HPN-SSH 18.7.1 Release

.github/configs

@@ -354,6 +354,11 @@ case "${TARGET_HOST}" in
     win10)
 	# No sudo on Windows.
 	SUDO=""
+	SKIP_LTESTS="scp-resume"
+	;;
+    windows*)
+	#skip the scp-resume test
+	SKIP_LTESTS="scp-resume"
 	;;
 esac
 
@@ -363,6 +368,7 @@ case "$host" in
 	SUDO=""
 	# Don't run compat tests on cygwin as they don't currently compile.
 	TEST_TARGET="tests"
+	SKIP_LTESTS="scp-resume"
 	;;
 *-darwin*)
 	# Unless specified otherwise, build without OpenSSL on Mac OS since

.github/workflows/c-cpp.yml

@@ -28,7 +28,7 @@ jobs:
         # First we test all OSes in the default configuration.
         target:
           - ubuntu-22.04
-          - ubunut-24.04
+          - ubuntu-24.04
           - ubuntu-latest
           - ubuntu-22.04-arm
           - ubuntu-24.04-arm
@@ -41,6 +41,14 @@ jobs:
         # Then we include any extra configs we want to test for specific VMs.
         # Valgrind slows things down quite a bit, so start them first.
         include:
+          - { target: ubuntu-22.04, config: valgrind-1 }
+          - { target: ubuntu-22.04, config: valgrind-2 }
+          - { target: ubuntu-22.04, config: valgrind-3 }
+          - { target: ubuntu-22.04, config: valgrind-4 }
+          - { target: ubuntu-22.04, config: valgrind-5 }
+          - { target: ubuntu-22.04, config: valgrind-6 }
+          - { target: ubuntu-22.04, config: valgrind-7 }
+          - { target: ubuntu-22.04, config: valgrind-unit }
           - { target: windows-2022, config: cygwin-release }
           - { target: windows-2025, config: cygwin-release }
 # binn no longer supports c89 so skip.
@@ -63,14 +71,6 @@ jobs:
           - { target: ubuntu-22.04, config: pam }
           - { target: ubuntu-22.04, config: selinux }
           - { target: ubuntu-22.04, config: sk }
-          - { target: ubuntu-22.04, config: valgrind-1 }
-          - { target: ubuntu-22.04, config: valgrind-2 }
-          - { target: ubuntu-22.04, config: valgrind-3 }
-          - { target: ubuntu-22.04, config: valgrind-4 }
-          - { target: ubuntu-22.04, config: valgrind-5 }
-          - { target: ubuntu-22.04, config: valgrind-6 }
-          - { target: ubuntu-22.04, config: valgrind-7 }
-          - { target: ubuntu-22.04, config: valgrind-unit }
           - { target: ubuntu-22.04, config: without-openssl }
           - { target: ubuntu-latest, config: gcc-14 }
           - { target: ubuntu-latest, config: clang-15 }
@@ -80,7 +80,7 @@ jobs:
 #          - { target: ubuntu-latest, config: aws-lc }
           - { target: ubuntu-latest, config: libressl-master }
 # We don't support libreSSL earlier than 3.7 due to problems with
-# the structures used by the aes-ctr mt cipher that wasn't address
+# the structures used by the aes-ctr mt cipher that wasn't addressed
 # before 3.7
 #          - { target: ubuntu-latest, config: libressl-3.2.6 }
 #          - { target: ubuntu-latest, config: libressl-3.3.6 }

.gitignore

@@ -2,6 +2,8 @@ Makefile
 buildpkg.sh
 config.h
 config.h.in~
+config.h.in
+aclocal.m4
 config.log
 config.status
 openbsd-compat/Makefile

HPN-README

@@ -1,12 +1,32 @@
 Notes:
 
+FIPS Mode and Parallel Ciphers in 18.7.1
+Using HPN-SSH in operating systems working in FIPS mode (e.g. RHEL with
+FIPS enabled) preclude the use of parallel ciphers. This is because
+the parallel AES-CTR implementation is not FIPS certified and will cause FIPS
+to exit with an error when loaded. In the case of the parallel ChaCha20 cipher
+the algorithm itself has not been FIPS certified and no implementation of
+ChaCha20 should be allowed in FIPS mode. We suggest the use of the AES-GCM
+cipher when operating under FIPS mode for optimal performance. 
+
+Happy Eyeballs Support in 18.7.1 
+Happy Eyeballs (RFC 8305) is for use on dual stack systems meaning that they have both 
+IPv4 and IPv6 TCP stacks. When enabled this option will try to connect to the
+target over both IPv4 and IPv6 with preference given to IPv6. The first connection 
+that completes successfully will be used. Any outstanding connection attempts will
+be closed. As of version 18.7.1 this option should be considered somewhat experimental.
+
+usage:
+-oHappyEyes=[Yes|No] will enable Happy Eyeballs. The default is no. 
+-oHappyDelay=[N] where N is a positive integer expressed in milliseconds.
+                 The default value of 250ms is suggested by RFC 8305.
 
 MPTCP Support in 18.7.0:
 Multipath TCP is now available as a runtime option for HPN-SSH. MPTCP
 is available only on Linux and Mac OSX operating systems. Using MPTCP on a system that
 doesn't support it will result in a notice and failure. The use cases for MPTCP include
 seamless handovers when changing networks and aggregating multiple interfaces to improve
-available bandwidth. As of 18.7.0 this options should be considered somewhat experimental.
+available bandwidth. As of 18.7.0 this option should be considered somewhat experimental.
 
 Usage:
 -oUseMPTCP=[Yes|No] will enable MPTCP. The default is no.
@@ -79,7 +99,6 @@ the source only send the necessary bytes to complete the transfer. If the hashes
 the entire file is resent. If the target file is larger then the source file then the entire
 source file is sent and any existing target file is overwritten.
 
-
 MULTI-THREADED AES CIPHER:
 The AES cipher in CTR mode has been multithreaded (MTR-AES-CTR). This will allow ssh installations
 on hosts with multiple cores to use more than one processing core during encryption.
@@ -178,4 +197,4 @@ Sponsors: Thanks to Niklas Hambuchen for being the first sponsor of HPN-SSH
 	  via github's sponsor program!
 
 
-Edited: October 11, 2023
+Edited: September 19, 2025

Makefile.in

@@ -74,7 +74,7 @@ MKDIR_P=@MKDIR_P@
 
 .SUFFIXES: .lo
 
-TARGETS=hpnssh$(EXEEXT) hpnsshd$(EXEEXT) hpnsshd-session$(EXEEXT) hpnsshd-auth$(EXEXT) hpnssh-add$(EXEEXT) hpnssh-keygen$(EXEEXT) hpnssh-keyscan${EXEEXT} hpnssh-keysign${EXEEXT} hpnssh-pkcs11-helper$(EXEEXT) hpnssh-agent$(EXEEXT) hpnscp$(EXEEXT) hpnsftp-server$(EXEEXT) hpnsftp$(EXEEXT) hpnssh-sk-helper$(EXEEXT)
+TARGETS=hpnssh$(EXEEXT) hpnsshd$(EXEEXT) hpnsshd-session$(EXEEXT) hpnsshd-auth$(EXEEXT) hpnssh-add$(EXEEXT) hpnssh-keygen$(EXEEXT) hpnssh-keyscan${EXEEXT} hpnssh-keysign${EXEEXT} hpnssh-pkcs11-helper$(EXEEXT) hpnssh-agent$(EXEEXT) hpnscp$(EXEEXT) hpnsftp-server$(EXEEXT) hpnsftp$(EXEEXT) hpnssh-sk-helper$(EXEEXT)
 
 XMSS_OBJS=\
 	ssh-xmss.o \
@@ -118,7 +118,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
 	kexsntrup761x25519.o kexmlkem768x25519.o sntrup761.o kexgen.o \
 	sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
 	sshbuf-io.o metrics.o binn.o cipher-ctr-mt-provider.o \
-	cipher-ctr-mt-functions.o ossl3-provider-err.o num.o
+	cipher-ctr-mt-functions.o ossl3-provider-err.o num.o \
+	happyeyeballs.o
 
 SKOBJS=	ssh-sk-client.o
 

cipher-ctr-mt-functions.c

@@ -619,11 +619,15 @@ int aes_mt_do_cipher(void *vevp_ctx,
 		/* } else */
 #endif
 		/* 64 bits */
-		if ((align & 0x7) == 0) {
-			destp.u64[0] = srcp.u64[0] ^ bufp.u64[0];
-			destp.u64[1] = srcp.u64[1] ^ bufp.u64[1];
-		/* 32 bits */
-		} else if ((align & 0x3) == 0) {
+		/* this is causing undefined behaviour in sanitizers
+		 * this is annoying because it's more efficient
+		 * but UB is not something I want to retain */
+		/* if ((align & 0x7) == 0) { */
+		/* 	destp.u64[0] = srcp.u64[0] ^ bufp.u64[0]; */
+		/* 	destp.u64[1] = srcp.u64[1] ^ bufp.u64[1]; */
+		/* /\* 32 bits *\/ */
+		/* } else */
+		if ((align & 0x3) == 0) {
 			destp.u32[0] = srcp.u32[0] ^ bufp.u32[0];
 			destp.u32[1] = srcp.u32[1] ^ bufp.u32[1];
 			destp.u32[2] = srcp.u32[2] ^ bufp.u32[2];

cipher-ctr-mt.c

@@ -471,12 +471,16 @@ ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
 		/* 	destp.u128[0] = srcp.u128[0] ^ bufp.u128[0]; */
 		/* } else */
 #endif
+		/* this is causing undefined behaviour in sanitizers
+		 * this is annoying because it's more efficient
+		 * but UB is not something I want to retain */
 		/* 64 bits */
-		if ((align & 0x7) == 0) {
-			destp.u64[0] = srcp.u64[0] ^ bufp.u64[0];
-			destp.u64[1] = srcp.u64[1] ^ bufp.u64[1];
-		/* 32 bits */
-		} else if ((align & 0x3) == 0) {
+		/* if ((align & 0x7) == 0) { */
+		/* 	destp.u64[0] = srcp.u64[0] ^ bufp.u64[0]; */
+		/* 	destp.u64[1] = srcp.u64[1] ^ bufp.u64[1]; */
+		/* /\* 32 bits *\/ */
+		/* } else */
+		if ((align & 0x3) == 0) {
 			destp.u32[0] = srcp.u32[0] ^ bufp.u32[0];
 			destp.u32[1] = srcp.u32[1] ^ bufp.u32[1];
 			destp.u32[2] = srcp.u32[2] ^ bufp.u32[2];