Merge pull request #56 from rapier1/release_candidates

Merge 18.2.0-RC1 into Master

.github/ci-status.md

@@ -6,6 +6,10 @@ master :
 [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
 [![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable)
 
+9.4 :
+[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_4)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_4)
+[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_4)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_4)
+
 9.3 :
 [![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_3)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_3)
 [![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_3)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_3)

.github/configs

@@ -30,6 +30,13 @@ case "$config" in
     default|sol64)
 	;;
     c89)
+	# If we don't have LLONG_MAX, configure will figure out that it can
+	# get it by setting -std=gnu99, at which point we won't be testing
+	# C89 any more.  To avoid this, feed it in via CFLAGS.
+	llong_max=`gcc -E -dM - </dev/null | \
+	    awk '$2=="__LONG_LONG_MAX__"{print $3}'`
+	CPPFLAGS="-DLLONG_MAX=${llong_max}"
+
 	CC="gcc"
 	CFLAGS="-Wall -std=c89 -pedantic -Werror=vla"
 	CONFIGFLAGS="--without-zlib"
@@ -213,6 +220,10 @@ case "$config" in
 		;;
 	esac
 	;;
+    zlib-develop)
+	INSTALL_ZLIB=develop
+	CONFIGFLAGS="--with-zlib=/opt/zlib --with-rpath=-Wl,-rpath,"
+	;;
     *)
 	echo "Unknown configuration $config"
 	exit 1

.github/setup_ci.sh

@@ -135,6 +135,8 @@ for TARGET in $TARGETS; do
     valgrind*)
        PACKAGES="$PACKAGES valgrind"
        ;;
+    zlib-*)
+       ;;
     *) echo "Invalid option '${TARGET}'"
         exit 1
         ;;
@@ -224,3 +226,9 @@ if [ ! -z "${INSTALL_BORINGSSL}" ]; then
      cp ${HOME}/boringssl/build/crypto/libcrypto.a /opt/boringssl/lib &&
      cp -r ${HOME}/boringssl/include /opt/boringssl)
 fi
+
+if [ ! -z "${INSTALL_ZLIB}" ]; then
+    (cd ${HOME} && git clone https://github.com/madler/zlib.git &&
+     cd ${HOME}/zlib && ./configure && make &&
+     sudo make install prefix=/opt/zlib)
+fi

.github/workflows/c-cpp.yml

@@ -28,7 +28,7 @@ jobs:
           - { target: ubuntu-20.04, config: valgrind-2 }
           - { target: ubuntu-20.04, config: valgrind-3 }
           - { target: ubuntu-20.04, config: valgrind-4 }
-          - { target: ubuntu-20.04, config: valgrind-5 }
+#          - { target: ubuntu-20.04, config: valgrind-5 }
           - { target: ubuntu-20.04, config: valgrind-6 }
           - { target: ubuntu-20.04, config: valgrind-7 }
           - { target: ubuntu-20.04, config: c89 }
@@ -38,10 +38,6 @@ jobs:
           - { target: ubuntu-20.04, config: clang-10 }
           - { target: ubuntu-20.04, config: clang-11 }
           - { target: ubuntu-20.04, config: clang-12-Werror }
-          - { target: ubuntu-20.04, config: clang-sanitize-address }
-          - { target: ubuntu-20.04, config: clang-sanitize-undefined }
-          - { target: ubuntu-20.04, config: gcc-sanitize-address }
-          - { target: ubuntu-20.04, config: gcc-sanitize-undefined }
           - { target: ubuntu-20.04, config: gcc-7 }
           - { target: ubuntu-20.04, config: gcc-8 }
           - { target: ubuntu-20.04, config: gcc-10 }
@@ -68,6 +64,7 @@ jobs:
           - { target: ubuntu-latest, config: openssl-3.1.0 }
           - { target: ubuntu-latest, config: openssl-1.1.1_stable }
           - { target: ubuntu-latest, config: openssl-3.0 }  # stable branch
+          - { target: ubuntu-latest, config: zlib-develop }
           - { target: ubuntu-22.04, config: pam }
           - { target: ubuntu-22.04, config: krb5 }
           - { target: ubuntu-22.04, config: heimdal }
@@ -76,6 +73,10 @@ jobs:
           - { target: ubuntu-22.04, config: selinux }
           - { target: ubuntu-22.04, config: kitchensink }
           - { target: ubuntu-22.04, config: without-openssl }
+          - { target: ubuntu-22.04, config: clang-sanitize-address }
+          - { target: ubuntu-22.04, config: clang-sanitize-undefined }
+          - { target: ubuntu-22.04, config: gcc-sanitize-address }
+          - { target: ubuntu-22.04, config: gcc-sanitize-undefined }
 # we know pam doesn't work because we can't install a new pam file
 # for hpnssh via the CI test methods
 #          - { target: macos-11, config: pam }

.github/workflows/selfhosted.yml

@@ -40,6 +40,8 @@ jobs:
           - obsd67
           - obsd69
           - obsd70
+          - obsd72
+          - obsd73
           - obsdsnap
           - obsdsnap-i386
           - openindiana
@@ -76,6 +78,7 @@ jobs:
           - { target: ARM64, config: default, host: ARM64 }
           - { target: ARM64, config: pam, host: ARM64 }
           - { target: debian-riscv64, config: default, host: debian-riscv64 }
+          - { target: obsd-arm64, config: default, host: obsd-arm64 }
           - { target: openwrt-mips, config: default, host: openwrt-mips }
           - { target: openwrt-mipsel, config: default, host: openwrt-mipsel }
     steps:

HPN-README

@@ -51,28 +51,23 @@ metrics from multiplexed sessions will report on the activity of all sessions on
 This will likely result in less clear results and, as such, we suggest only gathering metrics
 from non-multiplexed session.
 
-SCP with Resume functionality
-This feature allows SCP to resume failed transfers. In the event of a failed transfer
+HPNSCP with Resume functionality
+This feature allows hpnscp to resume failed transfers. In the event of a failed transfer
 issues the same scp command with the '-R' option. For example - if you issued:
-'scp myhugefile me@host:~'
+'hpnscp myhugefile me@host:~'
 and it dies halfway through the transfer issuing
-'scp -Z myhugefile me@host:~'
+'hpnscp -Z myhugefile me@host:~'
 will resume the transfer at the point where it left off.
 
 This is implemented by having the source host send a hash (blake2b512) of the file to the
-target host. Teh target host then computes it's own hash of the target file. If the hashes match
+target host. The target host then computes it's own hash of the target file. If the hashes match
 then the file is skipped as this indicates a successful transfer. However, if the hashes do not
 match then the target sends the source its hash along with the size of the file. The source then
 computes the hash of the file *up to* the size of the target file. If those hashes match then
 the source only send the necessary bytes to complete the transfer. If the hashes do not match then
 the entire file is resent. If the target file is larger then the source file then the entire
 source file is sent and any existing target file is overwritten.
 
-SCP however, will use the first scp in the user's path. This might not support the resume
-function and the attempt will fail. In those cases the user can explicitly define the path to the
-resume enabled scp with the '-z' option. For example:
-
-'scp -Z -z /opt/hpnssh/usr/bin/scp myhugefile me@host:~'
 
 MULTI-THREADED AES CIPHER:
 The AES cipher in CTR mode has been multithreaded (MTR-AES-CTR). This will allow ssh installations
@@ -124,63 +119,8 @@ more than 30%.
 
 ex: scp -oNoneSwitch=yes -oNoneEnabled=yes -oNoneMacEnabled=yes file host:~
 
-BUFFER SIZES:
-
-If HPN is disabled the receive buffer size will be set to the
-OpenSSH default of 2MB (for OpenSSH versions before 4.7: 64KB).
-
-If an HPN system connects to a nonHPN system the receive buffer will
-be set to the HPNBufferSize value. The default is 2MB but user adjustable.
-
-If an HPN to HPN connection is established a number of different things might
-happen based on the user options and conditions.
-
-Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
-HPN Buffer Size = up to 64MB
-This is the default state. The HPN buffer size will grow to a maximum of 64MB
-as the TCP receive buffer grows. The maximum HPN Buffer size of 64MB is
-geared towards 10GigE transcontinental connections.
-
-Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
-HPN Buffer Size = TCP receive buffer value.
-Users on non-autotuning systems should disable TCPRcvBufPoll in the
-ssh_config and sshd_config
-
-Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
-HPN Buffer Size = minimum of TCP receive buffer and HPNBufferSize.
-This would be the system defined TCP receive buffer (RWIN).
-
-Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf SET
-HPN Buffer Size = minimum of TCPRcvBuf and HPNBufferSize.
-Generally there is no need to set both.
-
-Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
-HPN Buffer Size = grows to HPNBufferSize
-The buffer will grow up to the maximum size specified here.
-
-Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf SET
-HPN Buffer Size = minimum of TCPRcvBuf and HPNBufferSize.
-Generally there is no need to set both of these, especially on autotuning
-systems. However, if the users wishes to override the autotuning this would be
-one way to do it.
-
-Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf SET
-HPN Buffer Size = TCPRcvBuf.
-This will override autotuning and set the TCP recieve buffer to the user defined
-value.
-
-
 HPN Specific Configuration options
 
-TcpRcvBuf=[int]KB client
-      Set the TCP socket receive buffer to n Kilobytes. It can be set up to the
-maximum socket size allowed by the system. This is useful in situations where
-the tcp receive window is set low but the maximum buffer size is set
-higher (as is typical). This works on a per TCP connection basis. You can also
-use this to artifically limit the transfer rate of the connection. In these
-cases the throughput will be no more than n/RTT. The minimum buffer size is 1KB.
-Default is the current system wide tcp receive buffer size.
-
 TcpRcvBufPoll=[yes/no] client/server
       Enable of disable the polling of the tcp receive buffer through the life
 of the connection. You would want to make sure that this option is enabled
@@ -214,21 +154,6 @@ HPNDisabled=[yes/no] client/server
 of the HPN code produces a net decrease in performance. In these cases it is
 helpful to disable the HPN functionality. By default HPNDisabled is set to no.
 
-HPNBufferSize=[int]KB client/server
-     This is the default buffer size the HPN functionality uses when interacting
-with nonHPN SSH installations. Conceptually this is similar to the TcpRcvBuf
-option as applied to the internal SSH flow control. This value can range from
-1KB to 64MB (1-65536). Use of oversized or undersized buffers can cause performance
-problems depending on the length of the network path. The default size of this buffer
-is 2MB.
-
-DisableMTAES=[yes/no] client/server
-     Switch the encryption cipher being used from the multithreaded MT-AES-CTR cipher
-back to the stock single-threaded AES-CTR cipher. Useful on modern processors with
-AES-NI instructions which make the stock single-threaded AES-CTR cipher faster than
-the multithreaded MT-AES-CTR cipher. Set to no by default.
-
-
 Credits: This patch was conceived, designed, and led by Chris Rapier (rapier@psc.edu)
          The majority of the actual coding for versions up to HPN12v1 was performed
          by Michael Stevens (mstevens@andrew.cmu.edu). The MT-AES-CTR cipher was
@@ -240,3 +165,6 @@ Credits: This patch was conceived, designed, and led by Chris Rapier (rapier@psc
 
 Sponsors: Thanks to Niklas Hambuchen for being the first sponsor of HPN-SSH
 	  via github's sponsor program!
+
+
+Edited: October 11, 2023

PROTOCOL

@@ -104,6 +104,39 @@ http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256@libssh.o
 
 This is identical to curve25519-sha256 as later published in RFC8731.
 
+1.9 transport: ping facility
+
+OpenSSH implements a transport level ping message SSH2_MSG_PING
+and a corresponding SSH2_MSG_PONG reply.
+
+#define SSH2_MSG_PING	192
+#define SSH2_MSG_PONG	193
+
+The ping message is simply:
+
+	byte		SSH_MSG_PING
+	string		data
+
+The reply copies the data (which may be the empty string) from the
+ping:
+
+	byte		SSH_MSG_PONG
+	string		data
+
+Replies are sent in order. They are sent immediately except when rekeying
+is in progress, in which case they are queued until rekeying completes.
+
+The server advertises support for these messages using the
+SSH2_MSG_EXT_INFO mechanism (RFC8308), with the following message:
+
+	string		"ping@openssh.com"
+	string		"0" (version)
+
+The ping/reply message is implemented at the transport layer rather
+than as a named global or channel request to allow pings with very
+short packet lengths, which would not be possible with other
+approaches.
+
 2. Connection protocol changes
 
 2.1. connection: Channel write close extension "eow@openssh.com"
@@ -712,4 +745,4 @@ master instance and later clients.
 OpenSSH extends the usual agent protocol. These changes are documented
 in the PROTOCOL.agent file.
 
-$OpenBSD: PROTOCOL,v 1.48 2022/11/07 01:53:01 dtucker Exp $
+$OpenBSD: PROTOCOL,v 1.49 2023/08/28 03:28:43 djm Exp $

PROTOCOL.agent

@@ -1,5 +1,5 @@
 The SSH agent protocol is described in
-https://tools.ietf.org/html/draft-miller-ssh-agent-04
+https://tools.ietf.org/html/draft-miller-ssh-agent
 
 This file documents OpenSSH's extensions to the agent protocol.
 
@@ -81,4 +81,4 @@ the constraint is:
 
 This option is only valid for XMSS keys.
 
-$OpenBSD: PROTOCOL.agent,v 1.19 2023/04/12 08:53:54 jsg Exp $
+$OpenBSD: PROTOCOL.agent,v 1.20 2023/10/03 23:56:10 djm Exp $

README

@@ -1,4 +1,4 @@
-See https://www.openssh.com/releasenotes.html#9.4p1 for the release
+See https://www.openssh.com/releasenotes.html#9.5p1 for the release
 notes.
 
 Please read https://www.openssh.com/report.html for bug reporting

auth2.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.166 2023/03/08 04:43:12 guenther Exp $ */
+/* $OpenBSD: auth2.c,v 1.167 2023/08/28 09:48:11 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -225,6 +225,7 @@ input_service_request(int type, u_int32_t seq, struct ssh *ssh)
 }
 
 #define MIN_FAIL_DELAY_SECONDS 0.005
+#define MAX_FAIL_DELAY_SECONDS 5.0
 static double
 user_specific_delay(const char *user)
 {
@@ -250,6 +251,12 @@ ensure_minimum_time_since(double start, double seconds)
 	struct timespec ts;
 	double elapsed = monotime_double() - start, req = seconds, remain;
 
+	if (elapsed > MAX_FAIL_DELAY_SECONDS) {
+		debug3_f("elapsed %0.3lfms exceeded the max delay "
+		    "requested %0.3lfms)", elapsed*1000, req*1000);
+		return;
+	}
+
 	/* if we've already passed the requested time, scale up */
 	while ((remain = seconds - elapsed) < 0.0)
 		seconds *= 2;
@@ -346,7 +353,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
 		debug2("input_userauth_request: try method %s", method);
 		authenticated =	m->userauth(ssh, method);
 	}
-	if (!authctxt->authenticated)
+	if (!authctxt->authenticated && strcmp(method, "none") != 0)
 		ensure_minimum_time_since(tstart,
 		    user_specific_delay(authctxt->user));
 	userauth_finish(ssh, authenticated, method, NULL);