKIP_LTESTS="agent-timeout connection-timeout hostbased"
-		SKIP_LTESTS="$SKIP_LTESTS ${tests2} ${tests3} ${tests4} ${tests5}"
+		SKIP_LTESTS="$SKIP_LTESTS ${tests2} ${tests3} ${tests4} ${tests5} ${tests6} ${tests7}"
 		;;
 	    valgrind-2)
 		LTESTS="${tests2}"
@@ -195,6 +202,12 @@ case "$config" in
 	    valgrind-5)
 		LTESTS="${tests5}"
 		;;
+	    valgrind-6)
+		LTESTS="${tests6}"
+		;;
+	    valgrind-7)
+		LTESTS="${tests7}"
+		;;
 	    valgrind-unit)
 		TEST_TARGET="unit USE_VALGRIND=1"
 		;;
@@ -209,13 +222,15 @@ esac
 # The Solaris 64bit targets are special since they need a non-flag arg.
 case "$config" in
     sol64*)
-	CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}"
-	LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64"
+	CONFIGFLAGS="--target=x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}"
+	LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64 --with-rpath=-Wl,-rpath,"
 	;;
 esac
 
 case "${TARGET_HOST}" in
     aix*)
+	CONFIGFLAGS="--disable-security-key"
+	LIBCRYPTOFLAGS="--without-openssl"
 	# These are slow real or virtual machines so skip the slowest tests
 	# (which tend to be thw ones that transfer lots of data) so that the
 	# test run does not time out.
@@ -240,7 +255,8 @@ case "${TARGET_HOST}" in
 	SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace"
 	;;
     minix3)
-	LIBCRYPTOFLAGS="--without-openssl --disable-security-key"
+	CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key"
+	LIBCRYPTOFLAGS="--without-openssl"
 	# Minix does not have a loopback interface so we have to skip any
 	# test that relies on one.
 	# Also, Minix seems to be very limited in the number of select()
@@ -264,7 +280,8 @@ case "${TARGET_HOST}" in
 	CONFIGFLAGS="${CONFIGFLAGS} --without-hardening --disable-security-key"
 	;;
     openwrt-*)
-	CONFIGFLAGS="${CONFIGFLAGS} --without-openssl --without-zlib"
+	CONFIGFLAGS="${CONFIGFLAGS} --without-zlib"
+	LIBCRYPTOFLAGS="--without-openssl"
 	TEST_TARGET="t-exec"
 	;;
     sol10|sol11)
@@ -278,7 +295,8 @@ case "${TARGET_HOST}" in
 	;;
 esac
 
-case "`./config.guess`" in
+host=`./config.guess`
+case "$host" in
 *cygwin)
 	SUDO=""
 	# Don't run compat tests on cygwin as they don't currently compile.
@@ -289,17 +307,34 @@ case "`./config.guess`" in
 	# modern versions don't ship with libcrypto.
 	LIBCRYPTOFLAGS="--without-openssl"
 	TEST_TARGET=t-exec
+	case "$host" in
+	*-darwin22.*)
+		# sudo -S nobody doesn't work on macos 13 for some reason.
+		SKIP_LTESTS="agent-getpeereid" ;;
+	esac
 	;;
 esac
 
-# If we have a local openssl/libressl, use that.
+# Unless specifically configured, search for a suitable version of OpenSSL,
+# otherwise build without it.
 if [ -z "${LIBCRYPTOFLAGS}" ]; then
+	LIBCRYPTOFLAGS="--without-openssl"
 	# last-match
-	for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do
+	for i in /usr /usr/local /usr/local/ssl /usr/local/opt/openssl; do
+		ver="none"
 		if [ -x ${i}/bin/openssl ]; then
-			LIBCRYPTOFLAGS="--with-ssl-dir=${i}"
+			ver="$(${i}/bin/openssl version)"
 		fi
+		case "$ver" in
+			none) ;;
+			"OpenSSL 0."*|"OpenSSL 1.0."*|"OpenSSL 1.1.0"*) ;;
+			"LibreSSL 2."*|"LibreSSL 3.0."*) ;;
+			*) LIBCRYPTOFLAGS="--with-ssl-dir=${i}" ;;
+		esac
 	done
+	if [ "${LIBCRYPTOFLAGS}" = "--without-openssl" ]; then
+		TEST_TARGET="t-exec"
+	fi
 fi
 
 CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}"

diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh
@@ -4,7 +4,9 @@ PACKAGES=""
 
  . .github/configs $@
 
-case "`./config.guess`" in
+host=`./config.guess`
+echo "config.guess: $host"
+case "$host" in
 *cygwin)
 	PACKAGER=setup
 	echo Setting CYGWIN system environment variable.
@@ -26,6 +28,7 @@ esac
 TARGETS=$@
 
 INSTALL_FIDO_PPA="no"
+#COPY_PAM_MODULE="no"
 export DEBIAN_FRONTEND=noninteractive
 
 #echo "Setting up for '$TARGETS'"
@@ -85,6 +88,7 @@ for TARGET in $TARGETS; do
 	esac
         ;;
     *pam)
+#	COPY_PAM_MODULE="yes"
         PACKAGES="$PACKAGES libpam0g-dev"
         ;;
     sk)
@@ -124,6 +128,10 @@ for TARGET in $TARGETS; do
         esac
         PACKAGES="${PACKAGES} putty-tools"
        ;;
+    boringssl)
+        INSTALL_BORINGSSL=1
+        PACKAGES="${PACKAGES} cmake ninja-build"
+       ;;
     valgrind*)
        PACKAGES="$PACKAGES valgrind"
        ;;
@@ -139,6 +147,14 @@ if [ "yes" = "$INSTALL_FIDO_PPA" ]; then
     sudo apt-add-repository -y ppa:yubico/stable
 fi
 
+#need to copy the pam modules for sshd to hpnsshd on
+#macos with pam.
+#if [ "yes" = "$COPY_PAM_MODULE" ]; then
+#    if [ `uname` = "Darwin" }; then
+#	sudo cp /etc/pam.d/sshd /etc/pam.d/hpnsshd
+#    fi
+#fi
+
 tries=3
 while [ ! -z "$PACKAGES" ] && [ "$tries" -gt "0" ]; do
     case "$PACKAGER" in
@@ -199,3 +215,12 @@ if [ ! -z "${INSTALL_LIBRESSL}" ]; then
          ./configure --prefix=/opt/libressl && make -j2 && sudo make install)
     fi
 fi
+
+if [ ! -z "${INSTALL_BORINGSSL}" ]; then
+    (cd ${HOME} && git clone https://boringssl.googlesource.com/boringssl &&
+     cd ${HOME}/boringssl && mkdir build && cd build &&
+     cmake -GNinja  -DCMAKE_POSITION_INDEPENDENT_CODE=ON .. && ninja &&
+     mkdir -p /opt/boringssl/lib &&
+     cp ${HOME}/boringssl/build/crypto/libcrypto.a /opt/boringssl/lib &&
+     cp -r ${HOME}/boringssl/include /opt/boringssl)
+fi
diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
@@ -2,7 +2,7 @@ name: C/C++ CI
 
 on:
   push:
-    branches: [ master, pre-stage ]
+    branches: [ master, pre-stage, '*RC*', dev_major, dev_minor ]
     paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ]
   pull_request:
     branches: [ master ]
@@ -15,10 +15,22 @@ jobs:
       fail-fast: false
       matrix:
         # First we test all OSes in the default configuration.
-        target: [ubuntu-20.04, ubuntu-22.04, macos-11, macos-12]
+        target:
+          - ubuntu-20.04
+          - ubuntu-22.04
+          - macos-11
+          - macos-12
+          - macos-13
         config: [default]
         # Then we include any extra configs we want to test for specific VMs.
         include:
+          - { target: ubuntu-20.04, config: valgrind-1 }
+          - { target: ubuntu-20.04, config: valgrind-2 }
+          - { target: ubuntu-20.04, config: valgrind-3 }
+          - { target: ubuntu-20.04, config: valgrind-4 }
+          - { target: ubuntu-20.04, config: valgrind-5 }
+          - { target: ubuntu-20.04, config: valgrind-6 }
+          - { target: ubuntu-20.04, config: valgrind-7 }
           - { target: ubuntu-20.04, config: c89 }
           - { target: ubuntu-20.04, config: clang-6.0 }
           - { target: ubuntu-20.04, config: clang-8 }
@@ -36,19 +48,24 @@ jobs:
           - { target: ubuntu-20.04, config: gcc-11-Werror }
           - { target: ubuntu-20.04, config: pam }
           - { target: ubuntu-20.04, config: kitchensink }
-          - { target: ubuntu-20.04, config: hardenedmalloc }
+          - { target: ubuntu-22.04, config: hardenedmalloc }
           - { target: ubuntu-20.04, config: tcmalloc }
+#	  musl doesn't work because it doesn't know about linux/tcp.h
+#         - { target: ubuntu-20.04, config: musl }
+          - { target: ubuntu-latest, config: libressl-master }
+          - { target: ubuntu-latest, config: libressl-3.7.2 }
+          - { target: ubuntu-latest, config: libressl-3.7.1 }
+          - { target: ubuntu-latest, config: libressl-3.8.0 }
           - { target: ubuntu-latest, config: openssl-master }
           - { target: ubuntu-latest, config: openssl-noec }
-          - { target: ubuntu-latest, config: openssl-1.1.0h }
           - { target: ubuntu-latest, config: openssl-1.1.1 }
           - { target: ubuntu-latest, config: openssl-1.1.1k }
           - { target: ubuntu-latest, config: openssl-1.1.1n }
           - { target: ubuntu-latest, config: openssl-1.1.1q }
-          - { target: ubuntu-latest, config: openssl-1.1.1s }
+          - { target: ubuntu-latest, config: openssl-1.1.1t }
           - { target: ubuntu-latest, config: openssl-3.0.0 }
-          - { target: ubuntu-latest, config: openssl-3.0.5 }
           - { target: ubuntu-latest, config: openssl-3.0.7 }
+          - { target: ubuntu-latest, config: openssl-3.1.0 }
           - { target: ubuntu-latest, config: openssl-1.1.1_stable }
           - { target: ubuntu-latest, config: openssl-3.0 }  # stable branch
           - { target: ubuntu-22.04, config: pam }
@@ -59,8 +76,11 @@ jobs:
           - { target: ubuntu-22.04, config: selinux }
           - { target: ubuntu-22.04, config: kitchensink }
           - { target: ubuntu-22.04, config: without-openssl }
-          - { target: macos-11, config: pam }
-          - { target: macos-12, config: pam }
+# we know pam doesn't work because we can't install a new pam file
+# for hpnssh via the CI test methods
+#          - { target: macos-11, config: pam }
+#          - { target: macos-12, config: pam }
+#          - { target: macos-13, config: pam }
     runs-on: ${{ matrix.target }}
     steps:
     - uses: actions/checkout@main